Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/OZ_8W8_sHM7OdSRujZZB9tSCwgE.roa
File:                     OZ_8W8_sHM7OdSRujZZB9tSCwgE.roa (raw, json)
Hash identifier:          Nm2ZArPDKUXZPPdKS22J59NZ4bYkXOS5wJ6S+smF/78=
Subject key identifier:   39:9F:FC:5B:CF:EC:1C:CE:CE:75:24:6E:8D:96:41:F6:D4:82:C2:01
Certificate issuer:       /CN=730e19bf2f2fdb730232da2c4551a312ba3e2ee2
Certificate serial:       018CC4253B53F00FDB429EA62A7A8C19AE89
Authority key identifier: 73:0E:19:BF:2F:2F:DB:73:02:32:DA:2C:45:51:A3:12:BA:3E:2E:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cw4Zvy8v23MCMtosRVGjEro-LuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/OZ_8W8_sHM7OdSRujZZB9tSCwgE.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201863
IP address blocks:        93.190.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/cw4Zvy8v23MCMtosRVGjEro-LuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/cw4Zvy8v23MCMtosRVGjEro-LuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cw4Zvy8v23MCMtosRVGjEro-LuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3b:53:f0:0f:db:42:9e:a6:2a:7a:8c:19:ae:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=730e19bf2f2fdb730232da2c4551a312ba3e2ee2
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=399ffc5bcfec1ccece75246e8d9641f6d482c201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c4:ed:42:b5:6f:3c:35:e1:51:14:68:8b:6e:
                    58:36:d9:23:b2:a5:6f:eb:e3:06:82:77:60:3c:4c:
                    cd:3b:28:3b:d7:df:9a:13:30:67:13:ed:85:64:54:
                    96:34:ad:ec:e9:07:7c:3e:5a:05:a6:7d:0b:af:5b:
                    c8:47:5f:e4:4d:ea:cd:a1:96:23:57:46:5e:00:7b:
                    39:04:56:8e:08:f9:0f:d7:8a:da:98:b3:53:86:f6:
                    e5:ea:4d:9b:40:ba:f2:96:bd:7a:36:02:1d:75:36:
                    4f:2b:eb:84:aa:7a:98:e4:50:79:e3:7e:f2:70:99:
                    76:8a:66:f8:00:34:02:71:f6:ad:c3:1c:29:14:c4:
                    34:aa:10:6b:29:a3:2f:33:52:95:ce:fd:12:e5:b0:
                    83:51:5a:ed:32:a7:54:76:ec:e6:14:a7:4f:c7:f7:
                    d0:e9:48:f7:5a:71:16:de:b1:ad:b0:72:80:25:74:
                    e3:34:81:c1:ef:1f:07:0b:ca:28:1d:36:ff:4d:c9:
                    fb:5e:77:c8:23:e4:c7:4e:69:d7:d9:f6:a7:48:06:
                    a7:fe:0e:12:91:4c:9c:99:6c:7a:e5:95:5b:6a:9a:
                    8e:19:3b:8b:a7:56:6e:64:b9:87:ee:ec:33:86:f1:
                    c3:27:bf:ec:f3:46:62:9d:5a:c1:aa:82:a8:ad:d5:
                    f6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:9F:FC:5B:CF:EC:1C:CE:CE:75:24:6E:8D:96:41:F6:D4:82:C2:01
            X509v3 Authority Key Identifier:
                keyid:73:0E:19:BF:2F:2F:DB:73:02:32:DA:2C:45:51:A3:12:BA:3E:2E:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cw4Zvy8v23MCMtosRVGjEro-LuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/OZ_8W8_sHM7OdSRujZZB9tSCwgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/cw4Zvy8v23MCMtosRVGjEro-LuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ea:d2:a5:73:ff:f4:db:5b:d0:87:92:6c:8a:5d:c6:f6:49:5a:
         15:87:5b:b0:88:ed:d5:5d:5a:da:ea:d2:a7:6a:31:85:94:87:
         97:7d:a2:74:cf:5d:bd:b9:be:b2:3b:10:bf:6a:aa:c7:52:23:
         ce:46:ee:15:01:49:f3:ff:ff:34:22:27:04:c3:2f:5e:56:68:
         91:93:8f:f8:21:e4:85:9f:7f:ad:da:6e:a3:08:d7:28:57:59:
         f7:78:94:9c:e9:30:4c:1b:60:70:48:68:2d:e4:60:b2:5b:15:
         ba:b8:63:ae:75:e2:ff:cf:bd:93:ef:ff:9d:8d:65:e6:80:44:
         a6:e0:0e:fe:b7:e6:70:d5:0a:11:a1:b6:4e:c2:1f:dd:4f:2a:
         ec:8a:92:4d:3b:58:ab:0d:a2:5c:80:b9:22:ca:2e:02:40:8f:
         ae:e4:70:9d:a2:57:0a:48:8f:1a:b5:34:9f:66:5e:57:48:13:
         74:1c:87:77:51:bf:af:9f:b4:c2:6d:f9:d4:f8:c1:31:b3:8c:
         3f:b7:47:2a:8b:de:19:ed:c3:87:6f:48:ae:70:f4:81:c3:49:
         f8:8c:db:8f:6b:44:cb:5e:16:cb:9c:93:77:22:49:cb:4c:27:
         6c:30:f6:8c:6c:23:bb:39:1f:45:0b:9f:a5:12:4e:90:fe:99:
         79:d8:f2:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTtT8A/bQp6mKnqMGa6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMGUxOWJmMmYyZmRiNzMwMjMyZGEyYzQ1NTFhMzEyYmEz
ZTJlZTIwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTlmZmM1YmNmZWMxY2NlY2U3NTI0NmU4ZDk2NDFmNmQ0ODJjMjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8TtQrVvPDXhURRoi25YNtkjsqVv
6+MGgndgPEzNOyg719+aEzBnE+2FZFSWNK3s6Qd8PloFpn0Lr1vIR1/kTerNoZYj
V0ZeAHs5BFaOCPkP14ramLNThvbl6k2bQLrylr16NgIddTZPK+uEqnqY5FB5437y
cJl2imb4ADQCcfatwxwpFMQ0qhBrKaMvM1KVzv0S5bCDUVrtMqdUduzmFKdPx/fQ
6Uj3WnEW3rGtsHKAJXTjNIHB7x8HC8ooHTb/Tcn7XnfII+THTmnX2fanSAan/g4S
kUycmWx65ZVbapqOGTuLp1ZuZLmH7uwzhvHDJ7/s80ZinVrBqoKordX27QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmf/FvP7BzOznUkbo2WQfbUgsIBMB8GA1UdIwQY
MBaAFHMOGb8vL9tzAjLaLEVRoxK6Pi7iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3c0WnZ5OHYyM01DTXRvc1JWR2pFcm8tTHVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lODE3NTUtNDU5Mi00ZjIwLWFmNzAt
Y2FmOTUxZTE1MzFkLzEvT1pfOFc4X3NITTdPZFNSdWpaWkI5dFNDd2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lODE3NTUtNDU5Mi00ZjIwLWFmNzAtY2FmOTUxZTE1MzFk
LzEvY3c0WnZ5OHYyM01DTXRvc1JWR2pFcm8tTHVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb7YMA0G
CSqGSIb3DQEBCwUAA4IBAQDq0qVz//TbW9CHkmyKXcb2SVoVh1uwiO3VXVra6tKn
ajGFlIeXfaJ0z129ub6yOxC/aqrHUiPORu4VAUnz//80IicEwy9eVmiRk4/4IeSF
n3+t2m6jCNcoV1n3eJSc6TBMG2BwSGgt5GCyWxW6uGOudeL/z72T7/+djWXmgESm
4A7+t+Zw1QoRobZOwh/dTyrsipJNO1irDaJcgLkiyi4CQI+u5HCdolcKSI8atTSf
Zl5XSBN0HId3Ub+vn7TCbfnU+MExs4w/t0cqi94Z7cOHb0iucPSBw0n4jNuPa0TL
XhbLnJN3IknLTCdsMPaMbCO7OR9FC5+lEk6Q/pl52PKx
-----END CERTIFICATE-----