Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/f60798-3202-484b-8640-1b749e9810b4/1/OQiJwOA2zkOzY3yO9BQbjm3PI2o.roa
File:                     OQiJwOA2zkOzY3yO9BQbjm3PI2o.roa (raw, json)
Hash identifier:          116+rlN2JNfrw8W/4RmO1ASRoIdvEg2AyAin0BJfu1I=
Subject key identifier:   39:08:89:C0:E0:36:CE:43:B3:63:7C:8E:F4:14:1B:8E:6D:CF:23:6A
Certificate issuer:       /CN=6d65fe055fb7ed043d109307045c0abdf404d05d
Certificate serial:       018CC72580DF2FC4D36A84288B64765CF2FF
Authority key identifier: 6D:65:FE:05:5F:B7:ED:04:3D:10:93:07:04:5C:0A:BD:F4:04:D0:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWX-BV-37QQ9EJMHBFwKvfQE0F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/f60798-3202-484b-8640-1b749e9810b4/1/OQiJwOA2zkOzY3yO9BQbjm3PI2o.roa
Signing time:             Mon 01 Jan 2024 22:29:32 +0000
ROA not before:           Mon 01 Jan 2024 22:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.200.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/f60798-3202-484b-8640-1b749e9810b4/1/bWX-BV-37QQ9EJMHBFwKvfQE0F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/f60798-3202-484b-8640-1b749e9810b4/1/bWX-BV-37QQ9EJMHBFwKvfQE0F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bWX-BV-37QQ9EJMHBFwKvfQE0F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:80:df:2f:c4:d3:6a:84:28:8b:64:76:5c:f2:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d65fe055fb7ed043d109307045c0abdf404d05d
        Validity
            Not Before: Jan  1 22:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=390889c0e036ce43b3637c8ef4141b8e6dcf236a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:4b:55:84:f6:8c:a4:fb:6e:70:62:19:f0:5d:
                    ef:ab:e0:05:20:f6:10:be:b7:2e:55:f6:09:96:d8:
                    35:7b:0b:34:b7:1f:25:fe:3d:14:6b:90:73:42:a1:
                    31:79:76:7d:d1:39:e9:75:f0:6d:ef:4f:e6:1f:ed:
                    64:e3:64:2f:c8:f2:9b:ad:66:05:38:18:0d:6b:e1:
                    91:dd:58:e1:89:10:d8:a4:6b:9a:dc:78:98:94:9e:
                    78:61:9c:9c:52:94:3d:7c:1f:21:20:db:78:dd:09:
                    7d:e9:fa:42:c9:85:ba:06:38:f5:17:0a:06:50:61:
                    cf:fc:3b:a2:92:90:d0:20:52:7a:e7:04:ab:d0:22:
                    23:4e:64:a3:6c:1e:2f:28:e1:30:c2:61:85:63:15:
                    14:42:0e:1b:ea:bb:7c:03:30:7a:68:30:9e:dd:64:
                    88:bf:cb:1c:55:64:a1:43:be:fa:de:71:a2:f4:7c:
                    ed:37:c1:ab:eb:9a:0a:33:29:59:43:c1:ca:9d:fe:
                    9a:5e:72:fa:43:c2:52:8c:ca:1a:b0:3f:55:39:b4:
                    5e:06:a2:6a:74:d8:61:02:d5:52:26:62:e8:d9:1a:
                    77:b2:74:61:90:e1:86:4e:cb:9d:46:58:af:01:f7:
                    b9:08:98:81:72:a8:31:02:ee:4a:5e:f7:6d:47:a6:
                    78:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:08:89:C0:E0:36:CE:43:B3:63:7C:8E:F4:14:1B:8E:6D:CF:23:6A
            X509v3 Authority Key Identifier:
                keyid:6D:65:FE:05:5F:B7:ED:04:3D:10:93:07:04:5C:0A:BD:F4:04:D0:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWX-BV-37QQ9EJMHBFwKvfQE0F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/f60798-3202-484b-8640-1b749e9810b4/1/OQiJwOA2zkOzY3yO9BQbjm3PI2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/f60798-3202-484b-8640-1b749e9810b4/1/bWX-BV-37QQ9EJMHBFwKvfQE0F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:8f:c3:0c:e5:91:ba:5c:38:8a:9e:90:90:3f:1b:a6:de:0a:
         8a:c1:84:95:67:8f:83:c1:6f:79:db:58:48:86:ab:43:9a:0f:
         c8:62:7e:eb:ee:e0:9a:4b:49:14:b5:7b:4e:74:ef:11:85:aa:
         b8:d3:ee:ba:55:5b:55:f1:f5:3b:2f:38:47:31:ef:88:9d:2a:
         11:2d:1d:1f:b9:c4:53:fa:9c:fa:b1:c8:d0:1d:0b:86:0e:fa:
         01:0c:19:a5:ff:a5:ba:32:8d:b7:a2:a2:88:68:e8:fd:7d:64:
         1f:b1:c7:b1:2c:8a:39:7e:a2:89:ba:45:65:74:f8:db:63:00:
         31:19:8c:07:8c:8f:00:02:f6:ef:d9:35:16:81:4c:f4:a9:a2:
         a0:89:5d:59:ff:bd:fa:10:83:0c:3d:3a:63:de:29:1b:e2:ed:
         8a:66:48:b4:9b:99:16:b6:99:15:bd:c9:da:60:fd:2d:21:b4:
         c5:da:9c:b1:fa:02:5f:24:1b:34:71:9e:6c:1c:9c:84:1c:69:
         dc:3c:09:01:cf:3e:49:58:4c:d1:7c:93:8b:cb:74:6e:70:68:
         c4:b3:5e:92:4b:8e:1e:b8:8b:33:73:a7:30:ee:27:ee:19:2d:
         6b:a8:72:8e:44:2c:f6:2c:11:30:0b:5c:36:4a:2b:d7:3a:34:
         16:bb:7d:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJYDfL8TTaoQoi2R2XPL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjVmZTA1NWZiN2VkMDQzZDEwOTMwNzA0NWMwYWJkZjQw
NGQwNWQwHhcNMjQwMTAxMjIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTA4ODljMGUwMzZjZTQzYjM2MzdjOGVmNDE0MWI4ZTZkY2YyMzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoktVhPaMpPtucGIZ8F3vq+AFIPYQ
vrcuVfYJltg1ews0tx8l/j0Ua5BzQqExeXZ90TnpdfBt70/mH+1k42QvyPKbrWYF
OBgNa+GR3VjhiRDYpGua3HiYlJ54YZycUpQ9fB8hINt43Ql96fpCyYW6Bjj1FwoG
UGHP/DuikpDQIFJ65wSr0CIjTmSjbB4vKOEwwmGFYxUUQg4b6rt8AzB6aDCe3WSI
v8scVWShQ7763nGi9HztN8Gr65oKMylZQ8HKnf6aXnL6Q8JSjMoasD9VObReBqJq
dNhhAtVSJmLo2Rp3snRhkOGGTsudRlivAfe5CJiBcqgxAu5KXvdtR6Z4VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkIicDgNs5Ds2N8jvQUG45tzyNqMB8GA1UdIwQY
MBaAFG1l/gVft+0EPRCTBwRcCr30BNBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYldYLUJWLTM3UVE5RUpNSEJGd0t2ZlFFMEYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9mNjA3OTgtMzIwMi00ODRiLTg2NDAt
MWI3NDllOTgxMGI0LzEvT1FpSndPQTJ6a096WTN5TzlCUWJqbTNQSTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9mNjA3OTgtMzIwMi00ODRiLTg2NDAtMWI3NDllOTgxMGI0
LzEvYldYLUJWLTM3UVE5RUpNSEJGd0t2ZlFFMEYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcgFMA0G
CSqGSIb3DQEBCwUAA4IBAQB0j8MM5ZG6XDiKnpCQPxum3gqKwYSVZ4+DwW9521hI
hqtDmg/IYn7r7uCaS0kUtXtOdO8Rhaq40+66VVtV8fU7LzhHMe+InSoRLR0fucRT
+pz6scjQHQuGDvoBDBml/6W6Mo23oqKIaOj9fWQfscexLIo5fqKJukVldPjbYwAx
GYwHjI8AAvbv2TUWgUz0qaKgiV1Z/736EIMMPTpj3ikb4u2KZki0m5kWtpkVvcna
YP0tIbTF2pyx+gJfJBs0cZ5sHJyEHGncPAkBzz5JWEzRfJOLy3RucGjEs16SS44e
uIszc6cw7ifuGS1rqHKORCz2LBEwC1w2SivXOjQWu32N
-----END CERTIFICATE-----