Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/476253-2788-4519-beba-98be335f3c54/1/okHGe2tEUdAq6EWzMEQJSAcgCUw.roa
File:                     okHGe2tEUdAq6EWzMEQJSAcgCUw.roa (raw, json)
Hash identifier:          Lomk9S59psJjTd4fiLSeS+yPGt4K2YDMCol4PCFIm20=
Subject key identifier:   A2:41:C6:7B:6B:44:51:D0:2A:E8:45:B3:30:44:09:48:07:20:09:4C
Certificate issuer:       /CN=a49f6266f61a1eccd4dee094cc71c6db86bbb37b
Certificate serial:       018CCA2A1DB052397CE74C7CEAA27326D4B4
Authority key identifier: A4:9F:62:66:F6:1A:1E:CC:D4:DE:E0:94:CC:71:C6:DB:86:BB:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJ9iZvYaHszU3uCUzHHG24a7s3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/476253-2788-4519-beba-98be335f3c54/1/okHGe2tEUdAq6EWzMEQJSAcgCUw.roa
Signing time:             Tue 02 Jan 2024 12:33:26 +0000
ROA not before:           Tue 02 Jan 2024 12:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51269
IP address blocks:        185.149.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/476253-2788-4519-beba-98be335f3c54/1/pJ9iZvYaHszU3uCUzHHG24a7s3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/476253-2788-4519-beba-98be335f3c54/1/pJ9iZvYaHszU3uCUzHHG24a7s3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJ9iZvYaHszU3uCUzHHG24a7s3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1d:b0:52:39:7c:e7:4c:7c:ea:a2:73:26:d4:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a49f6266f61a1eccd4dee094cc71c6db86bbb37b
        Validity
            Not Before: Jan  2 12:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a241c67b6b4451d02ae845b3304409480720094c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b1:2d:88:35:9e:76:4d:c1:89:b3:ba:6a:c5:
                    3d:5d:cb:3f:a1:d2:34:3e:4e:b2:cc:35:fe:9e:9d:
                    80:00:0a:42:df:9f:15:e0:d8:51:13:c1:dc:ea:c0:
                    39:fc:ea:d7:4c:f8:9a:ae:b2:c5:f1:cc:36:74:6a:
                    2e:33:88:cf:3e:00:3e:a7:33:b8:f6:e4:d4:27:7a:
                    49:82:4f:d5:60:40:32:32:92:a1:46:99:39:c4:29:
                    ef:08:12:de:f7:29:08:d7:ae:26:5f:83:a7:1a:1c:
                    cb:8e:30:3d:74:4a:34:c3:8b:d8:9d:de:77:ae:bd:
                    99:9d:72:e6:4e:17:c9:16:fe:47:34:2e:74:8c:64:
                    b2:fa:9f:81:fa:a8:0d:4e:cd:4a:61:5f:78:1e:28:
                    d0:c3:1b:8b:5a:88:9d:62:3f:e4:15:12:59:f9:a0:
                    5e:0e:6f:1b:eb:e6:5e:1d:f0:2a:70:90:d4:66:91:
                    4e:ba:b7:c0:a6:86:51:a2:7d:92:b8:3b:a0:a6:31:
                    32:71:66:14:4a:72:3f:02:84:82:03:05:27:af:4a:
                    20:08:c6:7f:c4:dd:35:58:4e:2b:21:d1:ca:ba:6f:
                    9f:2d:c1:03:22:00:e4:0d:f9:94:fa:7c:77:d5:1b:
                    84:0f:40:47:0d:d1:70:0e:e3:80:c2:77:b3:29:23:
                    7e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:41:C6:7B:6B:44:51:D0:2A:E8:45:B3:30:44:09:48:07:20:09:4C
            X509v3 Authority Key Identifier:
                keyid:A4:9F:62:66:F6:1A:1E:CC:D4:DE:E0:94:CC:71:C6:DB:86:BB:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJ9iZvYaHszU3uCUzHHG24a7s3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/476253-2788-4519-beba-98be335f3c54/1/okHGe2tEUdAq6EWzMEQJSAcgCUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/476253-2788-4519-beba-98be335f3c54/1/pJ9iZvYaHszU3uCUzHHG24a7s3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:cc:95:08:10:83:a8:0e:16:b3:d2:95:e0:c5:0c:45:d0:93:
         49:b3:13:db:a8:6a:4b:20:f6:a5:c4:0c:72:2e:84:c8:d5:fe:
         76:33:43:5a:20:94:91:6c:49:4c:bb:82:3d:cd:5b:8e:1c:c6:
         34:0a:6f:17:23:79:e0:c7:bb:a1:52:cd:79:2a:9a:d7:d8:86:
         6d:a0:e6:ba:a5:51:93:2e:38:ae:16:d5:e9:aa:24:43:bd:e8:
         52:78:ec:39:eb:7e:9f:25:81:5d:bb:57:5e:c8:fb:91:85:fc:
         04:20:d3:f8:5c:d7:9e:b7:a9:24:59:a2:e6:3a:d5:5d:b3:87:
         9f:ae:08:51:7e:14:c5:79:c9:9b:f5:15:2a:40:39:66:da:7b:
         cd:08:99:29:cc:ca:fe:5d:49:5d:22:b2:0e:f8:c9:7a:ca:60:
         47:93:af:e0:87:c7:0d:29:0c:1f:5b:04:25:74:23:2a:4c:51:
         09:58:04:bf:0f:18:46:8f:80:24:11:8b:3a:03:4b:2b:33:1d:
         8f:60:20:e0:b3:7b:34:42:30:f3:93:b6:19:06:7a:7c:05:e9:
         41:b4:49:26:f9:09:ab:b7:56:ff:9e:e4:b2:9e:44:84:29:1d:
         50:86:32:4b:e3:11:f0:4b:fe:81:b8:50:e4:f0:c6:9b:8e:8c:
         3d:af:59:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKh2wUjl850x86qJzJtS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OWY2MjY2ZjYxYTFlY2NkNGRlZTA5NGNjNzFjNmRiODZi
YmIzN2IwHhcNMjQwMTAyMTIzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQxYzY3YjZiNDQ1MWQwMmFlODQ1YjMzMDQ0MDk0ODA3MjAwOTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLEtiDWedk3BibO6asU9Xcs/odI0
Pk6yzDX+np2AAApC358V4NhRE8Hc6sA5/OrXTPiarrLF8cw2dGouM4jPPgA+pzO4
9uTUJ3pJgk/VYEAyMpKhRpk5xCnvCBLe9ykI164mX4OnGhzLjjA9dEo0w4vYnd53
rr2ZnXLmThfJFv5HNC50jGSy+p+B+qgNTs1KYV94HijQwxuLWoidYj/kFRJZ+aBe
Dm8b6+ZeHfAqcJDUZpFOurfApoZRon2SuDugpjEycWYUSnI/AoSCAwUnr0ogCMZ/
xN01WE4rIdHKum+fLcEDIgDkDfmU+nx31RuED0BHDdFwDuOAwnezKSN+lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJBxntrRFHQKuhFszBECUgHIAlMMB8GA1UdIwQY
MBaAFKSfYmb2Gh7M1N7glMxxxtuGu7N7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEo5aVp2WWFIc3pVM3VDVXpISEcyNGE3czNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS80NzYyNTMtMjc4OC00NTE5LWJlYmEt
OThiZTMzNWYzYzU0LzEvb2tIR2UydEVVZEFxNkVXek1FUUpTQWNnQ1V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS80NzYyNTMtMjc4OC00NTE5LWJlYmEtOThiZTMzNWYzYzU0
LzEvcEo5aVp2WWFIc3pVM3VDVXpISEcyNGE3czNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZVEMA0G
CSqGSIb3DQEBCwUAA4IBAQBVzJUIEIOoDhaz0pXgxQxF0JNJsxPbqGpLIPalxAxy
LoTI1f52M0NaIJSRbElMu4I9zVuOHMY0Cm8XI3ngx7uhUs15KprX2IZtoOa6pVGT
LjiuFtXpqiRDvehSeOw5636fJYFdu1deyPuRhfwEINP4XNeet6kkWaLmOtVds4ef
rghRfhTFecmb9RUqQDlm2nvNCJkpzMr+XUldIrIO+Ml6ymBHk6/gh8cNKQwfWwQl
dCMqTFEJWAS/DxhGj4AkEYs6A0srMx2PYCDgs3s0QjDzk7YZBnp8BelBtEkm+Qmr
t1b/nuSynkSEKR1QhjJL4xHwS/6BuFDk8Mabjow9r1nj
-----END CERTIFICATE-----