Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OH-zebMJgl0Wpcu6vWQj-6Rat1Q.roa
File:                     OH-zebMJgl0Wpcu6vWQj-6Rat1Q.roa (raw, json)
Hash identifier:          xyD8GjFZvdslZ1XMpJZ4nsY64o4SKBJ3DKHDgc4P6oY=
Subject key identifier:   38:7F:B3:79:B3:09:82:5D:16:A5:CB:BA:BD:64:23:FB:A4:5A:B7:54
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCD0EF620F7A6D32991DA7468040A2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OH-zebMJgl0Wpcu6vWQj-6Rat1Q.roa
Signing time:             Tue 02 Jan 2024 06:29:23 +0000
ROA not before:           Tue 02 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18097
IP address blocks:        176.125.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d0:ef:62:0f:7a:6d:32:99:1d:a7:46:80:40:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=387fb379b309825d16a5cbbabd6423fba45ab754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8e:66:b1:06:33:3a:ba:56:d5:78:13:14:90:
                    02:51:83:a9:30:2f:f2:b5:b8:e4:be:4e:90:a2:94:
                    96:ba:87:60:73:4a:a0:fa:a0:27:74:c6:72:2e:ac:
                    68:84:b2:5f:b5:d0:62:0c:eb:fb:c9:1a:12:3c:57:
                    0f:d5:5d:d6:20:33:b0:55:14:bb:bb:d8:40:21:85:
                    5d:ec:50:c4:4d:a7:3d:27:4f:ef:b9:05:e3:00:3f:
                    1a:9d:0c:bb:a5:e6:5c:3c:e8:e3:a7:e0:41:e7:3e:
                    33:f8:45:bb:1e:5c:27:54:2c:13:68:f4:b4:1f:3d:
                    9a:64:b6:5b:7a:90:f0:0b:71:46:5e:33:38:ac:67:
                    23:3a:6d:88:ee:0d:9b:6d:31:5b:a2:76:d2:cd:89:
                    5a:6b:b0:7c:5c:b4:dc:b8:da:3b:a7:4b:5c:7d:57:
                    5d:46:23:37:ba:da:16:0f:be:b8:09:72:1e:02:8d:
                    66:12:b8:19:49:e1:7c:0d:2c:a0:6a:ba:c6:41:60:
                    68:25:ab:21:77:22:18:28:70:9d:c9:95:78:97:a8:
                    5e:9d:30:d7:36:d0:40:1b:55:5e:ef:fd:ad:44:1e:
                    3c:9c:b4:95:18:10:bd:0e:90:e5:4d:5e:63:8c:43:
                    d7:0f:01:77:8f:ea:b1:7c:e7:75:4f:f9:6d:74:76:
                    ad:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:7F:B3:79:B3:09:82:5D:16:A5:CB:BA:BD:64:23:FB:A4:5A:B7:54
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OH-zebMJgl0Wpcu6vWQj-6Rat1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.125.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:b1:32:3e:55:79:ba:86:c5:bf:2f:e0:80:6f:88:ba:e5:70:
         53:d5:09:88:ff:8e:8b:51:3f:dc:3b:3a:e2:ab:3e:b7:e1:1b:
         a4:11:a3:50:9d:48:57:b7:21:2c:32:56:10:f8:be:59:88:80:
         38:aa:ae:f9:2d:f9:2f:f5:ff:7f:f7:c8:35:d8:5b:2a:8e:bd:
         c7:ef:33:ed:2d:86:63:9a:92:ef:af:84:e8:46:81:bd:d8:cd:
         97:42:48:f7:e8:63:93:6e:61:57:4b:dd:0d:e0:67:a8:69:a2:
         07:fa:d5:84:86:cc:db:e7:d7:cb:4c:9f:ae:a7:97:2f:0f:20:
         03:65:4e:1b:55:db:a2:a9:42:fb:4b:57:f0:c1:da:c6:83:bb:
         4d:d0:76:a0:fe:4a:a1:ec:b0:b0:ca:e0:0e:9d:b8:69:b2:ef:
         3b:86:d0:d5:93:63:d6:57:7a:9e:2a:f8:be:5a:d5:4a:b7:b8:
         07:98:06:3c:85:76:4d:20:6a:5e:f1:f6:d5:f6:81:57:8d:30:
         f8:62:fd:1f:61:16:cd:fd:6f:d5:d9:9f:09:8e:f6:d9:ec:ea:
         8d:b6:55:7c:7a:de:34:6e:63:7b:43:af:14:dd:7a:75:8b:d6:
         a2:0d:5f:2e:e9:57:36:c3:85:1e:5c:8b:6d:54:13:eb:44:7d:
         40:e9:c8:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NDvYg96bTKZHadGgECiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODdmYjM3OWIzMDk4MjVkMTZhNWNiYmFiZDY0MjNmYmE0NWFiNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlY5msQYzOrpW1XgTFJACUYOpMC/y
tbjkvk6QopSWuodgc0qg+qAndMZyLqxohLJftdBiDOv7yRoSPFcP1V3WIDOwVRS7
u9hAIYVd7FDETac9J0/vuQXjAD8anQy7peZcPOjjp+BB5z4z+EW7HlwnVCwTaPS0
Hz2aZLZbepDwC3FGXjM4rGcjOm2I7g2bbTFbonbSzYlaa7B8XLTcuNo7p0tcfVdd
RiM3utoWD764CXIeAo1mErgZSeF8DSygarrGQWBoJashdyIYKHCdyZV4l6henTDX
NtBAG1Ve7/2tRB48nLSVGBC9DpDlTV5jjEPXDwF3j+qxfOd1T/ltdHatlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDh/s3mzCYJdFqXLur1kI/ukWrdUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT0gtemViTUpnbDBXcGN1NnZXUWotNlJhdDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsH3+MA0G
CSqGSIb3DQEBCwUAA4IBAQCssTI+VXm6hsW/L+CAb4i65XBT1QmI/46LUT/cOzri
qz634RukEaNQnUhXtyEsMlYQ+L5ZiIA4qq75Lfkv9f9/98g12Fsqjr3H7zPtLYZj
mpLvr4ToRoG92M2XQkj36GOTbmFXS90N4GeoaaIH+tWEhszb59fLTJ+up5cvDyAD
ZU4bVduiqUL7S1fwwdrGg7tN0Hag/kqh7LCwyuAOnbhpsu87htDVk2PWV3qeKvi+
WtVKt7gHmAY8hXZNIGpe8fbV9oFXjTD4Yv0fYRbN/W/V2Z8JjvbZ7OqNtlV8et40
bmN7Q68U3Xp1i9aiDV8u6Vc2w4UeXIttVBPrRH1A6cgh
-----END CERTIFICATE-----