Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/okiP1Vmr8mrIYzZ_92Z3--yz5zI.roa
File:                     okiP1Vmr8mrIYzZ_92Z3--yz5zI.roa (raw, json)
Hash identifier:          GthdXDU4Ajyw1LQph/dR7l1kMCQuytLpcimadTlAprk=
Subject key identifier:   A2:48:8F:D5:59:AB:F2:6A:C8:63:36:7F:F7:66:77:FB:EC:B3:E7:32
Certificate issuer:       /CN=34fe6b9d0cc1e7f6e16b2a46b42ca5e01c700346
Certificate serial:       018D1CF8EBDC25DA58BC2678B45BB5547F4B
Authority key identifier: 34:FE:6B:9D:0C:C1:E7:F6:E1:6B:2A:46:B4:2C:A5:E0:1C:70:03:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/okiP1Vmr8mrIYzZ_92Z3--yz5zI.roa
Signing time:             Thu 18 Jan 2024 14:28:11 +0000
ROA not before:           Thu 18 Jan 2024 14:28:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.156.16.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:f8:eb:dc:25:da:58:bc:26:78:b4:5b:b5:54:7f:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34fe6b9d0cc1e7f6e16b2a46b42ca5e01c700346
        Validity
            Not Before: Jan 18 14:28:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2488fd559abf26ac863367ff76677fbecb3e732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:e9:9e:b1:94:a8:b7:80:b8:fc:c1:84:87:8d:
                    6f:db:e2:fa:79:b3:e2:af:3b:79:24:5e:7d:df:d7:
                    bc:01:bc:06:94:17:27:95:d6:86:64:7a:b3:5a:18:
                    bd:32:ca:2f:8d:0a:eb:90:7a:25:3c:a2:a9:e5:5b:
                    52:39:00:f4:2a:23:3c:b8:03:f5:2d:40:39:b9:cb:
                    e1:e5:d8:e8:84:2f:d5:61:58:36:3a:46:b0:1b:d1:
                    35:42:03:07:e6:8a:25:e1:26:b5:8b:ee:ec:b3:71:
                    0f:64:30:65:d8:79:a6:91:26:eb:dc:09:dc:b7:a3:
                    5e:6e:27:78:37:76:2c:8d:d5:fd:82:c6:0b:f9:ec:
                    f6:5a:e7:ac:79:cb:be:8b:c8:cf:52:fe:89:ae:1d:
                    d5:ba:59:0a:b3:9d:f7:41:31:6c:3a:e8:c4:23:90:
                    7b:b6:15:aa:69:64:77:3c:fc:59:a1:3b:e6:08:db:
                    e2:79:5b:68:20:b1:4b:57:a6:9e:9d:77:3b:31:b4:
                    07:24:21:67:75:20:f4:19:ff:e3:48:0c:6c:74:58:
                    71:84:1a:7e:3d:e7:d2:35:2e:5a:b2:a0:0c:aa:00:
                    cc:20:a6:28:f1:d5:30:05:c4:18:a2:7f:26:80:b9:
                    b8:55:f0:21:14:fd:52:8e:db:49:ed:1b:fe:d7:7f:
                    99:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:48:8F:D5:59:AB:F2:6A:C8:63:36:7F:F7:66:77:FB:EC:B3:E7:32
            X509v3 Authority Key Identifier:
                keyid:34:FE:6B:9D:0C:C1:E7:F6:E1:6B:2A:46:B4:2C:A5:E0:1C:70:03:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/okiP1Vmr8mrIYzZ_92Z3--yz5zI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:4d:10:7f:3e:35:82:6b:6b:69:2c:d6:45:f3:27:83:6b:b0:
         62:94:18:b2:94:63:0f:88:db:45:df:9e:b9:c4:9e:25:85:11:
         68:20:20:09:ae:aa:2b:6c:98:a6:6c:60:2e:11:01:80:85:03:
         35:a3:31:b9:dd:19:78:da:de:25:8f:2e:e5:49:02:ba:17:ae:
         41:05:4e:47:44:fd:9a:bf:d5:bd:bd:90:65:98:37:6b:f2:ff:
         81:c3:9d:72:a8:8b:a5:49:4f:f0:c3:34:31:f9:78:af:56:f6:
         f1:92:d2:b0:f9:97:7b:79:43:ae:93:ce:e1:2f:af:3c:1b:31:
         a6:70:d1:bc:27:0c:de:f2:e1:e9:51:54:d4:e6:c4:c1:94:be:
         2a:07:23:8a:86:06:45:77:a2:2e:19:a8:62:9b:3c:43:ff:e0:
         80:1c:96:4f:ae:ee:ad:6d:b6:9a:be:6b:e4:bc:cd:c8:c3:fb:
         70:a1:40:02:c4:b3:79:50:89:3e:d8:7d:ed:9f:74:dd:c9:3d:
         23:27:84:d7:7c:f7:d9:1e:78:57:e2:ec:55:42:92:28:29:b3:
         26:81:72:72:d5:6e:b3:07:9a:e7:3c:58:20:1b:e7:57:1a:39:
         6f:4b:3d:f6:41:1f:41:d8:d9:7d:ac:76:4b:90:38:86:b0:e0:
         05:17:cd:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0c+OvcJdpYvCZ4tFu1VH9LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZmU2YjlkMGNjMWU3ZjZlMTZiMmE0NmI0MmNhNWUwMWM3
MDAzNDYwHhcNMjQwMTE4MTQyODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQ4OGZkNTU5YWJmMjZhYzg2MzM2N2ZmNzY2NzdmYmVjYjNlNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+OmesZSot4C4/MGEh41v2+L6ebPi
rzt5JF5939e8AbwGlBcnldaGZHqzWhi9MsovjQrrkHolPKKp5VtSOQD0KiM8uAP1
LUA5ucvh5djohC/VYVg2OkawG9E1QgMH5ool4Sa1i+7ss3EPZDBl2HmmkSbr3Anc
t6Nebid4N3YsjdX9gsYL+ez2Wuesecu+i8jPUv6Jrh3VulkKs533QTFsOujEI5B7
thWqaWR3PPxZoTvmCNvieVtoILFLV6aenXc7MbQHJCFndSD0Gf/jSAxsdFhxhBp+
PefSNS5asqAMqgDMIKYo8dUwBcQYon8mgLm4VfAhFP1SjttJ7Rv+13+ZPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJIj9VZq/JqyGM2f/dmd/vss+cyMB8GA1UdIwQY
MBaAFDT+a50Mwef24WsqRrQspeAccANGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlA1cm5RekI1X2JoYXlwR3RDeWw0Qnh3QTBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC82MmRmMzYtZmQzNi00YmFmLTlkMmUt
MTE4YWZlZDdhNWFlLzEvb2tpUDFWbXI4bXJJWXpaXzkyWjMtLXl6NXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC82MmRmMzYtZmQzNi00YmFmLTlkMmUtMTE4YWZlZDdhNWFl
LzEvTlA1cm5RekI1X2JoYXlwR3RDeWw0Qnh3QTBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZwQMA0G
CSqGSIb3DQEBCwUAA4IBAQCVTRB/PjWCa2tpLNZF8yeDa7BilBiylGMPiNtF3565
xJ4lhRFoICAJrqorbJimbGAuEQGAhQM1ozG53Rl42t4ljy7lSQK6F65BBU5HRP2a
v9W9vZBlmDdr8v+Bw51yqIulSU/wwzQx+XivVvbxktKw+Zd7eUOuk87hL688GzGm
cNG8Jwze8uHpUVTU5sTBlL4qByOKhgZFd6IuGahimzxD/+CAHJZPru6tbbaavmvk
vM3Iw/twoUACxLN5UIk+2H3tn3TdyT0jJ4TXfPfZHnhX4uxVQpIoKbMmgXJy1W6z
B5rnPFggG+dXGjlvSz32QR9B2Nl9rHZLkDiGsOAFF80j
-----END CERTIFICATE-----