Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/OmhVddb1rs07Y4nTcCmpNOHuPE4.roa
File:                     OmhVddb1rs07Y4nTcCmpNOHuPE4.roa (raw, json)
Hash identifier:          h9Fmr/qX0wgFrGmmyY5PPKsMelLA3qBQjrd8qpEIs0s=
Subject key identifier:   3A:68:55:75:D6:F5:AE:CD:3B:63:89:D3:70:29:A9:34:E1:EE:3C:4E
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAE278CA3954211CAFF9C8DD6AD4CC
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/OmhVddb1rs07Y4nTcCmpNOHuPE4.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205355
IP address blocks:        88.220.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 18:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e2:78:ca:39:54:21:1c:af:f9:c8:dd:6a:d4:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a685575d6f5aecd3b6389d37029a934e1ee3c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b5:5b:da:53:25:9f:e9:9c:f4:36:34:98:ac:
                    32:e7:29:95:28:05:62:f6:56:c5:34:d4:ba:39:26:
                    12:f3:dd:37:4c:d2:d0:dc:8e:76:6f:08:e1:d6:a7:
                    6f:ba:8f:c0:ea:4d:4d:33:e7:46:a7:10:6f:0d:81:
                    12:73:b3:9d:5d:bf:40:4e:6f:b6:82:e7:22:27:f8:
                    48:45:76:90:f6:67:2a:fe:13:07:cb:1c:6c:c1:56:
                    71:ea:b0:26:35:27:fc:e6:59:4d:1d:62:18:0c:e5:
                    43:c0:83:cc:ed:4b:8c:eb:23:18:3e:82:50:54:a4:
                    11:14:72:ac:0b:4f:8b:33:b5:43:5d:3b:a3:18:05:
                    6f:a3:48:70:dc:9d:4f:64:25:63:d8:0a:83:e2:40:
                    70:27:18:4d:e6:3c:6a:7c:a5:3c:ea:4a:97:bd:8f:
                    c1:3d:26:65:3e:13:83:9c:d8:59:56:e6:f6:35:97:
                    78:76:9d:47:f0:95:de:de:18:92:38:78:ba:a6:6a:
                    d3:9c:f5:cd:20:a3:4c:9e:bb:4e:5e:c2:52:0d:2e:
                    3e:fb:13:f0:b8:52:3f:d2:bc:85:2d:44:49:b8:d1:
                    45:f1:b0:b0:1c:4e:30:c8:9b:a6:77:bd:4f:71:17:
                    db:7a:09:3e:e6:ff:a4:6d:25:9f:a4:99:97:03:99:
                    9a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:68:55:75:D6:F5:AE:CD:3B:63:89:D3:70:29:A9:34:E1:EE:3C:4E
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/OmhVddb1rs07Y4nTcCmpNOHuPE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:f0:64:35:95:e7:7d:5e:7d:8f:02:16:71:92:55:35:d0:46:
         0c:3e:4a:55:a9:13:4d:b9:f9:03:27:96:3e:e1:c5:8d:1d:6f:
         f6:12:1a:22:f3:2a:38:1d:89:af:3a:f4:97:72:33:26:36:76:
         4a:30:3f:80:d5:27:a3:d7:5c:4e:af:15:e3:ad:d1:2b:49:24:
         68:19:45:49:10:c4:b9:35:da:09:c5:33:46:75:22:0d:44:83:
         b5:f5:26:3d:00:03:36:26:29:eb:8e:c0:b9:0b:7e:49:f4:d4:
         4f:33:e6:3b:5d:f8:a7:91:dc:93:6b:a9:9e:93:d4:69:58:e7:
         4d:df:4d:ef:0f:f2:b5:52:d8:8d:9f:ec:4e:c0:1f:8c:80:62:
         a0:dd:29:05:16:3a:12:41:7c:8b:6e:dc:04:a1:f9:a8:63:1a:
         33:6a:50:a5:b3:5d:37:cf:12:5f:2c:9a:a1:30:aa:da:f1:fd:
         6c:da:b0:79:c5:4e:60:b1:88:b9:fe:9f:55:ea:a6:e5:ee:83:
         92:f2:12:f8:4a:21:33:4c:41:48:13:4a:0d:30:fe:79:ea:26:
         d2:a5:a3:28:85:7f:bc:11:01:27:a0:32:a3:28:b7:f2:35:b2:
         ca:7a:d0:66:6b:ba:ec:ea:33:8f:53:5c:23:fc:e3:6f:5f:4f:
         1c:45:dc:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uJ4yjlUIRyv+cjdatTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTY4NTU3NWQ2ZjVhZWNkM2I2Mzg5ZDM3MDI5YTkzNGUxZWUzYzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrVb2lMln+mc9DY0mKwy5ymVKAVi
9lbFNNS6OSYS8903TNLQ3I52bwjh1qdvuo/A6k1NM+dGpxBvDYESc7OdXb9ATm+2
guciJ/hIRXaQ9mcq/hMHyxxswVZx6rAmNSf85llNHWIYDOVDwIPM7UuM6yMYPoJQ
VKQRFHKsC0+LM7VDXTujGAVvo0hw3J1PZCVj2AqD4kBwJxhN5jxqfKU86kqXvY/B
PSZlPhODnNhZVub2NZd4dp1H8JXe3hiSOHi6pmrTnPXNIKNMnrtOXsJSDS4++xPw
uFI/0ryFLURJuNFF8bCwHE4wyJumd71PcRfbegk+5v+kbSWfpJmXA5maGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpoVXXW9a7NO2OJ03ApqTTh7jxOMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvT21oVmRkYjFyczA3WTRuVGNDbXBOT0h1UEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNxeMA0G
CSqGSIb3DQEBCwUAA4IBAQBA8GQ1led9Xn2PAhZxklU10EYMPkpVqRNNufkDJ5Y+
4cWNHW/2Ehoi8yo4HYmvOvSXcjMmNnZKMD+A1Sej11xOrxXjrdErSSRoGUVJEMS5
NdoJxTNGdSINRIO19SY9AAM2JinrjsC5C35J9NRPM+Y7XfinkdyTa6mek9RpWOdN
303vD/K1UtiNn+xOwB+MgGKg3SkFFjoSQXyLbtwEofmoYxozalCls103zxJfLJqh
MKra8f1s2rB5xU5gsYi5/p9V6qbl7oOS8hL4SiEzTEFIE0oNMP556ibSpaMohX+8
EQEnoDKjKLfyNbLKetBma7rs6jOPU1wj/ONvX08cRdw9
-----END CERTIFICATE-----