Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/omMqyJwb2TMKUg_d6AxeOiep24o.roa
File:                     omMqyJwb2TMKUg_d6AxeOiep24o.roa (raw, json)
Hash identifier:          jqe4xwEnEXd+YYlvPtVux5Ur9EGE7a+JqP42x1J+kuM=
Subject key identifier:   A2:63:2A:C8:9C:1B:D9:33:0A:52:0F:DD:E8:0C:5E:3A:27:A9:DB:8A
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018F0BA1DE3112ADE2D0494AB0B562E89DA8
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/omMqyJwb2TMKUg_d6AxeOiep24o.roa
Signing time:             Tue 23 Apr 2024 15:45:08 +0000
ROA not before:           Tue 23 Apr 2024 15:45:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        185.160.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0b:a1:de:31:12:ad:e2:d0:49:4a:b0:b5:62:e8:9d:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Apr 23 15:45:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2632ac89c1bd9330a520fdde80c5e3a27a9db8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5a:8c:bb:fd:16:ae:b9:e1:d5:bb:d4:e5:b4:
                    b8:d9:63:5f:3e:f9:8c:29:d0:f9:62:89:7e:ea:fb:
                    73:ec:ba:ef:dc:49:8d:36:43:c1:9b:c3:ac:f8:08:
                    65:fa:87:c1:4a:c0:18:02:43:d7:6f:92:16:e8:ed:
                    99:63:fc:3d:95:ec:ce:1f:6f:a9:61:12:51:23:63:
                    f2:db:ec:a1:eb:a6:16:bd:32:29:3f:a6:da:70:1b:
                    ff:82:3f:28:13:3b:0f:55:65:99:c8:39:3d:32:a5:
                    8f:de:ce:12:7a:da:7b:6e:3a:fb:9e:30:08:5f:93:
                    cb:95:55:fc:75:31:90:6d:fd:fa:83:79:9a:8a:ba:
                    03:57:96:34:b3:a5:67:66:f9:3d:3a:96:19:a2:bd:
                    80:4b:92:65:e5:f2:66:66:cf:a8:ad:f7:9c:b3:8c:
                    f1:00:e0:67:b1:45:80:bf:ba:46:df:20:62:f7:f4:
                    5c:12:a2:07:ff:fb:e0:65:0c:37:e8:ea:48:a7:2b:
                    e0:10:dd:e0:56:78:cf:f7:dc:2a:1f:3d:47:dc:33:
                    9e:0c:35:91:4c:0a:36:bd:2e:1d:ed:21:9f:40:b6:
                    26:bf:29:c4:3f:27:e0:1a:a7:00:cb:c4:ac:ed:24:
                    24:bb:23:18:3a:63:41:db:08:0b:b4:38:36:63:2f:
                    9d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:63:2A:C8:9C:1B:D9:33:0A:52:0F:DD:E8:0C:5E:3A:27:A9:DB:8A
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/omMqyJwb2TMKUg_d6AxeOiep24o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:8e:55:63:f5:cd:0c:0d:b8:fa:e6:35:91:01:20:44:c7:43:
         83:d0:21:96:31:5e:19:87:2e:79:7d:4d:85:fd:c6:cf:c4:09:
         0b:5c:8a:5f:d5:3d:5b:8c:2a:b2:61:9f:6f:b8:cc:bf:5c:2b:
         1e:e0:7c:45:71:5e:6b:2a:4e:f2:a1:e0:b9:dd:b5:92:91:77:
         6a:c1:45:61:1d:59:e3:f4:3c:8d:1b:96:01:e2:2e:f3:89:55:
         9c:c2:2a:39:a5:a4:be:7a:cb:b6:03:90:ce:69:80:79:49:d7:
         34:53:af:4f:18:29:33:24:bb:fb:60:ea:7f:1c:9c:f9:50:c5:
         e1:24:14:a6:5f:8f:46:ce:71:3c:d3:22:8c:4b:19:23:ff:39:
         ea:56:ea:04:f4:aa:7b:6c:05:52:e9:66:92:c5:f0:32:f8:e4:
         5c:0b:37:90:95:ef:ff:a5:63:6e:90:39:fa:72:ba:0e:c9:48:
         9f:30:87:7d:b1:0b:25:6b:4b:04:17:6a:6b:fa:5b:5b:19:9b:
         ca:b5:71:30:0e:b0:c9:64:77:57:38:9c:87:f0:1e:84:1f:ab:
         3c:1b:61:d6:80:52:83:7a:21:77:5e:ac:50:bb:78:04:eb:5b:
         6d:d3:f7:a7:e3:cc:0f:cf:92:fa:1e:9e:ce:85:d8:16:a4:46:
         cd:26:d1:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Lod4xEq3i0ElKsLVi6J2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQwNDIzMTU0NTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjYzMmFjODljMWJkOTMzMGE1MjBmZGRlODBjNWUzYTI3YTlkYjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVqMu/0Wrrnh1bvU5bS42WNfPvmM
KdD5Yol+6vtz7Lrv3EmNNkPBm8Os+Ahl+ofBSsAYAkPXb5IW6O2ZY/w9lezOH2+p
YRJRI2Py2+yh66YWvTIpP6bacBv/gj8oEzsPVWWZyDk9MqWP3s4Setp7bjr7njAI
X5PLlVX8dTGQbf36g3mairoDV5Y0s6VnZvk9OpYZor2AS5Jl5fJmZs+orfecs4zx
AOBnsUWAv7pG3yBi9/RcEqIH//vgZQw36OpIpyvgEN3gVnjP99wqHz1H3DOeDDWR
TAo2vS4d7SGfQLYmvynEPyfgGqcAy8Ss7SQkuyMYOmNB2wgLtDg2Yy+d9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJjKsicG9kzClIP3egMXjonqduKMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvb21NcXlKd2IyVE1LVWdfZDZBeGVPaWVwMjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaDBMA0G
CSqGSIb3DQEBCwUAA4IBAQASjlVj9c0MDbj65jWRASBEx0OD0CGWMV4Zhy55fU2F
/cbPxAkLXIpf1T1bjCqyYZ9vuMy/XCse4HxFcV5rKk7yoeC53bWSkXdqwUVhHVnj
9DyNG5YB4i7ziVWcwio5paS+esu2A5DOaYB5Sdc0U69PGCkzJLv7YOp/HJz5UMXh
JBSmX49GznE80yKMSxkj/znqVuoE9Kp7bAVS6WaSxfAy+ORcCzeQle//pWNukDn6
croOyUifMId9sQsla0sEF2pr+ltbGZvKtXEwDrDJZHdXOJyH8B6EH6s8G2HWgFKD
eiF3XqxQu3gE61tt0/en48wPz5L6Hp7OhdgWpEbNJtEa
-----END CERTIFICATE-----