Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/OlIIOfKP1J7zS0wogZCMGm_pKCI.roa
File:                     OlIIOfKP1J7zS0wogZCMGm_pKCI.roa (raw, json)
Hash identifier:          LXberCkVFZwa22H5DTyQo00qu/0MQHR+izRV5Eb1i9g=
Subject key identifier:   3A:52:08:39:F2:8F:D4:9E:F3:4B:4C:28:81:90:8C:1A:6F:E9:28:22
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DAA3492C1E82DDE8A1E76AF53F4AA
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/OlIIOfKP1J7zS0wogZCMGm_pKCI.roa
Signing time:             Tue 02 Jan 2024 08:32:39 +0000
ROA not before:           Tue 02 Jan 2024 08:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.150.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:aa:34:92:c1:e8:2d:de:8a:1e:76:af:53:f4:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a520839f28fd49ef34b4c2881908c1a6fe92822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:59:7b:81:1a:8e:ab:f5:66:4e:c6:93:66:ee:
                    37:46:30:66:8c:5a:59:be:48:94:79:bf:aa:7d:cb:
                    f0:d9:3a:9d:39:e4:9b:62:83:51:5b:13:50:df:a4:
                    17:c6:49:4d:fa:65:e6:26:8b:46:7b:03:2c:2e:bd:
                    88:fd:87:f8:d7:4a:e1:3a:17:83:d6:b0:32:01:3e:
                    f8:91:c7:a4:fa:1d:f1:09:4e:20:a0:79:36:9d:c2:
                    69:ee:6c:37:c0:fa:a8:cf:22:6e:6d:d6:df:5b:7a:
                    23:aa:fc:bf:97:4c:ea:dd:34:8f:cb:47:4a:01:9f:
                    2b:6d:35:a5:b9:d2:db:29:82:27:25:87:2f:d1:17:
                    f5:22:7d:e6:88:2b:ca:8d:af:16:06:40:14:52:27:
                    0e:40:07:26:c3:28:5b:76:50:13:fb:2e:58:fe:be:
                    d9:67:2a:60:47:46:47:33:ba:a3:d8:fa:dd:c0:f3:
                    3f:e9:a4:3d:e4:93:51:27:93:42:1b:ff:35:e5:24:
                    4c:d7:30:b9:72:7f:4d:20:da:38:67:85:70:86:b5:
                    70:f8:01:be:c0:d9:7a:7e:15:de:e3:10:2e:eb:09:
                    79:6c:ca:00:5b:6e:6b:02:b8:c5:b8:f7:9a:31:20:
                    2d:5e:b9:c8:df:99:86:12:9c:0b:67:15:a3:1f:b7:
                    5c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:52:08:39:F2:8F:D4:9E:F3:4B:4C:28:81:90:8C:1A:6F:E9:28:22
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/OlIIOfKP1J7zS0wogZCMGm_pKCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:9f:44:df:8c:0e:f6:5f:e8:07:92:b1:16:9c:63:8b:6a:a4:
         55:c1:b9:b8:ed:e7:63:aa:9a:83:32:fc:32:aa:2a:05:b8:e7:
         38:0a:b6:b0:62:ed:f8:4c:9e:3c:17:40:dc:87:ca:92:49:ec:
         b6:c1:8f:fa:86:42:01:f9:5d:5e:33:4a:f0:c1:f8:d5:79:cf:
         e9:0e:f4:75:8b:d1:8e:b0:0e:5b:38:e3:84:0c:3c:64:60:63:
         f6:1a:62:89:61:a8:e8:51:e5:54:f5:df:fb:22:25:43:bb:8c:
         b8:ec:b4:a6:dd:7c:bc:e1:ed:17:5d:ac:d5:a8:4d:e0:80:7b:
         8a:73:4d:38:a6:b0:12:b3:ab:c9:84:38:11:2f:3b:ee:ce:69:
         cd:26:04:f3:fe:ae:f6:ce:e8:b8:a2:f1:95:1d:ff:59:ca:20:
         de:85:51:a6:97:10:b0:0e:cf:0d:29:e2:cf:94:c4:b4:c0:ca:
         8f:a5:e7:d5:62:52:b7:48:18:79:e8:ae:91:b7:56:10:dc:4d:
         54:dc:5d:54:b6:44:ab:d7:4f:0d:69:d6:f6:89:1a:98:38:bd:
         23:da:18:f5:58:e1:66:f9:dc:ea:ce:da:b4:0f:7f:4a:6a:95:
         da:fc:53:93:c3:81:0a:14:fb:f1:37:b7:81:5d:26:71:c0:c4:
         c1:f0:62:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTao0ksHoLd6KHnavU/SqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTUyMDgzOWYyOGZkNDllZjM0YjRjMjg4MTkwOGMxYTZmZTkyODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkll7gRqOq/VmTsaTZu43RjBmjFpZ
vkiUeb+qfcvw2TqdOeSbYoNRWxNQ36QXxklN+mXmJotGewMsLr2I/Yf410rhOheD
1rAyAT74kcek+h3xCU4goHk2ncJp7mw3wPqozyJubdbfW3ojqvy/l0zq3TSPy0dK
AZ8rbTWludLbKYInJYcv0Rf1In3miCvKja8WBkAUUicOQAcmwyhbdlAT+y5Y/r7Z
ZypgR0ZHM7qj2PrdwPM/6aQ95JNRJ5NCG/815SRM1zC5cn9NINo4Z4VwhrVw+AG+
wNl6fhXe4xAu6wl5bMoAW25rArjFuPeaMSAtXrnI35mGEpwLZxWjH7dc/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpSCDnyj9Se80tMKIGQjBpv6SgiMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvT2xJSU9mS1AxSjd6UzB3b2daQ01HbV9wS0NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZbMMA0G
CSqGSIb3DQEBCwUAA4IBAQA3n0TfjA72X+gHkrEWnGOLaqRVwbm47edjqpqDMvwy
qioFuOc4CrawYu34TJ48F0Dch8qSSey2wY/6hkIB+V1eM0rwwfjVec/pDvR1i9GO
sA5bOOOEDDxkYGP2GmKJYajoUeVU9d/7IiVDu4y47LSm3Xy84e0XXazVqE3ggHuK
c004prASs6vJhDgRLzvuzmnNJgTz/q72zui4ovGVHf9ZyiDehVGmlxCwDs8NKeLP
lMS0wMqPpefVYlK3SBh56K6Rt1YQ3E1U3F1UtkSr108Nadb2iRqYOL0j2hj1WOFm
+dzqztq0D39KapXa/FOTw4EKFPvxN7eBXSZxwMTB8GKU
-----END CERTIFICATE-----