Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/omKaFMo_Qu7jJYl4Hkqh7ih_s_g.roa
File:                     omKaFMo_Qu7jJYl4Hkqh7ih_s_g.roa (raw, json)
Hash identifier:          2WNvlpGwTFewWpbO9WgrvckfbfVnFHvHwBPifjeaFvk=
Subject key identifier:   A2:62:9A:14:CA:3F:42:EE:E3:25:89:78:1E:4A:A1:EE:28:7F:B3:F8
Certificate issuer:       /CN=922a1a67e2da7112d4559cd8dbd8141f8f3277e8
Certificate serial:       018CC4247FD88CE5D7540DA5CC54BE384A8F
Authority key identifier: 92:2A:1A:67:E2:DA:71:12:D4:55:9C:D8:DB:D8:14:1F:8F:32:77:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/omKaFMo_Qu7jJYl4Hkqh7ih_s_g.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56457
IP address blocks:        176.119.210.0/24 maxlen: 24
                          185.201.254.0/24 maxlen: 24
                          2a06:5780::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7f:d8:8c:e5:d7:54:0d:a5:cc:54:be:38:4a:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=922a1a67e2da7112d4559cd8dbd8141f8f3277e8
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2629a14ca3f42eee32589781e4aa1ee287fb3f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:81:14:5e:32:2e:6c:1f:01:6f:c4:63:63:a1:
                    f2:f5:85:f8:03:ed:f3:50:b6:d0:42:2c:4c:30:71:
                    ec:d4:92:f4:a8:da:b0:37:a9:0d:69:be:20:4c:61:
                    af:b3:26:9f:ec:cb:e5:14:9a:82:77:d8:1d:0f:77:
                    d3:46:80:25:7d:81:93:9a:93:30:10:17:ea:97:e1:
                    ed:b6:72:bf:97:97:ce:5f:19:9e:d6:66:df:2b:33:
                    89:40:4a:1e:b0:2b:aa:ba:28:c5:8a:df:3b:c7:eb:
                    5f:00:b2:03:a3:85:a4:3e:ed:ee:b3:f8:4d:f0:b4:
                    1c:85:08:b3:b4:d4:f7:48:f3:b6:64:0a:4a:44:6e:
                    ea:b8:47:8b:5d:77:63:08:2e:b1:6b:30:67:ea:3c:
                    a5:a8:60:a5:b0:df:bd:32:df:80:91:51:be:06:b9:
                    06:a4:f6:d3:36:ef:76:99:4b:95:d9:da:e8:d2:27:
                    f4:0c:a9:40:57:84:69:e2:38:53:1d:af:03:a0:b4:
                    7a:17:85:91:c8:e4:68:d8:df:bd:3c:58:11:7c:bb:
                    5f:57:98:78:3f:ab:02:5e:83:c8:6b:50:da:27:f2:
                    35:77:87:7e:c7:6e:1d:57:b6:b0:fa:5e:3e:fa:fd:
                    ba:15:bf:b4:8f:8e:36:07:00:b8:11:52:f5:e4:2f:
                    00:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:62:9A:14:CA:3F:42:EE:E3:25:89:78:1E:4A:A1:EE:28:7F:B3:F8
            X509v3 Authority Key Identifier:
                keyid:92:2A:1A:67:E2:DA:71:12:D4:55:9C:D8:DB:D8:14:1F:8F:32:77:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/omKaFMo_Qu7jJYl4Hkqh7ih_s_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.210.0/24
                  185.201.254.0/24
                IPv6:
                  2a06:5780::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:3a:b6:9c:21:93:49:84:51:ec:48:76:cb:90:9a:70:a7:17:
         45:2e:6b:23:e5:00:ae:45:25:39:e8:1c:0b:03:11:c1:d6:a0:
         a2:e9:c4:dd:25:e5:9c:36:41:ad:9f:74:b7:ad:04:51:bc:08:
         64:13:65:57:52:d9:96:a1:3e:87:1a:3f:2c:b9:3b:38:4b:ad:
         bd:64:c6:ce:66:1b:c6:91:ae:d9:27:de:77:09:51:5f:ee:53:
         75:67:ec:5a:e9:3d:a7:c9:b6:03:9d:f8:bc:d0:b6:07:0f:7b:
         c1:3f:b6:a3:ac:23:be:e2:c4:8b:b4:dc:fc:a8:f4:e4:f6:2f:
         5f:cc:3b:e0:81:44:0f:a0:28:42:01:80:5a:f2:4f:f1:0e:52:
         48:f6:af:1e:ae:f9:b8:ef:ac:96:f0:fc:cf:7b:a7:8a:09:db:
         8c:a3:5e:80:c0:c8:af:57:87:f2:a5:de:ba:e7:81:08:c3:ce:
         e4:45:dc:10:7a:85:0c:68:3f:61:7a:46:06:23:54:6f:c7:7e:
         52:75:0e:1f:14:21:62:04:2f:90:9a:28:11:f5:a1:72:44:cf:
         da:a1:79:22:08:fa:f0:47:0a:2c:f7:2d:7c:fd:da:6c:8d:1e:
         f3:c4:97:e8:a4:1f:61:cc:da:65:b3:9d:80:df:55:52:49:bb:
         5f:95:a1:29
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJH/YjOXXVA2lzFS+OEqPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMmExYTY3ZTJkYTcxMTJkNDU1OWNkOGRiZDgxNDFmOGYz
Mjc3ZTgwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjYyOWExNGNhM2Y0MmVlZTMyNTg5NzgxZTRhYTFlZTI4N2ZiM2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYEUXjIubB8Bb8RjY6Hy9YX4A+3z
ULbQQixMMHHs1JL0qNqwN6kNab4gTGGvsyaf7MvlFJqCd9gdD3fTRoAlfYGTmpMw
EBfql+HttnK/l5fOXxme1mbfKzOJQEoesCuquijFit87x+tfALIDo4WkPu3us/hN
8LQchQiztNT3SPO2ZApKRG7quEeLXXdjCC6xazBn6jylqGClsN+9Mt+AkVG+BrkG
pPbTNu92mUuV2dro0if0DKlAV4Rp4jhTHa8DoLR6F4WRyORo2N+9PFgRfLtfV5h4
P6sCXoPIa1DaJ/I1d4d+x24dV7aw+l4++v26Fb+0j442BwC4EVL15C8AOwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKJimhTKP0Lu4yWJeB5Koe4of7P4MB8GA1UdIwQY
MBaAFJIqGmfi2nES1FWc2NvYFB+PMnfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lvYVotTGFjUkxVVlp6WTI5Z1VINDh5ZC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZGFjMzAtODU3MC00N2IyLWIyNmEt
N2YzYTQyODE3MWM3LzEvb21LYUZNb19RdTdqSllsNEhrcWg3aWhfc19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZGFjMzAtODU3MC00N2IyLWIyNmEtN2YzYTQyODE3MWM3
LzEva2lvYVotTGFjUkxVVlp6WTI5Z1VINDh5ZC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAsHfSAwQA
ucn+MA0EAgACMAcDBQMqBleAMA0GCSqGSIb3DQEBCwUAA4IBAQAOOracIZNJhFHs
SHbLkJpwpxdFLmsj5QCuRSU56BwLAxHB1qCi6cTdJeWcNkGtn3S3rQRRvAhkE2VX
UtmWoT6HGj8suTs4S629ZMbOZhvGka7ZJ953CVFf7lN1Z+xa6T2nybYDnfi80LYH
D3vBP7ajrCO+4sSLtNz8qPTk9i9fzDvggUQPoChCAYBa8k/xDlJI9q8ervm476yW
8PzPe6eKCduMo16AwMivV4fypd6654EIw87kRdwQeoUMaD9hekYGI1Rvx35SdQ4f
FCFiBC+QmigR9aFyRM/aoXkiCPrwRwos9y18/dpsjR7zxJfopB9hzNpls52A31VS
SbtflaEp
-----END CERTIFICATE-----