Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/ozM03cUBgl0gaAo53Q8EEP8jk9A.roa
File:                     ozM03cUBgl0gaAo53Q8EEP8jk9A.roa (raw, json)
Hash identifier:          BaEbnfZS31fh8SdOhtVy1KrA4MyOXWAqvpUBcjpq7Ms=
Subject key identifier:   A3:33:34:DD:C5:01:82:5D:20:68:0A:39:DD:0F:04:10:FF:23:93:D0
Certificate issuer:       /CN=70e7ad0598208a6af9d1500a740d73bcf28f0384
Certificate serial:       018CC26CF8246A46B6409B71164284E964B6
Authority key identifier: 70:E7:AD:05:98:20:8A:6A:F9:D1:50:0A:74:0D:73:BC:F2:8F:03:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cOetBZggimr50VAKdA1zvPKPA4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/ozM03cUBgl0gaAo53Q8EEP8jk9A.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29663
IP address blocks:        193.201.116.0/24 maxlen: 24
                          2001:67c:5e8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/cOetBZggimr50VAKdA1zvPKPA4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/cOetBZggimr50VAKdA1zvPKPA4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cOetBZggimr50VAKdA1zvPKPA4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f8:24:6a:46:b6:40:9b:71:16:42:84:e9:64:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70e7ad0598208a6af9d1500a740d73bcf28f0384
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a33334ddc501825d20680a39dd0f0410ff2393d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:af:bb:ae:fe:47:69:98:b8:40:9d:6f:71:81:
                    a6:1e:9b:b5:f8:01:bc:3d:88:aa:ac:2c:d1:3e:60:
                    38:00:11:86:e3:d7:39:df:b1:71:d5:d5:cc:2c:c8:
                    29:9b:1e:fd:0b:da:06:1b:e9:7f:d8:fe:4a:72:a9:
                    c5:12:bc:ec:41:9c:56:a0:1d:33:d4:c6:2c:8e:0c:
                    da:a3:e3:94:eb:9f:eb:03:2e:b3:1c:b1:90:d0:ea:
                    96:8e:7e:09:f0:d1:c2:2f:c2:38:5b:35:d8:0f:3d:
                    c7:81:74:43:07:ec:59:3f:01:50:09:d8:f4:42:55:
                    ba:75:f4:d7:dd:59:26:2e:1a:e9:81:f6:13:5a:3d:
                    0c:16:27:3b:6e:53:2c:ba:75:35:7d:28:84:d4:42:
                    2a:46:80:fd:97:b6:97:23:73:ed:e5:d3:c6:04:69:
                    5a:1f:95:ad:85:c7:e9:f5:6e:e4:49:2a:38:3e:9c:
                    0d:9a:c1:cb:ef:fb:c6:d7:1e:63:3a:0c:28:44:cf:
                    d1:37:0b:f6:c5:88:e5:ab:8a:93:0c:76:8e:55:14:
                    8d:b7:d3:bf:79:72:67:c5:ea:a4:1e:26:99:d0:47:
                    cc:f8:56:23:f9:9a:78:31:e3:f2:86:3d:79:40:84:
                    2a:bc:ca:85:be:23:88:8b:d6:3d:e0:37:f6:78:4d:
                    8e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:33:34:DD:C5:01:82:5D:20:68:0A:39:DD:0F:04:10:FF:23:93:D0
            X509v3 Authority Key Identifier:
                keyid:70:E7:AD:05:98:20:8A:6A:F9:D1:50:0A:74:0D:73:BC:F2:8F:03:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cOetBZggimr50VAKdA1zvPKPA4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/ozM03cUBgl0gaAo53Q8EEP8jk9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/cOetBZggimr50VAKdA1zvPKPA4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.116.0/24
                IPv6:
                  2001:67c:5e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:1f:c7:16:fc:f7:65:f9:30:e4:2a:75:0a:0e:60:92:9e:fd:
         01:f2:46:6a:af:34:cd:51:64:2f:7e:df:3a:c0:fb:b3:78:6e:
         d2:57:ec:9a:e4:ea:74:e0:85:30:6b:65:21:7d:7e:c2:90:a6:
         4a:cc:db:49:ab:bf:f0:6f:9a:66:32:d4:0a:6f:b2:cf:3a:66:
         ee:51:34:ab:7b:a2:39:6c:81:20:a0:60:bb:af:cd:1d:95:cd:
         f9:5b:05:c8:d3:e4:b2:26:cf:83:70:53:b3:d0:b5:e9:85:bb:
         cf:72:c0:c3:de:5d:d2:cb:bb:5e:c6:b3:66:cf:90:f4:5e:48:
         b9:f8:a2:2f:62:b7:83:13:14:b3:f6:a7:f0:01:4d:4e:f5:3b:
         e0:83:9b:69:ac:51:31:34:a4:fa:fd:a8:53:04:0c:14:68:2c:
         ea:c7:6b:6f:88:8b:8c:e9:18:a4:d7:f1:82:c9:40:c2:97:23:
         d6:38:d8:fc:be:4f:ea:75:e2:77:ed:4e:60:ba:7c:d0:35:fc:
         fd:b7:4c:71:d7:ea:2d:87:b4:3a:b8:42:2e:20:f1:b4:99:2d:
         c0:6a:e3:65:6a:b6:df:39:60:bc:36:f6:c4:a5:c1:16:e5:4f:
         79:72:7f:5f:24:6d:0d:8a:97:95:8c:82:43:a0:ce:57:88:e6:
         77:c7:4c:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbPgkaka2QJtxFkKE6WS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZTdhZDA1OTgyMDhhNmFmOWQxNTAwYTc0MGQ3M2JjZjI4
ZjAzODQwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzMzMzRkZGM1MDE4MjVkMjA2ODBhMzlkZDBmMDQxMGZmMjM5M2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiq+7rv5HaZi4QJ1vcYGmHpu1+AG8
PYiqrCzRPmA4ABGG49c537Fx1dXMLMgpmx79C9oGG+l/2P5KcqnFErzsQZxWoB0z
1MYsjgzao+OU65/rAy6zHLGQ0OqWjn4J8NHCL8I4WzXYDz3HgXRDB+xZPwFQCdj0
QlW6dfTX3VkmLhrpgfYTWj0MFic7blMsunU1fSiE1EIqRoD9l7aXI3Pt5dPGBGla
H5Wthcfp9W7kSSo4PpwNmsHL7/vG1x5jOgwoRM/RNwv2xYjlq4qTDHaOVRSNt9O/
eXJnxeqkHiaZ0EfM+FYj+Zp4MePyhj15QIQqvMqFviOIi9Y94Df2eE2O2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKMzNN3FAYJdIGgKOd0PBBD/I5PQMB8GA1UdIwQY
MBaAFHDnrQWYIIpq+dFQCnQNc7zyjwOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY09ldEJaZ2dpbXI1MFZBS2RBMXp2UEtQQTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS82NjY0MDQtYzI4Zi00ZDI5LTk2ZTQt
NjA3ZTE3YWVjNzUwLzEvb3pNMDNjVUJnbDBnYUFvNTNROEVFUDhqazlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS82NjY0MDQtYzI4Zi00ZDI5LTk2ZTQtNjA3ZTE3YWVjNzUw
LzEvY09ldEJaZ2dpbXI1MFZBS2RBMXp2UEtQQTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwcl0MA8E
AgACMAkDBwAgAQZ8BegwDQYJKoZIhvcNAQELBQADggEBAMMfxxb892X5MOQqdQoO
YJKe/QHyRmqvNM1RZC9+3zrA+7N4btJX7Jrk6nTghTBrZSF9fsKQpkrM20mrv/Bv
mmYy1Apvss86Zu5RNKt7ojlsgSCgYLuvzR2VzflbBcjT5LImz4NwU7PQtemFu89y
wMPeXdLLu17Gs2bPkPReSLn4oi9it4MTFLP2p/ABTU71O+CDm2msUTE0pPr9qFME
DBRoLOrHa2+Ii4zpGKTX8YLJQMKXI9Y42Py+T+p14nftTmC6fNA1/P23THHX6i2H
tDq4Qi4g8bSZLcBq42Vqtt85YLw29sSlwRblT3lyf18kbQ2Kl5WMgkOgzleI5nfH
TMM=
-----END CERTIFICATE-----