Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/OaX44Oh5S8XXkQktBWUa9fAxMRM.roa
File:                     OaX44Oh5S8XXkQktBWUa9fAxMRM.roa (raw, json)
Hash identifier:          472WPw7xQ8cv2P/K9qIpwsYdW0IdmeUBIvOIEozMIcw=
Subject key identifier:   39:A5:F8:E0:E8:79:4B:C5:D7:91:09:2D:05:65:1A:F5:F0:31:31:13
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       019095F44E3FC3E509C5588C09E450D158FB
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/OaX44Oh5S8XXkQktBWUa9fAxMRM.roa
Signing time:             Tue 09 Jul 2024 05:25:34 +0000
ROA not before:           Tue 09 Jul 2024 05:25:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210636
IP address blocks:        185.89.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:95:f4:4e:3f:c3:e5:09:c5:58:8c:09:e4:50:d1:58:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jul  9 05:25:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39a5f8e0e8794bc5d791092d05651af5f0313113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:5b:f5:d7:b3:f4:7e:6b:ab:bd:2d:36:eb:d1:
                    68:07:25:94:05:90:2a:ea:f5:46:ba:8b:05:b4:24:
                    47:2b:88:35:d0:c5:3d:12:48:95:30:7f:3f:e3:5c:
                    92:18:14:75:af:70:6c:14:a3:85:7c:30:a3:d3:69:
                    99:19:8d:29:6f:f3:f3:ca:54:4f:93:b1:2a:0c:38:
                    33:98:48:48:32:7b:8b:4e:38:ff:e0:ff:f9:86:10:
                    6e:67:7b:14:a6:e9:76:0c:f9:06:e7:91:e3:c2:f2:
                    8d:25:45:70:09:48:9c:97:36:da:07:5d:d7:b7:7e:
                    c8:ac:14:ec:1d:8a:eb:5a:17:13:2f:f6:2b:8a:fc:
                    d2:5f:02:0f:ec:48:38:e4:48:8f:9d:e5:77:a6:46:
                    e5:14:24:4b:38:c5:f3:80:4f:c0:9c:8e:38:d8:a8:
                    c3:dc:87:0f:dd:3b:1a:31:82:f9:0f:f8:41:81:8e:
                    ba:87:5b:de:44:62:bb:17:41:fb:5a:0d:af:24:90:
                    a5:e7:8a:0c:60:74:60:ec:a9:27:5e:2d:ef:80:ac:
                    7c:b0:13:3a:ef:33:0b:bb:00:21:eb:e2:91:a5:c9:
                    aa:fc:dd:e8:84:e5:8a:d7:54:a0:91:d3:b7:62:3b:
                    b5:04:a0:e5:49:e8:f0:39:6b:c0:7c:2d:3d:72:74:
                    7f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:A5:F8:E0:E8:79:4B:C5:D7:91:09:2D:05:65:1A:F5:F0:31:31:13
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/OaX44Oh5S8XXkQktBWUa9fAxMRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:d7:2d:64:2d:13:12:0b:a5:7f:1e:92:02:59:3a:3a:8c:2a:
         1c:c2:c1:b5:cf:24:47:9a:7f:04:0b:25:69:f0:ea:1b:02:e9:
         ed:04:b2:10:df:c8:f6:9f:52:9c:07:a1:41:db:b6:ae:25:44:
         ac:16:85:c7:5d:5d:4e:64:a0:ca:aa:2d:62:c6:de:85:67:95:
         fa:83:92:11:41:10:52:38:b4:01:80:9c:f1:17:a9:97:ec:ee:
         85:81:c9:d1:88:57:b4:7b:a3:c6:e7:13:b7:7f:f8:b2:b7:07:
         e6:ec:a3:9d:3b:35:a7:19:0b:14:e9:29:90:71:e7:98:8f:67:
         7f:96:47:ce:c2:65:17:ea:ac:ed:87:6e:ad:99:a8:54:f6:7a:
         6f:59:ac:bb:6e:6b:79:db:a6:b3:9b:04:3c:87:ee:61:e8:2e:
         c5:30:91:c2:1d:42:3e:81:88:26:cb:83:32:48:e6:5f:46:82:
         a6:d8:e0:3e:95:12:80:9a:42:45:d8:30:6d:2b:cc:47:8e:cb:
         b4:55:c3:eb:ea:c0:dc:52:5b:5f:d6:a1:63:b5:21:bc:30:d0:
         4d:0e:22:8e:1c:1e:7e:69:96:34:42:2e:1f:70:3a:bc:a1:c6:
         04:57:51:b5:36:c2:bc:4c:aa:b6:0f:64:24:b0:b8:1d:2c:79:
         d7:74:4a:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCV9E4/w+UJxViMCeRQ0Vj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjQwNzA5MDUyNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWE1ZjhlMGU4Nzk0YmM1ZDc5MTA5MmQwNTY1MWFmNWYwMzEzMTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Vv117P0fmurvS0269FoByWUBZAq
6vVGuosFtCRHK4g10MU9EkiVMH8/41ySGBR1r3BsFKOFfDCj02mZGY0pb/PzylRP
k7EqDDgzmEhIMnuLTjj/4P/5hhBuZ3sUpul2DPkG55HjwvKNJUVwCUiclzbaB13X
t37IrBTsHYrrWhcTL/YrivzSXwIP7Eg45EiPneV3pkblFCRLOMXzgE/AnI442KjD
3IcP3TsaMYL5D/hBgY66h1veRGK7F0H7Wg2vJJCl54oMYHRg7KknXi3vgKx8sBM6
7zMLuwAh6+KRpcmq/N3ohOWK11SgkdO3Yju1BKDlSejwOWvAfC09cnR/3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDml+ODoeUvF15EJLQVlGvXwMTETMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvT2FYNDRPaDVTOFhYa1FrdEJXVWE5ZkF4TVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVn5MA0G
CSqGSIb3DQEBCwUAA4IBAQAl1y1kLRMSC6V/HpICWTo6jCocwsG1zyRHmn8ECyVp
8OobAuntBLIQ38j2n1KcB6FB27auJUSsFoXHXV1OZKDKqi1ixt6FZ5X6g5IRQRBS
OLQBgJzxF6mX7O6FgcnRiFe0e6PG5xO3f/iytwfm7KOdOzWnGQsU6SmQceeYj2d/
lkfOwmUX6qzth26tmahU9npvWay7bmt526azmwQ8h+5h6C7FMJHCHUI+gYgmy4My
SOZfRoKm2OA+lRKAmkJF2DBtK8xHjsu0VcPr6sDcUltf1qFjtSG8MNBNDiKOHB5+
aZY0Qi4fcDq8ocYEV1G1NsK8TKq2D2QksLgdLHnXdEqd
-----END CERTIFICATE-----