Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/OpumD6xi2iOTBCXp-cc9dmu7GU4.roa
File:                     OpumD6xi2iOTBCXp-cc9dmu7GU4.roa (raw, json)
Hash identifier:          fvhOwl47zfGH9lGGWSiHHbyOZAllTydnv9sLQY0NTSk=
Subject key identifier:   3A:9B:A6:0F:AC:62:DA:23:93:04:25:E9:F9:C7:3D:76:6B:BB:19:4E
Certificate issuer:       /CN=9aeafa96c9d563e650ba592ffb06e2ceeb6a0859
Certificate serial:       018CC9BAAE523937AB676D7E6A88F01963BC
Authority key identifier: 9A:EA:FA:96:C9:D5:63:E6:50:BA:59:2F:FB:06:E2:CE:EB:6A:08:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mur6lsnVY-ZQulkv-wbizutqCFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/OpumD6xi2iOTBCXp-cc9dmu7GU4.roa
Signing time:             Tue 02 Jan 2024 10:31:43 +0000
ROA not before:           Tue 02 Jan 2024 10:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5539
IP address blocks:        195.230.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/mur6lsnVY-ZQulkv-wbizutqCFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/mur6lsnVY-ZQulkv-wbizutqCFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mur6lsnVY-ZQulkv-wbizutqCFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:ae:52:39:37:ab:67:6d:7e:6a:88:f0:19:63:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aeafa96c9d563e650ba592ffb06e2ceeb6a0859
        Validity
            Not Before: Jan  2 10:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a9ba60fac62da23930425e9f9c73d766bbb194e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:20:5a:f8:d4:7d:c3:a9:bf:4a:dc:f6:30:55:
                    22:2b:b0:9b:10:58:f3:97:f4:93:b9:b5:5a:9a:8b:
                    f5:62:e1:28:98:75:ef:32:eb:45:72:a3:23:ec:d6:
                    9d:4e:83:6e:07:f4:bd:1c:8d:86:3b:c8:31:8a:ca:
                    29:18:f9:6f:a9:ab:35:1b:7d:6a:4d:f1:01:27:67:
                    f2:21:55:c9:84:ee:7e:c0:6a:95:7a:8c:bf:85:f5:
                    dc:f2:76:3b:57:cb:36:a6:a3:d3:b6:60:ab:d5:37:
                    42:63:c1:34:c0:48:78:8e:09:c6:28:59:9e:11:05:
                    54:c1:3e:f1:b3:c9:4d:a5:79:95:a4:1d:ac:e6:36:
                    c1:15:2c:2c:b8:a0:c5:ca:7d:f7:e4:b4:f5:82:33:
                    73:52:59:82:dc:93:2b:9a:df:14:12:ac:93:99:e7:
                    08:75:a4:9d:92:47:e9:1a:21:83:de:1a:d6:3e:45:
                    01:13:53:0b:f6:89:4d:28:94:c0:86:56:69:92:0a:
                    12:aa:1a:e1:91:b6:d3:41:e2:fb:56:f0:dc:32:00:
                    01:e4:c7:80:f7:fe:22:44:98:3a:7f:d5:69:87:a3:
                    35:18:40:92:fe:84:ac:8c:9c:76:09:97:99:a8:15:
                    40:60:73:8a:ae:f5:a6:d5:b0:30:89:ac:ed:05:c3:
                    b9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:9B:A6:0F:AC:62:DA:23:93:04:25:E9:F9:C7:3D:76:6B:BB:19:4E
            X509v3 Authority Key Identifier:
                keyid:9A:EA:FA:96:C9:D5:63:E6:50:BA:59:2F:FB:06:E2:CE:EB:6A:08:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mur6lsnVY-ZQulkv-wbizutqCFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/OpumD6xi2iOTBCXp-cc9dmu7GU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/47275d-5fa7-4bb2-99eb-1f00737cb2a2/1/mur6lsnVY-ZQulkv-wbizutqCFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:19:08:b1:e8:7f:08:cd:6d:27:53:e6:28:8b:25:c5:ba:a7:
         7f:68:1e:7c:ee:d7:eb:67:0f:33:34:69:42:3a:5e:0e:78:22:
         02:ef:62:e0:b1:0a:56:22:82:be:c3:a6:6d:38:32:01:86:b1:
         20:12:da:7c:cd:3b:88:21:5b:ac:f5:6f:fe:95:df:ff:99:e1:
         bc:67:b1:f0:dd:39:3e:02:4e:ef:0c:3d:00:c4:1d:f2:43:7f:
         e2:58:cf:2a:cf:9b:fc:04:bd:ff:01:6a:41:a4:dc:a3:43:57:
         9f:3a:4a:85:59:84:cc:93:12:d3:75:c9:32:92:97:d4:98:87:
         4b:cb:09:dc:66:d7:98:5b:10:94:0c:89:78:5b:af:fd:f6:1e:
         c5:14:31:b6:56:d0:43:8e:f9:34:da:e7:7a:d4:f5:0d:69:fc:
         94:26:45:12:7c:af:f6:f6:fb:33:40:8e:fe:a8:46:9f:ae:c8:
         d3:8f:c5:9c:f0:21:a2:e8:a6:09:48:ca:89:1b:da:43:4f:de:
         cc:68:97:fb:83:ed:ca:e9:40:56:5e:a3:2a:02:90:94:24:46:
         a2:41:00:b0:83:5f:78:f1:7c:49:20:70:0e:77:9a:62:b2:b8:
         0a:79:a6:28:5a:04:9b:29:4f:7e:b1:bc:34:49:df:a5:81:09:
         4e:68:3b:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuq5SOTerZ21+aojwGWO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWFmYTk2YzlkNTYzZTY1MGJhNTkyZmZiMDZlMmNlZWI2
YTA4NTkwHhcNMjQwMTAyMTAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTliYTYwZmFjNjJkYTIzOTMwNDI1ZTlmOWM3M2Q3NjZiYmIxOTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyBa+NR9w6m/Stz2MFUiK7CbEFjz
l/STubVamov1YuEomHXvMutFcqMj7NadToNuB/S9HI2GO8gxisopGPlvqas1G31q
TfEBJ2fyIVXJhO5+wGqVeoy/hfXc8nY7V8s2pqPTtmCr1TdCY8E0wEh4jgnGKFme
EQVUwT7xs8lNpXmVpB2s5jbBFSwsuKDFyn335LT1gjNzUlmC3JMrmt8UEqyTmecI
daSdkkfpGiGD3hrWPkUBE1ML9olNKJTAhlZpkgoSqhrhkbbTQeL7VvDcMgAB5MeA
9/4iRJg6f9Vph6M1GECS/oSsjJx2CZeZqBVAYHOKrvWm1bAwiaztBcO59wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqbpg+sYtojkwQl6fnHPXZruxlOMB8GA1UdIwQY
MBaAFJrq+pbJ1WPmULpZL/sG4s7raghZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXVyNmxzblZZLVpRdWxrdi13Yml6dXRxQ0ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80NzI3NWQtNWZhNy00YmIyLTk5ZWIt
MWYwMDczN2NiMmEyLzEvT3B1bUQ2eGkyaU9UQkNYcC1jYzlkbXU3R1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80NzI3NWQtNWZhNy00YmIyLTk5ZWItMWYwMDczN2NiMmEy
LzEvbXVyNmxzblZZLVpRdWxrdi13Yml6dXRxQ0ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+ZyMA0G
CSqGSIb3DQEBCwUAA4IBAQA8GQix6H8IzW0nU+YoiyXFuqd/aB587tfrZw8zNGlC
Ol4OeCIC72LgsQpWIoK+w6ZtODIBhrEgEtp8zTuIIVus9W/+ld//meG8Z7Hw3Tk+
Ak7vDD0AxB3yQ3/iWM8qz5v8BL3/AWpBpNyjQ1efOkqFWYTMkxLTdckykpfUmIdL
ywncZteYWxCUDIl4W6/99h7FFDG2VtBDjvk02ud61PUNafyUJkUSfK/29vszQI7+
qEafrsjTj8Wc8CGi6KYJSMqJG9pDT97MaJf7g+3K6UBWXqMqApCUJEaiQQCwg194
8XxJIHAOd5pisrgKeaYoWgSbKU9+sbw0Sd+lgQlOaDtv
-----END CERTIFICATE-----