Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/OnCV_GFI3P1F_C-F0uZgZX3z8kY.roa
File:                     OnCV_GFI3P1F_C-F0uZgZX3z8kY.roa (raw, json)
Hash identifier:          TRzbvh9MBeWV32MkH4unVYWOgErTK3ASS0DXPndwg40=
Subject key identifier:   3A:70:95:FC:61:48:DC:FD:45:FC:2F:85:D2:E6:60:65:7D:F3:F2:46
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAEA4C8B49E3CF6A2D56D16B90A556
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/OnCV_GFI3P1F_C-F0uZgZX3z8kY.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215903
IP address blocks:        195.136.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ea:4c:8b:49:e3:cf:6a:2d:56:d1:6b:90:a5:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a7095fc6148dcfd45fc2f85d2e660657df3f246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:89:eb:66:1b:b7:54:c3:cb:70:c0:52:02:9e:
                    58:24:19:d1:ef:81:77:ee:5d:47:51:5c:a7:71:78:
                    29:75:bb:bd:fd:0c:b6:fd:1a:6b:1e:39:73:0d:09:
                    63:14:19:89:9c:b8:73:41:ea:24:48:f6:a6:35:59:
                    80:e8:49:ef:c0:b2:a3:e0:6c:df:53:0e:03:66:50:
                    71:82:72:a2:e9:5b:9b:cf:7a:76:8e:b3:ca:f6:8a:
                    97:de:67:21:54:79:68:18:ea:b1:b5:21:f9:93:b0:
                    9e:4b:c7:8f:e9:d2:5f:bc:59:44:bc:06:02:f7:1d:
                    f0:36:a6:60:55:8e:67:9b:7f:2c:cf:eb:1d:36:1b:
                    ba:aa:f9:75:d9:14:52:ae:34:d2:14:e4:01:14:66:
                    4e:dc:65:a2:0d:7f:f3:b4:82:f6:5a:8c:2c:e1:ac:
                    41:31:63:07:f7:bd:7b:cb:80:7e:89:ab:83:aa:d3:
                    b7:94:c3:a2:27:19:97:fc:0d:f4:98:7b:53:ff:db:
                    17:d6:1d:05:db:c4:2a:aa:ad:c9:26:7b:12:5f:98:
                    49:de:01:52:71:88:49:58:46:a2:23:ea:8c:26:9f:
                    3e:b4:5a:4c:8b:14:2b:59:3a:57:21:b2:1d:76:24:
                    0e:5e:8d:25:7e:84:5e:84:db:d0:af:b2:77:72:8a:
                    c6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:70:95:FC:61:48:DC:FD:45:FC:2F:85:D2:E6:60:65:7D:F3:F2:46
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/OnCV_GFI3P1F_C-F0uZgZX3z8kY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ee:e9:cf:6e:e1:47:02:64:6a:08:f9:8c:11:5e:40:54:d2:
         bc:7a:1e:82:7f:b0:33:36:5a:4e:c7:6b:32:5a:5e:be:0b:26:
         bf:75:a4:3f:db:67:61:e0:11:94:84:d3:c2:bd:28:2b:fd:04:
         cf:bc:56:c8:f2:e7:f9:82:ea:ba:4f:e9:1d:81:52:5c:bd:f8:
         25:20:70:e1:6a:68:7c:70:fd:72:9d:6e:5b:72:80:be:ff:4e:
         bc:75:a8:e3:c2:7b:ea:94:4e:8d:98:c5:8b:df:e2:aa:11:a6:
         e3:aa:16:9a:33:88:57:71:c6:2f:06:5d:c4:8d:82:1b:9b:c7:
         e4:1d:77:70:63:28:1c:92:77:33:a8:36:95:f7:ae:4b:37:44:
         1a:57:6d:6a:c9:b0:47:94:b5:5e:07:74:13:2c:6d:32:fe:a8:
         22:93:c6:1a:01:3b:fb:f3:21:8d:92:8a:c1:29:cc:5f:9c:35:
         72:5b:61:18:30:5c:82:b6:f6:21:b5:c6:5d:a5:f7:33:66:3e:
         07:86:c9:9e:b1:1d:28:1f:96:7d:50:ba:9b:74:aa:4b:92:b7:
         a4:e3:df:da:af:d7:fe:49:c5:c7:2b:d5:3f:d9:86:59:7c:86:
         b5:95:1c:08:55:98:bf:ff:73:22:ed:b3:52:13:90:a1:ae:ce:
         83:9f:50:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2upMi0njz2otVtFrkKVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTcwOTVmYzYxNDhkY2ZkNDVmYzJmODVkMmU2NjA2NTdkZjNmMjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYnrZhu3VMPLcMBSAp5YJBnR74F3
7l1HUVyncXgpdbu9/Qy2/RprHjlzDQljFBmJnLhzQeokSPamNVmA6EnvwLKj4Gzf
Uw4DZlBxgnKi6Vubz3p2jrPK9oqX3mchVHloGOqxtSH5k7CeS8eP6dJfvFlEvAYC
9x3wNqZgVY5nm38sz+sdNhu6qvl12RRSrjTSFOQBFGZO3GWiDX/ztIL2Wows4axB
MWMH9717y4B+iauDqtO3lMOiJxmX/A30mHtT/9sX1h0F28Qqqq3JJnsSX5hJ3gFS
cYhJWEaiI+qMJp8+tFpMixQrWTpXIbIddiQOXo0lfoRehNvQr7J3corGLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpwlfxhSNz9RfwvhdLmYGV98/JGMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvT25DVl9HRkkzUDFGX0MtRjB1WmdaWDN6OGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4hsMA0G
CSqGSIb3DQEBCwUAA4IBAQAK7unPbuFHAmRqCPmMEV5AVNK8eh6Cf7AzNlpOx2sy
Wl6+Cya/daQ/22dh4BGUhNPCvSgr/QTPvFbI8uf5guq6T+kdgVJcvfglIHDhamh8
cP1ynW5bcoC+/068dajjwnvqlE6NmMWL3+KqEabjqhaaM4hXccYvBl3EjYIbm8fk
HXdwYygcknczqDaV965LN0QaV21qybBHlLVeB3QTLG0y/qgik8YaATv78yGNkorB
KcxfnDVyW2EYMFyCtvYhtcZdpfczZj4HhsmesR0oH5Z9ULqbdKpLkrek49/ar9f+
ScXHK9U/2YZZfIa1lRwIVZi//3Mi7bNSE5Chrs6Dn1C6
-----END CERTIFICATE-----