Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/OtGz8FF5HQo6qokq7gQ41XKWX_4.roa
File:                     OtGz8FF5HQo6qokq7gQ41XKWX_4.roa (raw, json)
Hash identifier:          16BslYUwCyJixPVjTFka0p31iYJ63yAY4nrWI21h6NY=
Subject key identifier:   3A:D1:B3:F0:51:79:1D:0A:3A:AA:89:2A:EE:04:38:D5:72:96:5F:FE
Certificate issuer:       /CN=51618df006d548d1d87ed6419550662db6fc0606
Certificate serial:       018CC3B6DE1768DFFFBA4BD73781BD6FD32E
Authority key identifier: 51:61:8D:F0:06:D5:48:D1:D8:7E:D6:41:95:50:66:2D:B6:FC:06:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/OtGz8FF5HQo6qokq7gQ41XKWX_4.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50427
IP address blocks:        176.116.184.0/21 maxlen: 21
                          176.116.184.0/22 maxlen: 22
                          176.116.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:de:17:68:df:ff:ba:4b:d7:37:81:bd:6f:d3:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51618df006d548d1d87ed6419550662db6fc0606
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ad1b3f051791d0a3aaa892aee0438d572965ffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:67:9b:9a:71:de:8b:84:70:91:8c:a4:91:4a:
                    0b:6f:0a:c9:d4:ea:ed:55:80:8b:a0:07:1d:be:5b:
                    2a:b8:dc:ed:73:29:a3:d6:0e:ae:8e:09:e9:c0:11:
                    36:a4:41:55:57:73:17:eb:b3:99:b5:e7:bd:c5:fd:
                    9f:9d:5d:0a:e8:31:ec:bf:bc:b4:25:5e:1b:2e:b1:
                    0c:51:b9:3f:cc:58:93:50:8e:16:be:57:c6:ec:0f:
                    32:b2:d7:cb:56:69:6b:ec:45:e5:b6:8a:37:df:92:
                    7e:84:57:28:cb:97:bd:b3:79:38:a5:d1:13:a5:52:
                    1f:0f:67:67:58:78:4a:77:28:8c:49:bc:30:ce:fd:
                    54:df:fc:86:b7:fb:cc:2e:37:20:00:08:cc:42:be:
                    9b:c4:08:fe:e6:3a:32:00:05:7d:5b:4c:44:11:11:
                    8a:c2:0a:30:dd:ba:53:29:0b:8f:db:5a:45:bb:f3:
                    f6:c4:cb:0f:60:7f:0c:d4:e9:d5:ed:8f:dd:49:f1:
                    a9:6f:18:85:31:1e:ee:17:5a:69:20:9f:2d:2b:18:
                    fa:88:cc:6e:e3:fe:13:2c:62:00:82:19:a2:fa:2a:
                    6a:0d:48:68:94:4d:a4:6d:83:2b:e2:9b:f2:15:a9:
                    07:e4:ce:c1:8a:8f:d6:b1:a7:6b:72:1d:55:09:b6:
                    ae:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D1:B3:F0:51:79:1D:0A:3A:AA:89:2A:EE:04:38:D5:72:96:5F:FE
            X509v3 Authority Key Identifier:
                keyid:51:61:8D:F0:06:D5:48:D1:D8:7E:D6:41:95:50:66:2D:B6:FC:06:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/OtGz8FF5HQo6qokq7gQ41XKWX_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         24:46:2e:d8:43:54:ba:63:e3:79:f5:03:fc:c0:93:eb:77:ff:
         7a:e6:c0:9e:50:de:2c:01:f7:cc:7c:a1:f7:e9:f2:b0:c6:58:
         22:54:b3:ff:c0:e0:96:67:35:71:54:cf:e6:6e:93:4e:92:b7:
         bf:fa:d6:02:b8:64:41:29:a8:c1:e4:53:98:f1:2c:b3:57:88:
         d0:83:58:10:1d:8d:2b:ab:03:e0:90:aa:39:a4:b4:8e:b4:c8:
         f5:4b:34:56:8e:ed:4e:99:16:e0:9b:bd:66:ae:35:b0:3e:00:
         0a:37:15:ca:2c:da:a0:5e:bf:40:ef:4b:97:58:05:1a:76:3b:
         be:59:00:cd:f5:a7:6e:2c:ba:35:a6:2a:87:1d:cf:8c:ba:69:
         bc:90:5e:ac:01:18:be:7f:72:76:5c:1b:42:95:e6:32:c4:ca:
         39:45:f0:37:ec:24:fe:7d:da:91:3e:72:a5:22:1d:4e:71:b8:
         13:d6:fe:df:bc:1d:45:17:24:5b:b2:dc:92:e5:3f:81:83:22:
         ac:8e:3f:04:f8:34:4a:da:e9:fe:a6:1a:b8:3c:85:6d:ca:ad:
         61:bf:5a:39:01:38:c5:37:27:8b:65:e4:68:b4:55:0e:17:ac:
         53:83:bd:5c:2b:0a:45:76:e7:ce:e0:be:8c:45:18:0c:17:51:
         3b:8a:25:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtt4XaN//ukvXN4G9b9MuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNjE4ZGYwMDZkNTQ4ZDFkODdlZDY0MTk1NTA2NjJkYjZm
YzA2MDYwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWQxYjNmMDUxNzkxZDBhM2FhYTg5MmFlZTA0MzhkNTcyOTY1ZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WebmnHei4RwkYykkUoLbwrJ1Ort
VYCLoAcdvlsquNztcymj1g6ujgnpwBE2pEFVV3MX67OZtee9xf2fnV0K6DHsv7y0
JV4bLrEMUbk/zFiTUI4WvlfG7A8ystfLVmlr7EXltoo335J+hFcoy5e9s3k4pdET
pVIfD2dnWHhKdyiMSbwwzv1U3/yGt/vMLjcgAAjMQr6bxAj+5joyAAV9W0xEERGK
wgow3bpTKQuP21pFu/P2xMsPYH8M1OnV7Y/dSfGpbxiFMR7uF1ppIJ8tKxj6iMxu
4/4TLGIAghmi+ipqDUholE2kbYMr4pvyFakH5M7Bio/Wsadrch1VCbauiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrRs/BReR0KOqqJKu4EONVyll/+MB8GA1UdIwQY
MBaAFFFhjfAG1UjR2H7WQZVQZi22/AYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVdHTjhBYlZTTkhZZnRaQmxWQm1MYmI4QmdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kNWZmZTctM2I0OC00ZjgwLThkNmEt
MzE3YzJmYjBhMzViLzEvT3RHejhGRjVIUW82cW9rcTdnUTQxWEtXWF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kNWZmZTctM2I0OC00ZjgwLThkNmEtMzE3YzJmYjBhMzVi
LzEvVVdHTjhBYlZTTkhZZnRaQmxWQm1MYmI4QmdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsHS4MA0G
CSqGSIb3DQEBCwUAA4IBAQAkRi7YQ1S6Y+N59QP8wJPrd/965sCeUN4sAffMfKH3
6fKwxlgiVLP/wOCWZzVxVM/mbpNOkre/+tYCuGRBKajB5FOY8SyzV4jQg1gQHY0r
qwPgkKo5pLSOtMj1SzRWju1OmRbgm71mrjWwPgAKNxXKLNqgXr9A70uXWAUadju+
WQDN9aduLLo1piqHHc+Mumm8kF6sARi+f3J2XBtCleYyxMo5RfA37CT+fdqRPnKl
Ih1OcbgT1v7fvB1FFyRbstyS5T+BgyKsjj8E+DRK2un+phq4PIVtyq1hv1o5ATjF
NyeLZeRotFUOF6xTg71cKwpFdufO4L6MRRgMF1E7iiUh
-----END CERTIFICATE-----