Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/oUdR6XRPPmVUt1Uf3gHDXSutSLc.roa
File:                     oUdR6XRPPmVUt1Uf3gHDXSutSLc.roa (raw, json)
Hash identifier:          +gPzuEpCi3KQpNa5LQ5JuzZ9v5dH1hB8y5R3qCWRZGM=
Subject key identifier:   A1:47:51:E9:74:4F:3E:65:54:B7:55:1F:DE:01:C3:5D:2B:AD:48:B7
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018F9F63BD45B2161A72A0FE7EF7B30A108D
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/oUdR6XRPPmVUt1Uf3gHDXSutSLc.roa
Signing time:             Wed 22 May 2024 08:21:04 +0000
ROA not before:           Wed 22 May 2024 08:21:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215238
IP address blocks:        188.191.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 20:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9f:63:bd:45:b2:16:1a:72:a0:fe:7e:f7:b3:0a:10:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: May 22 08:21:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a14751e9744f3e6554b7551fde01c35d2bad48b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:67:85:5f:97:66:29:14:05:dc:28:28:af:bb:
                    1a:40:25:4d:9f:21:eb:12:17:ce:95:7e:f8:21:ab:
                    88:73:91:c3:fb:6f:4d:cf:08:32:97:e5:61:83:3c:
                    e5:6c:21:85:1b:37:0a:a9:81:fc:df:9f:86:5e:1e:
                    68:d5:32:fc:4e:7e:6d:08:cb:71:10:49:89:43:2c:
                    d2:23:70:28:74:81:54:ce:7f:67:1f:36:7b:21:a9:
                    d0:09:a1:4f:a5:ee:9d:c5:e6:62:a7:2f:87:28:7a:
                    93:4a:bd:ce:e3:1b:7c:af:1a:e4:33:93:a7:c2:3e:
                    2d:fd:f5:76:dc:7a:ec:e5:68:cc:49:f8:9d:dc:cb:
                    9f:4f:e7:0c:d5:9e:9d:a2:d4:5c:ad:78:98:0b:14:
                    b5:33:f2:2c:26:d7:6b:57:a5:7c:a3:0d:e5:d8:e4:
                    6e:47:38:49:3d:8c:23:d1:8b:a8:be:26:93:ff:65:
                    ef:aa:ae:fb:3a:dc:56:b6:82:67:23:b4:8d:6b:5e:
                    c9:3b:29:16:1c:47:39:55:b1:3e:13:a8:8c:80:a2:
                    5b:4f:27:86:9c:0c:b5:44:55:8b:71:ad:d5:31:2e:
                    1c:93:2a:eb:16:f1:92:dc:4e:af:e3:02:de:1f:34:
                    40:7a:85:c4:79:ae:7e:d9:ae:5f:69:7c:6b:33:39:
                    a9:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:47:51:E9:74:4F:3E:65:54:B7:55:1F:DE:01:C3:5D:2B:AD:48:B7
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/oUdR6XRPPmVUt1Uf3gHDXSutSLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:43:35:13:41:04:76:54:51:9e:a2:e6:7d:39:2e:eb:ba:c3:
         b0:20:2b:61:89:92:7c:56:af:38:a4:38:f6:90:c4:c9:01:0f:
         2a:77:f8:0f:7c:c3:b9:28:8f:40:59:22:1e:21:6d:91:c8:e6:
         58:e9:64:e0:49:11:f4:e7:4b:bd:1a:81:04:a0:d9:c0:d9:4d:
         db:48:93:8c:78:1a:e2:7a:25:4f:49:9a:71:27:81:1a:7e:0a:
         d6:f5:9e:c5:28:b0:6a:d5:5f:dd:cb:f1:9b:81:21:33:82:aa:
         4a:fb:8d:50:63:84:9e:72:f8:b8:d1:93:f3:78:6c:87:e5:1a:
         11:da:27:b5:8e:18:84:43:2e:c8:03:02:76:0b:a5:25:01:4b:
         ed:7d:86:4c:90:0f:15:3e:ad:42:ec:19:b8:df:93:27:a2:d9:
         9e:8f:5a:46:a1:04:fa:be:fb:44:4b:05:97:15:80:5c:80:1e:
         36:f5:e6:72:01:34:5c:8d:0b:b8:c3:f2:7f:49:1c:5b:93:6c:
         67:d6:5f:6e:53:0a:71:a1:70:34:00:5b:3c:f9:37:f7:95:fb:
         6d:00:cc:30:7e:86:76:3e:1c:3b:da:35:4b:c2:4e:e2:a2:7a:
         d4:66:28:80:e1:66:85:38:f8:89:3b:e9:44:de:ad:58:47:be:
         5b:50:9f:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+fY71FshYacqD+fvezChCNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwNTIyMDgyMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTQ3NTFlOTc0NGYzZTY1NTRiNzU1MWZkZTAxYzM1ZDJiYWQ0OGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2eFX5dmKRQF3Cgor7saQCVNnyHr
EhfOlX74IauIc5HD+29Nzwgyl+VhgzzlbCGFGzcKqYH835+GXh5o1TL8Tn5tCMtx
EEmJQyzSI3AodIFUzn9nHzZ7IanQCaFPpe6dxeZipy+HKHqTSr3O4xt8rxrkM5On
wj4t/fV23Hrs5WjMSfid3MufT+cM1Z6dotRcrXiYCxS1M/IsJtdrV6V8ow3l2ORu
RzhJPYwj0YuoviaT/2Xvqq77OtxWtoJnI7SNa17JOykWHEc5VbE+E6iMgKJbTyeG
nAy1RFWLca3VMS4ckyrrFvGS3E6v4wLeHzRAeoXEea5+2a5faXxrMzmp7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFHUel0Tz5lVLdVH94Bw10rrUi3MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvb1VkUjZYUlBQbVZVdDFVZjNnSERYU3V0U0xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9rMA0G
CSqGSIb3DQEBCwUAA4IBAQCFQzUTQQR2VFGeouZ9OS7rusOwICthiZJ8Vq84pDj2
kMTJAQ8qd/gPfMO5KI9AWSIeIW2RyOZY6WTgSRH050u9GoEEoNnA2U3bSJOMeBri
eiVPSZpxJ4EafgrW9Z7FKLBq1V/dy/GbgSEzgqpK+41QY4Secvi40ZPzeGyH5RoR
2ie1jhiEQy7IAwJ2C6UlAUvtfYZMkA8VPq1C7Bm435Mnotmej1pGoQT6vvtESwWX
FYBcgB429eZyATRcjQu4w/J/SRxbk2xn1l9uUwpxoXA0AFs8+Tf3lfttAMwwfoZ2
Phw72jVLwk7ionrUZiiA4WaFOPiJO+lE3q1YR75bUJ9Q
-----END CERTIFICATE-----