Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/oLmIrapC3jghCosEUBsb0K8a6_o.roa
File:                     oLmIrapC3jghCosEUBsb0K8a6_o.roa (raw, json)
Hash identifier:          fUt/oBLdEGhI5d+fjDjdxNx7fcVi4OXDVLR+Hcs46bg=
Subject key identifier:   A0:B9:88:AD:AA:42:DE:38:21:0A:8B:04:50:1B:1B:D0:AF:1A:EB:FA
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       018CC8DE4AF41B491B638BDABC1A1A07E3F1
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/oLmIrapC3jghCosEUBsb0K8a6_o.roa
Signing time:             Tue 02 Jan 2024 06:31:00 +0000
ROA not before:           Tue 02 Jan 2024 06:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62300
IP address blocks:        185.232.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:4a:f4:1b:49:1b:63:8b:da:bc:1a:1a:07:e3:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jan  2 06:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0b988adaa42de38210a8b04501b1bd0af1aebfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f6:44:cf:ad:83:13:44:99:8c:3a:37:03:ec:
                    94:7f:4b:e5:83:54:a4:9a:b3:66:a9:ee:4a:f4:52:
                    6c:29:03:22:57:82:46:7e:97:66:88:de:eb:7e:a5:
                    2a:90:98:94:44:97:62:b4:6e:91:31:8a:ad:7a:af:
                    e1:f3:00:9c:2f:ef:93:b4:23:6d:30:8b:03:bb:58:
                    a1:87:15:55:06:84:bb:3a:71:17:52:5f:a0:04:91:
                    77:5d:e6:77:a9:e0:d5:2b:84:7c:bb:d9:91:19:9d:
                    da:53:4b:79:69:3a:d9:c8:2a:b2:63:a8:0c:4a:35:
                    ee:ad:0c:67:76:b3:97:31:e8:07:08:45:2a:8b:c8:
                    8a:ec:d5:7e:39:9e:5c:2e:19:b1:b8:cc:9b:e2:03:
                    40:5d:3f:01:81:97:1b:a3:2d:45:65:1b:ee:be:18:
                    be:43:3d:87:8a:ee:f8:bc:28:32:07:2f:c1:81:77:
                    81:be:a2:8d:6c:3b:54:94:cc:55:38:9b:cc:80:ff:
                    7c:3c:bc:1f:da:9b:6f:24:8f:88:ce:14:f4:ef:f1:
                    06:35:c3:6c:a5:02:bc:14:dc:61:53:0b:2c:2a:25:
                    06:a0:99:00:9e:cd:96:fa:66:75:c9:cb:46:27:95:
                    0a:b0:39:80:6f:b3:1f:2e:1f:9b:b4:47:84:67:b3:
                    44:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B9:88:AD:AA:42:DE:38:21:0A:8B:04:50:1B:1B:D0:AF:1A:EB:FA
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/oLmIrapC3jghCosEUBsb0K8a6_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:42:4f:c1:f4:d0:4a:07:f7:e0:78:33:f9:b7:e6:f9:97:63:
         3f:56:d3:4f:3a:88:9c:23:6d:0d:2a:e0:eb:83:c7:31:41:32:
         a9:1e:4d:aa:22:ff:f9:36:55:87:ab:bf:a4:f0:09:bc:32:0b:
         4f:09:63:de:21:41:70:6b:df:45:19:b9:a4:f2:bf:61:c8:22:
         6d:5d:7f:48:b2:7e:d2:a3:31:4a:b7:03:18:79:9d:f7:74:4c:
         ec:14:45:ce:af:e1:67:7c:1a:2a:55:b3:eb:e3:b6:4f:e2:7a:
         a4:25:df:ba:07:a1:0d:2b:60:86:4a:bc:a6:0d:63:c4:96:88:
         9b:a2:bb:e9:4a:26:ea:26:0c:8d:de:bb:2a:fa:c7:17:64:bb:
         7b:69:34:4b:97:28:c3:6b:83:60:82:45:7a:22:92:97:bb:c3:
         c0:08:c4:9f:9c:3b:c3:38:90:0b:26:e6:18:1d:5b:39:38:bd:
         0f:a5:b6:3f:b4:97:ad:e6:3b:ac:44:80:74:9e:7f:c2:3a:0a:
         dc:79:db:8e:c0:d6:05:cf:97:cf:36:7f:eb:29:f6:ba:fe:0c:
         a3:25:cf:e9:9c:db:2f:3a:f0:0d:66:fa:cd:cb:63:6a:f1:dc:
         69:f7:1e:40:6d:6e:a5:34:33:47:b6:88:c3:f7:87:15:b8:0a:
         61:c8:b4:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3kr0G0kbY4vavBoaB+PxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjQwMTAyMDYzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGI5ODhhZGFhNDJkZTM4MjEwYThiMDQ1MDFiMWJkMGFmMWFlYmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPZEz62DE0SZjDo3A+yUf0vlg1Sk
mrNmqe5K9FJsKQMiV4JGfpdmiN7rfqUqkJiURJditG6RMYqteq/h8wCcL++TtCNt
MIsDu1ihhxVVBoS7OnEXUl+gBJF3XeZ3qeDVK4R8u9mRGZ3aU0t5aTrZyCqyY6gM
SjXurQxndrOXMegHCEUqi8iK7NV+OZ5cLhmxuMyb4gNAXT8BgZcboy1FZRvuvhi+
Qz2Hiu74vCgyBy/BgXeBvqKNbDtUlMxVOJvMgP98PLwf2ptvJI+IzhT07/EGNcNs
pQK8FNxhUwssKiUGoJkAns2W+mZ1yctGJ5UKsDmAb7MfLh+btEeEZ7NELQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKC5iK2qQt44IQqLBFAbG9CvGuv6MB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvb0xtSXJhcEMzamdoQ29zRVVCc2IwSzhhNl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuegRMA0G
CSqGSIb3DQEBCwUAA4IBAQAQQk/B9NBKB/fgeDP5t+b5l2M/VtNPOoicI20NKuDr
g8cxQTKpHk2qIv/5NlWHq7+k8Am8MgtPCWPeIUFwa99FGbmk8r9hyCJtXX9Isn7S
ozFKtwMYeZ33dEzsFEXOr+FnfBoqVbPr47ZP4nqkJd+6B6ENK2CGSrymDWPEloib
orvpSibqJgyN3rsq+scXZLt7aTRLlyjDa4NggkV6IpKXu8PACMSfnDvDOJALJuYY
HVs5OL0PpbY/tJet5jusRIB0nn/COgrceduOwNYFz5fPNn/rKfa6/gyjJc/pnNsv
OvANZvrNy2Nq8dxp9x5AbW6lNDNHtojD94cVuAphyLTa
-----END CERTIFICATE-----