Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/662070-3677-4712-a4cf-a2b7b0396bd6/1/OiJAjdVJ8clidSyh23Y7JUs8_mg.roa
File:                     OiJAjdVJ8clidSyh23Y7JUs8_mg.roa (raw, json)
Hash identifier:          Cl5IfwBKinlBN3WXEXoGyT4vaShIls0pviBnOmW6nFI=
Subject key identifier:   3A:22:40:8D:D5:49:F1:C9:62:75:2C:A1:DB:76:3B:25:4B:3C:FE:68
Certificate issuer:       /CN=147341d30575144be32cd7c8e3ebd4c6329a3141
Certificate serial:       018EE8B6EDEF5840ACF14D440F589318E743
Authority key identifier: 14:73:41:D3:05:75:14:4B:E3:2C:D7:C8:E3:EB:D4:C6:32:9A:31:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FHNB0wV1FEvjLNfI4-vUxjKaMUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/662070-3677-4712-a4cf-a2b7b0396bd6/1/OiJAjdVJ8clidSyh23Y7JUs8_mg.roa
Signing time:             Tue 16 Apr 2024 21:01:26 +0000
ROA not before:           Tue 16 Apr 2024 21:01:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        185.134.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/662070-3677-4712-a4cf-a2b7b0396bd6/1/FHNB0wV1FEvjLNfI4-vUxjKaMUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/662070-3677-4712-a4cf-a2b7b0396bd6/1/FHNB0wV1FEvjLNfI4-vUxjKaMUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FHNB0wV1FEvjLNfI4-vUxjKaMUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 00:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e8:b6:ed:ef:58:40:ac:f1:4d:44:0f:58:93:18:e7:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=147341d30575144be32cd7c8e3ebd4c6329a3141
        Validity
            Not Before: Apr 16 21:01:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a22408dd549f1c962752ca1db763b254b3cfe68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:84:e4:7a:8a:9e:0e:80:76:00:5e:6a:fe:8b:
                    f6:96:19:b3:75:f0:10:bf:92:62:dd:52:4f:95:a0:
                    70:3b:54:d5:19:9e:28:29:93:60:f7:16:d0:1a:d6:
                    c1:6c:5d:dc:e7:c0:cc:cb:0a:cc:ba:6b:14:3d:2f:
                    05:4f:ae:85:34:d0:f5:97:f3:5d:34:4e:fc:7f:33:
                    a0:8f:70:2a:e7:91:d2:f1:b8:ea:0d:fe:9d:85:0e:
                    34:6e:ee:ab:a4:7a:5b:1e:01:42:0b:d0:6f:b2:61:
                    08:66:a8:1b:74:d3:ef:4a:d7:b5:e2:5d:f0:07:4d:
                    52:43:24:08:b0:5a:6b:73:32:c7:30:7d:78:c6:29:
                    8e:78:ad:8b:b2:d7:34:b8:95:a2:08:cb:c1:19:14:
                    91:65:23:c2:ea:93:ba:0c:c9:7a:66:de:9f:8d:b6:
                    88:aa:41:61:ed:67:45:92:b7:a1:c7:4d:d4:d7:fb:
                    b3:fd:aa:6d:13:6d:5c:51:37:79:51:09:1c:c8:da:
                    30:83:62:14:aa:5a:66:95:62:4e:bf:7e:10:d3:9b:
                    73:59:3d:c7:90:8a:bd:5a:e4:01:ee:93:a8:14:5c:
                    cf:1e:cb:13:4e:1f:29:9b:24:bb:f4:b9:6c:03:5b:
                    f2:ed:65:2b:0d:44:fa:d6:c4:23:cf:ea:a2:16:26:
                    cd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:22:40:8D:D5:49:F1:C9:62:75:2C:A1:DB:76:3B:25:4B:3C:FE:68
            X509v3 Authority Key Identifier:
                keyid:14:73:41:D3:05:75:14:4B:E3:2C:D7:C8:E3:EB:D4:C6:32:9A:31:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FHNB0wV1FEvjLNfI4-vUxjKaMUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/662070-3677-4712-a4cf-a2b7b0396bd6/1/OiJAjdVJ8clidSyh23Y7JUs8_mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/662070-3677-4712-a4cf-a2b7b0396bd6/1/FHNB0wV1FEvjLNfI4-vUxjKaMUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:02:ac:a1:77:c5:38:17:c7:3b:7f:b4:50:d3:39:82:18:c9:
         56:25:71:54:c5:b8:71:bf:c1:55:df:ba:a9:c3:72:5e:74:8c:
         b7:af:1d:8a:9a:00:f7:cb:38:1b:73:a3:ad:76:aa:2f:9d:cb:
         88:fc:a5:db:67:4e:1e:9b:9f:ce:94:35:84:ab:8a:43:37:ae:
         cd:ae:a1:9e:a8:0c:8b:04:d1:97:ec:b9:19:74:21:59:56:46:
         97:32:72:57:90:cf:a8:fd:d0:6e:3e:93:ec:a8:51:5b:86:1c:
         c2:84:a7:03:05:4f:fe:ff:7e:69:d7:24:dd:1e:14:45:e9:e5:
         6a:db:b8:41:c2:f5:04:82:99:f9:b2:61:82:3b:e7:8e:46:90:
         23:81:d5:53:e6:ba:f0:5a:c4:5e:26:d9:2a:9b:8e:90:ff:f9:
         e0:0e:88:95:3d:4b:d7:eb:c1:b6:45:3f:21:6d:61:37:8e:05:
         85:57:66:49:b3:fa:5d:92:75:7a:97:f6:09:cc:a7:e4:c9:40:
         7e:4f:59:05:08:c8:47:10:4c:b5:92:ad:72:36:94:bd:66:7b:
         b3:0e:09:eb:3c:4a:07:b9:13:1f:1f:5b:84:45:7f:70:75:00:
         9b:4d:88:f9:c9:9f:84:41:e2:c5:5c:eb:57:3a:d1:d5:30:10:
         7b:29:31:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7otu3vWECs8U1ED1iTGOdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NzM0MWQzMDU3NTE0NGJlMzJjZDdjOGUzZWJkNGM2MzI5
YTMxNDEwHhcNMjQwNDE2MjEwMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTIyNDA4ZGQ1NDlmMWM5NjI3NTJjYTFkYjc2M2IyNTRiM2NmZTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14TkeoqeDoB2AF5q/ov2lhmzdfAQ
v5Ji3VJPlaBwO1TVGZ4oKZNg9xbQGtbBbF3c58DMywrMumsUPS8FT66FNND1l/Nd
NE78fzOgj3Aq55HS8bjqDf6dhQ40bu6rpHpbHgFCC9BvsmEIZqgbdNPvSte14l3w
B01SQyQIsFprczLHMH14ximOeK2Lstc0uJWiCMvBGRSRZSPC6pO6DMl6Zt6fjbaI
qkFh7WdFkrehx03U1/uz/aptE21cUTd5UQkcyNowg2IUqlpmlWJOv34Q05tzWT3H
kIq9WuQB7pOoFFzPHssTTh8pmyS79LlsA1vy7WUrDUT61sQjz+qiFibN4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoiQI3VSfHJYnUsodt2OyVLPP5oMB8GA1UdIwQY
MBaAFBRzQdMFdRRL4yzXyOPr1MYymjFBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkhOQjB3VjFGRXZqTE5mSTQtdlV4akthTVVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi82NjIwNzAtMzY3Ny00NzEyLWE0Y2Yt
YTJiN2IwMzk2YmQ2LzEvT2lKQWpkVko4Y2xpZFN5aDIzWTdKVXM4X21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi82NjIwNzAtMzY3Ny00NzEyLWE0Y2YtYTJiN2IwMzk2YmQ2
LzEvRkhOQjB3VjFGRXZqTE5mSTQtdlV4akthTVVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYanMA0G
CSqGSIb3DQEBCwUAA4IBAQB8Aqyhd8U4F8c7f7RQ0zmCGMlWJXFUxbhxv8FV37qp
w3JedIy3rx2KmgD3yzgbc6OtdqovncuI/KXbZ04em5/OlDWEq4pDN67NrqGeqAyL
BNGX7LkZdCFZVkaXMnJXkM+o/dBuPpPsqFFbhhzChKcDBU/+/35p1yTdHhRF6eVq
27hBwvUEgpn5smGCO+eORpAjgdVT5rrwWsReJtkqm46Q//ngDoiVPUvX68G2RT8h
bWE3jgWFV2ZJs/pdknV6l/YJzKfkyUB+T1kFCMhHEEy1kq1yNpS9ZnuzDgnrPEoH
uRMfH1uERX9wdQCbTYj5yZ+EQeLFXOtXOtHVMBB7KTG5
-----END CERTIFICATE-----