Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/OArN07AKya15kmP2F2UHiHP_LzI.roa
File:                     OArN07AKya15kmP2F2UHiHP_LzI.roa (raw, json)
Hash identifier:          anZLDsFgP+zaY9qdjY4MID7XEOuCIIZGTNMZ4LEOUxA=
Subject key identifier:   38:0A:CD:D3:B0:0A:C9:AD:79:92:63:F6:17:65:07:88:73:FF:2F:32
Certificate issuer:       /CN=a1b39d824479d4da7b12f65c15e5c42725f5260b
Certificate serial:       018CC492F1BCB43289AC8F04F4B8017C9EB4
Authority key identifier: A1:B3:9D:82:44:79:D4:DA:7B:12:F6:5C:15:E5:C4:27:25:F5:26:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/obOdgkR51Np7EvZcFeXEJyX1Jgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/OArN07AKya15kmP2F2UHiHP_LzI.roa
Signing time:             Mon 01 Jan 2024 10:30:13 +0000
ROA not before:           Mon 01 Jan 2024 10:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205341
IP address blocks:        185.221.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/obOdgkR51Np7EvZcFeXEJyX1Jgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/obOdgkR51Np7EvZcFeXEJyX1Jgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/obOdgkR51Np7EvZcFeXEJyX1Jgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f1:bc:b4:32:89:ac:8f:04:f4:b8:01:7c:9e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1b39d824479d4da7b12f65c15e5c42725f5260b
        Validity
            Not Before: Jan  1 10:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=380acdd3b00ac9ad799263f61765078873ff2f32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b2:6e:20:39:1c:b8:76:2b:0c:f8:91:a3:05:
                    29:dc:40:22:26:50:e6:b5:6c:5e:35:6a:25:3e:e6:
                    bb:37:dc:d5:4b:2b:3b:02:27:13:9b:89:1d:16:45:
                    f3:c2:74:98:7b:c1:ca:69:fe:98:14:ee:54:26:f6:
                    ff:9e:31:cd:cc:f5:ec:eb:d5:97:be:54:b6:90:4d:
                    88:e3:66:03:0b:b6:f4:58:26:7b:60:01:92:4b:38:
                    6f:29:5c:66:c7:90:6c:79:58:33:6b:14:de:18:c5:
                    00:8a:ca:ab:13:c9:e4:b9:e4:09:c9:5d:20:d1:25:
                    cd:33:d5:90:5a:00:9b:90:87:fc:b7:b8:ac:25:a1:
                    83:5c:b1:b0:52:ab:1a:b5:b9:7f:98:17:73:33:23:
                    04:e9:15:bf:e9:34:90:42:b8:5a:b5:5e:9b:b6:6b:
                    41:2b:c9:e7:c5:e3:9e:6d:fd:b0:a5:dc:94:88:c3:
                    2c:2b:b4:91:67:64:0c:7f:f1:f6:d4:f7:79:41:e4:
                    47:25:28:1b:bd:f6:54:61:ba:24:df:2e:8a:d6:0b:
                    3c:bb:74:a7:64:f3:d9:5c:b8:5d:be:e4:e7:c9:7a:
                    77:69:2f:82:2d:8e:a8:6b:17:10:1c:1d:65:c1:d2:
                    44:9c:00:08:6f:d4:ec:ee:10:ce:1d:41:5b:5e:9a:
                    b3:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:0A:CD:D3:B0:0A:C9:AD:79:92:63:F6:17:65:07:88:73:FF:2F:32
            X509v3 Authority Key Identifier:
                keyid:A1:B3:9D:82:44:79:D4:DA:7B:12:F6:5C:15:E5:C4:27:25:F5:26:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/obOdgkR51Np7EvZcFeXEJyX1Jgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/OArN07AKya15kmP2F2UHiHP_LzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/obOdgkR51Np7EvZcFeXEJyX1Jgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:d4:e8:f7:ea:ce:a9:82:25:87:db:e1:a3:be:7f:1a:c7:fe:
         5c:a9:22:46:f1:14:f5:24:71:48:40:8b:60:6f:90:4d:52:c7:
         9b:28:b7:80:e5:0c:2a:ef:ea:3f:73:a0:89:dc:34:58:b0:3b:
         29:4a:da:90:cd:9f:51:b7:bc:a5:00:bf:b4:76:da:67:56:be:
         93:a4:50:c2:c3:ad:71:9f:38:16:ed:52:81:ca:48:d8:3f:d7:
         60:25:26:89:b9:3c:79:52:c8:c2:d0:98:fa:3c:9a:56:9c:56:
         cc:e6:38:b8:1a:bf:8c:69:fb:f5:42:08:40:f0:84:9e:97:8b:
         99:8f:69:70:86:1d:4a:b6:27:96:81:2e:a2:f7:54:c3:74:35:
         a0:ee:39:4c:32:e6:c8:42:8a:67:8f:cb:5c:ad:de:1f:fa:27:
         99:e8:64:48:1f:78:5f:60:1c:d6:78:b9:cf:76:0d:88:a3:24:
         d9:4e:83:18:47:36:6b:f1:0f:27:5a:11:35:7e:c7:67:0b:05:
         1e:2e:a9:92:35:cc:2a:1c:fd:62:7f:99:00:f5:5e:32:37:1a:
         7a:f8:1c:9a:03:89:2e:fd:b1:17:3f:42:e7:ff:47:8a:5b:da:
         05:f4:91:29:04:94:3f:d0:ae:a4:76:75:dc:05:33:a8:f1:d9:
         15:12:d5:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvG8tDKJrI8E9LgBfJ60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYjM5ZDgyNDQ3OWQ0ZGE3YjEyZjY1YzE1ZTVjNDI3MjVm
NTI2MGIwHhcNMjQwMTAxMTAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODBhY2RkM2IwMGFjOWFkNzk5MjYzZjYxNzY1MDc4ODczZmYyZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbJuIDkcuHYrDPiRowUp3EAiJlDm
tWxeNWolPua7N9zVSys7AicTm4kdFkXzwnSYe8HKaf6YFO5UJvb/njHNzPXs69WX
vlS2kE2I42YDC7b0WCZ7YAGSSzhvKVxmx5BseVgzaxTeGMUAisqrE8nkueQJyV0g
0SXNM9WQWgCbkIf8t7isJaGDXLGwUqsatbl/mBdzMyME6RW/6TSQQrhatV6btmtB
K8nnxeOebf2wpdyUiMMsK7SRZ2QMf/H21Pd5QeRHJSgbvfZUYbok3y6K1gs8u3Sn
ZPPZXLhdvuTnyXp3aS+CLY6oaxcQHB1lwdJEnAAIb9Ts7hDOHUFbXpqzpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgKzdOwCsmteZJj9hdlB4hz/y8yMB8GA1UdIwQY
MBaAFKGznYJEedTaexL2XBXlxCcl9SYLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2JPZGdrUjUxTnA3RXZaY0ZlWEVKeVgxSmdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8xNzlmODAtODgzOC00ZDRjLWI4ZDEt
MzFhOTY0ZjhhMzdmLzEvT0FyTjA3QUt5YTE1a21QMkYyVUhpSFBfTHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8xNzlmODAtODgzOC00ZDRjLWI4ZDEtMzFhOTY0ZjhhMzdm
LzEvb2JPZGdrUjUxTnA3RXZaY0ZlWEVKeVgxSmdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud0IMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ1Oj36s6pgiWH2+Gjvn8ax/5cqSJG8RT1JHFIQItg
b5BNUsebKLeA5Qwq7+o/c6CJ3DRYsDspStqQzZ9Rt7ylAL+0dtpnVr6TpFDCw61x
nzgW7VKBykjYP9dgJSaJuTx5UsjC0Jj6PJpWnFbM5ji4Gr+Mafv1QghA8ISel4uZ
j2lwhh1KtieWgS6i91TDdDWg7jlMMubIQopnj8tcrd4f+ieZ6GRIH3hfYBzWeLnP
dg2IoyTZToMYRzZr8Q8nWhE1fsdnCwUeLqmSNcwqHP1if5kA9V4yNxp6+ByaA4ku
/bEXP0Ln/0eKW9oF9JEpBJQ/0K6kdnXcBTOo8dkVEtUS
-----END CERTIFICATE-----