Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/o4a1dwNfZn2rc490kGx_SV2UXdI.roa
File:                     o4a1dwNfZn2rc490kGx_SV2UXdI.roa (raw, json)
Hash identifier:          iR1CAYp0b5lDCuwRBAb5a+Y35MnDylm3u3iMtLp4yfw=
Subject key identifier:   A3:86:B5:77:03:5F:66:7D:AB:73:8F:74:90:6C:7F:49:5D:94:5D:D2
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       018CC80135C51C892C4FCCC3CCDAB91339E3
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/o4a1dwNfZn2rc490kGx_SV2UXdI.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15372
IP address blocks:        153.96.101.0/24 maxlen: 24
                          153.96.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:35:c5:1c:89:2c:4f:cc:c3:cc:da:b9:13:39:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a386b577035f667dab738f74906c7f495d945dd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5b:6b:6b:6a:2f:22:3c:ee:d3:de:65:c5:03:
                    87:6f:0d:ef:3a:81:eb:56:6e:55:d2:89:a4:a6:4a:
                    38:e1:e0:84:27:e4:f8:f5:30:60:10:95:83:06:30:
                    a6:fe:9f:3b:ca:bf:22:34:e6:8a:4b:30:76:66:0a:
                    d5:e9:e2:4d:78:05:97:56:42:80:ad:31:94:26:04:
                    f3:d8:47:10:32:f3:b3:8f:d6:f3:af:9f:8d:b5:93:
                    66:fc:8f:ce:60:2e:10:0f:90:27:c0:3f:00:45:32:
                    1e:4c:71:81:97:61:c4:49:6f:01:11:87:25:ed:a3:
                    99:0c:7e:7e:8e:28:44:68:91:a0:7a:a1:c4:f0:c3:
                    9c:77:05:d7:5b:6c:a2:39:de:01:a7:7f:62:fe:37:
                    f4:5e:bf:e4:72:23:15:8f:57:60:a1:bf:a2:b5:2a:
                    11:4c:35:54:8a:20:3f:ff:db:12:5b:58:73:ef:0a:
                    1c:72:2a:24:ac:36:7f:7c:72:ab:5d:71:2f:b2:4d:
                    92:4e:fe:37:c5:7e:81:eb:07:de:b7:6f:85:d6:ba:
                    12:ca:df:10:9f:51:8c:5d:54:b4:7c:a5:b7:79:92:
                    fa:3a:a9:59:6e:13:87:5e:f3:f0:1e:0e:50:74:a1:
                    42:69:39:ea:d3:e2:c9:cf:c3:6a:1a:1a:59:8e:24:
                    45:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:86:B5:77:03:5F:66:7D:AB:73:8F:74:90:6C:7F:49:5D:94:5D:D2
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/o4a1dwNfZn2rc490kGx_SV2UXdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.101.0/24
                  153.96.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:1c:ae:49:35:6c:5d:9c:a0:7e:ad:97:b9:53:37:71:50:02:
         93:79:bd:8e:d8:92:93:49:be:78:a8:0b:3f:89:af:96:fa:0d:
         e4:65:ec:e0:4a:e7:93:ef:06:37:75:fc:d0:44:81:55:f9:eb:
         8d:4c:1a:a7:a5:0e:64:87:ed:56:60:d2:6d:49:5f:56:d4:51:
         8a:f4:f6:a9:93:76:1e:13:29:e5:5a:78:3b:c0:16:86:6e:f8:
         cb:ee:27:ec:56:4d:16:55:5c:b7:6f:73:59:18:32:e7:9e:77:
         e3:eb:ce:9c:82:b4:7e:df:7f:93:f4:13:8c:ad:fa:3e:45:56:
         7c:e8:e7:12:82:5b:60:b4:4a:01:54:0d:66:68:6c:b3:68:ae:
         5d:5f:b8:14:cd:48:fe:79:c9:8d:5c:6e:40:83:d5:ce:be:74:
         aa:6b:db:4e:6a:51:3c:5a:3b:72:38:50:9c:42:aa:0b:33:d9:
         f6:3c:ad:23:c0:1c:f3:90:5e:99:1e:de:9b:15:3a:0d:43:65:
         8e:ed:06:ed:33:e9:d4:86:c0:22:4d:5c:7a:85:ec:0d:98:9d:
         b7:e4:e1:6f:63:0f:18:40:0f:fb:a3:99:fd:8a:cf:34:a3:5b:
         f2:d3:a7:3d:85:ef:4c:71:94:b4:91:74:f9:25:49:49:cf:eb:
         70:3e:5c:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIATXFHIksT8zDzNq5EznjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzg2YjU3NzAzNWY2NjdkYWI3MzhmNzQ5MDZjN2Y0OTVkOTQ1ZGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVtra2ovIjzu095lxQOHbw3vOoHr
Vm5V0omkpko44eCEJ+T49TBgEJWDBjCm/p87yr8iNOaKSzB2ZgrV6eJNeAWXVkKA
rTGUJgTz2EcQMvOzj9bzr5+NtZNm/I/OYC4QD5AnwD8ARTIeTHGBl2HESW8BEYcl
7aOZDH5+jihEaJGgeqHE8MOcdwXXW2yiOd4Bp39i/jf0Xr/kciMVj1dgob+itSoR
TDVUiiA//9sSW1hz7wocciokrDZ/fHKrXXEvsk2STv43xX6B6wfet2+F1roSyt8Q
n1GMXVS0fKW3eZL6OqlZbhOHXvPwHg5QdKFCaTnq0+LJz8NqGhpZjiRFEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKOGtXcDX2Z9q3OPdJBsf0ldlF3SMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvbzRhMWR3TmZabjJyYzQ5MGtHeF9TVjJVWGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmWBlAwQA
mWDmMA0GCSqGSIb3DQEBCwUAA4IBAQCBHK5JNWxdnKB+rZe5UzdxUAKTeb2O2JKT
Sb54qAs/ia+W+g3kZezgSueT7wY3dfzQRIFV+euNTBqnpQ5kh+1WYNJtSV9W1FGK
9Papk3YeEynlWng7wBaGbvjL7ifsVk0WVVy3b3NZGDLnnnfj686cgrR+33+T9BOM
rfo+RVZ86OcSgltgtEoBVA1maGyzaK5dX7gUzUj+ecmNXG5Ag9XOvnSqa9tOalE8
WjtyOFCcQqoLM9n2PK0jwBzzkF6ZHt6bFToNQ2WO7QbtM+nUhsAiTVx6hewNmJ23
5OFvYw8YQA/7o5n9is80o1vy06c9he9McZS0kXT5JUlJz+twPlxK
-----END CERTIFICATE-----