Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/SsOFfJWb5ltZ4jgYG7koaJTeP84.roa
File:                     SsOFfJWb5ltZ4jgYG7koaJTeP84.roa (raw, json)
Hash identifier:          /Z4YV1ADwkEpENmmMgI18jgDzyO8QkKmL1BHcFW5Z8Y=
Subject key identifier:   4A:C3:85:7C:95:9B:E6:5B:59:E2:38:18:1B:B9:28:68:94:DE:3F:CE
Certificate issuer:       /CN=3a34889251e7cb133e906c70891ba1a0495ed860
Certificate serial:       018CC3B72CFE19F8AD9F1205F8BD66B670B9
Authority key identifier: 3A:34:88:92:51:E7:CB:13:3E:90:6C:70:89:1B:A1:A0:49:5E:D8:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/SsOFfJWb5ltZ4jgYG7koaJTeP84.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206143
IP address blocks:        185.195.63.0/24 maxlen: 24
                          185.195.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/OjSIklHnyxM-kGxwiRuhoEle2GA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/OjSIklHnyxM-kGxwiRuhoEle2GA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2c:fe:19:f8:ad:9f:12:05:f8:bd:66:b6:70:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a34889251e7cb133e906c70891ba1a0495ed860
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ac3857c959be65b59e238181bb9286894de3fce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:84:26:1b:59:da:c5:2a:3b:fd:d8:e1:0b:08:
                    2f:fd:4d:38:95:09:16:03:23:18:6e:da:be:8a:8c:
                    5c:5d:cd:e0:c7:4e:93:81:80:9f:0d:8e:a3:de:24:
                    91:d0:15:cd:91:bc:12:ba:ee:a9:ea:3e:27:6f:29:
                    a3:fb:38:8d:93:2c:fc:da:d9:bb:e6:eb:30:c0:cc:
                    91:24:4d:dc:b3:66:05:fc:a4:11:96:6d:4f:ed:96:
                    3c:d1:c0:e2:fd:35:01:8f:24:5e:4b:7f:b6:46:57:
                    9a:b8:41:26:ff:f7:61:e5:02:29:99:61:58:b8:8b:
                    29:d5:ca:ac:46:01:85:eb:b6:16:cd:03:80:fb:d9:
                    73:cc:21:a4:cf:0d:1b:bc:ac:3f:23:5c:61:7e:2b:
                    31:d5:44:7f:41:ba:7d:20:fc:68:a2:e9:3f:f3:93:
                    09:92:0d:40:d8:98:95:07:8d:8b:cd:59:d1:fa:b2:
                    2f:a9:cc:f8:ce:0f:f2:ed:0b:f4:80:ef:5d:86:0c:
                    e3:f8:14:da:72:80:b2:9e:98:68:3c:40:cd:fc:76:
                    fe:a0:7b:98:fa:02:6d:93:94:82:79:63:10:ed:5a:
                    82:6b:7f:34:1c:e1:67:c6:a4:03:35:c0:89:53:2c:
                    58:91:b7:c0:46:21:09:1a:14:be:4b:72:1c:90:4e:
                    e6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:C3:85:7C:95:9B:E6:5B:59:E2:38:18:1B:B9:28:68:94:DE:3F:CE
            X509v3 Authority Key Identifier:
                keyid:3A:34:88:92:51:E7:CB:13:3E:90:6C:70:89:1B:A1:A0:49:5E:D8:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/SsOFfJWb5ltZ4jgYG7koaJTeP84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/OjSIklHnyxM-kGxwiRuhoEle2GA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:92:12:ef:8a:bd:fb:01:d4:23:eb:5f:e4:f2:42:75:7f:9f:
         31:07:83:bb:56:32:40:ff:d4:c4:c3:69:cc:0b:40:2d:d6:2e:
         de:44:a5:5f:15:d6:03:2e:ee:b8:a5:e6:ca:93:f3:e3:6e:45:
         01:d8:03:a6:59:9c:98:05:ca:9e:13:45:2c:24:bf:b5:c4:5f:
         4f:11:8f:e0:47:09:c9:9b:3f:c0:2a:de:99:b5:55:eb:b1:01:
         f0:d6:f0:db:f6:47:5a:29:de:46:98:7b:61:f8:96:e4:7b:f6:
         55:52:8e:a8:8d:f2:35:b1:82:7b:2e:36:89:32:b3:51:3c:5d:
         37:dd:2e:e1:19:30:04:c8:8c:16:a6:e9:44:13:f3:f9:75:c6:
         ec:b3:93:57:bf:4c:51:7e:8a:d7:4f:55:e2:88:c4:09:29:37:
         0f:90:af:0c:80:63:12:7c:7f:10:02:83:6e:2d:3e:fa:67:1b:
         71:19:15:dc:d5:23:fe:cb:40:fe:a1:a0:3c:5e:e8:c3:39:9a:
         3e:9a:c0:e9:16:ab:69:16:c0:13:b6:a1:a0:92:04:f3:1c:9f:
         f1:48:7c:e0:9d:0a:b0:29:60:2d:42:fa:2a:e3:e6:f9:eb:4d:
         b4:47:61:35:e4:06:70:0c:22:86:e5:06:a3:fa:3b:dd:ad:d2:
         5b:fd:6a:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyz+GfitnxIF+L1mtnC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMzQ4ODkyNTFlN2NiMTMzZTkwNmM3MDg5MWJhMWEwNDk1
ZWQ4NjAwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWMzODU3Yzk1OWJlNjViNTllMjM4MTgxYmI5Mjg2ODk0ZGUzZmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIQmG1naxSo7/djhCwgv/U04lQkW
AyMYbtq+ioxcXc3gx06TgYCfDY6j3iSR0BXNkbwSuu6p6j4nbymj+ziNkyz82tm7
5uswwMyRJE3cs2YF/KQRlm1P7ZY80cDi/TUBjyReS3+2RleauEEm//dh5QIpmWFY
uIsp1cqsRgGF67YWzQOA+9lzzCGkzw0bvKw/I1xhfisx1UR/Qbp9IPxoouk/85MJ
kg1A2JiVB42LzVnR+rIvqcz4zg/y7Qv0gO9dhgzj+BTacoCynphoPEDN/Hb+oHuY
+gJtk5SCeWMQ7VqCa380HOFnxqQDNcCJUyxYkbfARiEJGhS+S3IckE7mXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErDhXyVm+ZbWeI4GBu5KGiU3j/OMB8GA1UdIwQY
MBaAFDo0iJJR58sTPpBscIkboaBJXthgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2pTSWtsSG55eE0ta0d4d2lSdWhvRWxlMkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS85MTE4MmEtZjM0Yi00YTE1LWIzNjMt
ODRmOWVkODdhYzMxLzEvU3NPRmZKV2I1bHRaNGpnWUc3a29hSlRlUDg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS85MTE4MmEtZjM0Yi00YTE1LWIzNjMtODRmOWVkODdhYzMx
LzEvT2pTSWtsSG55eE0ta0d4d2lSdWhvRWxlMkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucM+MA0G
CSqGSIb3DQEBCwUAA4IBAQBRkhLvir37AdQj61/k8kJ1f58xB4O7VjJA/9TEw2nM
C0At1i7eRKVfFdYDLu64pebKk/PjbkUB2AOmWZyYBcqeE0UsJL+1xF9PEY/gRwnJ
mz/AKt6ZtVXrsQHw1vDb9kdaKd5GmHth+Jbke/ZVUo6ojfI1sYJ7LjaJMrNRPF03
3S7hGTAEyIwWpulEE/P5dcbss5NXv0xRforXT1XiiMQJKTcPkK8MgGMSfH8QAoNu
LT76ZxtxGRXc1SP+y0D+oaA8XujDOZo+msDpFqtpFsATtqGgkgTzHJ/xSHzgnQqw
KWAtQvoq4+b56020R2E15AZwDCKG5Qaj+jvdrdJb/Wok
-----END CERTIFICATE-----