Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/lAOmuWkMospJa-lWrasSsOTl98M.roa
File:                     lAOmuWkMospJa-lWrasSsOTl98M.roa (raw, json)
Hash identifier:          lrBfZ5PTLI8Pde7klIBJgXpIhkCZulaNlaIWtEOaCMc=
Subject key identifier:   94:03:A6:B9:69:0C:A2:CA:49:6B:E9:56:AD:AB:12:B0:E4:E5:F7:C3
Certificate issuer:       /CN=988a01e2526e39504192c30272f380b39ae3f2a6
Certificate serial:       018CFD2440A7BBB8E96C7BA6BE7EC61ED804
Authority key identifier: 98:8A:01:E2:52:6E:39:50:41:92:C3:02:72:F3:80:B3:9A:E3:F2:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mIoB4lJuOVBBksMCcvOAs5rj8qY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/lAOmuWkMospJa-lWrasSsOTl98M.roa
Signing time:             Fri 12 Jan 2024 10:07:40 +0000
ROA not before:           Fri 12 Jan 2024 10:07:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15962
IP address blocks:        194.1.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/mIoB4lJuOVBBksMCcvOAs5rj8qY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/mIoB4lJuOVBBksMCcvOAs5rj8qY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mIoB4lJuOVBBksMCcvOAs5rj8qY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:24:40:a7:bb:b8:e9:6c:7b:a6:be:7e:c6:1e:d8:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=988a01e2526e39504192c30272f380b39ae3f2a6
        Validity
            Not Before: Jan 12 10:07:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9403a6b9690ca2ca496be956adab12b0e4e5f7c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:36:9e:d1:e9:07:c0:66:80:04:ed:39:5c:13:
                    9e:fd:b4:de:bc:c3:d9:6c:55:93:ac:cc:56:91:fe:
                    48:41:38:5d:a3:4d:1a:07:62:6b:30:67:46:c8:b2:
                    65:ef:45:d8:71:d5:75:78:dc:7d:be:42:11:65:bd:
                    d1:78:14:be:90:89:95:5a:e8:52:3e:8f:ed:0f:1f:
                    2b:bf:f6:e8:9f:a5:5a:3a:68:a9:e9:99:05:6f:5d:
                    8e:44:00:6f:0b:7c:5a:08:14:a8:ce:fa:65:39:92:
                    15:e7:64:47:5a:2b:85:99:e0:ec:3c:27:41:67:a9:
                    d5:d8:93:07:15:a9:68:38:9e:79:e9:64:3c:52:a5:
                    ee:00:24:c7:c8:d1:62:61:26:00:2c:80:ec:df:35:
                    bc:84:53:5b:0b:f9:c9:de:6c:05:69:4c:99:6f:bd:
                    bf:b4:f4:a8:a2:4f:ee:ca:ed:7d:e7:0c:49:9c:39:
                    34:70:a9:f3:9f:6c:d8:c7:2d:e8:53:eb:9e:ae:d2:
                    f8:ba:e4:d1:2b:45:2b:76:c9:a0:a2:11:08:64:de:
                    9b:a1:45:4f:3d:86:2b:f0:10:12:85:a9:51:12:55:
                    3c:9f:90:af:19:f3:be:aa:23:10:a2:8b:79:d1:d6:
                    27:dd:f3:c3:c1:d1:83:8f:c2:75:50:dd:a0:15:df:
                    cc:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:03:A6:B9:69:0C:A2:CA:49:6B:E9:56:AD:AB:12:B0:E4:E5:F7:C3
            X509v3 Authority Key Identifier:
                keyid:98:8A:01:E2:52:6E:39:50:41:92:C3:02:72:F3:80:B3:9A:E3:F2:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mIoB4lJuOVBBksMCcvOAs5rj8qY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/lAOmuWkMospJa-lWrasSsOTl98M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/mIoB4lJuOVBBksMCcvOAs5rj8qY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:ac:2d:eb:f7:94:a2:09:71:11:f8:ba:4e:1e:63:0f:9e:77:
         53:3b:a9:f7:38:b8:44:04:56:de:0b:d7:d1:28:14:81:f3:a4:
         91:37:47:9a:4b:e0:1b:3d:57:02:75:11:b1:13:54:89:f0:e5:
         92:40:c1:15:51:5e:81:9c:df:dc:1a:23:60:4b:20:6c:5b:39:
         fd:98:67:11:57:86:3e:38:63:42:8f:85:b9:3d:36:f8:6a:a9:
         87:8a:19:79:f1:a6:eb:b7:1b:37:e4:92:2a:32:94:31:4c:87:
         96:be:1d:09:a9:3d:8a:dc:7e:68:a7:50:18:d7:0c:0b:1a:5b:
         d1:a0:34:2d:1b:72:02:95:ec:aa:8c:86:ee:02:ad:bf:c0:c2:
         45:56:cc:e2:d3:c7:c5:92:0a:24:52:44:e2:af:7c:d5:7a:76:
         34:7d:6a:ed:d0:4a:7b:78:fe:eb:22:35:02:9d:40:71:8f:61:
         ea:84:72:57:80:35:2d:b5:37:15:5e:6a:74:75:b7:7b:d0:06:
         1c:f9:7c:1b:10:fe:a9:4f:e5:a2:00:b8:12:7b:ba:24:fe:b1:
         b4:b5:9e:74:0d:e7:5d:74:6d:d6:17:8a:3d:b8:64:5b:45:bc:
         4b:6a:1c:a1:f2:b4:b6:4b:d0:3d:c1:9f:fc:b9:d4:c3:d5:1f:
         be:da:08:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz9JECnu7jpbHumvn7GHtgEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OGEwMWUyNTI2ZTM5NTA0MTkyYzMwMjcyZjM4MGIzOWFl
M2YyYTYwHhcNMjQwMTEyMTAwNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDAzYTZiOTY5MGNhMmNhNDk2YmU5NTZhZGFiMTJiMGU0ZTVmN2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDae0ekHwGaABO05XBOe/bTevMPZ
bFWTrMxWkf5IQThdo00aB2JrMGdGyLJl70XYcdV1eNx9vkIRZb3ReBS+kImVWuhS
Po/tDx8rv/bon6VaOmip6ZkFb12ORABvC3xaCBSozvplOZIV52RHWiuFmeDsPCdB
Z6nV2JMHFaloOJ556WQ8UqXuACTHyNFiYSYALIDs3zW8hFNbC/nJ3mwFaUyZb72/
tPSook/uyu195wxJnDk0cKnzn2zYxy3oU+uertL4uuTRK0UrdsmgohEIZN6boUVP
PYYr8BAShalRElU8n5CvGfO+qiMQoot50dYn3fPDwdGDj8J1UN2gFd/MXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQDprlpDKLKSWvpVq2rErDk5ffDMB8GA1UdIwQY
MBaAFJiKAeJSbjlQQZLDAnLzgLOa4/KmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUlvQjRsSnVPVkJCa3NNQ2N2T0FzNXJqOHFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9mYTM2MDMtYzJjYS00NTc3LWI3ZWIt
NzcyZjg0MWM0MzkzLzEvbEFPbXVXa01vc3BKYS1sV3Jhc1NzT1RsOThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9mYTM2MDMtYzJjYS00NTc3LWI3ZWItNzcyZjg0MWM0Mzkz
LzEvbUlvQjRsSnVPVkJCa3NNQ2N2T0FzNXJqOHFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgG5MA0G
CSqGSIb3DQEBCwUAA4IBAQCOrC3r95SiCXER+LpOHmMPnndTO6n3OLhEBFbeC9fR
KBSB86SRN0eaS+AbPVcCdRGxE1SJ8OWSQMEVUV6BnN/cGiNgSyBsWzn9mGcRV4Y+
OGNCj4W5PTb4aqmHihl58abrtxs35JIqMpQxTIeWvh0JqT2K3H5op1AY1wwLGlvR
oDQtG3ICleyqjIbuAq2/wMJFVszi08fFkgokUkTir3zVenY0fWrt0Ep7eP7rIjUC
nUBxj2HqhHJXgDUttTcVXmp0dbd70AYc+XwbEP6pT+WiALgSe7ok/rG0tZ50Dedd
dG3WF4o9uGRbRbxLahyh8rS2S9A9wZ/8udTD1R++2ghq
-----END CERTIFICATE-----