Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ohBR9gaWvOXtYQXcgJqGDXdvhgc.roa
File:                     ohBR9gaWvOXtYQXcgJqGDXdvhgc.roa (raw, json)
Hash identifier:          mcNhcVpEskMv8R65sPOBOnqGWcTvjsQlG35vlEkEVE4=
Subject key identifier:   A2:10:51:F6:06:96:BC:E5:ED:61:05:DC:80:9A:86:0D:77:6F:86:07
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC4DDB81FDB4D3AF43869FC98518D1
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ohBR9gaWvOXtYQXcgJqGDXdvhgc.roa
Signing time:             Mon 01 Jan 2024 16:29:58 +0000
ROA not before:           Mon 01 Jan 2024 16:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61378
IP address blocks:        195.19.193.0/24 maxlen: 24
                          194.226.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4d:db:81:fd:b4:d3:af:43:86:9f:c9:85:18:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a21051f60696bce5ed6105dc809a860d776f8607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2e:c9:30:28:2d:a8:d3:ec:cb:ee:6c:da:41:
                    1a:4f:73:0b:ac:93:8e:83:c7:06:30:ec:80:25:2d:
                    4a:ee:8f:71:41:82:2c:af:2d:a9:a7:74:c1:df:88:
                    ce:65:d1:4b:dc:63:62:de:3f:3c:61:2d:73:d6:34:
                    a1:65:db:dc:a5:a5:5b:5a:36:07:df:f1:0e:f2:ca:
                    39:88:78:5c:b2:c4:d5:15:7c:d8:56:d1:30:78:19:
                    27:2e:6b:a2:03:09:c4:46:ad:f2:7d:cd:de:b1:6b:
                    93:48:ef:61:47:e1:58:3e:ac:fa:92:9f:c9:5d:be:
                    91:7e:d4:5d:2b:c2:0c:9a:6a:67:24:52:2f:98:7f:
                    9f:4d:95:b4:3f:de:bd:e8:c5:76:e9:93:20:8f:04:
                    a0:ea:25:3b:2e:fc:1e:0b:ea:a6:3d:e6:2a:4e:3c:
                    6b:13:bf:50:33:96:7f:68:b6:e5:00:71:3b:9c:a4:
                    d4:3e:23:b7:95:1a:e7:cd:0e:7d:a4:a6:d0:5d:37:
                    29:2c:0f:a7:d3:5f:80:fb:10:02:14:98:53:02:48:
                    5b:49:ab:49:9e:91:e2:8b:ec:93:4e:aa:71:ca:05:
                    be:23:05:38:d3:d9:e8:3f:eb:f8:4a:9a:95:41:46:
                    d3:c1:8c:b8:2f:5b:bc:82:98:09:9a:57:ea:c6:d8:
                    e0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:10:51:F6:06:96:BC:E5:ED:61:05:DC:80:9A:86:0D:77:6F:86:07
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ohBR9gaWvOXtYQXcgJqGDXdvhgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.226.182.0/24
                  195.19.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:4d:72:cb:2a:bd:b1:2e:29:e8:2a:11:8d:8a:8e:7e:5d:70:
         4b:8f:95:9c:e3:19:7f:8e:81:f8:75:45:bb:b3:b8:44:6e:8c:
         58:b9:c5:c1:b0:2c:d6:7a:73:66:c6:0f:03:71:d1:f5:dd:f2:
         52:d1:98:0c:69:99:89:88:ce:38:41:3e:88:dc:57:e6:de:da:
         54:70:b8:5a:3e:df:9a:a2:d2:f3:8e:6d:94:d1:92:ba:34:1f:
         7d:e9:35:0f:f6:63:a0:46:3f:26:24:8a:da:f4:d1:58:ea:86:
         84:88:e2:91:26:60:5f:38:24:b2:3b:2d:83:03:9f:68:67:75:
         2b:6e:82:bc:2c:ee:85:58:3d:a5:80:74:4b:34:68:3a:51:d1:
         c1:4e:4e:0a:16:c6:5c:d8:65:6c:d7:15:42:5b:f7:cf:a5:96:
         68:19:9a:59:71:8a:ef:69:ca:06:18:ad:9d:7e:51:27:2e:6e:
         52:35:ae:6a:9f:d8:f8:fc:92:34:f4:f7:55:08:9e:0a:d0:06:
         79:1e:b4:91:b2:6c:ec:b0:31:5a:9f:16:c2:3e:e9:d9:09:8f:
         86:dd:f5:bb:0f:27:dd:3c:0c:ef:cf:ae:3c:52:e0:dd:ad:67:
         28:6d:8c:36:54:9e:09:3c:ec:34:d8:5f:44:b4:1f:58:6a:6e:
         6f:26:ea:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3E3bgf20069Dhp/JhRjRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjEwNTFmNjA2OTZiY2U1ZWQ2MTA1ZGM4MDlhODYwZDc3NmY4NjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS7JMCgtqNPsy+5s2kEaT3MLrJOO
g8cGMOyAJS1K7o9xQYIsry2pp3TB34jOZdFL3GNi3j88YS1z1jShZdvcpaVbWjYH
3/EO8so5iHhcssTVFXzYVtEweBknLmuiAwnERq3yfc3esWuTSO9hR+FYPqz6kp/J
Xb6RftRdK8IMmmpnJFIvmH+fTZW0P9696MV26ZMgjwSg6iU7LvweC+qmPeYqTjxr
E79QM5Z/aLblAHE7nKTUPiO3lRrnzQ59pKbQXTcpLA+n01+A+xACFJhTAkhbSatJ
npHii+yTTqpxygW+IwU409noP+v4SpqVQUbTwYy4L1u8gpgJmlfqxtjgzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKIQUfYGlrzl7WEF3ICahg13b4YHMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvb2hCUjlnYVd2T1h0WVFYY2dKcUdEWGR2aGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwuK2AwQA
wxPBMA0GCSqGSIb3DQEBCwUAA4IBAQAxTXLLKr2xLinoKhGNio5+XXBLj5Wc4xl/
joH4dUW7s7hEboxYucXBsCzWenNmxg8DcdH13fJS0ZgMaZmJiM44QT6I3Ffm3tpU
cLhaPt+aotLzjm2U0ZK6NB996TUP9mOgRj8mJIra9NFY6oaEiOKRJmBfOCSyOy2D
A59oZ3UrboK8LO6FWD2lgHRLNGg6UdHBTk4KFsZc2GVs1xVCW/fPpZZoGZpZcYrv
acoGGK2dflEnLm5SNa5qn9j4/JI09PdVCJ4K0AZ5HrSRsmzssDFanxbCPunZCY+G
3fW7DyfdPAzvz648UuDdrWcobYw2VJ4JPOw02F9EtB9Yam5vJuoQ
-----END CERTIFICATE-----