Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/296852-a8fd-48e5-8dd6-8abcbb65c621/1/O5ND_yIu79aaqVZUOfbX5WehFKE.roa
File:                     O5ND_yIu79aaqVZUOfbX5WehFKE.roa (raw, json)
Hash identifier:          04eW9DGRTjDn3gr5ib/eecXm3RpMHa9iAW0bWbrhlFM=
Subject key identifier:   3B:93:43:FF:22:2E:EF:D6:9A:A9:56:54:39:F6:D7:E5:67:A1:14:A1
Certificate issuer:       /CN=c918c4019474cc81ec661fce64e6c938972196da
Certificate serial:       018D6B9274E4E87A2AD9595CBEAE27E3A2BF
Authority key identifier: C9:18:C4:01:94:74:CC:81:EC:66:1F:CE:64:E6:C9:38:97:21:96:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yRjEAZR0zIHsZh_OZObJOJchlto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/296852-a8fd-48e5-8dd6-8abcbb65c621/1/O5ND_yIu79aaqVZUOfbX5WehFKE.roa
Signing time:             Fri 02 Feb 2024 20:46:16 +0000
ROA not before:           Fri 02 Feb 2024 20:46:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204168
IP address blocks:        185.111.208.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/296852-a8fd-48e5-8dd6-8abcbb65c621/1/yRjEAZR0zIHsZh_OZObJOJchlto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/296852-a8fd-48e5-8dd6-8abcbb65c621/1/yRjEAZR0zIHsZh_OZObJOJchlto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yRjEAZR0zIHsZh_OZObJOJchlto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6b:92:74:e4:e8:7a:2a:d9:59:5c:be:ae:27:e3:a2:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c918c4019474cc81ec661fce64e6c938972196da
        Validity
            Not Before: Feb  2 20:46:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b9343ff222eefd69aa9565439f6d7e567a114a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:da:16:eb:54:c5:18:b2:af:55:c4:b9:67:fc:
                    e7:bd:b2:eb:ca:3e:24:0a:46:db:2f:be:5e:f5:c1:
                    9d:ca:6b:cb:aa:58:7c:6c:7d:fd:98:85:97:93:f3:
                    8f:0b:c0:36:aa:e4:a4:4e:0a:77:c3:ed:59:5b:3e:
                    0c:64:13:77:e1:59:23:57:dc:19:d8:5b:02:4e:04:
                    57:bc:f9:9f:73:1b:a0:4e:99:32:ae:1b:dc:f7:f2:
                    5c:30:6a:b5:55:12:c4:d6:de:53:a8:74:b9:20:03:
                    6e:70:f3:89:f3:b3:ce:49:49:18:a8:7e:bf:ae:b8:
                    bb:a6:14:d2:2b:d6:f6:90:e8:0a:3d:0c:89:70:8d:
                    1d:b3:d0:a2:0b:b7:84:4c:3c:b8:54:ad:73:cd:7f:
                    2e:f4:33:93:20:2f:ee:40:d0:e8:b7:19:8c:ef:4b:
                    ff:31:43:58:02:60:39:9a:bf:04:60:c8:2b:01:3d:
                    84:49:ad:83:5b:c0:75:15:89:3d:d9:a5:63:78:8f:
                    be:85:ae:f3:71:3e:bf:bb:a1:a8:c8:08:19:a7:bb:
                    cd:b6:41:b8:a0:7e:e3:3d:54:08:2f:e8:c0:fc:ff:
                    d4:fe:00:df:b6:71:7a:45:f3:37:d3:f3:da:7a:82:
                    18:58:f2:41:b2:ef:61:55:18:a9:6b:2b:d8:5d:a5:
                    bf:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:93:43:FF:22:2E:EF:D6:9A:A9:56:54:39:F6:D7:E5:67:A1:14:A1
            X509v3 Authority Key Identifier:
                keyid:C9:18:C4:01:94:74:CC:81:EC:66:1F:CE:64:E6:C9:38:97:21:96:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yRjEAZR0zIHsZh_OZObJOJchlto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/296852-a8fd-48e5-8dd6-8abcbb65c621/1/O5ND_yIu79aaqVZUOfbX5WehFKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/296852-a8fd-48e5-8dd6-8abcbb65c621/1/yRjEAZR0zIHsZh_OZObJOJchlto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ba:ff:c4:63:92:df:46:e6:ba:06:4c:63:79:78:40:d7:0b:5a:
         71:e8:2c:4c:8e:10:3b:8f:95:c9:f9:fa:a4:70:4a:c1:e7:24:
         68:a5:d6:be:8f:6d:b8:d7:64:4a:c6:a5:a7:df:96:93:b6:44:
         9b:14:b4:74:ff:c2:40:aa:29:e3:e3:a1:d1:fc:ba:f0:d0:86:
         3d:79:f9:50:0b:c3:66:81:d7:8b:18:a2:d2:fb:58:3c:a9:47:
         cc:05:8e:e4:7a:97:e5:d1:bf:8b:02:0a:87:93:cc:93:f4:66:
         75:e0:72:9e:90:f6:3c:f2:12:65:b7:88:ba:d3:5c:bc:a3:04:
         f6:18:c5:7b:2d:2e:59:57:a2:9d:77:f2:a6:ba:4e:a3:3b:07:
         f8:5d:88:1c:50:61:94:66:df:71:92:47:dd:1e:ca:c9:d1:fe:
         d6:9f:df:aa:78:e2:22:d1:6e:df:e7:c5:a9:4c:09:05:1a:ba:
         ea:ba:dd:02:d2:2d:1d:e6:8a:a5:cf:07:23:e6:f1:34:90:1b:
         98:7f:aa:dd:2c:a5:a0:f8:5e:c1:2b:29:30:38:a2:ac:99:bb:
         1e:ef:52:4c:40:83:de:79:f2:d9:19:d5:77:e9:a7:ae:31:d2:
         c3:d0:77:96:da:25:7e:af:c4:d2:22:1c:94:a7:bc:5a:11:f8:
         58:9d:e8:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1rknTk6Hoq2Vlcvq4n46K/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MThjNDAxOTQ3NGNjODFlYzY2MWZjZTY0ZTZjOTM4OTcy
MTk2ZGEwHhcNMjQwMjAyMjA0NjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjkzNDNmZjIyMmVlZmQ2OWFhOTU2NTQzOWY2ZDdlNTY3YTExNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitoW61TFGLKvVcS5Z/znvbLryj4k
CkbbL75e9cGdymvLqlh8bH39mIWXk/OPC8A2quSkTgp3w+1ZWz4MZBN34VkjV9wZ
2FsCTgRXvPmfcxugTpkyrhvc9/JcMGq1VRLE1t5TqHS5IANucPOJ87POSUkYqH6/
rri7phTSK9b2kOgKPQyJcI0ds9CiC7eETDy4VK1zzX8u9DOTIC/uQNDotxmM70v/
MUNYAmA5mr8EYMgrAT2ESa2DW8B1FYk92aVjeI++ha7zcT6/u6GoyAgZp7vNtkG4
oH7jPVQIL+jA/P/U/gDftnF6RfM30/PaeoIYWPJBsu9hVRipayvYXaW/FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuTQ/8iLu/WmqlWVDn21+VnoRShMB8GA1UdIwQY
MBaAFMkYxAGUdMyB7GYfzmTmyTiXIZbaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVJqRUFaUjB6SUhzWmhfT1pPYkpPSmNobHRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8yOTY4NTItYThmZC00OGU1LThkZDYt
OGFiY2JiNjVjNjIxLzEvTzVORF95SXU3OWFhcVZaVU9mYlg1V2VoRktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8yOTY4NTItYThmZC00OGU1LThkZDYtOGFiY2JiNjVjNjIx
LzEveVJqRUFaUjB6SUhzWmhfT1pPYkpPSmNobHRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW/QMA0G
CSqGSIb3DQEBCwUAA4IBAQC6/8Rjkt9G5roGTGN5eEDXC1px6CxMjhA7j5XJ+fqk
cErB5yRopda+j22412RKxqWn35aTtkSbFLR0/8JAqinj46HR/Lrw0IY9eflQC8Nm
gdeLGKLS+1g8qUfMBY7kepfl0b+LAgqHk8yT9GZ14HKekPY88hJlt4i601y8owT2
GMV7LS5ZV6Kdd/Kmuk6jOwf4XYgcUGGUZt9xkkfdHsrJ0f7Wn9+qeOIi0W7f58Wp
TAkFGrrqut0C0i0d5oqlzwcj5vE0kBuYf6rdLKWg+F7BKykwOKKsmbse71JMQIPe
efLZGdV36aeuMdLD0HeW2iV+r8TSIhyUp7xaEfhYnegS
-----END CERTIFICATE-----