Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/OuHn9zwFgJd4f6NXlQKaKJHYyAU.roa
File:                     OuHn9zwFgJd4f6NXlQKaKJHYyAU.roa (raw, json)
Hash identifier:          EfG9jfs/ZO7p1kdQ4NjT5Cppwcyc75tXjbE+6O+db2Y=
Subject key identifier:   3A:E1:E7:F7:3C:05:80:97:78:7F:A3:57:95:02:9A:28:91:D8:C8:05
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01904F9A0E188F65548C4C7A8F3EAC7C6EAF
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/OuHn9zwFgJd4f6NXlQKaKJHYyAU.roa
Signing time:             Tue 25 Jun 2024 13:33:34 +0000
ROA not before:           Tue 25 Jun 2024 13:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60324
IP address blocks:        80.81.38.0/24 maxlen: 24
                          159.148.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:9a:0e:18:8f:65:54:8c:4c:7a:8f:3e:ac:7c:6e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jun 25 13:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ae1e7f73c058097787fa35795029a2891d8c805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:10:67:ac:0a:64:7b:86:21:71:1b:55:d1:78:
                    df:a0:68:76:93:06:f5:2f:0b:74:d9:4f:f4:cf:dd:
                    a1:2b:63:47:02:2d:1e:92:0e:6d:51:72:b7:32:76:
                    f0:af:0b:2f:c6:51:53:86:51:ff:e0:fb:71:f8:d3:
                    7c:36:c7:cf:b1:7e:c4:8e:91:f0:04:98:e3:bb:c9:
                    78:ee:f6:65:04:89:44:ca:b6:bc:21:92:90:b6:42:
                    e5:7a:b5:fd:1a:8e:5f:cb:d5:e2:d8:90:90:af:c7:
                    70:bd:92:58:7f:dc:38:d7:e1:65:f9:45:7f:c4:63:
                    9c:2c:6b:78:5a:82:56:24:d8:e3:e7:b2:9c:9a:ac:
                    b7:60:20:c1:b8:e9:54:b3:27:66:30:e3:3f:c2:12:
                    7c:6d:a7:17:fc:4a:06:33:6f:19:ef:bf:e1:f5:ef:
                    92:85:e6:17:b2:d2:2d:a5:09:27:ad:c7:40:dc:fb:
                    af:03:d1:cf:27:ab:62:c5:87:6d:52:84:cb:8f:88:
                    76:17:55:fd:e2:bf:49:e3:b4:4f:c1:e3:56:58:15:
                    d8:cf:fb:b7:e0:f1:19:a0:a6:24:22:35:3e:ca:07:
                    19:15:4a:78:4d:88:cc:6b:cb:5a:19:bd:66:4e:9f:
                    26:7c:12:3c:45:93:f7:01:01:ee:ae:4a:d7:2a:bc:
                    6a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:E1:E7:F7:3C:05:80:97:78:7F:A3:57:95:02:9A:28:91:D8:C8:05
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/OuHn9zwFgJd4f6NXlQKaKJHYyAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.81.38.0/24
                  159.148.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:49:ad:b6:d5:19:bd:d8:77:03:86:c1:b3:cf:b9:0b:86:2d:
         53:c0:76:97:17:32:7a:83:1e:1f:ff:30:ba:eb:0f:0a:95:35:
         39:be:30:1a:bc:55:91:7b:9a:42:7b:c9:4e:57:1a:ba:b8:2f:
         76:86:2d:85:89:ac:9d:3c:5d:8c:b6:7a:ba:c7:be:c4:05:78:
         e3:2d:da:a3:46:00:e5:73:a0:9a:19:1e:9f:38:17:07:c1:94:
         21:95:90:75:b3:3e:d3:bb:65:b4:2b:4d:bb:8c:23:06:bf:ca:
         ac:5e:37:1b:01:a2:5c:9f:ea:5f:01:2b:a8:15:ff:63:db:dc:
         18:63:25:9f:7e:62:46:25:ec:09:a2:f0:47:9f:2c:31:31:83:
         38:24:77:f1:d9:d9:1c:d6:98:53:5c:10:24:68:d7:59:64:3d:
         d4:47:cc:a6:ad:89:e1:8d:d2:96:7e:b6:5c:c4:1b:46:66:31:
         c6:f7:d2:e3:dd:b0:25:20:c9:c7:9c:da:41:9b:44:e3:bb:99:
         3e:da:69:66:33:b0:e7:7b:b1:c0:77:1f:58:f8:6c:85:9a:f2:
         12:12:00:16:31:b1:54:3b:b4:bb:d1:a4:36:4a:7b:11:df:90:
         db:c3:07:91:2c:10:5d:f2:00:5f:64:8a:21:5b:0a:c9:04:aa:
         30:d3:d1:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBPmg4Yj2VUjEx6jz6sfG6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwNjI1MTMzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWUxZTdmNzNjMDU4MDk3Nzg3ZmEzNTc5NTAyOWEyODkxZDhjODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBBnrApke4YhcRtV0XjfoGh2kwb1
Lwt02U/0z92hK2NHAi0ekg5tUXK3MnbwrwsvxlFThlH/4Ptx+NN8NsfPsX7EjpHw
BJjju8l47vZlBIlEyra8IZKQtkLlerX9Go5fy9Xi2JCQr8dwvZJYf9w41+Fl+UV/
xGOcLGt4WoJWJNjj57Kcmqy3YCDBuOlUsydmMOM/whJ8bacX/EoGM28Z77/h9e+S
heYXstItpQknrcdA3PuvA9HPJ6tixYdtUoTLj4h2F1X94r9J47RPweNWWBXYz/u3
4PEZoKYkIjU+ygcZFUp4TYjMa8taGb1mTp8mfBI8RZP3AQHurkrXKrxqiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDrh5/c8BYCXeH+jV5UCmiiR2MgFMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvT3VIbjl6d0ZnSmQ0ZjZOWGxRS2FLSkhZeUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUFEmAwQA
n5S/MA0GCSqGSIb3DQEBCwUAA4IBAQC1Sa221Rm92HcDhsGzz7kLhi1TwHaXFzJ6
gx4f/zC66w8KlTU5vjAavFWRe5pCe8lOVxq6uC92hi2FiaydPF2Mtnq6x77EBXjj
LdqjRgDlc6CaGR6fOBcHwZQhlZB1sz7Tu2W0K027jCMGv8qsXjcbAaJcn+pfASuo
Ff9j29wYYyWffmJGJewJovBHnywxMYM4JHfx2dkc1phTXBAkaNdZZD3UR8ymrYnh
jdKWfrZcxBtGZjHG99Lj3bAlIMnHnNpBm0Tju5k+2mlmM7Dne7HAdx9Y+GyFmvIS
EgAWMbFUO7S70aQ2SnsR35DbwweRLBBd8gBfZIohWwrJBKow09HB
-----END CERTIFICATE-----