Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/OhhSpunX2oFMOOPbpKEEbEzELw0.roa
File:                     OhhSpunX2oFMOOPbpKEEbEzELw0.roa (raw, json)
Hash identifier:          3ps6+ztcgkHapstvgub1KecvUe5/zgzQ6krJXv7P6Sc=
Subject key identifier:   3A:18:52:A6:E9:D7:DA:81:4C:38:E3:DB:A4:A1:04:6C:4C:C4:2F:0D
Certificate issuer:       /CN=1627573c68929ab2a4590e92a51abc40ea9e5817
Certificate serial:       019427B3EB52932340355B42DFEB7ABAF39D
Authority key identifier: 16:27:57:3C:68:92:9A:B2:A4:59:0E:92:A5:1A:BC:40:EA:9E:58:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/OhhSpunX2oFMOOPbpKEEbEzELw0.roa
Signing time:             Thu 02 Jan 2025 15:48:10 +0000
ROA not before:           Thu 02 Jan 2025 15:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201895
IP address blocks:        185.60.160.0/24 maxlen: 24
                          185.60.161.0/24 maxlen: 24
                          185.60.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:eb:52:93:23:40:35:5b:42:df:eb:7a:ba:f3:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1627573c68929ab2a4590e92a51abc40ea9e5817
        Validity
            Not Before: Jan  2 15:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a1852a6e9d7da814c38e3dba4a1046c4cc42f0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b1:3e:b0:65:3f:82:d4:fe:cc:7b:0c:a1:67:
                    ab:43:af:47:89:f8:b4:2d:e7:46:82:ce:22:2c:3b:
                    29:5a:c3:8b:87:d8:82:be:48:18:5c:f1:6e:c9:56:
                    d7:48:9f:7f:ec:f8:db:1f:2f:61:51:6a:cc:07:d9:
                    4e:08:27:3d:0f:e3:2d:8c:ed:31:1c:31:96:66:62:
                    7d:df:f1:3c:a6:a1:81:f6:b3:b6:72:69:d0:32:ff:
                    4a:68:57:34:16:06:c0:1e:c7:cc:3d:ef:f2:3f:ac:
                    cb:36:44:9a:22:05:5e:fb:b3:f7:cf:8a:94:a0:14:
                    bf:8b:eb:4a:ac:05:85:fc:45:ed:71:05:d2:f8:9b:
                    22:29:b8:a7:62:16:78:45:fa:4b:3b:8c:a9:8a:21:
                    37:cc:7b:5e:9e:57:1d:e9:f9:07:81:7c:f1:e6:a7:
                    1a:aa:fe:fc:8c:84:33:17:c0:3a:cb:db:ea:01:04:
                    ec:3f:19:b7:b3:34:23:90:60:c8:d0:30:70:95:55:
                    fb:e3:6d:d7:0d:d3:e9:2c:e9:a9:0b:e2:c1:d0:b2:
                    7e:60:b9:be:ac:8b:0b:bf:22:1f:b0:8d:63:06:01:
                    6e:25:7c:b9:af:1f:84:f2:19:60:30:9d:25:40:0e:
                    eb:d3:2d:04:75:b7:64:a1:70:b6:30:1f:46:03:09:
                    2a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:18:52:A6:E9:D7:DA:81:4C:38:E3:DB:A4:A1:04:6C:4C:C4:2F:0D
            X509v3 Authority Key Identifier:
                keyid:16:27:57:3C:68:92:9A:B2:A4:59:0E:92:A5:1A:BC:40:EA:9E:58:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/OhhSpunX2oFMOOPbpKEEbEzELw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.160.0/23
                  185.60.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:cf:40:ac:e8:d9:4a:e5:c6:a6:76:21:83:c9:1c:ef:58:e5:
         d6:d6:d4:da:2b:7d:44:72:08:a4:f7:14:eb:a4:ee:93:c9:eb:
         15:27:10:0e:e9:ab:41:0b:03:c1:35:62:68:a0:37:b5:33:c6:
         64:d8:93:bb:ee:1b:8e:2f:ec:85:2a:67:04:f7:0d:3e:f9:4d:
         73:3a:26:31:0d:e6:34:09:76:0f:77:69:ed:fe:8c:a2:5d:a5:
         7e:fa:7c:0f:41:ab:d9:bc:0a:f2:53:f8:e6:92:75:20:96:f5:
         03:97:b1:0a:8b:5f:f4:d2:d0:6d:9d:81:0e:a3:49:98:b7:83:
         55:28:3b:26:a6:3b:5b:d5:52:0c:08:90:9d:c2:ac:b4:37:62:
         f0:fb:2f:23:8f:2d:9c:46:5d:a4:0a:4a:ba:63:9f:05:5e:fa:
         cc:ea:13:f4:eb:88:84:b8:da:e5:cb:5e:82:c9:3b:f1:02:3e:
         f9:be:c9:b9:71:bd:de:11:20:f2:f2:63:79:29:42:46:97:52:
         5b:c7:9c:42:50:c9:35:32:ad:69:18:09:28:7c:ef:4d:03:a3:
         91:93:9e:f7:e2:06:dc:42:9d:cd:52:6f:9b:e5:c4:af:53:ce:
         41:17:75:89:50:44:36:e2:68:e0:cd:d8:70:b9:8f:e7:60:44:
         27:ff:21:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQns+tSkyNANVtC3+t6uvOdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Mjc1NzNjNjg5MjlhYjJhNDU5MGU5MmE1MWFiYzQwZWE5
ZTU4MTcwHhcNMjUwMTAyMTU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTE4NTJhNmU5ZDdkYTgxNGMzOGUzZGJhNGExMDQ2YzRjYzQyZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbE+sGU/gtT+zHsMoWerQ69Hifi0
LedGgs4iLDspWsOLh9iCvkgYXPFuyVbXSJ9/7PjbHy9hUWrMB9lOCCc9D+MtjO0x
HDGWZmJ93/E8pqGB9rO2cmnQMv9KaFc0FgbAHsfMPe/yP6zLNkSaIgVe+7P3z4qU
oBS/i+tKrAWF/EXtcQXS+JsiKbinYhZ4RfpLO4ypiiE3zHtenlcd6fkHgXzx5qca
qv78jIQzF8A6y9vqAQTsPxm3szQjkGDI0DBwlVX7423XDdPpLOmpC+LB0LJ+YLm+
rIsLvyIfsI1jBgFuJXy5rx+E8hlgMJ0lQA7r0y0EdbdkoXC2MB9GAwkqmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDoYUqbp19qBTDjj26ShBGxMxC8NMB8GA1UdIwQY
MBaAFBYnVzxokpqypFkOkqUavEDqnlgXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlkWFBHaVNtcktrV1E2U3BScThRT3FlV0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8wZTBjOTAtNzE3Zi00MGVhLWIxN2Ut
ZTZmOWRiNzQxMzlkLzEvT2hoU3B1blgyb0ZNT09QYnBLRUViRXpFTHcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8wZTBjOTAtNzE3Zi00MGVhLWIxN2UtZTZmOWRiNzQxMzlk
LzEvRmlkWFBHaVNtcktrV1E2U3BScThRT3FlV0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuTygAwQA
uTyjMA0GCSqGSIb3DQEBCwUAA4IBAQBZz0Cs6NlK5camdiGDyRzvWOXW1tTaK31E
cgik9xTrpO6TyesVJxAO6atBCwPBNWJooDe1M8Zk2JO77huOL+yFKmcE9w0++U1z
OiYxDeY0CXYPd2nt/oyiXaV++nwPQavZvAryU/jmknUglvUDl7EKi1/00tBtnYEO
o0mYt4NVKDsmpjtb1VIMCJCdwqy0N2Lw+y8jjy2cRl2kCkq6Y58FXvrM6hP064iE
uNrly16CyTvxAj75vsm5cb3eESDy8mN5KUJGl1Jbx5xCUMk1Mq1pGAkofO9NA6OR
k5734gbcQp3NUm+b5cSvU85BF3WJUEQ24mjgzdhwuY/nYEQn/yGO
-----END CERTIFICATE-----