Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/o_DM0j_w3fgv6BUSwqVnmvOzhAE.roa
File:                     o_DM0j_w3fgv6BUSwqVnmvOzhAE.roa (raw, json)
Hash identifier:          ugYc1aCDxc4MXM/2GqRG7h5Dsg2Fm2OK5G8BfxSlDgI=
Subject key identifier:   A3:F0:CC:D2:3F:F0:DD:F8:2F:E8:15:12:C2:A5:67:9A:F3:B3:84:01
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       01926C0FDDF4B466539A9500FF2E77BC5573
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/o_DM0j_w3fgv6BUSwqVnmvOzhAE.roa
Signing time:             Tue 08 Oct 2024 12:17:12 +0000
ROA not before:           Tue 08 Oct 2024 12:17:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22427
IP address blocks:        91.210.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:38:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6c:0f:dd:f4:b4:66:53:9a:95:00:ff:2e:77:bc:55:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct  8 12:17:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3f0ccd23ff0ddf82fe81512c2a5679af3b38401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:dc:7b:94:67:6c:3f:86:a3:5f:35:0f:e6:cd:
                    35:a5:04:ff:5b:a8:5b:33:6a:50:5b:de:46:aa:f2:
                    72:2b:fa:6f:57:cd:72:a0:f7:20:3d:b4:24:95:38:
                    5b:f1:2d:26:20:85:8f:43:f7:dc:ff:a4:f9:ed:c8:
                    49:b1:b0:00:93:43:59:f2:8a:39:58:e1:9e:cb:4b:
                    5f:74:f2:8a:d8:6f:90:a8:0a:a4:2d:b5:1c:92:7f:
                    64:d5:56:51:a2:b9:43:23:0c:53:75:c7:ce:ef:52:
                    12:d8:7d:e8:c1:ee:b5:22:3b:dd:94:14:46:9c:90:
                    d3:e5:21:b8:b0:42:43:33:80:54:38:31:2e:65:b0:
                    23:4f:96:8d:ef:f2:40:1b:cd:58:57:ff:7f:49:1f:
                    d6:85:38:4f:84:46:30:60:cb:37:46:95:67:c1:37:
                    f6:a2:42:4f:92:e0:19:86:85:05:c2:93:a4:82:2b:
                    27:2a:a6:fa:68:48:b4:a4:9e:3a:47:ba:bc:4a:f5:
                    84:48:48:82:d8:db:90:43:e6:83:56:f1:40:51:ac:
                    e2:b9:f4:22:c1:b4:05:9e:8d:4c:01:25:05:05:4a:
                    f6:f8:50:02:21:ca:7c:e0:3f:f5:28:5b:34:80:23:
                    40:60:61:00:59:d0:65:2e:a1:78:8c:1a:a2:fc:43:
                    e9:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:F0:CC:D2:3F:F0:DD:F8:2F:E8:15:12:C2:A5:67:9A:F3:B3:84:01
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/o_DM0j_w3fgv6BUSwqVnmvOzhAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:99:55:6f:87:fb:1f:da:b4:59:d6:68:b0:ed:5e:f5:34:c5:
         4e:7b:e8:9d:7c:21:08:a7:b0:a9:1a:9e:32:0c:09:4e:55:6d:
         10:0c:39:e8:09:dd:e4:cd:5f:89:9d:72:82:5e:9f:ee:19:3e:
         45:92:a6:47:90:d0:00:60:fd:4b:b9:ca:85:28:1a:d8:47:bf:
         39:9e:cf:65:43:11:cd:24:7d:5d:fb:51:79:b3:01:5a:6e:38:
         6a:28:94:c0:35:3a:dc:b6:b7:c2:01:aa:03:8b:bd:ec:78:9d:
         b4:de:3e:70:f9:0f:d4:28:e7:b6:cb:8f:17:97:ae:16:07:e1:
         71:a8:19:94:49:5f:01:70:22:0d:e6:75:54:e4:50:12:4f:a1:
         7c:0a:5d:fa:dd:fd:aa:6d:c0:22:10:84:d5:3c:79:ed:a4:1d:
         c1:9e:90:2e:04:a9:e7:a6:a3:61:47:fb:23:72:6e:4e:0b:10:
         3a:dc:e2:ee:f5:24:06:40:5f:b5:39:75:36:39:1b:68:c8:b2:
         48:31:5b:a8:89:43:f3:bf:56:ee:ef:33:ad:c6:30:60:ad:c6:
         d6:01:16:a2:c0:80:db:e6:75:37:35:81:7a:85:e1:4d:36:30:
         36:7d:df:b0:19:01:80:17:cf:03:9a:46:3b:f6:17:0c:ea:ce:
         31:d0:e6:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJsD930tGZTmpUA/y53vFVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQxMDA4MTIxNzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2YwY2NkMjNmZjBkZGY4MmZlODE1MTJjMmE1Njc5YWYzYjM4NDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtx7lGdsP4ajXzUP5s01pQT/W6hb
M2pQW95GqvJyK/pvV81yoPcgPbQklThb8S0mIIWPQ/fc/6T57chJsbAAk0NZ8oo5
WOGey0tfdPKK2G+QqAqkLbUckn9k1VZRorlDIwxTdcfO71IS2H3owe61IjvdlBRG
nJDT5SG4sEJDM4BUODEuZbAjT5aN7/JAG81YV/9/SR/WhThPhEYwYMs3RpVnwTf2
okJPkuAZhoUFwpOkgisnKqb6aEi0pJ46R7q8SvWESEiC2NuQQ+aDVvFAUaziufQi
wbQFno1MASUFBUr2+FACIcp84D/1KFs0gCNAYGEAWdBlLqF4jBqi/EPpqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPwzNI/8N34L+gVEsKlZ5rzs4QBMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvb19ETTBqX3czZmd2NkJVU3dxVm5tdk96aEFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9KRMA0G
CSqGSIb3DQEBCwUAA4IBAQA6mVVvh/sf2rRZ1miw7V71NMVOe+idfCEIp7CpGp4y
DAlOVW0QDDnoCd3kzV+JnXKCXp/uGT5FkqZHkNAAYP1LucqFKBrYR785ns9lQxHN
JH1d+1F5swFabjhqKJTANTrctrfCAaoDi73seJ203j5w+Q/UKOe2y48Xl64WB+Fx
qBmUSV8BcCIN5nVU5FAST6F8Cl363f2qbcAiEITVPHntpB3BnpAuBKnnpqNhR/sj
cm5OCxA63OLu9SQGQF+1OXU2ORtoyLJIMVuoiUPzv1bu7zOtxjBgrcbWARaiwIDb
5nU3NYF6heFNNjA2fd+wGQGAF88DmkY79hcM6s4x0OaU
-----END CERTIFICATE-----