Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/OAPSYdzePqirTtgZiXoFqPj5HRQ.roa
File:                     OAPSYdzePqirTtgZiXoFqPj5HRQ.roa (raw, json)
Hash identifier:          8at3A16GIfdLDmYGEikKIudgcdFcMQG9A+zjstX/OeU=
Subject key identifier:   38:03:D2:61:DC:DE:3E:A8:AB:4E:D8:19:89:7A:05:A8:F8:F9:1D:14
Certificate issuer:       /CN=7f56f28948c832f2d434bb44d5de0ea122601b05
Certificate serial:       018CC5DBFC0C1D8F40AC60D7440C97DF63EF
Authority key identifier: 7F:56:F2:89:48:C8:32:F2:D4:34:BB:44:D5:DE:0E:A1:22:60:1B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1byiUjIMvLUNLtE1d4OoSJgGwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/OAPSYdzePqirTtgZiXoFqPj5HRQ.roa
Signing time:             Mon 01 Jan 2024 16:29:37 +0000
ROA not before:           Mon 01 Jan 2024 16:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203096
IP address blocks:        185.40.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/f1byiUjIMvLUNLtE1d4OoSJgGwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/f1byiUjIMvLUNLtE1d4OoSJgGwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1byiUjIMvLUNLtE1d4OoSJgGwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 07:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fc:0c:1d:8f:40:ac:60:d7:44:0c:97:df:63:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f56f28948c832f2d434bb44d5de0ea122601b05
        Validity
            Not Before: Jan  1 16:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3803d261dcde3ea8ab4ed819897a05a8f8f91d14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:56:b2:f0:7a:da:02:58:2a:03:55:e2:1b:64:
                    31:ea:77:1a:05:6b:d5:ac:0a:a9:c5:98:fe:c3:d7:
                    f6:dc:12:bf:1c:1c:62:9d:15:16:95:28:d2:08:77:
                    a6:6f:37:ff:e4:c5:66:cd:fa:bf:13:b0:63:dd:1d:
                    61:3b:69:7f:4e:23:35:3a:23:11:00:ba:04:86:e1:
                    73:bf:c7:a2:7c:18:cc:b6:76:7b:21:3f:d0:89:24:
                    53:34:34:02:c6:59:49:f2:62:fc:f9:38:3c:b0:49:
                    30:c4:8f:9c:db:06:6c:e1:14:70:2b:02:37:c4:9c:
                    40:14:ba:e0:16:43:2f:5f:66:0c:33:51:81:6a:96:
                    21:59:9a:3c:39:5e:71:1a:0b:f0:07:83:6e:a4:10:
                    61:7f:4b:6e:f3:09:96:2d:14:0e:ab:43:b4:27:3f:
                    42:f5:2a:94:bc:92:1c:df:50:23:11:b5:f6:4e:19:
                    74:57:16:88:9d:31:cb:c0:3f:ee:03:bf:04:89:f8:
                    04:9b:e7:1a:be:f1:06:d2:82:74:82:d5:57:cd:b6:
                    ae:36:24:14:db:15:22:7f:d3:69:3e:08:75:0c:43:
                    fe:a0:ed:ba:f4:16:25:48:83:db:04:be:1d:8b:ec:
                    1e:60:ae:e2:b2:dd:15:df:bb:3f:95:6c:5e:f8:7f:
                    ba:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:03:D2:61:DC:DE:3E:A8:AB:4E:D8:19:89:7A:05:A8:F8:F9:1D:14
            X509v3 Authority Key Identifier:
                keyid:7F:56:F2:89:48:C8:32:F2:D4:34:BB:44:D5:DE:0E:A1:22:60:1B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1byiUjIMvLUNLtE1d4OoSJgGwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/OAPSYdzePqirTtgZiXoFqPj5HRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/f1byiUjIMvLUNLtE1d4OoSJgGwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:50:31:e5:32:df:c5:5a:aa:ef:7f:29:d3:ae:6c:73:02:3c:
         55:c2:e7:3d:d6:af:05:73:eb:e7:b1:52:84:b8:2d:c6:55:8d:
         26:a9:12:68:f0:50:2c:41:94:91:01:8b:78:7e:98:1d:d8:12:
         e0:b4:45:90:0b:4c:af:0e:6e:bd:76:14:dc:19:84:c3:af:ed:
         b8:54:5a:4a:12:d5:d6:b1:73:d7:e0:0d:c1:fe:41:60:b0:cc:
         9f:af:d4:6c:7d:38:ed:07:47:82:3f:78:09:cf:41:42:1b:d9:
         00:84:e7:91:8f:b1:f5:52:69:2a:50:92:b9:aa:4c:c0:53:be:
         90:e8:c1:ad:da:de:55:1c:ee:f8:3e:39:e2:b4:ed:b7:c0:1c:
         04:48:02:fd:3c:2b:ed:3b:fc:43:b0:07:2c:4d:1e:9d:bc:e9:
         b5:10:b2:32:03:97:e0:85:a7:06:12:f5:86:ab:f8:cb:05:01:
         d5:d5:74:e5:a3:76:f0:eb:cd:f0:ae:a3:e0:fd:11:fe:88:02:
         cd:9d:32:39:20:1a:9d:ce:f4:37:94:7f:00:a4:5c:72:8b:00:
         9c:fd:e3:d6:7c:a4:86:47:cc:ec:ec:70:c2:31:1f:5b:4a:8a:
         3d:33:8b:af:dc:fb:73:b0:1e:fb:b8:ee:86:fa:49:91:88:2a:
         df:46:22:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/wMHY9ArGDXRAyX32PvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTZmMjg5NDhjODMyZjJkNDM0YmI0NGQ1ZGUwZWExMjI2
MDFiMDUwHhcNMjQwMTAxMTYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODAzZDI2MWRjZGUzZWE4YWI0ZWQ4MTk4OTdhMDVhOGY4ZjkxZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFay8HraAlgqA1XiG2Qx6ncaBWvV
rAqpxZj+w9f23BK/HBxinRUWlSjSCHembzf/5MVmzfq/E7Bj3R1hO2l/TiM1OiMR
ALoEhuFzv8eifBjMtnZ7IT/QiSRTNDQCxllJ8mL8+Tg8sEkwxI+c2wZs4RRwKwI3
xJxAFLrgFkMvX2YMM1GBapYhWZo8OV5xGgvwB4NupBBhf0tu8wmWLRQOq0O0Jz9C
9SqUvJIc31AjEbX2Thl0VxaInTHLwD/uA78EifgEm+cavvEG0oJ0gtVXzbauNiQU
2xUif9NpPgh1DEP+oO269BYlSIPbBL4di+weYK7ist0V37s/lWxe+H+6EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgD0mHc3j6oq07YGYl6Baj4+R0UMB8GA1UdIwQY
MBaAFH9W8olIyDLy1DS7RNXeDqEiYBsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFieWlVaklNdkxVTkx0RTFkNE9vU0pnR3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yMWZiY2EtODBlMC00YjhjLTg2MjIt
NGU4NmFkNjRmNzc0LzEvT0FQU1lkemVQcWlyVHRnWmlYb0ZxUGo1SFJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yMWZiY2EtODBlMC00YjhjLTg2MjItNGU4NmFkNjRmNzc0
LzEvZjFieWlVaklNdkxVTkx0RTFkNE9vU0pnR3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuShuMA0G
CSqGSIb3DQEBCwUAA4IBAQBQUDHlMt/FWqrvfynTrmxzAjxVwuc91q8Fc+vnsVKE
uC3GVY0mqRJo8FAsQZSRAYt4fpgd2BLgtEWQC0yvDm69dhTcGYTDr+24VFpKEtXW
sXPX4A3B/kFgsMyfr9RsfTjtB0eCP3gJz0FCG9kAhOeRj7H1UmkqUJK5qkzAU76Q
6MGt2t5VHO74PjnitO23wBwESAL9PCvtO/xDsAcsTR6dvOm1ELIyA5fghacGEvWG
q/jLBQHV1XTlo3bw683wrqPg/RH+iALNnTI5IBqdzvQ3lH8ApFxyiwCc/ePWfKSG
R8zs7HDCMR9bSoo9M4uv3PtzsB77uO6G+kmRiCrfRiJa
-----END CERTIFICATE-----