Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/ow3kGcBfQLCy1Obry-0D0YG99-o.roa
File:                     ow3kGcBfQLCy1Obry-0D0YG99-o.roa (raw, json)
Hash identifier:          z9xOmEjOqYVcX5HwpPlJyfjXLQ6R8OqgEUJTKtRf4hc=
Subject key identifier:   A3:0D:E4:19:C0:5F:40:B0:B2:D4:E6:EB:CB:ED:03:D1:81:BD:F7:EA
Certificate issuer:       /CN=8f7b496ea7cf763d058308371e1bf67e53bc7ba3
Certificate serial:       018CC86F335E2B131336A17CFF878FA640C1
Authority key identifier: 8F:7B:49:6E:A7:CF:76:3D:05:83:08:37:1E:1B:F6:7E:53:BC:7B:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/ow3kGcBfQLCy1Obry-0D0YG99-o.roa
Signing time:             Tue 02 Jan 2024 04:29:39 +0000
ROA not before:           Tue 02 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205961
IP address blocks:        185.200.20.0/22 maxlen: 22
                          2a0b:24c1::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:33:5e:2b:13:13:36:a1:7c:ff:87:8f:a6:40:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f7b496ea7cf763d058308371e1bf67e53bc7ba3
        Validity
            Not Before: Jan  2 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a30de419c05f40b0b2d4e6ebcbed03d181bdf7ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4c:e8:7d:5c:a1:97:93:6f:30:cc:08:67:ee:
                    11:48:50:5b:ef:71:88:25:55:95:f5:4c:34:41:51:
                    97:45:5e:9c:78:df:f6:43:b6:9d:18:c1:d3:c9:9a:
                    1c:66:a6:6f:50:c3:64:83:2e:22:d3:51:b0:1b:89:
                    55:5d:b2:f4:d0:bf:4b:eb:05:29:90:89:f5:2b:b4:
                    65:13:c0:76:ee:15:c8:fa:64:64:2c:29:b7:13:20:
                    31:a8:81:e1:b3:3f:1b:42:6c:db:df:4c:76:a9:19:
                    25:aa:74:1b:c2:48:ac:91:b0:36:95:b9:c9:7e:cf:
                    ba:bb:63:0c:90:58:5a:68:2d:3d:c0:f8:98:83:56:
                    a0:21:8e:ce:91:e7:51:7e:09:6d:9a:ea:e3:d5:84:
                    18:46:2b:bd:fa:6c:33:ac:d0:47:17:cd:a9:1d:a0:
                    87:39:89:a4:33:a3:75:59:2d:85:c8:e8:b0:b0:7d:
                    de:d0:a8:3f:e6:a0:5b:c7:87:4a:37:c5:52:bc:3e:
                    fe:c5:e8:3e:31:e6:d7:0a:6c:40:6f:05:fa:9a:e6:
                    cc:30:cd:71:44:34:26:88:2c:fa:50:db:04:05:c2:
                    bb:9e:b4:84:a6:07:a4:3d:ff:f2:92:92:6d:5d:7e:
                    ab:ec:21:69:37:70:ca:62:67:56:13:f6:4f:fc:29:
                    04:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:0D:E4:19:C0:5F:40:B0:B2:D4:E6:EB:CB:ED:03:D1:81:BD:F7:EA
            X509v3 Authority Key Identifier:
                keyid:8F:7B:49:6E:A7:CF:76:3D:05:83:08:37:1E:1B:F6:7E:53:BC:7B:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/ow3kGcBfQLCy1Obry-0D0YG99-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.20.0/22
                IPv6:
                  2a0b:24c1::/33

    Signature Algorithm: sha256WithRSAEncryption
         41:58:b9:e5:2e:5e:81:a4:fd:6a:a1:ca:a5:06:99:51:34:fe:
         61:e6:90:20:a5:9c:4a:08:e5:eb:14:82:de:a7:b7:78:f3:db:
         a2:76:6d:62:92:2f:84:cb:b0:ca:0a:30:40:85:69:bf:cb:34:
         a5:aa:4b:df:f0:08:53:71:87:00:2e:dd:a2:09:5b:02:28:94:
         da:68:3e:39:4c:8a:fc:e1:68:99:93:70:8f:dc:f0:ed:1e:86:
         47:96:02:e8:de:48:73:83:2d:b9:12:95:5d:3c:dd:6b:58:a8:
         c4:1c:09:5f:78:dc:ed:f2:01:cd:25:48:52:f4:73:85:17:ce:
         5c:42:d9:c9:2c:8a:00:27:33:f3:d4:64:84:f9:8a:63:11:92:
         a2:aa:05:51:5c:da:50:07:ba:df:27:12:04:f5:80:57:28:d4:
         3a:7e:1e:87:c3:2e:8b:78:a2:7d:67:8d:4f:b0:e8:6c:c7:86:
         6d:f3:67:1c:67:dd:e0:a8:d5:6f:e6:76:71:3d:82:9d:19:da:
         01:a5:8d:8e:08:e6:48:d7:b6:7c:57:27:00:ad:24:ed:81:fa:
         45:92:95:c0:8e:e0:d1:81:f8:1c:f0:50:2c:63:86:0f:44:c0:
         91:52:3b:6c:c2:8d:cf:b1:63:74:bd:5c:c2:24:61:d3:d9:6f:
         6e:33:92:a5
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzIbzNeKxMTNqF8/4ePpkDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmN2I0OTZlYTdjZjc2M2QwNTgzMDgzNzFlMWJmNjdlNTNi
YzdiYTMwHhcNMjQwMTAyMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzBkZTQxOWMwNWY0MGIwYjJkNGU2ZWJjYmVkMDNkMTgxYmRmN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUzofVyhl5NvMMwIZ+4RSFBb73GI
JVWV9Uw0QVGXRV6ceN/2Q7adGMHTyZocZqZvUMNkgy4i01GwG4lVXbL00L9L6wUp
kIn1K7RlE8B27hXI+mRkLCm3EyAxqIHhsz8bQmzb30x2qRklqnQbwkiskbA2lbnJ
fs+6u2MMkFhaaC09wPiYg1agIY7OkedRfgltmurj1YQYRiu9+mwzrNBHF82pHaCH
OYmkM6N1WS2FyOiwsH3e0Kg/5qBbx4dKN8VSvD7+xeg+MebXCmxAbwX6mubMMM1x
RDQmiCz6UNsEBcK7nrSEpgekPf/ykpJtXX6r7CFpN3DKYmdWE/ZP/CkEEQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKMN5BnAX0CwstTm68vtA9GBvffqMB8GA1UdIwQY
MBaAFI97SW6nz3Y9BYMINx4b9n5TvHujMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajN0SmJxZlBkajBGZ3dnM0hodjJmbE84ZTZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZWZkOTQtMDUxNi00ZTY2LTk4ZDUt
MjUxYjAxOWQ1MWE4LzEvb3cza0djQmZRTEN5MU9icnktMEQwWUc5OS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZWZkOTQtMDUxNi00ZTY2LTk4ZDUtMjUxYjAxOWQ1MWE4
LzEvajN0SmJxZlBkajBGZ3dnM0hodjJmbE84ZTZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCucgUMA4E
AgACMAgDBgcqCyTBADANBgkqhkiG9w0BAQsFAAOCAQEAQVi55S5egaT9aqHKpQaZ
UTT+YeaQIKWcSgjl6xSC3qe3ePPbonZtYpIvhMuwygowQIVpv8s0papL3/AIU3GH
AC7doglbAiiU2mg+OUyK/OFomZNwj9zw7R6GR5YC6N5Ic4MtuRKVXTzda1ioxBwJ
X3jc7fIBzSVIUvRzhRfOXELZySyKACcz89RkhPmKYxGSoqoFUVzaUAe63ycSBPWA
VyjUOn4eh8Mui3iifWeNT7DobMeGbfNnHGfd4KjVb+Z2cT2CnRnaAaWNjgjmSNe2
fFcnAK0k7YH6RZKVwI7g0YH4HPBQLGOGD0TAkVI7bMKNz7FjdL1cwiRh09lvbjOS
pQ==
-----END CERTIFICATE-----