Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/oSMiOgD-IMxTX3UKXS86soSk8dE.roa
File:                     oSMiOgD-IMxTX3UKXS86soSk8dE.roa (raw, json)
Hash identifier:          /e6NBmdJFRdkPJgzkIhDzsIYxEjqAkyQJeob6MnkRUY=
Subject key identifier:   A1:23:22:3A:00:FE:20:CC:53:5F:75:0A:5D:2F:3A:B2:84:A4:F1:D1
Certificate issuer:       /CN=a8a251140114c8fd8ad5fb45b7189aba7bc5048f
Certificate serial:       018CC4931F40472F9F145BF6D3D7D902213F
Authority key identifier: A8:A2:51:14:01:14:C8:FD:8A:D5:FB:45:B7:18:9A:BA:7B:C5:04:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qKJRFAEUyP2K1ftFtxiaunvFBI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/oSMiOgD-IMxTX3UKXS86soSk8dE.roa
Signing time:             Mon 01 Jan 2024 10:30:25 +0000
ROA not before:           Mon 01 Jan 2024 10:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198567
IP address blocks:        194.153.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/qKJRFAEUyP2K1ftFtxiaunvFBI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/qKJRFAEUyP2K1ftFtxiaunvFBI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qKJRFAEUyP2K1ftFtxiaunvFBI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1f:40:47:2f:9f:14:5b:f6:d3:d7:d9:02:21:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8a251140114c8fd8ad5fb45b7189aba7bc5048f
        Validity
            Not Before: Jan  1 10:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a123223a00fe20cc535f750a5d2f3ab284a4f1d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:72:ae:dd:ef:85:21:61:4d:cc:c5:36:81:c9:
                    80:23:cb:df:20:0e:29:be:5a:5b:26:02:c9:32:09:
                    eb:d0:3a:31:ee:94:c4:79:06:e5:d4:83:21:d5:58:
                    3f:74:2a:8c:d1:f4:76:71:c5:4b:a9:9b:ad:f8:d1:
                    71:09:cf:f9:69:01:f1:e4:11:3e:03:74:ac:73:8f:
                    de:20:fa:b2:c1:f3:7a:1a:4e:9d:4d:d0:4a:a0:5f:
                    95:7f:39:9a:96:eb:84:50:8b:d7:b6:7b:cb:3f:a6:
                    bf:f0:5c:41:01:53:91:b0:68:ae:70:4c:23:7b:6b:
                    bc:9e:56:33:ba:d2:88:eb:e3:9f:e3:51:5b:9d:99:
                    8c:f3:a0:03:af:96:82:62:42:04:2a:b0:96:15:52:
                    87:90:5f:7c:2a:71:e9:3b:c0:41:f7:7f:f8:59:97:
                    14:9e:24:82:27:bb:0d:d7:ce:94:91:e2:7e:aa:73:
                    9f:da:49:2f:98:ed:95:47:2e:f3:e9:d9:71:f2:f3:
                    d2:bf:eb:0b:e0:bc:0f:1f:61:8a:56:9d:6f:2a:f5:
                    81:87:1b:0b:d6:10:f4:53:66:15:c2:16:b1:22:a9:
                    28:14:44:e7:ed:4b:21:e8:0a:10:b8:0d:79:d1:bd:
                    98:48:d1:44:92:0e:53:ee:37:6a:d0:b2:91:df:d5:
                    36:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:23:22:3A:00:FE:20:CC:53:5F:75:0A:5D:2F:3A:B2:84:A4:F1:D1
            X509v3 Authority Key Identifier:
                keyid:A8:A2:51:14:01:14:C8:FD:8A:D5:FB:45:B7:18:9A:BA:7B:C5:04:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qKJRFAEUyP2K1ftFtxiaunvFBI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/oSMiOgD-IMxTX3UKXS86soSk8dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/qKJRFAEUyP2K1ftFtxiaunvFBI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:fc:ae:96:36:3c:73:37:14:a5:cf:d9:67:64:8a:1b:ea:63:
         fd:84:a5:21:0e:64:75:fa:a2:17:a8:9b:7b:a1:fe:8d:ee:ba:
         f3:32:35:6f:ac:ec:1a:2e:dd:29:01:6a:71:ed:8b:df:b7:63:
         4f:ce:46:35:26:2d:c2:93:aa:f4:94:a1:18:01:a0:be:b5:c7:
         e3:f8:b1:8f:d0:07:78:6e:69:dd:d8:56:9f:3c:ca:b3:b2:09:
         72:0e:6a:f2:32:96:f6:16:be:0e:1b:f6:05:af:f7:90:02:ec:
         ab:e5:f5:31:79:c4:21:3e:bf:cf:f9:b0:75:84:d2:94:63:1d:
         d9:5f:77:63:b3:65:e7:6e:8d:51:02:ad:65:c6:4f:a5:9b:ed:
         6b:f8:96:8f:99:25:13:96:4b:5f:6a:e3:12:20:01:6c:90:d4:
         9d:f0:b5:39:cf:a7:0e:f2:3d:b8:76:40:68:99:bd:6b:87:ce:
         f7:9c:a5:04:f2:20:4a:52:35:71:66:c7:13:ff:19:31:87:e3:
         67:1c:62:a8:a8:47:5a:fc:94:21:dc:81:97:b2:0e:ad:58:24:
         ca:5f:8b:2f:1e:b6:b6:e4:18:a2:17:84:ed:87:33:bd:5a:5a:
         84:62:55:41:e5:a0:58:07:cd:80:11:9a:2e:e6:24:4d:97:ab:
         33:ef:bb:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkx9ARy+fFFv209fZAiE/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4YTI1MTE0MDExNGM4ZmQ4YWQ1ZmI0NWI3MTg5YWJhN2Jj
NTA0OGYwHhcNMjQwMTAxMTAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTIzMjIzYTAwZmUyMGNjNTM1Zjc1MGE1ZDJmM2FiMjg0YTRmMWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinKu3e+FIWFNzMU2gcmAI8vfIA4p
vlpbJgLJMgnr0Dox7pTEeQbl1IMh1Vg/dCqM0fR2ccVLqZut+NFxCc/5aQHx5BE+
A3Ssc4/eIPqywfN6Gk6dTdBKoF+VfzmaluuEUIvXtnvLP6a/8FxBAVORsGiucEwj
e2u8nlYzutKI6+Of41FbnZmM86ADr5aCYkIEKrCWFVKHkF98KnHpO8BB93/4WZcU
niSCJ7sN186UkeJ+qnOf2kkvmO2VRy7z6dlx8vPSv+sL4LwPH2GKVp1vKvWBhxsL
1hD0U2YVwhaxIqkoFETn7Ush6AoQuA150b2YSNFEkg5T7jdq0LKR39U27QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEjIjoA/iDMU191Cl0vOrKEpPHRMB8GA1UdIwQY
MBaAFKiiURQBFMj9itX7RbcYmrp7xQSPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUtKUkZBRVV5UDJLMWZ0RnR4aWF1bnZGQkk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lZTRhNTYtZDVjOS00NjUyLTljZjEt
ZjA5NDYyYzEyZGE0LzEvb1NNaU9nRC1JTXhUWDNVS1hTODZzb1NrOGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lZTRhNTYtZDVjOS00NjUyLTljZjEtZjA5NDYyYzEyZGE0
LzEvcUtKUkZBRVV5UDJLMWZ0RnR4aWF1bnZGQkk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpm4MA0G
CSqGSIb3DQEBCwUAA4IBAQBc/K6WNjxzNxSlz9lnZIob6mP9hKUhDmR1+qIXqJt7
of6N7rrzMjVvrOwaLt0pAWpx7Yvft2NPzkY1Ji3Ck6r0lKEYAaC+tcfj+LGP0Ad4
bmnd2FafPMqzsglyDmryMpb2Fr4OG/YFr/eQAuyr5fUxecQhPr/P+bB1hNKUYx3Z
X3djs2Xnbo1RAq1lxk+lm+1r+JaPmSUTlktfauMSIAFskNSd8LU5z6cO8j24dkBo
mb1rh873nKUE8iBKUjVxZscT/xkxh+NnHGKoqEda/JQh3IGXsg6tWCTKX4svHra2
5BiiF4TthzO9WlqEYlVB5aBYB82AEZou5iRNl6sz77tt
-----END CERTIFICATE-----