Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/9d7cd7-ee63-4886-8fe1-b5ce6b6fd4d1/1/OtmHe6wlStTf3BdewEyLhVuegNE.roa
File:                     OtmHe6wlStTf3BdewEyLhVuegNE.roa (raw, json)
Hash identifier:          osEsDYToZ8XY4cFAOnPSIAA1CNPHAj9gRtgNnrlKWMU=
Subject key identifier:   3A:D9:87:7B:AC:25:4A:D4:DF:DC:17:5E:C0:4C:8B:85:5B:9E:80:D1
Certificate issuer:       /CN=e1977859d071f7150837b2acb4353ff33efd831c
Certificate serial:       018EBD40D81B15E3B34C16F82C713855305E
Authority key identifier: E1:97:78:59:D0:71:F7:15:08:37:B2:AC:B4:35:3F:F3:3E:FD:83:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Zd4WdBx9xUIN7KstDU_8z79gxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/9d7cd7-ee63-4886-8fe1-b5ce6b6fd4d1/1/OtmHe6wlStTf3BdewEyLhVuegNE.roa
Signing time:             Mon 08 Apr 2024 10:28:47 +0000
ROA not before:           Mon 08 Apr 2024 10:28:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215219
IP address blocks:        193.221.125.0/24 maxlen: 24
                          2a10:bd40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/9d7cd7-ee63-4886-8fe1-b5ce6b6fd4d1/1/4Zd4WdBx9xUIN7KstDU_8z79gxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/9d7cd7-ee63-4886-8fe1-b5ce6b6fd4d1/1/4Zd4WdBx9xUIN7KstDU_8z79gxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Zd4WdBx9xUIN7KstDU_8z79gxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:40:d8:1b:15:e3:b3:4c:16:f8:2c:71:38:55:30:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1977859d071f7150837b2acb4353ff33efd831c
        Validity
            Not Before: Apr  8 10:28:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ad9877bac254ad4dfdc175ec04c8b855b9e80d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c6:1c:92:8e:85:fd:20:77:fc:52:07:35:72:
                    3a:66:c4:ed:0f:df:6b:3e:ac:94:2f:3a:8a:23:aa:
                    1e:a7:e3:88:91:4e:48:3f:e1:73:4c:a2:93:ae:e0:
                    fc:22:0e:d7:49:3b:cb:63:a1:8b:b2:e9:96:72:96:
                    99:52:32:be:66:83:b0:39:0e:55:bc:e4:6d:24:36:
                    b4:52:18:cd:c6:8d:86:b1:d0:65:47:ea:8f:e1:60:
                    b4:74:8d:a8:1d:12:e1:9c:f1:36:49:34:53:35:4a:
                    65:f6:f1:00:59:19:ae:09:12:6b:02:b2:08:fe:83:
                    8c:af:49:7c:b6:09:36:93:2d:66:dc:79:e5:a8:75:
                    f0:ed:92:8b:17:6e:ce:ac:bf:6b:d8:c9:b1:ea:ed:
                    a6:bd:59:89:00:52:08:1d:05:62:a7:c4:55:29:14:
                    85:6b:e4:7e:a0:f1:83:eb:1a:68:06:2c:76:71:6b:
                    44:fb:88:7f:d3:28:90:b3:8d:77:21:b1:70:21:fb:
                    ae:20:d6:4f:22:30:8c:86:a4:67:ce:20:8a:2f:fe:
                    c1:64:3b:7c:11:bd:f4:60:cd:a6:f7:f2:5a:c7:21:
                    ef:c2:66:d8:24:95:42:9b:11:c7:67:0a:a5:93:1e:
                    24:5b:f0:50:eb:88:57:65:d0:22:98:41:91:44:e1:
                    16:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D9:87:7B:AC:25:4A:D4:DF:DC:17:5E:C0:4C:8B:85:5B:9E:80:D1
            X509v3 Authority Key Identifier:
                keyid:E1:97:78:59:D0:71:F7:15:08:37:B2:AC:B4:35:3F:F3:3E:FD:83:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Zd4WdBx9xUIN7KstDU_8z79gxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/9d7cd7-ee63-4886-8fe1-b5ce6b6fd4d1/1/OtmHe6wlStTf3BdewEyLhVuegNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/9d7cd7-ee63-4886-8fe1-b5ce6b6fd4d1/1/4Zd4WdBx9xUIN7KstDU_8z79gxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.125.0/24
                IPv6:
                  2a10:bd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:f5:ec:57:49:07:0a:81:d8:cf:49:54:55:d5:4c:8f:76:a6:
         36:20:91:52:0a:ad:11:7b:eb:3d:71:8c:d9:da:05:68:3e:8b:
         10:c7:c8:67:62:1b:2d:ea:aa:35:2b:1f:16:b7:d9:fc:f2:ee:
         08:7c:18:46:88:6f:32:62:c7:3a:6e:d4:44:b2:69:5c:ed:58:
         17:fd:5d:4f:13:aa:0b:f1:4e:ce:29:5a:f0:43:6f:c8:45:57:
         19:ba:d1:77:64:b3:a8:5d:ca:34:3c:42:c5:70:52:57:78:d6:
         93:c1:5b:63:66:e0:33:ff:a5:c9:04:ac:c4:2f:a8:f0:93:5e:
         21:7f:b9:4b:de:76:6b:f3:bb:58:57:55:0b:c0:3e:43:13:00:
         32:f7:9b:33:ff:57:00:08:b8:27:1b:69:e0:65:51:fc:e5:82:
         4f:83:04:89:58:1e:df:ae:2b:aa:3b:e3:b6:14:80:a4:f7:85:
         48:1e:55:5a:d8:bb:3d:79:63:4f:ea:50:e9:e7:b3:94:5b:af:
         8e:0c:6b:21:b3:db:25:78:56:3d:c4:f7:0c:d2:de:b8:54:8a:
         9f:06:1e:ed:fa:d8:5c:ff:f1:1b:26:b3:e4:b6:30:8f:ed:0f:
         17:21:8f:c8:c5:f1:eb:8f:e7:91:7f:ab:e2:46:20:81:06:c8:
         d6:07:b9:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY69QNgbFeOzTBb4LHE4VTBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxOTc3ODU5ZDA3MWY3MTUwODM3YjJhY2I0MzUzZmYzM2Vm
ZDgzMWMwHhcNMjQwNDA4MTAyODQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWQ5ODc3YmFjMjU0YWQ0ZGZkYzE3NWVjMDRjOGI4NTViOWU4MGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMYcko6F/SB3/FIHNXI6ZsTtD99r
PqyULzqKI6oep+OIkU5IP+FzTKKTruD8Ig7XSTvLY6GLsumWcpaZUjK+ZoOwOQ5V
vORtJDa0UhjNxo2GsdBlR+qP4WC0dI2oHRLhnPE2STRTNUpl9vEAWRmuCRJrArII
/oOMr0l8tgk2ky1m3HnlqHXw7ZKLF27OrL9r2Mmx6u2mvVmJAFIIHQVip8RVKRSF
a+R+oPGD6xpoBix2cWtE+4h/0yiQs413IbFwIfuuINZPIjCMhqRnziCKL/7BZDt8
Eb30YM2m9/JaxyHvwmbYJJVCmxHHZwqlkx4kW/BQ64hXZdAimEGRROEWdQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDrZh3usJUrU39wXXsBMi4VbnoDRMB8GA1UdIwQY
MBaAFOGXeFnQcfcVCDeyrLQ1P/M+/YMcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFpkNFdkQng5eFVJTjdLc3REVV84ejc5Z3h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85ZDdjZDctZWU2My00ODg2LThmZTEt
YjVjZTZiNmZkNGQxLzEvT3RtSGU2d2xTdFRmM0JkZXdFeUxoVnVlZ05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85ZDdjZDctZWU2My00ODg2LThmZTEtYjVjZTZiNmZkNGQx
LzEvNFpkNFdkQng5eFVJTjdLc3REVV84ejc5Z3h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwd19MA0E
AgACMAcDBQMqEL1AMA0GCSqGSIb3DQEBCwUAA4IBAQB09exXSQcKgdjPSVRV1UyP
dqY2IJFSCq0Re+s9cYzZ2gVoPosQx8hnYhst6qo1Kx8Wt9n88u4IfBhGiG8yYsc6
btREsmlc7VgX/V1PE6oL8U7OKVrwQ2/IRVcZutF3ZLOoXco0PELFcFJXeNaTwVtj
ZuAz/6XJBKzEL6jwk14hf7lL3nZr87tYV1ULwD5DEwAy95sz/1cACLgnG2ngZVH8
5YJPgwSJWB7friuqO+O2FICk94VIHlVa2Ls9eWNP6lDp57OUW6+ODGshs9sleFY9
xPcM0t64VIqfBh7t+thc//EbJrPktjCP7Q8XIY/IxfHrj+eRf6viRiCBBsjWB7kB
-----END CERTIFICATE-----