Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/O8MPljUcxmuVEM-kiZkhSI4CAP8.roa
File:                     O8MPljUcxmuVEM-kiZkhSI4CAP8.roa (raw, json)
Hash identifier:          WLx+qlgNu1IKI5PP521v9ATAFFCd1t9s/27w0CA8Vlc=
Subject key identifier:   3B:C3:0F:96:35:1C:C6:6B:95:10:CF:A4:89:99:21:48:8E:02:00:FF
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       018CC3B741EAA867DF5E114D93A4B73A7308
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/O8MPljUcxmuVEM-kiZkhSI4CAP8.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24875
IP address blocks:        194.62.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:41:ea:a8:67:df:5e:11:4d:93:a4:b7:3a:73:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bc30f96351cc66b9510cfa4899921488e0200ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2e:1d:82:c4:76:d5:b7:f9:93:04:4f:fa:f1:
                    da:42:17:41:70:30:d1:d3:55:e5:1e:f4:8f:d2:9f:
                    34:8f:78:6b:88:78:47:ac:0b:8c:af:e9:be:a8:6a:
                    69:06:3e:af:3b:51:82:fb:4c:b2:72:ba:f1:c4:17:
                    d5:66:94:81:a9:54:8a:3d:71:bf:23:4e:c0:02:ab:
                    dc:85:34:cf:ac:b6:4b:de:8c:2d:33:e5:c7:9f:df:
                    95:f0:1c:d4:6a:6f:5a:dc:61:c6:25:d2:91:fa:68:
                    a7:05:1a:28:92:3f:7e:3b:b0:7d:3d:fb:ec:b8:5e:
                    e9:1d:a0:61:41:18:3d:5b:95:79:0f:ec:48:cd:99:
                    c3:e5:0a:e1:34:c1:d3:12:e6:1b:da:9e:92:6f:72:
                    b1:2f:07:2e:5e:99:32:18:91:be:eb:17:23:e0:fe:
                    6c:b2:15:29:11:68:1a:27:01:17:70:02:e3:d2:ae:
                    e0:b1:c6:60:e7:2d:4c:eb:98:2f:5f:b1:52:20:0d:
                    16:3d:1f:b6:98:f3:0e:d0:a0:5d:34:64:33:de:64:
                    ac:ee:ef:c9:da:a4:4c:f2:df:77:f8:a3:70:18:01:
                    c8:85:6b:57:3b:ec:81:83:d2:c7:0d:37:b0:f6:62:
                    bb:20:88:06:06:41:79:aa:06:57:dc:46:d6:5f:f2:
                    7b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C3:0F:96:35:1C:C6:6B:95:10:CF:A4:89:99:21:48:8E:02:00:FF
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/O8MPljUcxmuVEM-kiZkhSI4CAP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:db:7e:d6:87:f5:e5:15:40:2b:66:47:47:ae:dd:a6:01:7c:
         d4:d2:4a:82:67:86:d4:1e:83:5a:32:dd:ef:cd:36:31:bf:d4:
         db:9b:45:3f:ff:ef:20:6b:38:0c:b9:fe:a9:48:a9:42:06:58:
         4b:34:e1:cf:3e:b0:c9:30:2c:a9:59:f8:58:f1:7b:ce:ca:6c:
         14:1e:c6:0e:e6:74:cf:e7:68:a3:9e:7c:d1:ff:12:06:49:e4:
         4b:7f:2a:74:5e:67:0e:01:5f:f4:e9:d7:69:50:4d:1e:72:e8:
         ca:11:17:21:01:9c:2f:ea:46:98:a3:2c:a8:a0:c8:4f:1d:44:
         03:1e:81:79:07:df:ab:c9:39:c0:39:ac:4e:a6:d8:f7:37:c9:
         8a:ec:cf:41:0a:4a:bc:ca:6d:5d:2c:c8:f5:b1:c8:90:99:13:
         6b:49:c4:04:24:6e:c5:76:42:c6:90:f0:32:dc:4d:4b:9f:d6:
         87:67:f0:65:89:cf:3d:33:15:6e:f2:3c:32:29:cb:a2:3c:8c:
         9b:90:98:aa:ea:74:81:0b:b7:7c:e2:e7:d3:25:b3:25:09:c1:
         13:59:55:7c:3b:80:41:80:6b:68:e7:b3:ec:c6:fe:3f:93:fb:
         28:62:96:3a:ee:84:66:b6:e9:9d:c6:48:24:16:7c:4a:b8:c6:
         17:bf:15:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0HqqGffXhFNk6S3OnMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmMzMGY5NjM1MWNjNjZiOTUxMGNmYTQ4OTk5MjE0ODhlMDIwMGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS4dgsR21bf5kwRP+vHaQhdBcDDR
01XlHvSP0p80j3hriHhHrAuMr+m+qGppBj6vO1GC+0yycrrxxBfVZpSBqVSKPXG/
I07AAqvchTTPrLZL3owtM+XHn9+V8BzUam9a3GHGJdKR+minBRookj9+O7B9Pfvs
uF7pHaBhQRg9W5V5D+xIzZnD5QrhNMHTEuYb2p6Sb3KxLwcuXpkyGJG+6xcj4P5s
shUpEWgaJwEXcALj0q7gscZg5y1M65gvX7FSIA0WPR+2mPMO0KBdNGQz3mSs7u/J
2qRM8t93+KNwGAHIhWtXO+yBg9LHDTew9mK7IIgGBkF5qgZX3EbWX/J7IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvDD5Y1HMZrlRDPpImZIUiOAgD/MB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvTzhNUGxqVWN4bXVWRU0ta2laa2hTSTRDQVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj4QMA0G
CSqGSIb3DQEBCwUAA4IBAQCw237Wh/XlFUArZkdHrt2mAXzU0kqCZ4bUHoNaMt3v
zTYxv9Tbm0U//+8gazgMuf6pSKlCBlhLNOHPPrDJMCypWfhY8XvOymwUHsYO5nTP
52ijnnzR/xIGSeRLfyp0XmcOAV/06ddpUE0ecujKERchAZwv6kaYoyyooMhPHUQD
HoF5B9+ryTnAOaxOptj3N8mK7M9BCkq8ym1dLMj1sciQmRNrScQEJG7FdkLGkPAy
3E1Ln9aHZ/Blic89MxVu8jwyKcuiPIybkJiq6nSBC7d84ufTJbMlCcETWVV8O4BB
gGto57Psxv4/k/soYpY67oRmtumdxkgkFnxKuMYXvxVj
-----END CERTIFICATE-----