Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/db724a-cbca-4ed1-9b79-9a1ab11abded/1/OS_g6nEnbk0_qFmRlcrF0tfxDtI.roa
File:                     OS_g6nEnbk0_qFmRlcrF0tfxDtI.roa (raw, json)
Hash identifier:          FpG7JseRePJz4Ph3uQprW5SeNP9+eGeg1ZWWdDpbDuE=
Subject key identifier:   39:2F:E0:EA:71:27:6E:4D:3F:A8:59:91:95:CA:C5:D2:D7:F1:0E:D2
Certificate issuer:       /CN=b0809dc07bc0775198f2f31554152f356a83f770
Certificate serial:       018CC5DC3963AEF70B92E3F58971B9105226
Authority key identifier: B0:80:9D:C0:7B:C0:77:51:98:F2:F3:15:54:15:2F:35:6A:83:F7:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sICdwHvAd1GY8vMVVBUvNWqD93A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/db724a-cbca-4ed1-9b79-9a1ab11abded/1/OS_g6nEnbk0_qFmRlcrF0tfxDtI.roa
Signing time:             Mon 01 Jan 2024 16:29:53 +0000
ROA not before:           Mon 01 Jan 2024 16:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        194.104.124.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/db724a-cbca-4ed1-9b79-9a1ab11abded/1/sICdwHvAd1GY8vMVVBUvNWqD93A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/db724a-cbca-4ed1-9b79-9a1ab11abded/1/sICdwHvAd1GY8vMVVBUvNWqD93A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sICdwHvAd1GY8vMVVBUvNWqD93A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:39:63:ae:f7:0b:92:e3:f5:89:71:b9:10:52:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0809dc07bc0775198f2f31554152f356a83f770
        Validity
            Not Before: Jan  1 16:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=392fe0ea71276e4d3fa8599195cac5d2d7f10ed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f9:9c:f7:f5:98:62:99:98:da:42:cb:d8:be:
                    28:5d:df:31:f2:ee:02:f5:3b:73:cd:32:61:95:4b:
                    40:79:5e:75:0d:2b:f9:ca:b5:6e:48:80:9f:78:9f:
                    2e:0a:06:c0:d3:64:6f:db:2e:5c:7e:66:79:82:29:
                    f1:dd:13:f5:99:61:b4:fe:4f:e4:70:2e:ed:bb:40:
                    7c:5d:24:45:f8:44:91:01:71:9f:0a:ca:e1:c2:20:
                    b6:33:d3:28:fa:77:25:bb:db:0c:d5:cd:3c:0d:4d:
                    d5:c0:0b:48:51:b4:fa:73:68:66:3b:e6:a0:97:d6:
                    ce:4d:11:e1:a4:1f:2e:dd:85:a0:56:18:32:c1:3f:
                    1a:d0:3c:5b:8c:0b:50:8f:19:4e:01:37:07:f0:52:
                    2b:e0:09:de:d3:39:86:e1:36:49:a2:d7:64:3c:02:
                    6a:33:bc:05:6d:b9:6e:ea:5e:ff:5f:be:2b:d3:68:
                    e2:ea:71:26:cc:b3:a7:6e:7f:ef:08:b9:d4:2d:62:
                    8e:0f:58:41:6a:57:b1:8f:b8:43:f7:89:5b:2f:df:
                    9f:49:40:30:b3:74:f4:03:4a:50:39:01:2d:9e:c7:
                    88:d8:38:9f:f9:fd:c9:49:68:4f:e3:43:57:78:af:
                    fb:3f:3c:ee:71:75:3f:c9:07:6b:17:ff:cb:b8:b3:
                    44:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:2F:E0:EA:71:27:6E:4D:3F:A8:59:91:95:CA:C5:D2:D7:F1:0E:D2
            X509v3 Authority Key Identifier:
                keyid:B0:80:9D:C0:7B:C0:77:51:98:F2:F3:15:54:15:2F:35:6A:83:F7:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sICdwHvAd1GY8vMVVBUvNWqD93A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/db724a-cbca-4ed1-9b79-9a1ab11abded/1/OS_g6nEnbk0_qFmRlcrF0tfxDtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/db724a-cbca-4ed1-9b79-9a1ab11abded/1/sICdwHvAd1GY8vMVVBUvNWqD93A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:90:eb:93:55:1e:9c:d2:8b:4d:65:29:5b:a5:c3:5b:ae:c2:
         24:9a:83:5b:bc:cd:ad:ac:df:cc:48:a7:63:03:1c:22:f2:e8:
         43:c6:00:34:0d:64:e6:ec:e0:19:0c:cc:7e:93:51:d8:91:da:
         b2:f2:84:08:de:0c:4a:89:29:85:cd:1f:b0:df:e5:e2:2c:3e:
         fb:c2:25:09:58:1c:27:76:97:75:95:66:88:5c:5a:6b:d6:77:
         08:30:1f:e2:2b:83:d7:c0:85:b8:09:63:a9:16:4a:fc:9e:9d:
         35:16:63:2e:19:66:66:0b:04:cc:fa:17:6a:bf:98:08:e1:70:
         ad:c7:05:be:62:80:71:4d:d6:ef:f5:a4:60:5d:c1:26:a9:90:
         d2:ad:62:d1:97:20:70:ee:5e:f4:ea:c1:9e:19:f2:f9:80:fc:
         36:33:35:3a:17:ca:9b:dd:0c:8f:11:bb:01:9e:c6:fa:59:c0:
         8a:70:35:51:c8:72:b0:c1:d0:fe:c0:1c:a5:83:93:57:94:d0:
         99:23:a5:3a:8d:f2:99:b7:c4:f1:81:95:d9:a1:8b:4e:ec:5d:
         2e:c0:71:c2:f3:c5:c0:f7:76:c7:88:ff:34:58:33:d9:5f:96:
         25:6a:0f:51:92:7a:87:f8:71:f3:80:01:42:d4:fe:87:61:e2:
         9b:51:64:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DljrvcLkuP1iXG5EFImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwODA5ZGMwN2JjMDc3NTE5OGYyZjMxNTU0MTUyZjM1NmE4
M2Y3NzAwHhcNMjQwMTAxMTYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTJmZTBlYTcxMjc2ZTRkM2ZhODU5OTE5NWNhYzVkMmQ3ZjEwZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfmc9/WYYpmY2kLL2L4oXd8x8u4C
9TtzzTJhlUtAeV51DSv5yrVuSICfeJ8uCgbA02Rv2y5cfmZ5ginx3RP1mWG0/k/k
cC7tu0B8XSRF+ESRAXGfCsrhwiC2M9Mo+nclu9sM1c08DU3VwAtIUbT6c2hmO+ag
l9bOTRHhpB8u3YWgVhgywT8a0DxbjAtQjxlOATcH8FIr4Ane0zmG4TZJotdkPAJq
M7wFbblu6l7/X74r02ji6nEmzLOnbn/vCLnULWKOD1hBalexj7hD94lbL9+fSUAw
s3T0A0pQOQEtnseI2Dif+f3JSWhP40NXeK/7PzzucXU/yQdrF//LuLNEhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkv4OpxJ25NP6hZkZXKxdLX8Q7SMB8GA1UdIwQY
MBaAFLCAncB7wHdRmPLzFVQVLzVqg/dwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0lDZHdIdkFkMUdZOHZNVlZCVXZOV3FEOTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9kYjcyNGEtY2JjYS00ZWQxLTliNzkt
OWExYWIxMWFiZGVkLzEvT1NfZzZuRW5iazBfcUZtUmxjckYwdGZ4RHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9kYjcyNGEtY2JjYS00ZWQxLTliNzktOWExYWIxMWFiZGVk
LzEvc0lDZHdIdkFkMUdZOHZNVlZCVXZOV3FEOTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmh8MA0G
CSqGSIb3DQEBCwUAA4IBAQB+kOuTVR6c0otNZSlbpcNbrsIkmoNbvM2trN/MSKdj
Axwi8uhDxgA0DWTm7OAZDMx+k1HYkdqy8oQI3gxKiSmFzR+w3+XiLD77wiUJWBwn
dpd1lWaIXFpr1ncIMB/iK4PXwIW4CWOpFkr8np01FmMuGWZmCwTM+hdqv5gI4XCt
xwW+YoBxTdbv9aRgXcEmqZDSrWLRlyBw7l706sGeGfL5gPw2MzU6F8qb3QyPEbsB
nsb6WcCKcDVRyHKwwdD+wBylg5NXlNCZI6U6jfKZt8TxgZXZoYtO7F0uwHHC88XA
93bHiP80WDPZX5Ylag9RknqH+HHzgAFC1P6HYeKbUWSn
-----END CERTIFICATE-----