Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/11c1ec-ab64-4979-afb9-6a61394f6269/1/ohbka1ldxdlsgZqAYXtlLqgOYrE.roa
File:                     ohbka1ldxdlsgZqAYXtlLqgOYrE.roa (raw, json)
Hash identifier:          AyBtaU25/LZ9JrkZGRBgd/n0GNFXgM9N3/lHRWncnxg=
Subject key identifier:   A2:16:E4:6B:59:5D:C5:D9:6C:81:9A:80:61:7B:65:2E:A8:0E:62:B1
Certificate issuer:       /CN=1a60b96670893fc3d6371f6c5746c5f26b6a203d
Certificate serial:       018CC5DC05B3122D6051CABF11EEF17DE5EC
Authority key identifier: 1A:60:B9:66:70:89:3F:C3:D6:37:1F:6C:57:46:C5:F2:6B:6A:20:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GmC5ZnCJP8PWNx9sV0bF8mtqID0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/11c1ec-ab64-4979-afb9-6a61394f6269/1/ohbka1ldxdlsgZqAYXtlLqgOYrE.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57530
IP address blocks:        91.232.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/11c1ec-ab64-4979-afb9-6a61394f6269/1/GmC5ZnCJP8PWNx9sV0bF8mtqID0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/11c1ec-ab64-4979-afb9-6a61394f6269/1/GmC5ZnCJP8PWNx9sV0bF8mtqID0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GmC5ZnCJP8PWNx9sV0bF8mtqID0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 19:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:05:b3:12:2d:60:51:ca:bf:11:ee:f1:7d:e5:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a60b96670893fc3d6371f6c5746c5f26b6a203d
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a216e46b595dc5d96c819a80617b652ea80e62b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f8:25:42:44:24:12:a4:eb:c8:9c:2d:ab:2b:
                    12:e0:e6:26:80:2f:76:ba:28:de:1a:79:83:44:71:
                    0d:cc:9b:a3:25:da:4c:2e:99:a1:f8:63:45:eb:37:
                    e2:e9:30:fa:21:63:1d:9f:c6:37:7e:aa:3b:14:7a:
                    78:3d:b3:29:cb:16:72:de:53:49:8b:a4:ef:17:38:
                    35:9c:40:87:40:cd:ba:b5:28:d4:40:27:6e:5a:17:
                    08:92:6f:a8:4b:3b:2e:37:18:d8:9d:d0:2c:ba:8b:
                    0b:62:2d:59:27:44:16:1c:ee:f1:e7:35:98:70:51:
                    18:33:77:15:6a:c9:c5:20:2a:26:41:93:f2:f4:fe:
                    a5:c3:09:7b:f0:99:21:ef:04:60:c6:b7:49:70:ea:
                    e6:b0:31:67:fc:76:3e:b5:b2:80:91:9d:38:df:e6:
                    a1:7a:85:2c:e5:b6:0a:a3:58:d2:e6:1e:72:3a:87:
                    19:80:a1:0f:77:1a:b9:bf:48:5e:c0:7d:43:b7:7f:
                    b4:c9:21:30:be:62:d5:c8:69:ef:0f:b0:0c:c4:a1:
                    1d:37:35:c1:84:98:22:57:c2:6a:61:9c:45:16:18:
                    01:38:cf:21:86:e0:fd:01:d3:3e:47:0a:fc:8e:5e:
                    3e:55:8e:72:7b:bf:14:af:69:6f:9c:4f:b9:e0:75:
                    c6:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:16:E4:6B:59:5D:C5:D9:6C:81:9A:80:61:7B:65:2E:A8:0E:62:B1
            X509v3 Authority Key Identifier:
                keyid:1A:60:B9:66:70:89:3F:C3:D6:37:1F:6C:57:46:C5:F2:6B:6A:20:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GmC5ZnCJP8PWNx9sV0bF8mtqID0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/11c1ec-ab64-4979-afb9-6a61394f6269/1/ohbka1ldxdlsgZqAYXtlLqgOYrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/11c1ec-ab64-4979-afb9-6a61394f6269/1/GmC5ZnCJP8PWNx9sV0bF8mtqID0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:6f:77:a4:ac:39:3f:d6:72:e1:4a:4e:ca:5a:8f:54:b5:43:
         8a:65:5a:f0:e0:ad:53:52:14:2f:bd:bb:c7:54:ef:90:c7:0b:
         28:f5:35:92:f4:61:a3:9f:c7:7f:cc:2e:f7:50:ac:22:82:bb:
         3f:fa:07:78:ea:35:3a:34:5c:d1:f4:78:a2:be:e4:d4:a5:3a:
         f6:38:18:e2:85:fe:8c:6d:6a:67:75:d8:59:e0:c1:6c:3d:c5:
         db:7d:f1:6f:40:a4:05:2a:f6:a6:0b:f1:e2:ee:1f:8b:70:64:
         6d:7c:ae:aa:e6:c7:ca:9f:1b:5f:92:27:2d:26:c3:16:bd:e3:
         93:27:6c:3d:7b:30:a8:55:3d:0a:35:53:85:c0:65:d6:0f:07:
         7c:4a:0f:8b:e0:2c:3d:2f:ce:3b:99:a1:e5:32:bf:09:70:c2:
         e9:6d:09:49:dc:56:da:31:0d:42:4f:e0:b2:7a:3d:12:8b:41:
         90:bc:1d:33:5d:da:65:ed:04:8d:bb:0f:78:92:60:63:0a:97:
         7c:84:e0:49:5e:ed:12:b9:8f:d9:45:95:72:56:88:1c:70:a3:
         77:c1:99:69:05:8a:4c:c9:73:ba:b7:8a:ef:58:a6:88:c4:f4:
         f1:4a:99:4f:04:33:17:4f:81:9b:20:16:68:c7:35:54:67:02:
         7b:5b:31:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AWzEi1gUcq/Ee7xfeXsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNjBiOTY2NzA4OTNmYzNkNjM3MWY2YzU3NDZjNWYyNmI2
YTIwM2QwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjE2ZTQ2YjU5NWRjNWQ5NmM4MTlhODA2MTdiNjUyZWE4MGU2MmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/glQkQkEqTryJwtqysS4OYmgC92
uijeGnmDRHENzJujJdpMLpmh+GNF6zfi6TD6IWMdn8Y3fqo7FHp4PbMpyxZy3lNJ
i6TvFzg1nECHQM26tSjUQCduWhcIkm+oSzsuNxjYndAsuosLYi1ZJ0QWHO7x5zWY
cFEYM3cVasnFIComQZPy9P6lwwl78Jkh7wRgxrdJcOrmsDFn/HY+tbKAkZ043+ah
eoUs5bYKo1jS5h5yOocZgKEPdxq5v0hewH1Dt3+0ySEwvmLVyGnvD7AMxKEdNzXB
hJgiV8JqYZxFFhgBOM8hhuD9AdM+Rwr8jl4+VY5ye78Ur2lvnE+54HXGfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIW5GtZXcXZbIGagGF7ZS6oDmKxMB8GA1UdIwQY
MBaAFBpguWZwiT/D1jcfbFdGxfJraiA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR21DNVpuQ0pQOFBXTng5c1YwYkY4bXRxSUQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8xMWMxZWMtYWI2NC00OTc5LWFmYjkt
NmE2MTM5NGY2MjY5LzEvb2hia2ExbGR4ZGxzZ1pxQVlYdGxMcWdPWXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8xMWMxZWMtYWI2NC00OTc5LWFmYjktNmE2MTM5NGY2MjY5
LzEvR21DNVpuQ0pQOFBXTng5c1YwYkY4bXRxSUQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hxMA0G
CSqGSIb3DQEBCwUAA4IBAQBib3ekrDk/1nLhSk7KWo9UtUOKZVrw4K1TUhQvvbvH
VO+Qxwso9TWS9GGjn8d/zC73UKwigrs/+gd46jU6NFzR9HiivuTUpTr2OBjihf6M
bWpnddhZ4MFsPcXbffFvQKQFKvamC/Hi7h+LcGRtfK6q5sfKnxtfkictJsMWveOT
J2w9ezCoVT0KNVOFwGXWDwd8Sg+L4Cw9L847maHlMr8JcMLpbQlJ3FbaMQ1CT+Cy
ej0Si0GQvB0zXdpl7QSNuw94kmBjCpd8hOBJXu0SuY/ZRZVyVogccKN3wZlpBYpM
yXO6t4rvWKaIxPTxSplPBDMXT4GbIBZoxzVUZwJ7WzHu
-----END CERTIFICATE-----