Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/kOlrPnBB5B8bTJ2gq1oQZMICiUo.roa
File:                     kOlrPnBB5B8bTJ2gq1oQZMICiUo.roa (raw, json)
Hash identifier:          Em8re/LDHgQMn4fBVoNtbH+p9Q2NITTJ0mZ6F2AbHzo=
Subject key identifier:   90:E9:6B:3E:70:41:E4:1F:1B:4C:9D:A0:AB:5A:10:64:C2:02:89:4A
Certificate issuer:       /CN=633e752ca0dc423c74f508405ba5228a8c2e5157
Certificate serial:       018CC6B7B93E116A5CAC3078B2CC4010DAF4
Authority key identifier: 63:3E:75:2C:A0:DC:42:3C:74:F5:08:40:5B:A5:22:8A:8C:2E:51:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yz51LKDcQjx09QhAW6UiiowuUVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/kOlrPnBB5B8bTJ2gq1oQZMICiUo.roa
Signing time:             Mon 01 Jan 2024 20:29:38 +0000
ROA not before:           Mon 01 Jan 2024 20:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15694
IP address blocks:        194.49.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/Yz51LKDcQjx09QhAW6UiiowuUVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/Yz51LKDcQjx09QhAW6UiiowuUVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yz51LKDcQjx09QhAW6UiiowuUVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b9:3e:11:6a:5c:ac:30:78:b2:cc:40:10:da:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=633e752ca0dc423c74f508405ba5228a8c2e5157
        Validity
            Not Before: Jan  1 20:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90e96b3e7041e41f1b4c9da0ab5a1064c202894a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c1:60:24:f7:ca:25:1c:d0:b5:12:3c:60:3e:
                    33:a5:dd:22:8b:a5:5e:37:84:f1:4e:59:e9:31:61:
                    64:c2:ca:07:fc:ab:0a:80:ef:b8:0d:8b:14:4d:bd:
                    bc:e7:78:9d:59:aa:2f:7d:c1:df:b7:7b:b6:e3:0b:
                    8f:aa:a0:7f:ae:45:ad:0f:2f:66:48:f9:aa:c2:af:
                    5f:22:54:e8:b7:08:c5:76:12:77:54:f7:1c:44:a6:
                    37:26:12:57:5e:45:22:08:83:31:83:14:a2:ac:55:
                    25:c1:82:ba:10:78:be:d6:00:d0:e4:c6:4d:5b:a0:
                    c3:1e:2a:2b:0e:c8:36:77:6b:e8:8b:d3:f0:81:37:
                    34:56:3c:46:be:69:28:ae:52:fa:70:1a:6e:3e:a3:
                    87:53:b4:b2:e7:62:e8:a1:4e:8f:16:35:c6:1c:48:
                    42:2e:63:22:d9:8e:37:4f:a0:7f:62:c1:13:fe:b8:
                    42:ea:a2:d8:a5:a2:f7:7b:39:4d:62:40:04:de:32:
                    11:e6:cf:79:6e:3d:12:99:d5:1c:f3:7d:1f:33:4c:
                    23:3f:c0:d6:26:90:2b:c6:cd:29:50:90:f4:83:4d:
                    e2:74:c7:84:6e:b2:93:55:f6:f3:08:6e:d1:87:4e:
                    fd:db:23:1b:b6:00:0a:86:a9:67:a7:ec:82:42:34:
                    2c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:E9:6B:3E:70:41:E4:1F:1B:4C:9D:A0:AB:5A:10:64:C2:02:89:4A
            X509v3 Authority Key Identifier:
                keyid:63:3E:75:2C:A0:DC:42:3C:74:F5:08:40:5B:A5:22:8A:8C:2E:51:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yz51LKDcQjx09QhAW6UiiowuUVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/kOlrPnBB5B8bTJ2gq1oQZMICiUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/Yz51LKDcQjx09QhAW6UiiowuUVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:59:0d:fa:9d:94:9d:a6:a0:f0:31:9c:58:4c:0d:f2:cc:49:
         40:30:92:25:da:92:c7:65:fd:7c:ad:46:c5:30:af:b1:8b:d1:
         1e:17:89:18:a5:1c:3d:2a:cd:a4:be:62:b3:da:30:1d:54:4f:
         c0:3a:08:d7:1a:6c:08:03:0c:af:86:9f:93:ac:26:d2:6e:f5:
         9f:80:17:40:b2:8b:3e:a9:b5:94:c2:8e:3a:5e:37:0a:66:8f:
         ea:09:e7:33:dc:74:43:26:3e:b9:7f:6d:0d:25:74:82:6b:d1:
         81:db:d0:87:2c:65:ee:f9:34:d5:cb:13:a9:af:a9:9e:92:15:
         05:40:59:fb:26:72:b3:8d:29:6f:26:e6:ab:c5:bd:5b:f9:d9:
         0f:6e:67:63:c8:1f:a5:66:1c:01:3d:7d:27:c0:40:f9:b1:e8:
         fc:02:50:6d:8d:5f:5c:c1:f7:f0:3d:7b:ec:b3:82:42:1c:b5:
         d8:69:e4:ef:e0:27:46:9d:97:bb:be:f1:6f:88:b8:29:f6:01:
         67:c1:13:dd:5b:67:a0:9e:2e:fd:dd:bd:49:00:a1:8e:20:26:
         6f:e6:91:e0:58:5e:13:f4:bb:f4:6c:13:24:2a:35:46:78:8b:
         a8:a7:dd:c6:21:a2:41:35:92:b9:06:4d:0e:0c:b8:0f:da:4a:
         aa:6e:e6:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7k+EWpcrDB4ssxAENr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzM2U3NTJjYTBkYzQyM2M3NGY1MDg0MDViYTUyMjhhOGMy
ZTUxNTcwHhcNMjQwMTAxMjAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGU5NmIzZTcwNDFlNDFmMWI0YzlkYTBhYjVhMTA2NGMyMDI4OTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMFgJPfKJRzQtRI8YD4zpd0ii6Ve
N4TxTlnpMWFkwsoH/KsKgO+4DYsUTb2853idWaovfcHft3u24wuPqqB/rkWtDy9m
SPmqwq9fIlTotwjFdhJ3VPccRKY3JhJXXkUiCIMxgxSirFUlwYK6EHi+1gDQ5MZN
W6DDHiorDsg2d2voi9PwgTc0VjxGvmkorlL6cBpuPqOHU7Sy52LooU6PFjXGHEhC
LmMi2Y43T6B/YsET/rhC6qLYpaL3ezlNYkAE3jIR5s95bj0SmdUc830fM0wjP8DW
JpArxs0pUJD0g03idMeEbrKTVfbzCG7Rh0792yMbtgAKhqlnp+yCQjQs4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDpaz5wQeQfG0ydoKtaEGTCAolKMB8GA1UdIwQY
MBaAFGM+dSyg3EI8dPUIQFulIoqMLlFXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXo1MUxLRGNRangwOVFoQVc2VWlpb3d1VVZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jOGUyMTQtOGU0NS00Yzk2LThhNzkt
ZGU2MTg3YjcyOThhLzEva09sclBuQkI1QjhiVEoyZ3Exb1FaTUlDaVVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jOGUyMTQtOGU0NS00Yzk2LThhNzktZGU2MTg3YjcyOThh
LzEvWXo1MUxLRGNRangwOVFoQVc2VWlpb3d1VVZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjF8MA0G
CSqGSIb3DQEBCwUAA4IBAQBRWQ36nZSdpqDwMZxYTA3yzElAMJIl2pLHZf18rUbF
MK+xi9EeF4kYpRw9Ks2kvmKz2jAdVE/AOgjXGmwIAwyvhp+TrCbSbvWfgBdAsos+
qbWUwo46XjcKZo/qCecz3HRDJj65f20NJXSCa9GB29CHLGXu+TTVyxOpr6mekhUF
QFn7JnKzjSlvJuarxb1b+dkPbmdjyB+lZhwBPX0nwED5sej8AlBtjV9cwffwPXvs
s4JCHLXYaeTv4CdGnZe7vvFviLgp9gFnwRPdW2egni793b1JAKGOICZv5pHgWF4T
9Lv0bBMkKjVGeIuop93GIaJBNZK5Bk0ODLgP2kqqbuYH
-----END CERTIFICATE-----