Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/kOpMS4p2YRY6nqSMGBD4_srJCcM.roa
File:                     kOpMS4p2YRY6nqSMGBD4_srJCcM.roa (raw, json)
Hash identifier:          mkWeTBYfPU+NvBt3l9bVl2ID5nJILE4U9tOyr6Vl+3s=
Subject key identifier:   90:EA:4C:4B:8A:76:61:16:3A:9E:A4:8C:18:10:F8:FE:CA:C9:09:C3
Certificate issuer:       /CN=9e0374d71bc57db96dc393e91febb9e9d59fef9a
Certificate serial:       018CC94DBED5BA2BEE6357B3572E90A49580
Authority key identifier: 9E:03:74:D7:1B:C5:7D:B9:6D:C3:93:E9:1F:EB:B9:E9:D5:9F:EF:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ngN01xvFfbltw5PpH-u56dWf75o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/kOpMS4p2YRY6nqSMGBD4_srJCcM.roa
Signing time:             Tue 02 Jan 2024 08:32:44 +0000
ROA not before:           Tue 02 Jan 2024 08:32:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.97.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/ngN01xvFfbltw5PpH-u56dWf75o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/ngN01xvFfbltw5PpH-u56dWf75o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ngN01xvFfbltw5PpH-u56dWf75o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 17:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:be:d5:ba:2b:ee:63:57:b3:57:2e:90:a4:95:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e0374d71bc57db96dc393e91febb9e9d59fef9a
        Validity
            Not Before: Jan  2 08:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90ea4c4b8a7661163a9ea48c1810f8fecac909c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:89:b7:8b:fa:36:1b:24:42:00:d9:84:17:96:
                    d6:07:bb:2c:5e:f4:99:ba:0f:ee:d1:61:94:b0:d8:
                    e5:38:f1:d5:65:55:29:e8:1f:85:fb:8e:a5:5f:77:
                    c0:fb:d4:68:52:01:cd:b8:6d:6e:2b:77:d8:8d:0f:
                    95:d3:0d:e0:13:e9:34:46:39:00:2c:15:79:9e:0d:
                    e1:35:58:22:14:6b:a6:f0:80:17:6f:65:d9:a3:05:
                    30:72:58:4c:b0:d0:ee:b3:d7:73:fa:12:80:c9:31:
                    59:44:25:25:b0:e1:80:1a:2c:aa:99:32:c5:f8:e3:
                    3b:06:8f:d3:ba:e1:32:10:bc:b3:82:37:ad:ab:9a:
                    ec:62:75:39:bd:78:38:57:54:53:2d:d1:b6:61:b5:
                    44:d5:20:75:c3:6f:e7:59:d6:3d:a4:35:84:85:f0:
                    fb:1c:86:f5:0e:24:10:ce:cc:af:18:50:3a:49:46:
                    92:84:73:ca:31:06:61:86:ff:6c:d6:f5:10:f7:0c:
                    8d:93:9b:dd:f0:f0:c7:13:3d:0f:8f:99:97:d2:38:
                    bb:d5:f9:bb:7a:71:66:d4:ef:b7:34:95:62:5a:b2:
                    b2:87:ee:22:bd:41:0a:de:fe:94:aa:75:07:64:68:
                    d6:e7:aa:9d:7b:d1:ba:d5:a3:45:56:fc:55:6c:bb:
                    2b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:EA:4C:4B:8A:76:61:16:3A:9E:A4:8C:18:10:F8:FE:CA:C9:09:C3
            X509v3 Authority Key Identifier:
                keyid:9E:03:74:D7:1B:C5:7D:B9:6D:C3:93:E9:1F:EB:B9:E9:D5:9F:EF:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ngN01xvFfbltw5PpH-u56dWf75o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/kOpMS4p2YRY6nqSMGBD4_srJCcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/ngN01xvFfbltw5PpH-u56dWf75o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:2d:0c:0e:cd:05:40:02:e8:4c:cf:d7:f5:2d:9a:a8:ba:54:
         d8:84:fa:8d:f7:76:86:02:e2:22:b0:c9:95:1c:2a:b8:73:5d:
         56:a9:bc:c3:57:a8:6f:17:2e:d9:63:7f:0f:26:d9:3e:9a:63:
         43:ad:c3:5c:ac:30:ed:40:70:1d:a8:b6:70:7f:06:be:88:ae:
         ae:5f:e8:cd:c9:1c:3f:ab:50:0f:7f:7a:de:9b:5d:60:ef:5a:
         aa:ec:e9:41:2d:37:37:53:3d:b0:74:3d:de:06:54:bb:4d:16:
         f3:66:00:08:8f:85:97:17:5d:79:0f:e1:ad:39:4d:bf:84:d9:
         ac:b1:8d:ab:ec:23:44:04:0e:70:ad:85:08:e0:e9:9e:c6:7e:
         94:c2:07:ec:77:b2:ed:a5:c2:16:10:ee:29:25:77:df:af:1a:
         e6:7d:a2:13:b5:25:e9:6d:e4:1f:f3:af:72:65:21:1f:ed:da:
         23:2b:d7:44:4e:58:c2:72:8c:5a:84:d8:d3:64:a7:9e:51:01:
         39:1e:c0:17:78:d4:3f:3f:3f:9c:ab:7c:c7:31:ba:9e:f6:c9:
         af:b6:09:a3:9e:f1:37:67:25:44:72:ea:8f:0b:72:e8:b0:78:
         cf:04:4c:f5:76:ed:00:b5:a7:05:4e:11:b1:77:9e:55:42:dd:
         93:61:ad:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTb7VuivuY1ezVy6QpJWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMDM3NGQ3MWJjNTdkYjk2ZGMzOTNlOTFmZWJiOWU5ZDU5
ZmVmOWEwHhcNMjQwMTAyMDgzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGVhNGM0YjhhNzY2MTE2M2E5ZWE0OGMxODEwZjhmZWNhYzkwOWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2om3i/o2GyRCANmEF5bWB7ssXvSZ
ug/u0WGUsNjlOPHVZVUp6B+F+46lX3fA+9RoUgHNuG1uK3fYjQ+V0w3gE+k0RjkA
LBV5ng3hNVgiFGum8IAXb2XZowUwclhMsNDus9dz+hKAyTFZRCUlsOGAGiyqmTLF
+OM7Bo/TuuEyELyzgjetq5rsYnU5vXg4V1RTLdG2YbVE1SB1w2/nWdY9pDWEhfD7
HIb1DiQQzsyvGFA6SUaShHPKMQZhhv9s1vUQ9wyNk5vd8PDHEz0Pj5mX0ji71fm7
enFm1O+3NJViWrKyh+4ivUEK3v6UqnUHZGjW56qde9G61aNFVvxVbLsrywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDqTEuKdmEWOp6kjBgQ+P7KyQnDMB8GA1UdIwQY
MBaAFJ4DdNcbxX25bcOT6R/ruenVn++aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmdOMDF4dkZmYmx0dzVQcEgtdTU2ZFdmNzVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jNDNhNzUtYTMyNi00YzZkLTg3Y2Et
ODE3ZDg0ZTUzZDUzLzEva09wTVM0cDJZUlk2bnFTTUdCRDRfc3JKQ2NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jNDNhNzUtYTMyNi00YzZkLTg3Y2EtODE3ZDg0ZTUzZDUz
LzEvbmdOMDF4dkZmYmx0dzVQcEgtdTU2ZFdmNzVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWEKMA0G
CSqGSIb3DQEBCwUAA4IBAQCLLQwOzQVAAuhMz9f1LZqoulTYhPqN93aGAuIisMmV
HCq4c11WqbzDV6hvFy7ZY38PJtk+mmNDrcNcrDDtQHAdqLZwfwa+iK6uX+jNyRw/
q1APf3rem11g71qq7OlBLTc3Uz2wdD3eBlS7TRbzZgAIj4WXF115D+GtOU2/hNms
sY2r7CNEBA5wrYUI4Omexn6Uwgfsd7LtpcIWEO4pJXffrxrmfaITtSXpbeQf869y
ZSEf7dojK9dETljCcoxahNjTZKeeUQE5HsAXeNQ/Pz+cq3zHMbqe9smvtgmjnvE3
ZyVEcuqPC3LosHjPBEz1du0AtacFThGxd55VQt2TYa1o
-----END CERTIFICATE-----