Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/OsicbGrofONzvOMYzzSMeh1M0Ro.roa
File:                     OsicbGrofONzvOMYzzSMeh1M0Ro.roa (raw, json)
Hash identifier:          cIt9peiom5yBpS37bJ6SfpideKQZn/MNW4WW281bDto=
Subject key identifier:   3A:C8:9C:6C:6A:E8:7C:E3:73:BC:E3:18:CF:34:8C:7A:1D:4C:D1:1A
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018E522958790EE6708AC2BC8F486BDC9396
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/OsicbGrofONzvOMYzzSMeh1M0Ro.roa
Signing time:             Mon 18 Mar 2024 15:23:45 +0000
ROA not before:           Mon 18 Mar 2024 15:23:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        139.28.32.0/22 maxlen: 22
                          141.98.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:52:29:58:79:0e:e6:70:8a:c2:bc:8f:48:6b:dc:93:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Mar 18 15:23:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ac89c6c6ae87ce373bce318cf348c7a1d4cd11a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:8c:cb:4d:60:04:b4:40:75:50:5b:fe:0c:80:
                    d9:ac:62:6d:ca:e6:01:cf:dd:5f:fc:61:ba:78:da:
                    34:04:d1:5a:8e:cd:86:00:3d:2d:fe:0d:a4:cd:f4:
                    e6:ec:ff:06:4f:bc:03:6f:96:c7:84:73:20:d1:a8:
                    9c:0a:35:a3:02:d2:d7:67:66:84:63:5c:c3:19:09:
                    ac:4b:70:f1:d5:29:60:d6:82:4f:a9:6e:a1:e1:f6:
                    69:84:52:f3:b3:65:21:b5:c8:4b:37:b3:2d:b0:e4:
                    1a:5a:27:ff:c1:20:c2:e4:1d:b6:01:ff:12:13:b4:
                    0e:41:3c:f4:84:2f:66:26:7c:6a:00:3f:62:b8:d0:
                    7f:2b:7e:db:70:07:7d:5c:7a:ee:95:c5:eb:29:75:
                    0b:ba:cf:8a:7a:25:22:a3:5a:bb:8f:9f:2c:b4:0c:
                    62:18:f5:c1:c6:30:82:e6:7c:33:32:46:3d:19:9e:
                    46:da:db:49:06:b4:4b:4e:d9:dc:08:71:5e:03:4d:
                    ed:fe:42:9e:86:16:35:0e:f4:0c:9f:4a:53:18:b1:
                    2a:f5:85:82:8e:b8:71:0e:d2:ad:84:51:b9:02:6e:
                    19:7e:7e:1d:9a:c6:f0:dc:7c:15:6b:92:70:2a:b0:
                    dd:70:11:1f:0e:d4:a0:6c:1b:31:ae:d0:42:df:cc:
                    f1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:C8:9C:6C:6A:E8:7C:E3:73:BC:E3:18:CF:34:8C:7A:1D:4C:D1:1A
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/OsicbGrofONzvOMYzzSMeh1M0Ro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.32.0/22
                  141.98.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:e9:27:43:0e:55:51:37:d9:a7:46:1f:17:a5:35:79:8d:be:
         95:06:f9:3c:1f:7a:fd:2b:99:c2:dc:ef:c4:89:23:ec:25:96:
         8f:02:c3:e1:19:3d:fc:90:0c:1a:16:2f:81:39:3a:bb:50:49:
         43:ad:a9:6e:8d:32:71:46:9e:d9:a5:26:42:16:51:40:fb:dd:
         84:9b:a0:cd:05:94:3c:d7:b4:a8:b3:66:75:76:68:6a:2d:3c:
         98:be:fe:ca:08:d6:ac:c3:6a:e6:f1:7c:1d:ff:df:e2:db:6b:
         21:b2:c5:ca:c8:ff:fa:45:00:78:77:0f:e4:f1:4c:1d:bd:41:
         2f:bb:70:3d:25:fb:12:fc:68:9b:21:4d:fc:44:14:d1:65:05:
         b3:47:67:35:5d:8f:96:92:0e:23:5d:f7:cf:4b:4c:61:b9:a0:
         cd:b4:fc:ab:78:e6:ad:14:db:28:5d:13:50:ae:18:98:27:77:
         8d:a5:ba:24:d1:c4:17:53:2a:85:c1:81:c9:7a:55:06:36:bb:
         5d:80:0a:df:d0:a4:e3:8f:8d:99:59:b3:25:71:8e:8d:50:0b:
         7f:b0:c7:0d:a6:0f:40:8a:28:e0:92:52:64:a1:d8:ec:fc:d7:
         f5:9f:43:bb:5a:95:8c:8e:e3:91:48:5e:1b:09:2a:28:35:4d:
         62:a6:55:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5SKVh5DuZwisK8j0hr3JOWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwMzE4MTUyMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWM4OWM2YzZhZTg3Y2UzNzNiY2UzMThjZjM0OGM3YTFkNGNkMTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYzLTWAEtEB1UFv+DIDZrGJtyuYB
z91f/GG6eNo0BNFajs2GAD0t/g2kzfTm7P8GT7wDb5bHhHMg0aicCjWjAtLXZ2aE
Y1zDGQmsS3Dx1Slg1oJPqW6h4fZphFLzs2UhtchLN7MtsOQaWif/wSDC5B22Af8S
E7QOQTz0hC9mJnxqAD9iuNB/K37bcAd9XHrulcXrKXULus+KeiUio1q7j58stAxi
GPXBxjCC5nwzMkY9GZ5G2ttJBrRLTtncCHFeA03t/kKehhY1DvQMn0pTGLEq9YWC
jrhxDtKthFG5Am4Zfn4dmsbw3HwVa5JwKrDdcBEfDtSgbBsxrtBC38zxKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDrInGxq6Hzjc7zjGM80jHodTNEaMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvT3NpY2JHcm9mT056dk9NWXp6U01laDFNMFJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCixwgAwQC
jWIwMA0GCSqGSIb3DQEBCwUAA4IBAQCl6SdDDlVRN9mnRh8XpTV5jb6VBvk8H3r9
K5nC3O/EiSPsJZaPAsPhGT38kAwaFi+BOTq7UElDralujTJxRp7ZpSZCFlFA+92E
m6DNBZQ817Sos2Z1dmhqLTyYvv7KCNasw2rm8Xwd/9/i22shssXKyP/6RQB4dw/k
8UwdvUEvu3A9JfsS/GibIU38RBTRZQWzR2c1XY+Wkg4jXffPS0xhuaDNtPyreOat
FNsoXRNQrhiYJ3eNpbok0cQXUyqFwYHJelUGNrtdgArf0KTjj42ZWbMlcY6NUAt/
sMcNpg9AiijgklJkodjs/Nf1n0O7WpWMjuORSF4bCSooNU1iplXa
-----END CERTIFICATE-----