Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/o97tiazmeP4S1oafRvjVVOM5OFo.roa
File:                     o97tiazmeP4S1oafRvjVVOM5OFo.roa (raw, json)
Hash identifier:          l0OSa+NGbB1Qyh91CUyN2A/heXy/A0whdvBYXcNQv88=
Subject key identifier:   A3:DE:ED:89:AC:E6:78:FE:12:D6:86:9F:46:F8:D5:54:E3:39:38:5A
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       018CC64ACC32D75D7ED89A54964E8B74E529
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/o97tiazmeP4S1oafRvjVVOM5OFo.roa
Signing time:             Mon 01 Jan 2024 18:30:39 +0000
ROA not before:           Mon 01 Jan 2024 18:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        185.114.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 19:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:cc:32:d7:5d:7e:d8:9a:54:96:4e:8b:74:e5:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Jan  1 18:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3deed89ace678fe12d6869f46f8d554e339385a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:19:c8:d6:b9:e2:45:70:73:af:e0:ab:97:48:
                    be:c7:ca:1f:5d:99:0f:a7:62:2c:97:0c:af:ba:50:
                    aa:a2:e4:27:93:d1:b9:c2:1b:96:d9:c6:bd:7a:90:
                    f0:7f:8e:f4:5e:0d:88:fd:aa:5b:48:e8:cc:2d:e9:
                    f8:62:7d:96:31:c5:99:05:52:5a:4e:22:67:bb:f9:
                    54:71:d1:95:3e:78:cc:a5:67:72:c0:f9:ee:39:52:
                    91:33:e5:3a:45:1d:05:a1:48:42:a2:f5:7e:07:03:
                    43:a1:be:60:bc:6d:fd:7a:57:83:e1:38:42:d7:10:
                    68:39:04:73:52:fc:fd:6a:ca:af:96:45:88:f6:cc:
                    b5:90:3f:e6:07:bf:e7:e6:b1:4f:05:62:a6:5b:39:
                    41:a7:f7:06:e8:61:95:4a:92:20:1d:5b:4d:b0:9e:
                    f4:4a:fc:53:4d:87:c1:69:7b:b5:59:31:19:dd:f6:
                    51:53:2f:ff:02:28:9e:b1:8b:96:bc:43:47:65:64:
                    8b:b7:fd:bd:d3:60:10:06:d9:52:20:b7:b3:02:2b:
                    0e:28:05:32:3e:af:5f:bf:99:bd:96:03:a5:54:35:
                    ae:35:fb:24:73:8b:9b:f7:d2:af:f5:40:49:9f:b1:
                    e7:bf:0b:57:66:c0:5b:96:aa:70:72:29:b0:59:c8:
                    d4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:DE:ED:89:AC:E6:78:FE:12:D6:86:9F:46:F8:D5:54:E3:39:38:5A
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/o97tiazmeP4S1oafRvjVVOM5OFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:6f:08:38:bd:55:bf:70:52:d7:65:6c:92:07:0b:c6:7f:68:
         01:60:5b:85:53:8e:e8:74:bd:fe:ca:63:bd:93:43:6b:47:b7:
         6c:1f:e6:86:65:2a:e8:91:f6:05:9a:51:9e:df:bb:d6:ba:0f:
         04:0e:ea:ee:69:4e:68:1a:13:30:1f:91:22:e9:02:d4:f7:9a:
         4c:ce:4b:26:12:79:ce:cd:2e:f5:4f:10:ed:0f:36:06:65:b0:
         ad:04:a5:4f:f2:d8:8b:fb:f8:19:64:b8:06:dc:50:2d:4a:34:
         f7:ce:51:28:83:dd:f2:f5:d6:24:02:c7:8d:75:d3:88:59:bf:
         ab:da:ee:a7:f1:e5:9d:b8:14:53:74:32:a8:90:80:2c:f3:26:
         93:64:cf:ce:bf:a5:fb:57:a6:1c:46:6b:d4:81:38:79:05:75:
         64:c0:de:fd:12:aa:07:4e:84:e1:32:40:7d:86:91:f6:61:03:
         ed:a3:34:28:36:c1:5d:80:e7:4b:ea:b6:a9:58:4c:6c:f4:73:
         41:0f:1b:e4:ad:aa:22:6c:65:7c:47:32:ec:be:0c:d6:a0:f3:
         22:12:80:a0:60:3e:8d:6b:24:7a:01:1e:61:ea:05:06:13:87:
         d7:c3:b0:e7:c9:40:b6:fd:28:50:a4:39:04:cd:44:5b:3d:ba:
         cf:29:e7:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSswy111+2JpUlk6LdOUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjQwMTAxMTgzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2RlZWQ4OWFjZTY3OGZlMTJkNjg2OWY0NmY4ZDU1NGUzMzkzODVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRnI1rniRXBzr+Crl0i+x8ofXZkP
p2IslwyvulCqouQnk9G5whuW2ca9epDwf470Xg2I/apbSOjMLen4Yn2WMcWZBVJa
TiJnu/lUcdGVPnjMpWdywPnuOVKRM+U6RR0FoUhCovV+BwNDob5gvG39eleD4ThC
1xBoOQRzUvz9asqvlkWI9sy1kD/mB7/n5rFPBWKmWzlBp/cG6GGVSpIgHVtNsJ70
SvxTTYfBaXu1WTEZ3fZRUy//AiiesYuWvENHZWSLt/2902AQBtlSILezAisOKAUy
Pq9fv5m9lgOlVDWuNfskc4ub99Kv9UBJn7HnvwtXZsBblqpwcimwWcjU7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPe7Yms5nj+EtaGn0b41VTjOThaMB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvbzk3dGlhem1lUDRTMW9hZlJ2alZWT001T0ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXIiMA0G
CSqGSIb3DQEBCwUAA4IBAQDGbwg4vVW/cFLXZWySBwvGf2gBYFuFU47odL3+ymO9
k0NrR7dsH+aGZSrokfYFmlGe37vWug8EDuruaU5oGhMwH5Ei6QLU95pMzksmEnnO
zS71TxDtDzYGZbCtBKVP8tiL+/gZZLgG3FAtSjT3zlEog93y9dYkAseNddOIWb+r
2u6n8eWduBRTdDKokIAs8yaTZM/Ov6X7V6YcRmvUgTh5BXVkwN79EqoHToThMkB9
hpH2YQPtozQoNsFdgOdL6rapWExs9HNBDxvkraoibGV8RzLsvgzWoPMiEoCgYD6N
ayR6AR5h6gUGE4fXw7DnyUC2/ShQpDkEzURbPbrPKefc
-----END CERTIFICATE-----