Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/oe10k9qSRroAjM_oJLYRDKqoP7k.roa
File:                     oe10k9qSRroAjM_oJLYRDKqoP7k.roa (raw, json)
Hash identifier:          NbJkQ13wL+ZB/2/tOEl/Y/5/tmfK5FIJKSGt5C7AbVg=
Subject key identifier:   A1:ED:74:93:DA:92:46:BA:00:8C:CF:E8:24:B6:11:0C:AA:A8:3F:B9
Certificate issuer:       /CN=0a73778fb1bec28c9982652aede86a004c2682f1
Certificate serial:       018CC500593EDD6E82F83818430A5962EAF6
Authority key identifier: 0A:73:77:8F:B1:BE:C2:8C:99:82:65:2A:ED:E8:6A:00:4C:26:82:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnN3j7G-woyZgmUq7ehqAEwmgvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/oe10k9qSRroAjM_oJLYRDKqoP7k.roa
Signing time:             Mon 01 Jan 2024 12:29:43 +0000
ROA not before:           Mon 01 Jan 2024 12:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.30.28.0/22 maxlen: 22
                          185.38.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/CnN3j7G-woyZgmUq7ehqAEwmgvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/CnN3j7G-woyZgmUq7ehqAEwmgvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnN3j7G-woyZgmUq7ehqAEwmgvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:59:3e:dd:6e:82:f8:38:18:43:0a:59:62:ea:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a73778fb1bec28c9982652aede86a004c2682f1
        Validity
            Not Before: Jan  1 12:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1ed7493da9246ba008ccfe824b6110caaa83fb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:80:1c:9c:d2:90:9a:6e:2e:90:e1:17:8c:1f:
                    0a:c9:3d:48:32:a5:c0:b8:5e:28:61:fd:e9:dc:14:
                    17:20:11:f6:68:b6:9d:7f:dd:cb:44:fa:d0:67:3c:
                    41:a4:c3:39:5f:7f:f6:33:4a:df:bf:02:cf:12:0c:
                    bd:6b:80:c4:fa:0c:4a:46:3e:b2:49:6b:ac:51:4b:
                    52:fb:21:df:ea:ab:eb:9c:49:1f:28:59:32:21:ff:
                    de:5a:91:6b:10:ae:ed:f5:4f:35:78:eb:56:86:bf:
                    ba:1b:75:c4:51:ab:c9:d8:00:b1:d9:d2:ba:c2:bc:
                    de:e8:40:ba:26:21:6c:22:28:82:3c:5d:64:5e:22:
                    8a:91:a2:db:57:2b:97:e4:05:eb:23:fd:d2:c6:16:
                    12:2d:81:4e:ee:9f:26:be:2d:da:d0:25:a5:e6:7d:
                    2f:16:3f:05:86:5f:35:2b:4d:15:02:ab:c9:19:94:
                    b8:e9:13:7d:10:21:af:d3:50:78:46:2b:fa:ae:a8:
                    09:21:ae:07:8a:60:f3:e1:d0:f8:1e:9d:e1:0a:0f:
                    cf:2d:28:92:f8:d2:09:0c:ff:1b:57:87:d7:f5:58:
                    08:e3:89:e3:58:25:a6:3d:76:e6:35:3f:62:9a:c8:
                    e3:9e:28:88:38:84:c5:5f:cf:94:7e:24:c3:03:70:
                    3d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:ED:74:93:DA:92:46:BA:00:8C:CF:E8:24:B6:11:0C:AA:A8:3F:B9
            X509v3 Authority Key Identifier:
                keyid:0A:73:77:8F:B1:BE:C2:8C:99:82:65:2A:ED:E8:6A:00:4C:26:82:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnN3j7G-woyZgmUq7ehqAEwmgvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/oe10k9qSRroAjM_oJLYRDKqoP7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/CnN3j7G-woyZgmUq7ehqAEwmgvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.28.0/22
                  185.38.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:97:11:46:07:a4:b3:21:12:a7:42:fc:6c:0a:8d:a4:b6:15:
         39:fb:b6:61:60:50:12:9e:64:fe:1d:d8:28:33:1d:56:84:44:
         0d:53:52:f6:2b:3c:65:08:e6:7d:ce:6e:61:c0:57:4a:5d:77:
         5a:dc:b5:23:db:90:36:7a:88:23:e7:1c:d4:be:b4:77:67:a7:
         83:20:01:af:c6:dd:61:63:70:01:f9:d8:63:c9:8d:7c:55:40:
         39:84:48:3f:d2:9f:14:ce:65:06:ca:da:09:8f:dc:85:23:c3:
         82:40:30:4f:e2:6a:1f:ed:84:b6:e2:72:85:b3:64:a3:24:c9:
         d3:1f:4b:1f:32:a0:ad:5d:d7:a3:eb:1c:e7:b8:03:c5:f0:84:
         32:1f:82:0d:b8:f9:c5:37:3d:60:87:c4:45:08:51:c6:fd:a5:
         ac:e5:a1:15:c8:e1:e7:15:bc:6e:d5:86:dd:ce:a0:c2:86:16:
         45:97:6b:72:62:f8:e6:8e:78:79:35:4b:8c:fe:f2:79:29:10:
         b3:34:d8:75:e7:43:ba:ee:1b:d0:00:d0:41:36:4c:c1:bc:6a:
         f8:1d:93:91:af:a8:cc:c9:0b:2a:58:2a:c7:2a:b4:cb:38:f0:
         20:d1:f5:ce:a8:7c:77:e3:4b:2c:31:96:0d:29:74:06:25:6f:
         26:6e:eb:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAFk+3W6C+DgYQwpZYur2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzM3NzhmYjFiZWMyOGM5OTgyNjUyYWVkZTg2YTAwNGMy
NjgyZjEwHhcNMjQwMTAxMTIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWVkNzQ5M2RhOTI0NmJhMDA4Y2NmZTgyNGI2MTEwY2FhYTgzZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4AcnNKQmm4ukOEXjB8KyT1IMqXA
uF4oYf3p3BQXIBH2aLadf93LRPrQZzxBpMM5X3/2M0rfvwLPEgy9a4DE+gxKRj6y
SWusUUtS+yHf6qvrnEkfKFkyIf/eWpFrEK7t9U81eOtWhr+6G3XEUavJ2ACx2dK6
wrze6EC6JiFsIiiCPF1kXiKKkaLbVyuX5AXrI/3SxhYSLYFO7p8mvi3a0CWl5n0v
Fj8Fhl81K00VAqvJGZS46RN9ECGv01B4Riv6rqgJIa4HimDz4dD4Hp3hCg/PLSiS
+NIJDP8bV4fX9VgI44njWCWmPXbmNT9imsjjniiIOITFX8+UfiTDA3A9hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKHtdJPakka6AIzP6CS2EQyqqD+5MB8GA1UdIwQY
MBaAFApzd4+xvsKMmYJlKu3oagBMJoLxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25OM2o3Ry13b3laZ21VcTdlaHFBRXdtZ3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9lNmUxNWMtMTJiMC00MGJlLThiYzEt
NTcwOGY1ODBlMzZhLzEvb2UxMGs5cVNScm9Bak1fb0pMWVJES3FvUDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9lNmUxNWMtMTJiMC00MGJlLThiYzEtNTcwOGY1ODBlMzZh
LzEvQ25OM2o3Ry13b3laZ21VcTdlaHFBRXdtZ3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuR4cAwQC
uSbEMA0GCSqGSIb3DQEBCwUAA4IBAQCZlxFGB6SzIRKnQvxsCo2kthU5+7ZhYFAS
nmT+HdgoMx1WhEQNU1L2KzxlCOZ9zm5hwFdKXXda3LUj25A2eogj5xzUvrR3Z6eD
IAGvxt1hY3AB+dhjyY18VUA5hEg/0p8UzmUGytoJj9yFI8OCQDBP4mof7YS24nKF
s2SjJMnTH0sfMqCtXdej6xznuAPF8IQyH4INuPnFNz1gh8RFCFHG/aWs5aEVyOHn
Fbxu1YbdzqDChhZFl2tyYvjmjnh5NUuM/vJ5KRCzNNh150O67hvQANBBNkzBvGr4
HZORr6jMyQsqWCrHKrTLOPAg0fXOqHx340ssMZYNKXQGJW8mbuvb
-----END CERTIFICATE-----