Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/0OUhvkMdhQceiafLHceVf4yCmJs.roa
File:                     0OUhvkMdhQceiafLHceVf4yCmJs.roa (raw, json)
Hash identifier:          hz+kUOK/dnx9M5x2qUk2wooLC5KdhplQomuCZdyAwn8=
Subject key identifier:   D0:E5:21:BE:43:1D:85:07:1E:89:A7:CB:1D:C7:95:7F:8C:82:98:9B
Certificate issuer:       /CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
Certificate serial:       018CC2DB14E6ECFFB6C1729729C15855223A
Authority key identifier: B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/0OUhvkMdhQceiafLHceVf4yCmJs.roa
Signing time:             Mon 01 Jan 2024 02:29:46 +0000
ROA not before:           Mon 01 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198881
IP address blocks:        194.99.96.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:14:e6:ec:ff:b6:c1:72:97:29:c1:58:55:22:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
        Validity
            Not Before: Jan  1 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0e521be431d85071e89a7cb1dc7957f8c82989b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:45:3a:fe:19:28:49:62:63:92:23:15:a5:a2:
                    05:b8:09:b1:2f:06:79:6f:5f:10:59:54:48:08:62:
                    33:d7:2a:12:d5:65:53:4f:98:d0:6c:50:b9:19:8c:
                    b5:53:43:e6:e8:8a:1b:7e:45:0a:1d:0d:8b:52:59:
                    93:22:e5:e6:16:bd:56:d2:17:3e:56:62:41:51:1b:
                    68:44:10:94:3c:04:e0:cf:f8:57:73:5d:7a:74:d2:
                    f8:76:09:37:11:b9:85:9a:5d:37:8a:02:5b:fe:32:
                    68:82:5e:f7:73:36:c6:12:55:c2:4c:3b:d2:80:02:
                    79:15:d9:d4:bc:e7:a1:06:85:9c:9e:6f:15:e2:58:
                    81:70:1e:71:bf:96:57:d0:7e:75:cc:21:f7:eb:a3:
                    7b:5d:96:82:81:e4:2d:fb:a0:62:3d:4e:5f:f5:c4:
                    af:2d:f2:02:b2:11:03:2b:7e:7a:ba:a8:30:02:3e:
                    05:fc:85:da:7a:fa:64:a3:28:b3:f7:1d:04:b8:ea:
                    d6:a8:3b:7d:9f:0c:09:7f:18:dc:29:46:9f:d7:00:
                    07:5c:5a:81:b7:61:f6:b4:56:a4:8f:a5:3a:39:14:
                    cf:f4:30:25:7d:ce:41:6d:2a:7c:bf:a7:ac:47:d9:
                    a4:e5:57:12:17:f3:b9:c6:8c:ef:fb:1e:2e:3c:e8:
                    78:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E5:21:BE:43:1D:85:07:1E:89:A7:CB:1D:C7:95:7F:8C:82:98:9B
            X509v3 Authority Key Identifier:
                keyid:B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/0OUhvkMdhQceiafLHceVf4yCmJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:74:e6:4e:c4:4d:ab:f1:cf:30:ab:ee:7f:5e:c8:53:39:17:
         10:f3:1d:be:dd:3e:6e:98:6a:1d:80:0f:d8:a4:f1:cc:37:64:
         1e:f1:34:8b:7f:d7:94:22:82:a6:af:1c:f6:c3:60:b1:8d:07:
         21:d4:54:81:31:95:67:18:98:c2:1c:77:ef:4a:00:3a:79:70:
         ac:64:ab:33:e0:c2:af:34:e5:35:bb:21:bf:5f:bb:ca:f7:9d:
         0c:8b:71:81:f4:4f:7d:95:c2:77:7e:cc:cf:df:66:a1:81:ec:
         50:57:2d:2a:12:2f:ef:c6:67:8e:cd:68:4a:0d:ae:db:96:63:
         b2:72:2c:91:35:04:57:61:9c:4a:6a:ea:6c:25:67:d2:4d:62:
         1f:4b:17:dd:01:44:7c:f2:a7:7d:87:31:81:34:5e:8a:e2:9a:
         b1:e3:a0:25:ae:09:4f:a5:ee:4d:b2:b3:3f:d1:cb:5d:21:7f:
         f8:9a:7a:aa:9c:47:e1:57:81:37:d8:ff:4c:98:40:9d:dc:cf:
         32:5e:1d:b0:b1:24:9d:77:c2:f8:15:0d:98:f9:f1:6d:ff:1a:
         4f:43:a9:6e:68:bd:f4:35:10:c7:5a:c3:bf:a1:96:d5:00:59:
         34:d3:bb:31:cc:5a:a3:02:95:7d:87:f2:18:e5:98:c0:82:25:
         0c:6d:a4:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xTm7P+2wXKXKcFYVSI6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NGNlM2YzYzVlNWEyZjlkOGI4YTRjNzdhODM2MWY4YTIx
NmYzYWQwHhcNMjQwMTAxMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGU1MjFiZTQzMWQ4NTA3MWU4OWE3Y2IxZGM3OTU3ZjhjODI5ODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEU6/hkoSWJjkiMVpaIFuAmxLwZ5
b18QWVRICGIz1yoS1WVTT5jQbFC5GYy1U0Pm6IobfkUKHQ2LUlmTIuXmFr1W0hc+
VmJBURtoRBCUPATgz/hXc116dNL4dgk3EbmFml03igJb/jJogl73czbGElXCTDvS
gAJ5FdnUvOehBoWcnm8V4liBcB5xv5ZX0H51zCH366N7XZaCgeQt+6BiPU5f9cSv
LfICshEDK356uqgwAj4F/IXaevpkoyiz9x0EuOrWqDt9nwwJfxjcKUaf1wAHXFqB
t2H2tFakj6U6ORTP9DAlfc5BbSp8v6esR9mk5VcSF/O5xozv+x4uPOh4DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDlIb5DHYUHHomnyx3HlX+MgpibMB8GA1UdIwQY
MBaAFLdM4/PF5aL52Likx3qDYfiiFvOtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDB6ajg4WGxvdm5ZdUtUSGVvTmgtS0lXODYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9hYzY4MWYtMDVkMi00MDQ1LWFlMTAt
NWViZGQ5ZTI4ODdjLzEvME9VaHZrTWRoUWNlaWFmTEhjZVZmNHlDbUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9hYzY4MWYtMDVkMi00MDQ1LWFlMTAtNWViZGQ5ZTI4ODdj
LzEvdDB6ajg4WGxvdm5ZdUtUSGVvTmgtS0lXODYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmNgMA0G
CSqGSIb3DQEBCwUAA4IBAQCldOZOxE2r8c8wq+5/XshTORcQ8x2+3T5umGodgA/Y
pPHMN2Qe8TSLf9eUIoKmrxz2w2CxjQch1FSBMZVnGJjCHHfvSgA6eXCsZKsz4MKv
NOU1uyG/X7vK950Mi3GB9E99lcJ3fszP32ahgexQVy0qEi/vxmeOzWhKDa7blmOy
ciyRNQRXYZxKaupsJWfSTWIfSxfdAUR88qd9hzGBNF6K4pqx46AlrglPpe5NsrM/
0ctdIX/4mnqqnEfhV4E32P9MmECd3M8yXh2wsSSdd8L4FQ2Y+fFt/xpPQ6luaL30
NRDHWsO/oZbVAFk007sxzFqjApV9h/IY5ZjAgiUMbaSP
-----END CERTIFICATE-----