Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/OhbdLljypHnLyvALF1ez4d3glzQ.roa
File:                     OhbdLljypHnLyvALF1ez4d3glzQ.roa (raw, json)
Hash identifier:          0BJeVwJNITNEUfJRvKXPD2DRjg1tZwSHlNP79O6fCgI=
Subject key identifier:   3A:16:DD:2E:58:F2:A4:79:CB:CA:F0:0B:17:57:B3:E1:DD:E0:97:34
Certificate issuer:       /CN=dc41411e93e25d5ec65099569b1b5c5fadc1ae3d
Certificate serial:       018CC7957B9509E35478608E55539BC5D9A4
Authority key identifier: DC:41:41:1E:93:E2:5D:5E:C6:50:99:56:9B:1B:5C:5F:AD:C1:AE:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/OhbdLljypHnLyvALF1ez4d3glzQ.roa
Signing time:             Tue 02 Jan 2024 00:31:51 +0000
ROA not before:           Tue 02 Jan 2024 00:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.248.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 09:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:7b:95:09:e3:54:78:60:8e:55:53:9b:c5:d9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc41411e93e25d5ec65099569b1b5c5fadc1ae3d
        Validity
            Not Before: Jan  2 00:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a16dd2e58f2a479cbcaf00b1757b3e1dde09734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:db:61:19:2c:de:29:68:50:45:38:d5:fe:bb:
                    0b:0f:8c:64:7a:d9:e3:ad:bd:ce:ed:7b:44:4e:1f:
                    ea:43:4a:78:ef:d1:1c:6e:b0:19:e7:2f:3e:f8:fc:
                    6e:e5:79:80:7c:fa:19:f3:0f:2f:d1:49:fb:ae:c6:
                    f8:96:fa:dc:87:3e:02:25:92:c0:9b:64:e7:b0:ec:
                    59:4f:9b:ba:46:c7:2d:1e:a2:7b:ee:32:1c:10:ad:
                    2e:42:21:3b:77:04:03:23:ae:dd:2e:fa:b1:83:be:
                    0c:9f:8c:ca:fe:7d:0a:cf:af:28:82:6b:d7:9f:5a:
                    0d:39:ed:8b:16:1e:86:b9:96:fd:4e:17:6e:93:67:
                    89:10:88:fe:12:98:3e:5f:62:54:88:f3:f0:cd:93:
                    6a:81:28:91:d9:56:14:15:ad:51:0e:65:d9:82:82:
                    78:af:e6:45:01:fb:a1:0e:85:26:1e:50:0a:c6:d5:
                    7e:00:41:74:32:24:ea:c8:42:df:d4:19:9c:8e:c4:
                    b1:c8:50:de:ed:58:1e:5c:71:ae:6e:d5:86:44:72:
                    e1:79:d6:dd:26:d9:16:93:5f:92:a7:a4:3e:d1:2f:
                    91:66:20:08:8d:5b:04:40:63:5b:05:78:ad:23:bd:
                    b3:62:c8:ac:66:9d:bf:09:1e:66:e7:61:70:40:08:
                    a6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:16:DD:2E:58:F2:A4:79:CB:CA:F0:0B:17:57:B3:E1:DD:E0:97:34
            X509v3 Authority Key Identifier:
                keyid:DC:41:41:1E:93:E2:5D:5E:C6:50:99:56:9B:1B:5C:5F:AD:C1:AE:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/OhbdLljypHnLyvALF1ez4d3glzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:80:30:9d:57:40:fc:82:27:bf:e0:a5:12:62:23:0a:dc:39:
         48:d5:32:3a:16:5e:9a:d2:84:b3:b2:36:c7:ad:d2:af:7c:f8:
         99:3e:46:c9:20:a1:a0:8b:b9:8e:f6:93:b9:fa:29:e7:ce:1a:
         e5:ab:1b:a9:e6:41:73:13:9b:01:1b:df:9f:df:16:11:a2:1e:
         5d:46:d6:51:d0:f1:41:a9:87:f0:96:1f:7f:a8:ae:0f:f0:04:
         21:79:47:28:9c:43:87:cb:ff:11:4d:4d:59:7f:ff:df:61:8f:
         78:bf:29:97:04:6f:64:79:47:25:6f:8e:a0:6d:97:91:de:4c:
         3f:43:2c:26:13:4e:5c:8c:ad:eb:a5:68:95:c5:28:7c:81:78:
         b0:28:8b:ba:a2:0f:8c:00:91:40:df:c5:4a:55:c8:9f:89:1f:
         cd:d4:80:ac:cd:29:59:d4:b7:a1:bf:ec:e1:f6:df:9f:b3:77:
         ac:d9:20:21:c3:c1:66:76:34:a8:ae:b4:1e:fd:a9:89:2b:9b:
         e1:f8:5e:4a:51:13:7c:3f:d9:d9:2d:c1:9f:e1:f6:c6:f5:e6:
         05:20:86:54:4f:d8:6b:a5:98:40:1c:d3:aa:9f:46:ad:b7:96:
         8a:da:31:56:87:73:7b:aa:b5:2c:eb:a4:66:bd:50:7b:30:83:
         aa:f0:5e:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlXuVCeNUeGCOVVObxdmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDE0MTFlOTNlMjVkNWVjNjUwOTk1NjliMWI1YzVmYWRj
MWFlM2QwHhcNMjQwMTAyMDAzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTE2ZGQyZTU4ZjJhNDc5Y2JjYWYwMGIxNzU3YjNlMWRkZTA5NzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltthGSzeKWhQRTjV/rsLD4xketnj
rb3O7XtETh/qQ0p479EcbrAZ5y8++Pxu5XmAfPoZ8w8v0Un7rsb4lvrchz4CJZLA
m2TnsOxZT5u6RsctHqJ77jIcEK0uQiE7dwQDI67dLvqxg74Mn4zK/n0Kz68ogmvX
n1oNOe2LFh6GuZb9Thduk2eJEIj+Epg+X2JUiPPwzZNqgSiR2VYUFa1RDmXZgoJ4
r+ZFAfuhDoUmHlAKxtV+AEF0MiTqyELf1BmcjsSxyFDe7VgeXHGubtWGRHLhedbd
JtkWk1+Sp6Q+0S+RZiAIjVsEQGNbBXitI72zYsisZp2/CR5m52FwQAimTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoW3S5Y8qR5y8rwCxdXs+Hd4Jc0MB8GA1UdIwQY
MBaAFNxBQR6T4l1exlCZVpsbXF+twa49MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VGQkhwUGlYVjdHVUpsV214dGNYNjNCcmowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8zZDQ3MzEtOGNmMy00MzI3LWFlNmEt
NTEzODdkMTYwYmE5LzEvT2hiZExsanlwSG5MeXZBTEYxZXo0ZDNnbHpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8zZDQ3MzEtOGNmMy00MzI3LWFlNmEtNTEzODdkMTYwYmE5
LzEvM0VGQkhwUGlYVjdHVUpsV214dGNYNjNCcmowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufgzMA0G
CSqGSIb3DQEBCwUAA4IBAQBlgDCdV0D8gie/4KUSYiMK3DlI1TI6Fl6a0oSzsjbH
rdKvfPiZPkbJIKGgi7mO9pO5+innzhrlqxup5kFzE5sBG9+f3xYRoh5dRtZR0PFB
qYfwlh9/qK4P8AQheUconEOHy/8RTU1Zf//fYY94vymXBG9keUclb46gbZeR3kw/
QywmE05cjK3rpWiVxSh8gXiwKIu6og+MAJFA38VKVcifiR/N1ICszSlZ1Lehv+zh
9t+fs3es2SAhw8FmdjSorrQe/amJK5vh+F5KURN8P9nZLcGf4fbG9eYFIIZUT9hr
pZhAHNOqn0att5aK2jFWh3N7qrUs66RmvVB7MIOq8F4l
-----END CERTIFICATE-----