Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/6448d2-fe07-4fc4-9624-028fe5255bbe/1/ofmaTH4r3L7qKPphsJdEPKHa7OE.roa
File:                     ofmaTH4r3L7qKPphsJdEPKHa7OE.roa (raw, json)
Hash identifier:          LunBomFxZOyPt31dameUgLcpB2drXP1Kch26qQfd8WM=
Subject key identifier:   A1:F9:9A:4C:7E:2B:DC:BE:EA:28:FA:61:B0:97:44:3C:A1:DA:EC:E1
Certificate issuer:       /CN=edbd0f2905e0abc0642031656a3a569ef737b4d0
Certificate serial:       018CCA2A2016C559B171AB2CED16F3EC696E
Authority key identifier: ED:BD:0F:29:05:E0:AB:C0:64:20:31:65:6A:3A:56:9E:F7:37:B4:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7b0PKQXgq8BkIDFlajpWnvc3tNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/6448d2-fe07-4fc4-9624-028fe5255bbe/1/ofmaTH4r3L7qKPphsJdEPKHa7OE.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211699
IP address blocks:        194.113.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/6448d2-fe07-4fc4-9624-028fe5255bbe/1/7b0PKQXgq8BkIDFlajpWnvc3tNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/6448d2-fe07-4fc4-9624-028fe5255bbe/1/7b0PKQXgq8BkIDFlajpWnvc3tNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7b0PKQXgq8BkIDFlajpWnvc3tNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:20:16:c5:59:b1:71:ab:2c:ed:16:f3:ec:69:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edbd0f2905e0abc0642031656a3a569ef737b4d0
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1f99a4c7e2bdcbeea28fa61b097443ca1daece1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e5:b1:59:3b:13:ae:0a:a3:03:63:4f:69:3a:
                    8c:a8:46:0b:c9:5c:1c:7e:ac:19:62:c5:51:5d:c5:
                    40:89:9d:cc:0c:c4:78:98:9d:ea:ca:7f:9e:f8:80:
                    df:e2:92:6b:a4:9f:1a:0e:84:f4:e3:77:7a:1b:82:
                    6f:c7:a0:20:9e:02:77:50:cc:77:0a:79:4d:04:cd:
                    c9:1c:a3:78:4d:24:2a:04:69:df:76:ba:92:91:4d:
                    9c:a8:7b:1b:66:1e:7a:a9:b6:b5:ea:d0:b7:33:16:
                    70:7a:62:ab:8e:4b:bd:61:a0:2b:98:07:db:93:7a:
                    7f:b9:e4:a6:78:7c:3a:f1:0d:92:57:ff:ea:77:44:
                    36:b5:7e:1f:ba:e7:f5:78:36:67:ff:8f:4a:ea:50:
                    b2:a7:68:99:5b:a5:f0:c2:44:b7:bd:4b:48:34:69:
                    3b:8b:45:79:cb:10:b2:84:fb:6e:b0:14:ed:10:36:
                    05:37:e8:b5:09:62:26:08:92:d1:e6:84:9c:b6:08:
                    b7:43:d0:6d:39:10:fb:d7:7a:22:3a:c3:0b:b6:96:
                    01:32:17:05:fc:69:7c:e8:97:65:b8:ae:b0:d9:0e:
                    a3:42:80:b4:4a:cd:8f:de:1e:d9:16:0f:7a:86:c8:
                    b1:a5:67:c2:27:e2:2a:56:ad:72:1b:2c:9d:28:ec:
                    71:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:F9:9A:4C:7E:2B:DC:BE:EA:28:FA:61:B0:97:44:3C:A1:DA:EC:E1
            X509v3 Authority Key Identifier:
                keyid:ED:BD:0F:29:05:E0:AB:C0:64:20:31:65:6A:3A:56:9E:F7:37:B4:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b0PKQXgq8BkIDFlajpWnvc3tNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/6448d2-fe07-4fc4-9624-028fe5255bbe/1/ofmaTH4r3L7qKPphsJdEPKHa7OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/6448d2-fe07-4fc4-9624-028fe5255bbe/1/7b0PKQXgq8BkIDFlajpWnvc3tNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:91:58:68:ca:c1:65:0c:e3:99:32:99:b2:48:91:41:f7:ad:
         0c:49:83:f7:a1:bb:c9:6d:53:2d:65:b6:77:f8:bc:28:bd:3b:
         61:38:fd:b3:49:c2:86:ee:31:71:bb:b6:96:fe:00:6b:5d:61:
         b6:2d:df:9e:70:08:9f:2b:14:d1:02:04:e7:4e:14:0e:93:1f:
         e3:8e:fe:73:81:40:55:48:cb:4b:95:72:87:5a:83:c4:6f:07:
         32:6a:bb:56:6e:89:81:63:34:a0:56:97:1b:48:39:11:1e:ca:
         f4:41:45:7f:7f:aa:bd:02:4d:62:1b:5d:39:e4:dc:6a:e5:b1:
         1d:f5:3b:84:86:a5:d0:5a:e9:21:0f:be:34:3c:d3:a5:84:44:
         b0:69:32:bf:0e:5a:e7:e5:d0:8a:1c:f8:68:63:dc:88:98:c1:
         4f:4f:00:7f:7d:b9:2d:fa:8d:6d:29:e1:7a:62:f1:0c:e2:b5:
         66:4f:ed:9c:2a:7b:7a:f6:ab:9c:89:74:c4:30:ba:2b:77:3a:
         7e:cd:ee:a7:f9:b1:fc:92:57:d7:c0:d0:ab:4d:ee:e6:f6:67:
         db:6e:2f:5a:08:0d:f8:e8:e5:26:17:05:45:4c:fd:0a:a7:28:
         eb:85:03:4e:3b:5a:e3:ca:81:34:b4:0b:76:4d:5d:d4:17:04:
         6b:04:15:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKiAWxVmxcass7Rbz7GluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYmQwZjI5MDVlMGFiYzA2NDIwMzE2NTZhM2E1NjllZjcz
N2I0ZDAwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWY5OWE0YzdlMmJkY2JlZWEyOGZhNjFiMDk3NDQzY2ExZGFlY2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOWxWTsTrgqjA2NPaTqMqEYLyVwc
fqwZYsVRXcVAiZ3MDMR4mJ3qyn+e+IDf4pJrpJ8aDoT043d6G4Jvx6AgngJ3UMx3
CnlNBM3JHKN4TSQqBGnfdrqSkU2cqHsbZh56qba16tC3MxZwemKrjku9YaArmAfb
k3p/ueSmeHw68Q2SV//qd0Q2tX4fuuf1eDZn/49K6lCyp2iZW6XwwkS3vUtINGk7
i0V5yxCyhPtusBTtEDYFN+i1CWImCJLR5oSctgi3Q9BtORD713oiOsMLtpYBMhcF
/Gl86JdluK6w2Q6jQoC0Ss2P3h7ZFg96hsixpWfCJ+IqVq1yGyydKOxxPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKH5mkx+K9y+6ij6YbCXRDyh2uzhMB8GA1UdIwQY
MBaAFO29DykF4KvAZCAxZWo6Vp73N7TQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2IwUEtRWGdxOEJrSURGbGFqcFdudmMzdE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS82NDQ4ZDItZmUwNy00ZmM0LTk2MjQt
MDI4ZmU1MjU1YmJlLzEvb2ZtYVRINHIzTDdxS1BwaHNKZEVQS0hhN09FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS82NDQ4ZDItZmUwNy00ZmM0LTk2MjQtMDI4ZmU1MjU1YmJl
LzEvN2IwUEtRWGdxOEJrSURGbGFqcFdudmMzdE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwnGcMA0G
CSqGSIb3DQEBCwUAA4IBAQClkVhoysFlDOOZMpmySJFB960MSYP3obvJbVMtZbZ3
+LwovTthOP2zScKG7jFxu7aW/gBrXWG2Ld+ecAifKxTRAgTnThQOkx/jjv5zgUBV
SMtLlXKHWoPEbwcyartWbomBYzSgVpcbSDkRHsr0QUV/f6q9Ak1iG1055Nxq5bEd
9TuEhqXQWukhD740PNOlhESwaTK/Dlrn5dCKHPhoY9yImMFPTwB/fbkt+o1tKeF6
YvEM4rVmT+2cKnt69quciXTEMLordzp+ze6n+bH8klfXwNCrTe7m9mfbbi9aCA34
6OUmFwVFTP0KpyjrhQNOO1rjyoE0tAt2TV3UFwRrBBXg
-----END CERTIFICATE-----