Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/odkcJSc-O6vGjZZo3w43QqD4Mw4.roa
File:                     odkcJSc-O6vGjZZo3w43QqD4Mw4.roa (raw, json)
Hash identifier:          JICkCD1OEJwU37rzTClwR4lI+mM8Us1ZaAUFpWiHZ/U=
Subject key identifier:   A1:D9:1C:25:27:3E:3B:AB:C6:8D:96:68:DF:0E:37:42:A0:F8:33:0E
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       018CC87151303A30DD0325990B0934D5D199
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/odkcJSc-O6vGjZZo3w43QqD4Mw4.roa
Signing time:             Tue 02 Jan 2024 04:31:58 +0000
ROA not before:           Tue 02 Jan 2024 04:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43278
IP address blocks:        95.181.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:51:30:3a:30:dd:03:25:99:0b:09:34:d5:d1:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  2 04:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1d91c25273e3babc68d9668df0e3742a0f8330e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a7:b8:55:f1:a2:d3:60:2e:61:6b:f7:7b:81:
                    eb:23:9f:a1:27:75:d4:2a:c2:7b:c9:0f:10:9c:a6:
                    f5:be:f3:69:fa:ab:b8:fc:b5:ad:4f:ad:fe:a1:fb:
                    ef:31:fc:97:27:9c:51:85:5a:16:78:45:15:78:5e:
                    8f:d1:12:dc:46:3d:31:df:89:5a:a8:00:e1:a0:fe:
                    6b:b8:5e:15:87:59:66:dc:a5:15:a9:a4:1b:2c:39:
                    d5:89:52:6c:e6:6d:1c:e0:01:42:ec:e2:5b:1b:ad:
                    99:e8:68:5f:78:31:d5:8e:07:f1:ef:f7:19:b9:df:
                    00:b9:4e:df:5b:2e:7b:2b:e7:9a:a5:2d:c7:4e:f7:
                    ce:66:25:dd:f6:21:78:a2:60:72:bc:5a:76:29:04:
                    8e:57:05:51:f8:2a:c2:7c:e3:35:6b:94:2f:86:6c:
                    d3:2b:fd:71:ca:41:8a:34:e6:f8:cb:05:5e:4d:00:
                    2a:2c:c0:26:b3:cf:71:a7:14:93:30:9a:fa:45:d3:
                    1d:97:4c:86:dc:da:0b:39:03:da:06:57:9a:7d:19:
                    ec:7d:f9:76:1e:d7:bc:c4:a0:29:3c:53:c3:ea:d8:
                    0e:c2:5a:4d:6d:ad:5b:3d:90:24:62:8a:ec:2d:4a:
                    00:67:f6:9d:d3:02:37:09:b2:15:c8:ef:15:1d:72:
                    86:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:D9:1C:25:27:3E:3B:AB:C6:8D:96:68:DF:0E:37:42:A0:F8:33:0E
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/odkcJSc-O6vGjZZo3w43QqD4Mw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:40:d7:c6:21:cf:a2:a0:81:96:33:2d:af:5f:0c:9f:5f:c1:
         03:c1:22:ec:36:0a:1a:13:11:a0:5c:b7:e3:b3:da:ba:45:55:
         19:c1:71:78:6f:83:2e:7f:5e:16:29:31:fb:ff:5e:50:8f:4a:
         e9:f0:9d:7b:7e:5a:2f:0e:48:6a:98:be:0e:1f:3b:2b:c7:95:
         e4:17:46:43:89:7d:db:fb:09:2a:46:d0:32:d0:04:e3:db:9e:
         bf:da:85:97:37:87:e9:b0:3a:af:46:70:a9:31:c1:0d:c2:27:
         41:6b:5f:6f:9f:c0:5d:cb:76:a6:00:46:c3:70:54:91:03:82:
         d1:1d:f8:a0:d3:3f:1e:27:d6:f7:8e:59:ad:a3:6d:89:dc:72:
         68:91:5a:ce:06:3d:d9:a2:b7:18:c0:1e:06:88:52:46:6a:16:
         78:97:26:59:ef:85:ce:dc:f6:40:f9:47:67:78:20:d8:61:88:
         f2:22:db:70:65:e4:b1:6f:4f:24:cc:03:3e:4e:22:61:1f:0a:
         54:27:ac:d2:dd:90:77:1d:30:ca:b6:ef:a7:83:d3:4a:d1:a4:
         b0:5e:80:75:39:21:0d:6a:94:35:33:b0:00:01:28:02:20:1d:
         6f:ae:57:a8:94:59:88:3a:a8:dc:f2:1d:3f:ab:73:0b:f8:10:
         f7:fa:21:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcVEwOjDdAyWZCwk01dGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjQwMTAyMDQzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWQ5MWMyNTI3M2UzYmFiYzY4ZDk2NjhkZjBlMzc0MmEwZjgzMzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqe4VfGi02AuYWv3e4HrI5+hJ3XU
KsJ7yQ8QnKb1vvNp+qu4/LWtT63+ofvvMfyXJ5xRhVoWeEUVeF6P0RLcRj0x34la
qADhoP5ruF4Vh1lm3KUVqaQbLDnViVJs5m0c4AFC7OJbG62Z6GhfeDHVjgfx7/cZ
ud8AuU7fWy57K+eapS3HTvfOZiXd9iF4omByvFp2KQSOVwVR+CrCfOM1a5QvhmzT
K/1xykGKNOb4ywVeTQAqLMAms89xpxSTMJr6RdMdl0yG3NoLOQPaBleafRnsffl2
Hte8xKApPFPD6tgOwlpNba1bPZAkYorsLUoAZ/ad0wI3CbIVyO8VHXKGXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHZHCUnPjurxo2WaN8ON0Kg+DMOMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvb2RrY0pTYy1PNnZHalpabzN3NDNRcUQ0TXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7WeMA0G
CSqGSIb3DQEBCwUAA4IBAQBFQNfGIc+ioIGWMy2vXwyfX8EDwSLsNgoaExGgXLfj
s9q6RVUZwXF4b4Muf14WKTH7/15Qj0rp8J17flovDkhqmL4OHzsrx5XkF0ZDiX3b
+wkqRtAy0ATj256/2oWXN4fpsDqvRnCpMcENwidBa19vn8Bdy3amAEbDcFSRA4LR
Hfig0z8eJ9b3jlmto22J3HJokVrOBj3ZorcYwB4GiFJGahZ4lyZZ74XO3PZA+Udn
eCDYYYjyIttwZeSxb08kzAM+TiJhHwpUJ6zS3ZB3HTDKtu+ng9NK0aSwXoB1OSEN
apQ1M7AAASgCIB1vrleolFmIOqjc8h0/q3ML+BD3+iG1
-----END CERTIFICATE-----