Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/O3Ske8FurWPmG9B7IIwEVbyuJdU.roa
File:                     O3Ske8FurWPmG9B7IIwEVbyuJdU.roa (raw, json)
Hash identifier:          RmTIwt2as4aGNeHMn0OBG6v6CMo2x8HKx3Jyy3Ml8qk=
Subject key identifier:   3B:74:A4:7B:C1:6E:AD:63:E6:1B:D0:7B:20:8C:04:55:BC:AE:25:D5
Certificate issuer:       /CN=c98b825f36e9cc330315c940de800cbabce3397b
Certificate serial:       018CC794B542FE65443E897588576C349F93
Authority key identifier: C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/O3Ske8FurWPmG9B7IIwEVbyuJdU.roa
Signing time:             Tue 02 Jan 2024 00:31:00 +0000
ROA not before:           Tue 02 Jan 2024 00:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200776
IP address blocks:        194.11.128.0/24 maxlen: 24
                          194.11.128.0/22 maxlen: 22
                          194.11.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:b5:42:fe:65:44:3e:89:75:88:57:6c:34:9f:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98b825f36e9cc330315c940de800cbabce3397b
        Validity
            Not Before: Jan  2 00:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b74a47bc16ead63e61bd07b208c0455bcae25d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6c:24:d7:9a:2a:f8:fd:43:5c:66:22:3c:a2:
                    89:09:54:d7:75:59:cc:5d:c6:e9:5a:88:cb:ef:1f:
                    ea:c4:08:e5:51:c9:97:f0:cf:fe:22:24:8f:26:13:
                    ca:c1:80:48:ca:59:9b:55:6a:d8:d2:c2:9a:93:b8:
                    d7:89:18:bf:d5:03:8b:6a:6a:62:8a:83:86:d1:5e:
                    12:9b:52:95:11:73:19:16:9e:03:4e:86:b2:2c:a0:
                    95:ae:ba:16:dc:00:81:5b:ef:42:a4:bc:45:60:fe:
                    e6:b4:44:99:e1:3f:d0:e8:2c:bc:db:da:7b:c7:39:
                    70:71:cb:31:88:8e:06:fd:1e:e9:fb:06:e0:3e:8a:
                    f4:e5:eb:aa:db:80:a1:8d:ce:ca:5b:57:2f:d9:bd:
                    ff:46:28:3d:6a:d0:4f:28:8a:64:75:24:b3:de:04:
                    a2:59:c7:1c:9c:65:a3:8f:05:05:88:95:2e:c7:c0:
                    40:87:f6:32:54:47:c9:51:f0:c9:ee:90:71:6c:57:
                    8b:35:27:21:6e:29:4e:71:78:19:df:c1:80:f0:59:
                    f2:41:8f:76:ce:94:a8:a2:e3:81:58:81:d5:53:67:
                    d1:19:ed:36:a2:52:9b:e4:13:8a:c9:e2:fb:bc:b8:
                    b2:75:e9:a6:a6:c9:9a:81:e4:b1:0e:bd:8f:17:86:
                    15:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:74:A4:7B:C1:6E:AD:63:E6:1B:D0:7B:20:8C:04:55:BC:AE:25:D5
            X509v3 Authority Key Identifier:
                keyid:C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/O3Ske8FurWPmG9B7IIwEVbyuJdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:1f:da:6e:73:60:4f:f1:85:aa:7a:8e:40:a5:a5:71:7d:b6:
         af:40:77:18:64:2a:15:6c:00:fd:30:3c:50:84:c6:16:68:3b:
         af:2b:8c:7e:cf:89:29:3d:63:88:85:1f:87:80:30:92:af:2a:
         fd:84:21:c4:5b:42:4d:82:d5:94:fc:68:ba:19:0e:10:1a:63:
         e2:2d:00:7c:e2:b7:63:94:02:5b:ac:4c:9f:e4:51:d4:d9:97:
         c7:59:1f:e1:ea:3a:53:27:42:4e:f7:f9:d6:4f:1c:1f:35:0a:
         3f:44:17:26:39:80:37:83:cf:54:17:71:c0:d2:89:f6:a9:53:
         29:56:2a:15:8d:ac:d1:9a:5f:73:f5:83:46:a7:14:a6:8c:38:
         8c:45:8d:2e:07:c8:96:08:d8:07:ed:00:76:a5:cf:12:4d:2e:
         cd:7c:a4:1f:c1:08:ae:dd:f9:aa:a9:6e:8e:79:dc:d5:ab:aa:
         79:c9:fd:24:da:69:a2:4c:ad:40:bc:9d:2b:db:1a:48:4b:1f:
         60:30:2e:42:50:53:bd:58:da:95:f2:bc:29:b0:77:dc:01:4d:
         e6:84:0e:78:bb:6d:34:91:0c:16:e3:ef:d3:15:33:6c:f1:b2:
         2f:2d:6e:51:27:8f:39:f0:0c:c2:a4:19:ff:63:14:f7:f3:d1:
         76:ac:b0:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlLVC/mVEPol1iFdsNJ+TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGI4MjVmMzZlOWNjMzMwMzE1Yzk0MGRlODAwY2JhYmNl
MzM5N2IwHhcNMjQwMTAyMDAzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjc0YTQ3YmMxNmVhZDYzZTYxYmQwN2IyMDhjMDQ1NWJjYWUyNWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2wk15oq+P1DXGYiPKKJCVTXdVnM
XcbpWojL7x/qxAjlUcmX8M/+IiSPJhPKwYBIylmbVWrY0sKak7jXiRi/1QOLampi
ioOG0V4Sm1KVEXMZFp4DToayLKCVrroW3ACBW+9CpLxFYP7mtESZ4T/Q6Cy829p7
xzlwccsxiI4G/R7p+wbgPor05euq24Chjc7KW1cv2b3/Rig9atBPKIpkdSSz3gSi
WcccnGWjjwUFiJUux8BAh/YyVEfJUfDJ7pBxbFeLNSchbilOcXgZ38GA8FnyQY92
zpSoouOBWIHVU2fRGe02olKb5BOKyeL7vLiydemmpsmageSxDr2PF4YV+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDt0pHvBbq1j5hvQeyCMBFW8riXVMB8GA1UdIwQY
MBaAFMmLgl826cwzAxXJQN6ADLq84zl7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUt
Yjg5YTUxMWMzYmJkLzEvTzNTa2U4RnVyV1BtRzlCN0lJd0VWYnl1SmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUtYjg5YTUxMWMzYmJk
LzEveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwguAMA0G
CSqGSIb3DQEBCwUAA4IBAQBoH9puc2BP8YWqeo5ApaVxfbavQHcYZCoVbAD9MDxQ
hMYWaDuvK4x+z4kpPWOIhR+HgDCSryr9hCHEW0JNgtWU/Gi6GQ4QGmPiLQB84rdj
lAJbrEyf5FHU2ZfHWR/h6jpTJ0JO9/nWTxwfNQo/RBcmOYA3g89UF3HA0on2qVMp
VioVjazRml9z9YNGpxSmjDiMRY0uB8iWCNgH7QB2pc8STS7NfKQfwQiu3fmqqW6O
edzVq6p5yf0k2mmiTK1AvJ0r2xpISx9gMC5CUFO9WNqV8rwpsHfcAU3mhA54u200
kQwW4+/TFTNs8bIvLW5RJ4858AzCpBn/YxT389F2rLC1
-----END CERTIFICATE-----