Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/ogsIXZJx4fj5Lp8XVqkSpxnUImU.roa
File:                     ogsIXZJx4fj5Lp8XVqkSpxnUImU.roa (raw, json)
Hash identifier:          9gsGp/0+J6Oa/1+uc7KXGBAx5dbDEYlGpWQhH0gsD5M=
Subject key identifier:   A2:0B:08:5D:92:71:E1:F8:F9:2E:9F:17:56:A9:12:A7:19:D4:22:65
Certificate issuer:       /CN=edfe3f6f6d98714e01f08c73b2644368774e8660
Certificate serial:       018CC725DEB713AD53732FDF38863590C709
Authority key identifier: ED:FE:3F:6F:6D:98:71:4E:01:F0:8C:73:B2:64:43:68:77:4E:86:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7f4_b22YcU4B8IxzsmRDaHdOhmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/ogsIXZJx4fj5Lp8XVqkSpxnUImU.roa
Signing time:             Mon 01 Jan 2024 22:29:56 +0000
ROA not before:           Mon 01 Jan 2024 22:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        194.50.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/7f4_b22YcU4B8IxzsmRDaHdOhmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/7f4_b22YcU4B8IxzsmRDaHdOhmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7f4_b22YcU4B8IxzsmRDaHdOhmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:de:b7:13:ad:53:73:2f:df:38:86:35:90:c7:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edfe3f6f6d98714e01f08c73b2644368774e8660
        Validity
            Not Before: Jan  1 22:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a20b085d9271e1f8f92e9f1756a912a719d42265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:78:9e:d5:ac:ad:48:aa:62:d2:a8:70:58:63:
                    7a:1e:c6:9a:7c:6f:c5:85:df:84:e6:23:13:ae:75:
                    f6:e8:1d:04:3d:4e:cb:8f:4e:b7:07:a8:a7:27:83:
                    97:f5:1e:f5:3d:bf:2e:b9:7a:1b:42:46:d8:75:87:
                    b6:fc:6d:7a:d2:18:dc:df:9a:83:c4:cd:e1:49:69:
                    cf:11:10:b5:99:6b:5b:2a:36:ca:32:8a:a3:63:ed:
                    d6:17:3c:d9:53:b2:fb:c6:cd:97:94:e9:b2:51:34:
                    5c:56:45:33:da:5a:e3:84:cd:38:b0:55:95:4d:41:
                    e1:5d:2f:ba:36:b0:71:41:6a:a0:b0:d7:6a:f3:58:
                    f5:0b:e1:1a:2d:91:27:2c:99:fc:33:bc:09:54:0d:
                    f3:b5:a8:cd:39:80:0c:47:32:cc:56:ba:72:00:4d:
                    27:a0:63:4d:dc:2a:f9:09:6f:3e:b0:59:d4:a3:50:
                    21:cc:96:0a:5b:20:5b:aa:62:30:c1:4e:40:5f:45:
                    dd:99:6b:79:53:0e:ed:8c:5a:72:5f:b4:a3:38:22:
                    84:a6:2f:6e:8a:45:76:b6:1a:39:87:1f:e6:53:c8:
                    c7:ed:36:04:7b:d0:a1:c2:92:9a:22:3f:4c:5e:eb:
                    aa:88:41:8e:9b:98:dd:f5:b0:48:9d:dd:29:e4:d9:
                    af:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0B:08:5D:92:71:E1:F8:F9:2E:9F:17:56:A9:12:A7:19:D4:22:65
            X509v3 Authority Key Identifier:
                keyid:ED:FE:3F:6F:6D:98:71:4E:01:F0:8C:73:B2:64:43:68:77:4E:86:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f4_b22YcU4B8IxzsmRDaHdOhmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/ogsIXZJx4fj5Lp8XVqkSpxnUImU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/7f4_b22YcU4B8IxzsmRDaHdOhmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:9a:c1:9a:8f:3c:0c:23:0b:1d:3a:bc:42:f3:d4:86:2c:c5:
         05:83:90:d8:86:1a:b6:7f:33:e5:d2:96:1b:34:7e:b7:6b:06:
         1d:d9:5b:1d:6b:29:6e:92:f0:15:35:4b:d7:0a:98:67:6b:01:
         da:72:4a:9a:d5:d6:0d:3c:6a:eb:99:fc:0e:eb:fc:d0:14:de:
         4e:04:28:3e:d1:84:74:5a:fa:79:86:53:39:d1:fc:a7:50:e2:
         97:2a:7f:39:c2:5c:95:4d:38:8f:a6:7a:2b:83:e7:70:ea:99:
         51:d1:4a:e1:9b:f8:56:a4:d9:6b:6e:f9:53:a4:8e:95:dc:84:
         55:56:d6:80:d6:e5:c3:72:96:d0:5a:ef:a1:31:6b:20:56:a5:
         2c:ce:47:bd:4d:90:d2:69:91:1f:e9:b9:0d:a2:a8:9f:e3:44:
         77:1b:53:3e:a6:e5:02:36:8a:c9:14:ef:27:df:fc:3f:7a:cc:
         12:59:74:fe:da:e7:0c:ed:51:25:f3:eb:5a:a6:14:36:0f:22:
         48:8a:97:ea:0c:9e:e3:cd:5f:72:7b:8b:14:43:a2:c9:1c:1b:
         c6:67:77:db:24:1f:98:0c:b7:ff:b2:c2:da:e9:0f:fd:be:eb:
         0e:98:8d:6f:8e:f2:e7:7c:d7:52:62:93:a3:cb:91:13:a9:71:
         4b:bd:80:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJd63E61Tcy/fOIY1kMcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZmUzZjZmNmQ5ODcxNGUwMWYwOGM3M2IyNjQ0MzY4Nzc0
ZTg2NjAwHhcNMjQwMTAxMjIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjBiMDg1ZDkyNzFlMWY4ZjkyZTlmMTc1NmE5MTJhNzE5ZDQyMjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnie1aytSKpi0qhwWGN6HsaafG/F
hd+E5iMTrnX26B0EPU7Lj063B6inJ4OX9R71Pb8uuXobQkbYdYe2/G160hjc35qD
xM3hSWnPERC1mWtbKjbKMoqjY+3WFzzZU7L7xs2XlOmyUTRcVkUz2lrjhM04sFWV
TUHhXS+6NrBxQWqgsNdq81j1C+EaLZEnLJn8M7wJVA3ztajNOYAMRzLMVrpyAE0n
oGNN3Cr5CW8+sFnUo1AhzJYKWyBbqmIwwU5AX0XdmWt5Uw7tjFpyX7SjOCKEpi9u
ikV2tho5hx/mU8jH7TYEe9ChwpKaIj9MXuuqiEGOm5jd9bBInd0p5NmvRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKILCF2SceH4+S6fF1apEqcZ1CJlMB8GA1UdIwQY
MBaAFO3+P29tmHFOAfCMc7JkQ2h3ToZgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2Y0X2IyMlljVTRCOEl4enNtUkRhSGRPaG1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xODUzNjItYzhkOS00NTZmLTllMmMt
ZWI0YTk2YzM4YzZmLzEvb2dzSVhaSng0Zmo1THA4WFZxa1NweG5VSW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xODUzNjItYzhkOS00NTZmLTllMmMtZWI0YTk2YzM4YzZm
LzEvN2Y0X2IyMlljVTRCOEl4enNtUkRhSGRPaG1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjKQMA0G
CSqGSIb3DQEBCwUAA4IBAQCBmsGajzwMIwsdOrxC89SGLMUFg5DYhhq2fzPl0pYb
NH63awYd2VsdaylukvAVNUvXCphnawHackqa1dYNPGrrmfwO6/zQFN5OBCg+0YR0
Wvp5hlM50fynUOKXKn85wlyVTTiPpnorg+dw6plR0Urhm/hWpNlrbvlTpI6V3IRV
VtaA1uXDcpbQWu+hMWsgVqUszke9TZDSaZEf6bkNoqif40R3G1M+puUCNorJFO8n
3/w/eswSWXT+2ucM7VEl8+taphQ2DyJIipfqDJ7jzV9ye4sUQ6LJHBvGZ3fbJB+Y
DLf/ssLa6Q/9vusOmI1vjvLnfNdSYpOjy5ETqXFLvYDt
-----END CERTIFICATE-----