Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/OY9tCxWaVrnLcCfXnydN5f_oxmk.roa
File:                     OY9tCxWaVrnLcCfXnydN5f_oxmk.roa (raw, json)
Hash identifier:          n4l7HxWW6k0P3NoGI+OeQZzd7J0Pk3ApBYPbQU3iubI=
Subject key identifier:   39:8F:6D:0B:15:9A:56:B9:CB:70:27:D7:9F:27:4D:E5:FF:E8:C6:69
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       018CCA2AA26541AAA4D6813BFC5E84E0EA92
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/OY9tCxWaVrnLcCfXnydN5f_oxmk.roa
Signing time:             Tue 02 Jan 2024 12:34:00 +0000
ROA not before:           Tue 02 Jan 2024 12:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210331
IP address blocks:        185.126.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a2:65:41:aa:a4:d6:81:3b:fc:5e:84:e0:ea:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jan  2 12:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=398f6d0b159a56b9cb7027d79f274de5ffe8c669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:65:ff:7e:1a:74:30:de:09:3c:93:8c:fb:20:
                    44:33:4e:84:e8:88:40:9e:fb:ba:54:b4:ac:74:38:
                    21:f6:9f:57:ca:5a:a9:6e:7a:38:66:22:34:5e:e2:
                    4f:dd:f5:ec:41:02:cd:4f:32:64:fc:6b:71:3d:f2:
                    9e:8f:da:74:d5:f8:ef:c2:34:34:ba:05:1d:12:26:
                    c9:78:16:d9:d8:98:26:f5:b2:c2:9d:85:d5:6b:78:
                    7b:19:a4:e9:b8:96:c6:00:82:dc:c9:b4:16:9c:ae:
                    86:01:d6:e3:7a:7b:f4:49:c7:58:86:10:0b:c5:29:
                    52:2a:4f:1e:95:19:02:ce:31:f8:38:b0:8c:bf:5e:
                    d8:e6:cd:d9:d4:30:c3:f2:e0:5d:13:72:53:d9:05:
                    66:df:51:bb:d3:12:d6:6e:7c:98:e7:ea:30:17:c6:
                    fd:d4:9f:88:69:68:ba:04:1d:92:31:96:6a:9b:31:
                    f2:29:cf:c3:f2:76:82:ed:c1:97:e9:2b:ab:7d:60:
                    f8:73:b4:72:8d:31:d9:a1:c6:75:75:6a:4c:4a:af:
                    52:cf:aa:e9:9d:81:5a:ed:26:c3:32:54:73:73:aa:
                    12:3e:99:72:94:c6:86:15:ce:08:0e:2d:d4:f7:0d:
                    f5:a3:53:94:32:11:0f:c7:a4:ba:fc:17:01:3f:e3:
                    72:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:8F:6D:0B:15:9A:56:B9:CB:70:27:D7:9F:27:4D:E5:FF:E8:C6:69
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/OY9tCxWaVrnLcCfXnydN5f_oxmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:4b:c4:0d:df:3a:7e:b9:2b:ca:e0:e7:ad:a8:6a:dd:5c:50:
         7a:78:70:b2:0a:af:4e:60:a2:33:df:3e:92:3a:bb:f0:34:a2:
         3f:1a:6e:50:9c:3d:8e:58:54:7a:06:ec:08:4b:dc:91:df:31:
         34:04:8b:40:fb:87:cd:f1:d5:8f:8f:35:10:70:a9:64:46:8e:
         33:3a:ee:a5:3b:3e:d5:be:26:1e:b8:93:3a:53:8b:e6:6e:77:
         b7:4f:f1:79:5a:fd:45:3e:b8:d7:2e:93:3a:a1:af:3d:9f:51:
         2e:62:1a:23:a1:7b:7a:d6:10:ca:33:dd:8c:c5:3b:f9:b0:bd:
         d3:f8:ef:6d:bb:18:78:57:f5:8c:c2:c0:a6:5c:f3:24:13:1e:
         56:5f:e3:15:82:0d:33:43:81:77:44:a2:16:cd:ef:fa:45:07:
         49:ff:fe:9c:23:08:66:26:11:bb:7f:6d:7c:bc:f7:b8:b1:01:
         f2:e8:84:91:b6:fd:3c:5b:70:f0:26:7e:e1:fd:45:1f:3e:84:
         51:d4:27:a0:07:9f:65:a0:de:2d:df:6d:1d:15:6d:28:2c:be:
         ad:17:bc:bc:f5:a6:b0:84:05:31:e2:2d:14:18:6b:cf:a2:43:
         b5:62:7b:80:36:78:01:ec:f7:c1:01:dd:f7:28:c8:d0:56:e7:
         d7:cd:21:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKqJlQaqk1oE7/F6E4OqSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjQwMTAyMTIzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOThmNmQwYjE1OWE1NmI5Y2I3MDI3ZDc5ZjI3NGRlNWZmZThjNjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomX/fhp0MN4JPJOM+yBEM06E6IhA
nvu6VLSsdDgh9p9Xylqpbno4ZiI0XuJP3fXsQQLNTzJk/GtxPfKej9p01fjvwjQ0
ugUdEibJeBbZ2Jgm9bLCnYXVa3h7GaTpuJbGAILcybQWnK6GAdbjenv0ScdYhhAL
xSlSKk8elRkCzjH4OLCMv17Y5s3Z1DDD8uBdE3JT2QVm31G70xLWbnyY5+owF8b9
1J+IaWi6BB2SMZZqmzHyKc/D8naC7cGX6SurfWD4c7RyjTHZocZ1dWpMSq9Sz6rp
nYFa7SbDMlRzc6oSPplylMaGFc4IDi3U9w31o1OUMhEPx6S6/BcBP+Ny9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmPbQsVmla5y3An158nTeX/6MZpMB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvT1k5dEN4V2FWcm5MY0NmWG55ZE41Zl9veG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX5dMA0G
CSqGSIb3DQEBCwUAA4IBAQALS8QN3zp+uSvK4OetqGrdXFB6eHCyCq9OYKIz3z6S
OrvwNKI/Gm5QnD2OWFR6BuwIS9yR3zE0BItA+4fN8dWPjzUQcKlkRo4zOu6lOz7V
viYeuJM6U4vmbne3T/F5Wv1FPrjXLpM6oa89n1EuYhojoXt61hDKM92MxTv5sL3T
+O9tuxh4V/WMwsCmXPMkEx5WX+MVgg0zQ4F3RKIWze/6RQdJ//6cIwhmJhG7f218
vPe4sQHy6ISRtv08W3DwJn7h/UUfPoRR1CegB59loN4t320dFW0oLL6tF7y89aaw
hAUx4i0UGGvPokO1YnuANngB7PfBAd33KMjQVufXzSFb
-----END CERTIFICATE-----