Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/1f01e3-77d3-4cf7-aea8-122feecde3ea/1/ocHnsj8Tl5jJIsPNMSf7Gs70Cw8.roa
File:                     ocHnsj8Tl5jJIsPNMSf7Gs70Cw8.roa (raw, json)
Hash identifier:          xI9tA9L2S0VVwNAlaHHgaEWhwDIaZM6aMnKNRjFXdYY=
Subject key identifier:   A1:C1:E7:B2:3F:13:97:98:C9:22:C3:CD:31:27:FB:1A:CE:F4:0B:0F
Certificate issuer:       /CN=e7fd9909d16baf11cb958c8d274e24ec9947422f
Certificate serial:       018CC56EC25310D75DDAB3E124E9F2B54FD0
Authority key identifier: E7:FD:99:09:D1:6B:AF:11:CB:95:8C:8D:27:4E:24:EC:99:47:42:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_2ZCdFrrxHLlYyNJ04k7JlHQi8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/1f01e3-77d3-4cf7-aea8-122feecde3ea/1/ocHnsj8Tl5jJIsPNMSf7Gs70Cw8.roa
Signing time:             Mon 01 Jan 2024 14:30:19 +0000
ROA not before:           Mon 01 Jan 2024 14:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60167
IP address blocks:        185.192.48.0/22 maxlen: 22
                          2a0a:22c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/1f01e3-77d3-4cf7-aea8-122feecde3ea/1/5_2ZCdFrrxHLlYyNJ04k7JlHQi8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/1f01e3-77d3-4cf7-aea8-122feecde3ea/1/5_2ZCdFrrxHLlYyNJ04k7JlHQi8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_2ZCdFrrxHLlYyNJ04k7JlHQi8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c2:53:10:d7:5d:da:b3:e1:24:e9:f2:b5:4f:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7fd9909d16baf11cb958c8d274e24ec9947422f
        Validity
            Not Before: Jan  1 14:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1c1e7b23f139798c922c3cd3127fb1acef40b0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:b7:13:9c:08:6a:a8:cd:29:4d:92:73:9b:0b:
                    70:25:d9:bd:a3:05:6d:89:08:79:b2:98:65:ce:c1:
                    09:fc:8d:7d:34:61:97:96:10:d4:a5:c8:b2:07:86:
                    a6:aa:b3:63:a1:c7:9a:78:01:13:fd:06:11:70:fa:
                    b1:35:02:4f:dd:f2:ed:b6:80:0d:05:34:57:b6:c6:
                    90:be:ca:f8:20:eb:dd:70:9d:5c:e2:54:03:27:b2:
                    1f:8e:26:01:64:c5:f6:0e:cf:67:ec:59:5f:b0:55:
                    ed:5c:23:37:00:b1:25:1f:c4:12:16:3f:35:bf:27:
                    84:ef:70:45:8e:90:08:93:9f:bb:44:d8:ac:73:98:
                    b7:a9:78:16:31:2e:ce:b8:ab:77:d3:02:16:03:c5:
                    cb:bb:71:f7:51:f4:fc:56:02:9d:88:5c:96:4a:19:
                    23:a1:29:4b:d7:a3:ef:b3:7f:98:4e:f6:b3:4d:e0:
                    88:a8:5e:19:c7:09:77:55:02:ef:29:ee:bf:75:74:
                    55:1b:36:31:10:d6:6d:07:a7:92:cf:1e:ba:de:fa:
                    7c:62:2a:54:5f:e2:7b:8a:de:cf:fb:13:a6:18:de:
                    2b:dc:64:65:3f:f2:a1:47:03:93:24:2f:94:d1:4f:
                    1c:23:0d:08:f9:c2:82:b2:cb:00:d8:aa:99:3e:56:
                    f2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C1:E7:B2:3F:13:97:98:C9:22:C3:CD:31:27:FB:1A:CE:F4:0B:0F
            X509v3 Authority Key Identifier:
                keyid:E7:FD:99:09:D1:6B:AF:11:CB:95:8C:8D:27:4E:24:EC:99:47:42:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_2ZCdFrrxHLlYyNJ04k7JlHQi8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/1f01e3-77d3-4cf7-aea8-122feecde3ea/1/ocHnsj8Tl5jJIsPNMSf7Gs70Cw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/1f01e3-77d3-4cf7-aea8-122feecde3ea/1/5_2ZCdFrrxHLlYyNJ04k7JlHQi8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.48.0/22
                IPv6:
                  2a0a:22c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:19:45:c8:5e:74:1f:70:81:f8:ec:16:89:ce:84:39:e1:cd:
         8c:54:e1:20:2d:ba:67:46:6d:81:f3:5e:b6:b9:46:af:3a:eb:
         84:2a:ea:5b:dc:c9:6a:f4:8a:4f:c5:08:a8:be:14:89:4e:34:
         2d:b9:48:96:07:be:6b:36:73:7f:f4:b3:35:8e:9d:aa:91:58:
         e4:a6:80:2c:bb:c5:6a:4c:1f:80:39:e7:8e:7e:d3:2a:93:2c:
         eb:d6:f1:6b:92:3b:7d:b5:5b:02:8d:3e:52:9b:c9:fc:d0:b9:
         c5:0c:60:5f:4b:e1:c5:21:44:8b:49:cc:de:30:f2:1d:a1:86:
         fa:1c:75:1d:25:63:0b:ae:01:67:8b:8b:75:55:de:65:89:52:
         ad:9d:d7:32:68:bc:db:b4:8e:6f:68:5d:89:29:8f:8b:e6:4b:
         9c:19:01:dd:14:d9:2b:11:5f:94:16:ea:4c:83:64:f1:44:f4:
         2b:66:c2:e5:92:28:a8:e1:b3:6a:ab:b5:05:d6:09:fc:26:4f:
         85:80:d5:83:a8:f1:e3:52:f5:4a:14:9c:fb:05:ac:33:0d:74:
         d2:d9:0f:5e:03:5a:91:eb:2f:dd:09:81:aa:0d:a8:8f:c0:ef:
         5f:ff:fd:ae:10:18:c6:6b:5e:3e:5e:03:9e:4c:be:04:43:fb:
         a2:68:f7:4c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbsJTENdd2rPhJOnytU/QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZmQ5OTA5ZDE2YmFmMTFjYjk1OGM4ZDI3NGUyNGVjOTk0
NzQyMmYwHhcNMjQwMTAxMTQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWMxZTdiMjNmMTM5Nzk4YzkyMmMzY2QzMTI3ZmIxYWNlZjQwYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rcTnAhqqM0pTZJzmwtwJdm9owVt
iQh5sphlzsEJ/I19NGGXlhDUpciyB4amqrNjoceaeAET/QYRcPqxNQJP3fLttoAN
BTRXtsaQvsr4IOvdcJ1c4lQDJ7IfjiYBZMX2Ds9n7FlfsFXtXCM3ALElH8QSFj81
vyeE73BFjpAIk5+7RNisc5i3qXgWMS7OuKt30wIWA8XLu3H3UfT8VgKdiFyWShkj
oSlL16Pvs3+YTvazTeCIqF4Zxwl3VQLvKe6/dXRVGzYxENZtB6eSzx663vp8YipU
X+J7it7P+xOmGN4r3GRlP/KhRwOTJC+U0U8cIw0I+cKCsssA2KqZPlby3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKHB57I/E5eYySLDzTEn+xrO9AsPMB8GA1UdIwQY
MBaAFOf9mQnRa68Ry5WMjSdOJOyZR0IvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV8yWkNkRnJyeEhMbFl5TkowNGs3SmxIUWk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8xZjAxZTMtNzdkMy00Y2Y3LWFlYTgt
MTIyZmVlY2RlM2VhLzEvb2NIbnNqOFRsNWpKSXNQTk1TZjdHczcwQ3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8xZjAxZTMtNzdkMy00Y2Y3LWFlYTgtMTIyZmVlY2RlM2Vh
LzEvNV8yWkNkRnJyeEhMbFl5TkowNGs3SmxIUWk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucAwMA0E
AgACMAcDBQMqCiLAMA0GCSqGSIb3DQEBCwUAA4IBAQB0GUXIXnQfcIH47BaJzoQ5
4c2MVOEgLbpnRm2B8162uUavOuuEKupb3Mlq9IpPxQiovhSJTjQtuUiWB75rNnN/
9LM1jp2qkVjkpoAsu8VqTB+AOeeOftMqkyzr1vFrkjt9tVsCjT5Sm8n80LnFDGBf
S+HFIUSLSczeMPIdoYb6HHUdJWMLrgFni4t1Vd5liVKtndcyaLzbtI5vaF2JKY+L
5kucGQHdFNkrEV+UFupMg2TxRPQrZsLlkiio4bNqq7UF1gn8Jk+FgNWDqPHjUvVK
FJz7BawzDXTS2Q9eA1qR6y/dCYGqDaiPwO9f//2uEBjGa14+XgOeTL4EQ/uiaPdM
-----END CERTIFICATE-----