Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/34c2bb-79ea-4f39-ac82-82016de42212/1/O3VT_JBwc4ekOn8ZT0lpJxWR3Wc.roa
File:                     O3VT_JBwc4ekOn8ZT0lpJxWR3Wc.roa (raw, json)
Hash identifier:          srvfIds1tPaMVK4Miu+UINtVJNtZwU33UySjpzis61k=
Subject key identifier:   3B:75:53:FC:90:70:73:87:A4:3A:7F:19:4F:49:69:27:15:91:DD:67
Certificate issuer:       /CN=4a7a917ddcfc26e8c87b30858b6f07f29a3db43e
Certificate serial:       018CC26D8077F4322AF5891F283877A440F1
Authority key identifier: 4A:7A:91:7D:DC:FC:26:E8:C8:7B:30:85:8B:6F:07:F2:9A:3D:B4:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SnqRfdz8JujIezCFi28H8po9tD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/34c2bb-79ea-4f39-ac82-82016de42212/1/O3VT_JBwc4ekOn8ZT0lpJxWR3Wc.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29453
IP address blocks:        195.140.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/34c2bb-79ea-4f39-ac82-82016de42212/1/SnqRfdz8JujIezCFi28H8po9tD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/34c2bb-79ea-4f39-ac82-82016de42212/1/SnqRfdz8JujIezCFi28H8po9tD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SnqRfdz8JujIezCFi28H8po9tD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:80:77:f4:32:2a:f5:89:1f:28:38:77:a4:40:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a7a917ddcfc26e8c87b30858b6f07f29a3db43e
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b7553fc90707387a43a7f194f4969271591dd67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:df:24:df:46:52:94:34:31:e8:62:72:88:48:
                    fc:22:56:af:26:ba:fc:35:27:79:0e:3a:e0:1f:0e:
                    b2:6c:96:1b:e6:96:89:13:fb:5d:f7:b7:b1:96:89:
                    a6:8a:ca:83:bc:6e:90:59:ba:1f:51:eb:6b:65:c7:
                    c1:6a:e8:79:94:a0:08:ed:82:53:74:2c:39:c5:be:
                    bf:c1:45:29:40:29:0b:8c:be:59:95:3f:7c:bf:e7:
                    54:4a:33:a2:df:22:5a:11:75:df:d3:45:34:28:b4:
                    de:33:3a:b9:04:96:a0:b0:cc:23:3b:4d:28:a5:a0:
                    38:33:5f:2c:9a:fc:37:94:8c:47:3d:7a:20:6e:b1:
                    72:3f:f7:56:f2:52:c7:38:36:a3:96:a9:d3:d9:1f:
                    b1:bb:58:e1:5c:16:aa:b2:67:03:63:54:45:d3:e7:
                    ff:90:af:34:94:a3:74:93:74:00:c5:4b:08:9b:0f:
                    d1:80:47:3e:63:97:af:00:21:c9:28:ab:52:58:8b:
                    4c:70:d4:1e:5c:04:14:02:c5:07:78:90:5a:c7:52:
                    5e:aa:20:a8:de:3d:6c:4f:e5:7f:00:3e:8e:6f:8a:
                    00:c7:52:96:de:8e:be:0d:ea:14:20:6e:ba:0e:17:
                    af:57:54:db:93:84:72:4d:d2:77:1f:2c:87:70:74:
                    01:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:75:53:FC:90:70:73:87:A4:3A:7F:19:4F:49:69:27:15:91:DD:67
            X509v3 Authority Key Identifier:
                keyid:4A:7A:91:7D:DC:FC:26:E8:C8:7B:30:85:8B:6F:07:F2:9A:3D:B4:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SnqRfdz8JujIezCFi28H8po9tD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/34c2bb-79ea-4f39-ac82-82016de42212/1/O3VT_JBwc4ekOn8ZT0lpJxWR3Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/34c2bb-79ea-4f39-ac82-82016de42212/1/SnqRfdz8JujIezCFi28H8po9tD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.140.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:5d:cd:59:fa:c4:dd:25:c7:37:ee:c9:90:a9:40:57:c7:1e:
         04:77:bf:0f:61:b9:4b:7e:3b:04:39:ad:03:7b:55:24:d7:3e:
         94:cb:8f:6b:26:00:f7:7f:65:1b:64:e9:87:dd:a2:d4:53:16:
         28:f6:3d:f5:86:fb:63:dd:d6:6e:82:05:e1:8d:c0:07:6c:03:
         03:cd:61:d5:d9:d1:6f:4b:e6:7b:e2:92:bf:49:c6:0b:3a:99:
         ed:e1:a1:b2:ca:1d:87:2d:58:81:12:94:4c:08:4e:07:5f:86:
         21:20:72:3f:c5:87:3c:4a:14:09:5c:d5:14:22:70:87:8c:67:
         fc:b9:a9:87:e4:52:54:ac:f1:0a:b6:e9:2c:df:14:42:4d:8d:
         21:df:87:1b:16:75:ab:bf:41:e0:dd:20:ad:1c:a4:12:52:0d:
         f8:d0:c2:55:12:b5:c1:59:93:46:93:ca:77:2c:b5:02:89:8a:
         6c:8e:85:9a:15:e5:ae:19:af:27:31:e2:d5:9e:c5:79:4d:91:
         c6:a7:ac:79:fa:45:97:c8:0a:1f:12:89:83:00:0a:ba:a9:ea:
         4d:5a:11:39:8b:ac:e7:ae:96:ac:6c:fb:1c:db:1d:2f:d7:01:
         d7:a8:1e:e9:36:2d:30:59:77:0b:32:97:cb:54:db:a8:ad:9f:
         f3:0c:89:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbYB39DIq9YkfKDh3pEDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhN2E5MTdkZGNmYzI2ZThjODdiMzA4NThiNmYwN2YyOWEz
ZGI0M2UwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjc1NTNmYzkwNzA3Mzg3YTQzYTdmMTk0ZjQ5NjkyNzE1OTFkZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA098k30ZSlDQx6GJyiEj8IlavJrr8
NSd5DjrgHw6ybJYb5paJE/td97exlommisqDvG6QWbofUetrZcfBauh5lKAI7YJT
dCw5xb6/wUUpQCkLjL5ZlT98v+dUSjOi3yJaEXXf00U0KLTeMzq5BJagsMwjO00o
paA4M18smvw3lIxHPXogbrFyP/dW8lLHODajlqnT2R+xu1jhXBaqsmcDY1RF0+f/
kK80lKN0k3QAxUsImw/RgEc+Y5evACHJKKtSWItMcNQeXAQUAsUHeJBax1JeqiCo
3j1sT+V/AD6Ob4oAx1KW3o6+DeoUIG66DhevV1Tbk4RyTdJ3HyyHcHQBQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDt1U/yQcHOHpDp/GU9JaScVkd1nMB8GA1UdIwQY
MBaAFEp6kX3c/CboyHswhYtvB/KaPbQ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU25xUmZkejhKdWpJZXpDRmkyOEg4cG85dEQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8zNGMyYmItNzllYS00ZjM5LWFjODIt
ODIwMTZkZTQyMjEyLzEvTzNWVF9KQndjNGVrT244WlQwbHBKeFdSM1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8zNGMyYmItNzllYS00ZjM5LWFjODItODIwMTZkZTQyMjEy
LzEvU25xUmZkejhKdWpJZXpDRmkyOEg4cG85dEQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4ykMA0G
CSqGSIb3DQEBCwUAA4IBAQANXc1Z+sTdJcc37smQqUBXxx4Ed78PYblLfjsEOa0D
e1Uk1z6Uy49rJgD3f2UbZOmH3aLUUxYo9j31hvtj3dZuggXhjcAHbAMDzWHV2dFv
S+Z74pK/ScYLOpnt4aGyyh2HLViBEpRMCE4HX4YhIHI/xYc8ShQJXNUUInCHjGf8
uamH5FJUrPEKtuks3xRCTY0h34cbFnWrv0Hg3SCtHKQSUg340MJVErXBWZNGk8p3
LLUCiYpsjoWaFeWuGa8nMeLVnsV5TZHGp6x5+kWXyAofEomDAAq6qepNWhE5i6zn
rpasbPsc2x0v1wHXqB7pNi0wWXcLMpfLVNuorZ/zDIng
-----END CERTIFICATE-----