Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5f13a5-a8db-4c37-b7a7-c5378581b0e1/1/oD_g4M274kVWEaO7NMoUuVgRxlg.roa
File:                     oD_g4M274kVWEaO7NMoUuVgRxlg.roa (raw, json)
Hash identifier:          O44lE9SzBo6+VGW6ni9ArdDou2E+53Jc6E+gGaSrPIE=
Subject key identifier:   A0:3F:E0:E0:CD:BB:E2:45:56:11:A3:BB:34:CA:14:B9:58:11:C6:58
Certificate issuer:       /CN=a1a6fc7262ba782dd5f643085982b5d36703dbfb
Certificate serial:       018CC500CE782E8D40DBBB1D4F61FA791BDA
Authority key identifier: A1:A6:FC:72:62:BA:78:2D:D5:F6:43:08:59:82:B5:D3:67:03:DB:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oab8cmK6eC3V9kMIWYK102cD2_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5f13a5-a8db-4c37-b7a7-c5378581b0e1/1/oD_g4M274kVWEaO7NMoUuVgRxlg.roa
Signing time:             Mon 01 Jan 2024 12:30:13 +0000
ROA not before:           Mon 01 Jan 2024 12:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15925
IP address blocks:        193.41.124.0/23 maxlen: 23
                          195.110.26.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5f13a5-a8db-4c37-b7a7-c5378581b0e1/1/oab8cmK6eC3V9kMIWYK102cD2_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5f13a5-a8db-4c37-b7a7-c5378581b0e1/1/oab8cmK6eC3V9kMIWYK102cD2_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oab8cmK6eC3V9kMIWYK102cD2_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ce:78:2e:8d:40:db:bb:1d:4f:61:fa:79:1b:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1a6fc7262ba782dd5f643085982b5d36703dbfb
        Validity
            Not Before: Jan  1 12:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a03fe0e0cdbbe2455611a3bb34ca14b95811c658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:bf:37:55:c0:3d:39:3d:d6:a3:3d:b8:ea:6e:
                    c3:8c:1c:a0:5d:28:92:85:84:94:82:4a:16:07:57:
                    72:ee:28:f5:36:d6:36:20:9e:6a:6a:cd:e1:44:f7:
                    10:5e:79:21:09:32:03:fb:ff:73:18:7b:b0:c2:fe:
                    ab:6c:99:15:c9:0a:16:14:7c:9a:8a:eb:7d:a9:59:
                    53:ce:d2:d0:54:3a:e2:39:2e:48:2e:8e:39:28:93:
                    17:61:b3:c4:fa:6d:82:ee:02:5f:aa:5b:5b:8a:fa:
                    e0:7c:61:2f:c3:60:ca:38:af:e7:2f:22:a1:48:a7:
                    89:8d:53:d6:2d:0f:04:ff:6a:89:33:c0:1d:94:6c:
                    b8:07:90:bd:4b:e5:07:24:90:1f:80:4a:f7:aa:3b:
                    5d:2a:1e:b1:08:28:28:5e:8b:4e:3e:f7:58:5c:52:
                    20:be:27:fa:9f:7e:1b:9d:96:0a:4f:7b:c7:91:c6:
                    5a:6c:d3:2f:33:ce:27:f5:e6:3b:40:c2:6c:4c:3a:
                    e9:99:db:b8:aa:26:be:64:84:ba:06:c3:08:ba:7f:
                    02:42:28:39:a2:f6:ea:74:d0:56:dd:f5:af:26:c5:
                    91:fe:32:7f:59:91:87:87:29:2c:5d:10:ce:35:ee:
                    2a:62:b0:89:c3:6f:c5:7d:74:ac:9f:40:10:ef:8b:
                    cb:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:3F:E0:E0:CD:BB:E2:45:56:11:A3:BB:34:CA:14:B9:58:11:C6:58
            X509v3 Authority Key Identifier:
                keyid:A1:A6:FC:72:62:BA:78:2D:D5:F6:43:08:59:82:B5:D3:67:03:DB:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oab8cmK6eC3V9kMIWYK102cD2_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5f13a5-a8db-4c37-b7a7-c5378581b0e1/1/oD_g4M274kVWEaO7NMoUuVgRxlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5f13a5-a8db-4c37-b7a7-c5378581b0e1/1/oab8cmK6eC3V9kMIWYK102cD2_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.124.0/23
                  195.110.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:f4:a9:0e:c8:40:e4:2c:9d:b3:0d:66:4e:4d:9e:80:42:38:
         70:c9:e7:16:f8:26:b7:1b:d4:18:e8:32:59:19:7e:c4:3b:e7:
         87:68:9c:0d:4b:03:1f:68:62:c3:96:82:5b:7a:59:1d:da:31:
         78:c1:63:b1:79:44:22:9a:79:9e:99:47:dd:41:23:41:1c:ef:
         ea:d4:d9:d5:bd:78:00:19:7b:c5:b0:20:f3:07:91:22:00:c4:
         12:db:e0:2c:06:65:40:c9:c7:87:1f:f8:a0:61:65:8f:81:c7:
         66:61:9c:e7:75:bf:02:db:8b:0c:09:ae:4f:67:b9:94:ef:65:
         d0:97:59:5c:b8:b0:6d:a0:b0:de:6a:3d:e3:e3:28:93:8c:86:
         8c:c9:61:3a:1e:29:2a:8d:a9:2d:af:2b:70:77:66:fe:f5:ba:
         fa:48:e7:f4:67:ed:9c:31:f0:3b:72:4d:0e:13:0b:1c:8d:8b:
         b4:f0:65:5d:ba:73:cf:6d:f8:62:3f:00:49:a8:8c:11:99:6b:
         d0:d0:fb:74:7f:fb:c1:6f:0e:6e:6f:50:79:45:1a:8e:4b:bf:
         3a:6b:45:fc:40:0c:fc:19:8b:38:30:97:19:7d:ca:1a:0a:b6:
         f6:bb:bc:43:2c:f5:53:1f:d6:3b:0b:fb:58:9c:04:10:bf:15:
         39:f5:14:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAM54Lo1A27sdT2H6eRvaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYTZmYzcyNjJiYTc4MmRkNWY2NDMwODU5ODJiNWQzNjcw
M2RiZmIwHhcNMjQwMTAxMTIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDNmZTBlMGNkYmJlMjQ1NTYxMWEzYmIzNGNhMTRiOTU4MTFjNjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArL83VcA9OT3Woz246m7DjBygXSiS
hYSUgkoWB1dy7ij1NtY2IJ5qas3hRPcQXnkhCTID+/9zGHuwwv6rbJkVyQoWFHya
iut9qVlTztLQVDriOS5ILo45KJMXYbPE+m2C7gJfqltbivrgfGEvw2DKOK/nLyKh
SKeJjVPWLQ8E/2qJM8AdlGy4B5C9S+UHJJAfgEr3qjtdKh6xCCgoXotOPvdYXFIg
vif6n34bnZYKT3vHkcZabNMvM84n9eY7QMJsTDrpmdu4qia+ZIS6BsMIun8CQig5
ovbqdNBW3fWvJsWR/jJ/WZGHhyksXRDONe4qYrCJw2/FfXSsn0AQ74vLiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKA/4ODNu+JFVhGjuzTKFLlYEcZYMB8GA1UdIwQY
MBaAFKGm/HJiungt1fZDCFmCtdNnA9v7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2FiOGNtSzZlQzNWOWtNSVdZSzEwMmNEMl9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZjEzYTUtYThkYi00YzM3LWI3YTct
YzUzNzg1ODFiMGUxLzEvb0RfZzRNMjc0a1ZXRWFPN05Nb1V1VmdSeGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZjEzYTUtYThkYi00YzM3LWI3YTctYzUzNzg1ODFiMGUx
LzEvb2FiOGNtSzZlQzNWOWtNSVdZSzEwMmNEMl9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwSl8AwQB
w24aMA0GCSqGSIb3DQEBCwUAA4IBAQCy9KkOyEDkLJ2zDWZOTZ6AQjhwyecW+Ca3
G9QY6DJZGX7EO+eHaJwNSwMfaGLDloJbelkd2jF4wWOxeUQimnmemUfdQSNBHO/q
1NnVvXgAGXvFsCDzB5EiAMQS2+AsBmVAyceHH/igYWWPgcdmYZzndb8C24sMCa5P
Z7mU72XQl1lcuLBtoLDeaj3j4yiTjIaMyWE6Hikqjaktrytwd2b+9br6SOf0Z+2c
MfA7ck0OEwscjYu08GVdunPPbfhiPwBJqIwRmWvQ0Pt0f/vBbw5ub1B5RRqOS786
a0X8QAz8GYs4MJcZfcoaCrb2u7xDLPVTH9Y7C/tYnAQQvxU59RRv
-----END CERTIFICATE-----