Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ovx7SK7Rmh-mm4VLNEr5pWSf_wE.roa
File:                     ovx7SK7Rmh-mm4VLNEr5pWSf_wE.roa (raw, json)
Hash identifier:          ROCcw5LiyblUSLrHKdWt24svXyE/xachsXgC1BNDGzs=
Subject key identifier:   A2:FC:7B:48:AE:D1:9A:1F:A6:9B:85:4B:34:4A:F9:A5:64:9F:FF:01
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018DF932BCD9645DB136E12C1FF3C1EB0FE1
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ovx7SK7Rmh-mm4VLNEr5pWSf_wE.roa
Signing time:             Fri 01 Mar 2024 08:47:48 +0000
ROA not before:           Fri 01 Mar 2024 08:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200461
IP address blocks:        178.18.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:32:bc:d9:64:5d:b1:36:e1:2c:1f:f3:c1:eb:0f:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar  1 08:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2fc7b48aed19a1fa69b854b344af9a5649fff01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:6a:6e:1b:06:79:1c:e3:06:0a:23:bf:ba:ab:
                    f1:40:84:62:08:3d:d9:4e:43:27:6f:40:0f:f5:ff:
                    5f:49:5a:cb:58:1f:59:07:9d:a2:1e:02:c6:8e:32:
                    90:41:9f:99:14:cd:f9:ae:06:9c:42:c0:8c:2d:4d:
                    53:bf:1b:98:34:b4:04:44:6a:91:b8:77:9d:ff:0e:
                    f2:84:cd:12:75:9e:9a:ea:87:16:fb:e8:2a:f9:ee:
                    1c:31:93:3d:01:91:48:c6:4d:31:7d:bb:ef:e6:cc:
                    c6:eb:f7:49:89:d6:32:10:2d:f9:ef:ae:77:ca:25:
                    f1:14:fb:fe:15:f0:ff:68:31:bd:9c:30:ba:93:b3:
                    4b:e7:aa:27:50:cf:23:27:bc:81:5a:c1:48:74:ca:
                    48:9c:ef:53:35:6b:75:27:8a:14:c9:bd:ac:91:fc:
                    24:9f:3f:59:b3:23:24:6a:0a:0b:8e:ae:6f:c0:5e:
                    b3:e3:e1:4b:ee:d7:37:8c:11:4b:1a:26:76:57:51:
                    b5:ea:3a:36:d1:44:83:87:d1:f0:b4:af:25:b0:e5:
                    12:69:79:3c:bd:f9:26:9e:ed:c7:72:cf:f3:1d:02:
                    37:dd:54:8a:31:dd:e3:ce:73:04:4f:54:f9:80:31:
                    0e:10:24:01:2e:3d:07:88:a8:90:89:9e:41:0b:6a:
                    34:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:FC:7B:48:AE:D1:9A:1F:A6:9B:85:4B:34:4A:F9:A5:64:9F:FF:01
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ovx7SK7Rmh-mm4VLNEr5pWSf_wE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.18.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:fd:39:37:c4:3e:f8:53:02:b8:be:bf:17:0e:e4:e9:55:71:
         b2:2f:4c:53:cf:fb:f7:b3:0a:35:7a:a1:82:f3:c1:b8:93:7b:
         01:4d:8a:09:d6:64:91:bc:5a:36:e1:5b:dd:4c:77:cb:65:90:
         59:cd:f5:87:96:a3:7a:8a:d2:2b:b9:56:33:09:16:fe:f9:8b:
         67:52:7b:42:1f:4f:63:bf:aa:5e:7a:8d:e9:05:b3:c5:e1:a5:
         92:13:38:5a:23:51:31:c8:39:42:7c:4d:fd:fd:cb:ad:31:1c:
         51:16:45:6f:0f:03:81:cb:bd:5d:71:48:62:06:3b:79:55:81:
         5b:b2:34:4a:5c:28:99:49:5f:dd:60:6e:d2:91:2b:07:1e:6b:
         fa:9f:c0:33:b2:a8:b3:0e:ce:7f:13:9c:71:52:02:79:fb:88:
         96:4b:3f:91:39:45:26:3c:56:eb:1e:4e:13:ef:3f:8b:ff:01:
         67:55:63:89:1d:9d:99:19:bd:e3:9e:7a:14:57:5d:5f:c5:d0:
         54:fe:d4:ef:b7:a0:28:6f:1f:fa:2a:2a:db:23:ac:ad:aa:66:
         b4:6f:0f:43:06:90:70:e4:2f:10:fb:ad:aa:1c:63:ef:a6:bb:
         d0:9e:eb:e4:58:16:b2:c5:c7:5a:bc:81:23:d2:49:3e:f3:9a:
         4f:00:5b:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY35MrzZZF2xNuEsH/PB6w/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMzAxMDg0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmZjN2I0OGFlZDE5YTFmYTY5Yjg1NGIzNDRhZjlhNTY0OWZmZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42puGwZ5HOMGCiO/uqvxQIRiCD3Z
TkMnb0AP9f9fSVrLWB9ZB52iHgLGjjKQQZ+ZFM35rgacQsCMLU1TvxuYNLQERGqR
uHed/w7yhM0SdZ6a6ocW++gq+e4cMZM9AZFIxk0xfbvv5szG6/dJidYyEC357653
yiXxFPv+FfD/aDG9nDC6k7NL56onUM8jJ7yBWsFIdMpInO9TNWt1J4oUyb2skfwk
nz9ZsyMkagoLjq5vwF6z4+FL7tc3jBFLGiZ2V1G16jo20USDh9HwtK8lsOUSaXk8
vfkmnu3Hcs/zHQI33VSKMd3jznMET1T5gDEOECQBLj0HiKiQiZ5BC2o0+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKL8e0iu0ZofppuFSzRK+aVkn/8BMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvb3Z4N1NLN1JtaC1tbTRWTE5FcjVwV1NmX3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshKUMA0G
CSqGSIb3DQEBCwUAA4IBAQB9/Tk3xD74UwK4vr8XDuTpVXGyL0xTz/v3swo1eqGC
88G4k3sBTYoJ1mSRvFo24VvdTHfLZZBZzfWHlqN6itIruVYzCRb++YtnUntCH09j
v6peeo3pBbPF4aWSEzhaI1ExyDlCfE39/cutMRxRFkVvDwOBy71dcUhiBjt5VYFb
sjRKXCiZSV/dYG7SkSsHHmv6n8AzsqizDs5/E5xxUgJ5+4iWSz+ROUUmPFbrHk4T
7z+L/wFnVWOJHZ2ZGb3jnnoUV11fxdBU/tTvt6Aobx/6KirbI6ytqma0bw9DBpBw
5C8Q+62qHGPvprvQnuvkWBayxcdavIEj0kk+85pPAFuz
-----END CERTIFICATE-----