Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/oSDVzSu5TJsKhNFZbQ-G7yy3Uig.roa
File:                     oSDVzSu5TJsKhNFZbQ-G7yy3Uig.roa (raw, json)
Hash identifier:          0khgo7LNlts8r+CeyhQBvMoGP1+0yhpDCcdsOn1Q5Cs=
Subject key identifier:   A1:20:D5:CD:2B:B9:4C:9B:0A:84:D1:59:6D:0F:86:EF:2C:B7:52:28
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       018D59A0B092028C7F7ED53922D1E8DF8514
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/oSDVzSu5TJsKhNFZbQ-G7yy3Uig.roa
Signing time:             Tue 30 Jan 2024 09:08:39 +0000
ROA not before:           Tue 30 Jan 2024 09:08:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9087
IP address blocks:        82.206.2.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:a0:b0:92:02:8c:7f:7e:d5:39:22:d1:e8:df:85:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Jan 30 09:08:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a120d5cd2bb94c9b0a84d1596d0f86ef2cb75228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b9:0d:97:01:9c:1d:1b:e5:47:60:73:95:fd:
                    66:0d:67:08:43:2e:bc:5f:d3:d7:b6:c2:6e:0b:90:
                    92:29:f3:90:73:60:f0:2e:48:2d:ac:12:d0:d4:fd:
                    6b:be:6e:c7:df:a2:73:9b:8a:c4:02:df:de:65:58:
                    60:9e:81:c0:75:23:61:05:17:3a:9a:db:54:7d:a9:
                    51:63:f1:5e:07:7c:70:7d:2b:76:3e:d1:d5:73:25:
                    8b:da:d1:11:71:c7:e6:7e:26:fe:81:36:79:76:84:
                    32:4c:3d:ac:5a:41:22:77:32:ad:bd:f5:e5:29:7e:
                    c4:53:08:cc:12:59:fb:65:6e:16:88:1f:0d:23:aa:
                    78:46:cd:0d:4f:4a:14:af:a5:3f:b4:1f:ca:f4:00:
                    e6:af:62:cb:83:86:87:40:47:a0:91:00:ff:eb:49:
                    ec:b2:4a:31:a9:2c:9b:65:b3:4b:2f:df:e6:8c:2a:
                    cc:4d:87:11:ff:53:2f:e6:5b:3a:bc:96:e0:78:ac:
                    6d:59:2d:c2:64:dd:bc:17:65:df:e3:51:4d:8c:27:
                    33:c7:c4:d3:4f:a8:55:9d:3b:db:2c:9e:bc:f2:e8:
                    ce:b5:54:4d:1b:cc:38:df:9f:27:df:2c:cf:2a:f9:
                    22:7a:01:cd:29:6f:fb:03:b3:ba:48:4d:4b:27:a0:
                    78:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:20:D5:CD:2B:B9:4C:9B:0A:84:D1:59:6D:0F:86:EF:2C:B7:52:28
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/oSDVzSu5TJsKhNFZbQ-G7yy3Uig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:cc:ae:a4:d6:26:ed:55:4d:d9:30:8f:df:f8:57:69:d4:3f:
         95:b1:ae:e5:2a:c4:15:9a:37:87:7d:fb:87:32:97:7a:fb:43:
         43:1a:e1:da:ee:2d:93:a2:97:73:50:6f:0a:00:b3:ce:09:00:
         0e:7f:4e:3d:f2:c9:12:92:61:1c:08:0a:73:3c:19:92:a3:92:
         b7:c7:4d:2d:c2:6e:33:42:50:04:e0:63:cd:51:1a:00:9d:9b:
         1a:3f:90:ef:cc:2a:cc:0e:1d:a0:3e:90:13:ee:45:e0:d3:48:
         a5:09:09:4f:a9:95:86:0f:b2:ae:a7:bb:83:da:69:dc:98:70:
         a2:4c:61:07:71:a6:80:d1:f1:27:2d:be:7c:1b:f1:02:8f:90:
         18:37:bf:19:64:63:68:70:03:81:81:18:93:d0:b2:ce:4c:54:
         68:fc:5c:8a:5b:56:dd:6a:7b:37:bd:ec:a5:86:17:9f:82:08:
         f8:0d:dc:ab:8a:95:c6:3a:29:06:27:6d:ae:09:72:2b:a7:f6:
         99:97:72:35:f4:40:a1:ab:9d:2e:c6:6e:54:8c:f3:74:e0:90:
         36:e1:71:04:29:17:d5:57:7d:2b:79:a4:ee:7c:05:5e:13:ee:
         c6:43:fc:b3:62:29:e1:34:85:66:67:f0:aa:b4:73:64:bf:d3:
         3f:53:07:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1ZoLCSAox/ftU5ItHo34UUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjQwMTMwMDkwODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTIwZDVjZDJiYjk0YzliMGE4NGQxNTk2ZDBmODZlZjJjYjc1MjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLkNlwGcHRvlR2Bzlf1mDWcIQy68
X9PXtsJuC5CSKfOQc2DwLkgtrBLQ1P1rvm7H36Jzm4rEAt/eZVhgnoHAdSNhBRc6
mttUfalRY/FeB3xwfSt2PtHVcyWL2tERccfmfib+gTZ5doQyTD2sWkEidzKtvfXl
KX7EUwjMEln7ZW4WiB8NI6p4Rs0NT0oUr6U/tB/K9ADmr2LLg4aHQEegkQD/60ns
skoxqSybZbNLL9/mjCrMTYcR/1Mv5ls6vJbgeKxtWS3CZN28F2Xf41FNjCczx8TT
T6hVnTvbLJ688ujOtVRNG8w4358n3yzPKvkiegHNKW/7A7O6SE1LJ6B4vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEg1c0ruUybCoTRWW0Phu8st1IoMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvb1NEVnpTdTVUSnNLaE5GWmJRLUc3eXkzVWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUs4CMA0G
CSqGSIb3DQEBCwUAA4IBAQBuzK6k1ibtVU3ZMI/f+Fdp1D+Vsa7lKsQVmjeHffuH
Mpd6+0NDGuHa7i2TopdzUG8KALPOCQAOf0498skSkmEcCApzPBmSo5K3x00twm4z
QlAE4GPNURoAnZsaP5DvzCrMDh2gPpAT7kXg00ilCQlPqZWGD7Kup7uD2mncmHCi
TGEHcaaA0fEnLb58G/ECj5AYN78ZZGNocAOBgRiT0LLOTFRo/FyKW1bdans3veyl
hhefggj4DdyripXGOikGJ22uCXIrp/aZl3I19EChq50uxm5UjPN04JA24XEEKRfV
V30reaTufAVeE+7GQ/yzYinhNIVmZ/CqtHNkv9M/Uwdm
-----END CERTIFICATE-----