Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/OhprbSde_gFJNAx7rqeJRe1JLe8.roa
File:                     OhprbSde_gFJNAx7rqeJRe1JLe8.roa (raw, json)
Hash identifier:          01NK9REIXlIsljwA0714xbUNEXuEI7OMIAXbfjpxYpE=
Subject key identifier:   3A:1A:6B:6D:27:5E:FE:01:49:34:0C:7B:AE:A7:89:45:ED:49:2D:EF
Certificate issuer:       /CN=0c202663de852c7060fdea0298b490d5edcc0f24
Certificate serial:       018FCE8D24F450DE1C45100E98A0E41AA365
Authority key identifier: 0C:20:26:63:DE:85:2C:70:60:FD:EA:02:98:B4:90:D5:ED:CC:0F:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/OhprbSde_gFJNAx7rqeJRe1JLe8.roa
Signing time:             Fri 31 May 2024 12:08:27 +0000
ROA not before:           Fri 31 May 2024 12:08:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8368
IP address blocks:        176.125.224.0/22 maxlen: 24
                          194.32.168.0/22 maxlen: 24
                          195.28.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ce:8d:24:f4:50:de:1c:45:10:0e:98:a0:e4:1a:a3:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c202663de852c7060fdea0298b490d5edcc0f24
        Validity
            Not Before: May 31 12:08:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a1a6b6d275efe0149340c7baea78945ed492def
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:37:03:a2:8d:82:17:38:ec:c8:6e:31:e2:b1:
                    ef:bf:63:ed:ae:d6:94:dc:d1:a9:b0:d8:da:4c:91:
                    07:a8:43:01:11:ad:18:c7:5c:d7:70:f7:13:65:4d:
                    9f:3b:ba:fd:7c:50:2d:1f:03:24:b9:49:7c:e2:04:
                    9b:20:c7:d4:75:6e:ef:0a:24:05:24:c0:a4:5f:c3:
                    5b:0b:36:cd:02:76:59:c4:58:33:fd:cb:62:01:25:
                    0a:09:e6:64:37:61:9d:7b:79:f5:7f:fe:cc:c7:7a:
                    69:0f:03:9e:f0:a3:87:20:f3:6c:e2:e6:f6:c6:75:
                    83:2c:99:87:90:7b:f9:db:75:22:32:59:9f:c0:b9:
                    04:0c:05:41:e6:24:91:e6:65:28:cb:64:47:49:d0:
                    0a:f8:0c:5c:81:4c:94:2b:8a:83:88:7e:4e:b5:d8:
                    c8:1f:7c:2f:0c:c4:70:4d:f3:ca:c2:55:d0:09:9d:
                    72:75:7a:5f:c3:1d:b9:76:9a:22:04:f0:d0:2e:b5:
                    ff:6e:f9:2d:8b:fc:37:15:6c:53:10:67:ad:e1:f4:
                    95:8a:2c:5c:af:ed:05:65:cb:18:34:33:f3:cb:8e:
                    2b:49:f7:64:4c:44:d8:27:38:e9:2b:6a:c5:b9:42:
                    e5:a8:9a:bb:3d:62:f7:49:2c:d2:26:56:dc:9e:55:
                    b3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:1A:6B:6D:27:5E:FE:01:49:34:0C:7B:AE:A7:89:45:ED:49:2D:EF
            X509v3 Authority Key Identifier:
                keyid:0C:20:26:63:DE:85:2C:70:60:FD:EA:02:98:B4:90:D5:ED:CC:0F:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/OhprbSde_gFJNAx7rqeJRe1JLe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.125.224.0/22
                  194.32.168.0/22
                  195.28.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:11:b3:20:99:1d:55:d3:9f:1d:a2:1d:45:df:6a:f2:7e:6b:
         e2:23:81:72:95:5a:70:32:4b:0e:db:81:76:ad:09:18:a0:e2:
         a7:d3:18:a1:6b:16:c5:c6:1a:37:3d:67:b9:d6:3c:6d:3f:6b:
         9c:f0:2e:1e:5d:85:44:64:7c:55:a8:bd:b1:b2:44:6b:be:06:
         4a:c0:cd:43:0b:41:2c:5a:e2:64:b7:a2:23:e7:fe:37:5a:20:
         3b:7a:70:55:5a:7b:f0:e6:6d:c7:1f:cb:2e:a3:65:4a:2e:0e:
         2c:4a:00:1d:16:2a:df:b6:06:a7:30:de:bf:47:9e:8a:19:a9:
         fb:40:8c:8b:50:86:aa:e5:12:1a:79:7f:31:fd:b4:be:ff:20:
         03:df:03:ac:fb:d9:7f:27:9d:94:d7:0d:99:2b:31:17:8b:3e:
         52:18:74:67:b6:a7:07:af:2f:93:5f:58:fa:ec:c3:30:3c:cb:
         ae:da:27:f2:64:45:fb:c9:4a:9f:77:af:fe:b6:c5:20:17:b3:
         17:e5:3b:68:44:9e:0f:d6:e8:48:22:24:cc:fa:34:31:f4:3f:
         8c:57:61:97:00:6e:3d:29:70:73:b5:47:3b:16:9c:57:17:34:
         8d:e2:30:72:49:c2:05:5f:e4:47:49:d5:ac:c1:82:ca:78:b8:
         3f:a5:b3:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY/OjST0UN4cRRAOmKDkGqNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjAyNjYzZGU4NTJjNzA2MGZkZWEwMjk4YjQ5MGQ1ZWRj
YzBmMjQwHhcNMjQwNTMxMTIwODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTFhNmI2ZDI3NWVmZTAxNDkzNDBjN2JhZWE3ODk0NWVkNDkyZGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjcDoo2CFzjsyG4x4rHvv2PtrtaU
3NGpsNjaTJEHqEMBEa0Yx1zXcPcTZU2fO7r9fFAtHwMkuUl84gSbIMfUdW7vCiQF
JMCkX8NbCzbNAnZZxFgz/ctiASUKCeZkN2Gde3n1f/7Mx3ppDwOe8KOHIPNs4ub2
xnWDLJmHkHv523UiMlmfwLkEDAVB5iSR5mUoy2RHSdAK+AxcgUyUK4qDiH5OtdjI
H3wvDMRwTfPKwlXQCZ1ydXpfwx25dpoiBPDQLrX/bvkti/w3FWxTEGet4fSViixc
r+0FZcsYNDPzy44rSfdkTETYJzjpK2rFuULlqJq7PWL3SSzSJlbcnlWz9QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDoaa20nXv4BSTQMe66niUXtSS3vMB8GA1UdIwQY
MBaAFAwgJmPehSxwYP3qApi0kNXtzA8kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENBbVk5NkZMSEJnX2VvQ21MU1ExZTNNRHlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8wOTEwZTYtYzA3NC00MGQwLWI3ODkt
YTE3ODA0NDM5ODk1LzEvT2hwcmJTZGVfZ0ZKTkF4N3JxZUpSZTFKTGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8wOTEwZTYtYzA3NC00MGQwLWI3ODktYTE3ODA0NDM5ODk1
LzEvRENBbVk5NkZMSEJnX2VvQ21MU1ExZTNNRHlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCsH3gAwQC
wiCoAwQAwxzLMA0GCSqGSIb3DQEBCwUAA4IBAQBOEbMgmR1V058doh1F32ryfmvi
I4FylVpwMksO24F2rQkYoOKn0xihaxbFxho3PWe51jxtP2uc8C4eXYVEZHxVqL2x
skRrvgZKwM1DC0EsWuJkt6Ij5/43WiA7enBVWnvw5m3HH8suo2VKLg4sSgAdFirf
tganMN6/R56KGan7QIyLUIaq5RIaeX8x/bS+/yAD3wOs+9l/J52U1w2ZKzEXiz5S
GHRntqcHry+TX1j67MMwPMuu2ifyZEX7yUqfd6/+tsUgF7MX5TtoRJ4P1uhIIiTM
+jQx9D+MV2GXAG49KXBztUc7FpxXFzSN4jByScIFX+RHSdWswYLKeLg/pbMZ
-----END CERTIFICATE-----