Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/OvOxgmhEjizqQPo5msP7199YtT4.roa
File:                     OvOxgmhEjizqQPo5msP7199YtT4.roa (raw, json)
Hash identifier:          mmyB33KOi/39AzA5W69nBylP1Exn4XeLm3FkIenLrzs=
Subject key identifier:   3A:F3:B1:82:68:44:8E:2C:EA:40:FA:39:9A:C3:FB:D7:DF:58:B5:3E
Certificate issuer:       /CN=a0afe1fed1f2b7db24a0c2d1f61010684e93cbd5
Certificate serial:       018CC94D77E232FF8B3F0E75CA4086BDCDB4
Authority key identifier: A0:AF:E1:FE:D1:F2:B7:DB:24:A0:C2:D1:F6:10:10:68:4E:93:CB:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oK_h_tHyt9skoMLR9hAQaE6Ty9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/OvOxgmhEjizqQPo5msP7199YtT4.roa
Signing time:             Tue 02 Jan 2024 08:32:26 +0000
ROA not before:           Tue 02 Jan 2024 08:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201425
IP address blocks:        188.214.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/oK_h_tHyt9skoMLR9hAQaE6Ty9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/oK_h_tHyt9skoMLR9hAQaE6Ty9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oK_h_tHyt9skoMLR9hAQaE6Ty9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:77:e2:32:ff:8b:3f:0e:75:ca:40:86:bd:cd:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0afe1fed1f2b7db24a0c2d1f61010684e93cbd5
        Validity
            Not Before: Jan  2 08:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3af3b18268448e2cea40fa399ac3fbd7df58b53e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6f:e8:aa:af:e4:b6:14:92:3c:25:c5:9e:80:
                    8e:78:3f:4f:c8:92:fa:be:1f:95:5a:0b:8a:28:1b:
                    33:de:63:7e:1e:0f:9a:f0:09:1e:10:e8:15:02:41:
                    82:bd:29:06:70:6b:78:fa:91:40:d3:84:97:b4:e6:
                    89:21:52:56:b7:6f:88:34:7d:a3:2a:f9:de:da:93:
                    b8:d8:2f:d2:5d:cb:f6:b8:9d:24:8e:b2:02:03:be:
                    4b:cf:a8:b3:69:ee:cc:5a:0e:f2:f5:fa:ec:52:0d:
                    fb:6d:4a:3f:08:74:41:0e:63:6f:0f:af:d4:95:c4:
                    e3:bd:b5:71:61:0f:f4:f3:2e:ac:84:b3:62:57:aa:
                    10:84:f8:db:bb:03:56:d2:1a:ed:09:0d:2e:a1:d5:
                    06:e4:e4:27:98:58:a8:50:63:30:85:52:62:05:91:
                    ee:3b:f5:01:9d:19:dc:de:2b:81:9c:26:bf:72:e2:
                    db:6b:4d:c9:f5:94:a8:03:72:b1:0c:de:6e:e5:85:
                    fe:b7:94:8d:63:54:54:0e:fd:64:5c:60:f4:43:fd:
                    74:d4:74:4b:ba:78:39:df:3c:3a:8e:74:f3:07:dd:
                    28:dd:b8:43:df:b0:c3:18:42:36:34:2b:fe:0e:84:
                    d9:82:74:e1:d9:49:5c:e6:e7:9c:ad:7f:df:e9:e8:
                    19:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F3:B1:82:68:44:8E:2C:EA:40:FA:39:9A:C3:FB:D7:DF:58:B5:3E
            X509v3 Authority Key Identifier:
                keyid:A0:AF:E1:FE:D1:F2:B7:DB:24:A0:C2:D1:F6:10:10:68:4E:93:CB:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oK_h_tHyt9skoMLR9hAQaE6Ty9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/OvOxgmhEjizqQPo5msP7199YtT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/oK_h_tHyt9skoMLR9hAQaE6Ty9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:2d:b6:c5:c1:c3:26:00:ff:bb:63:b7:58:16:3f:df:21:31:
         d7:97:ef:38:6f:06:78:5f:79:62:7c:63:73:e7:21:46:6e:94:
         b3:ab:d1:f3:71:31:da:ec:3a:0e:ec:31:79:e5:c6:30:8b:a2:
         56:e1:fd:ac:95:b9:07:bd:37:74:45:58:fa:ef:7d:3e:6f:83:
         5b:55:e6:7f:4d:f3:dd:64:8c:ff:76:6f:6d:f6:c1:06:25:79:
         bb:1a:b5:dd:52:40:5d:bf:83:61:4d:38:cf:68:0b:93:5b:d1:
         69:78:2e:7c:58:3e:91:ab:5a:ac:52:f8:90:7f:63:a7:13:50:
         50:67:eb:76:9e:e7:ee:c8:b9:e4:c6:dc:d4:aa:f7:30:eb:18:
         11:b5:af:b7:a9:cf:97:38:03:54:88:fc:f7:01:fb:90:bd:57:
         38:10:a3:67:b1:0a:5e:04:e2:9e:7a:e3:21:08:d9:2f:03:b9:
         06:a3:2c:3b:9a:00:ac:8e:71:67:6c:70:f3:e3:0d:ec:24:69:
         da:4c:97:ec:a0:df:1c:a1:bd:e6:7e:81:9c:9a:3a:84:68:b4:
         8b:14:40:3f:e0:e7:5f:3b:b1:0b:64:f8:07:d9:f9:80:2c:e5:
         12:b1:00:64:7f:61:3f:41:e3:96:9b:a1:8b:ca:2a:87:33:d9:
         93:a0:fc:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTXfiMv+LPw51ykCGvc20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYWZlMWZlZDFmMmI3ZGIyNGEwYzJkMWY2MTAxMDY4NGU5
M2NiZDUwHhcNMjQwMTAyMDgzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWYzYjE4MjY4NDQ4ZTJjZWE0MGZhMzk5YWMzZmJkN2RmNThiNTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmG/oqq/kthSSPCXFnoCOeD9PyJL6
vh+VWguKKBsz3mN+Hg+a8AkeEOgVAkGCvSkGcGt4+pFA04SXtOaJIVJWt2+INH2j
Kvne2pO42C/SXcv2uJ0kjrICA75Lz6izae7MWg7y9frsUg37bUo/CHRBDmNvD6/U
lcTjvbVxYQ/08y6shLNiV6oQhPjbuwNW0hrtCQ0uodUG5OQnmFioUGMwhVJiBZHu
O/UBnRnc3iuBnCa/cuLba03J9ZSoA3KxDN5u5YX+t5SNY1RUDv1kXGD0Q/101HRL
ung53zw6jnTzB90o3bhD37DDGEI2NCv+DoTZgnTh2Ulc5uecrX/f6egZlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrzsYJoRI4s6kD6OZrD+9ffWLU+MB8GA1UdIwQY
MBaAFKCv4f7R8rfbJKDC0fYQEGhOk8vVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0tfaF90SHl0OXNrb01MUjloQVFhRTZUeTlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zMjAyYWQtN2I0Ni00MjJkLWE0ZDIt
ZWNhNTNhN2Y3NzYyLzEvT3ZPeGdtaEVqaXpxUVBvNW1zUDcxOTlZdFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zMjAyYWQtN2I0Ni00MjJkLWE0ZDItZWNhNTNhN2Y3NzYy
LzEvb0tfaF90SHl0OXNrb01MUjloQVFhRTZUeTlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNZkMA0G
CSqGSIb3DQEBCwUAA4IBAQAhLbbFwcMmAP+7Y7dYFj/fITHXl+84bwZ4X3lifGNz
5yFGbpSzq9HzcTHa7DoO7DF55cYwi6JW4f2slbkHvTd0RVj6730+b4NbVeZ/TfPd
ZIz/dm9t9sEGJXm7GrXdUkBdv4NhTTjPaAuTW9FpeC58WD6Rq1qsUviQf2OnE1BQ
Z+t2nufuyLnkxtzUqvcw6xgRta+3qc+XOANUiPz3AfuQvVc4EKNnsQpeBOKeeuMh
CNkvA7kGoyw7mgCsjnFnbHDz4w3sJGnaTJfsoN8cob3mfoGcmjqEaLSLFEA/4Odf
O7ELZPgH2fmALOUSsQBkf2E/QeOWm6GLyiqHM9mToPyI
-----END CERTIFICATE-----