Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/oxRZdM4BAtnlJ0GWygAGa27LGRY.roa
File:                     oxRZdM4BAtnlJ0GWygAGa27LGRY.roa (raw, json)
Hash identifier:          +CpwrAfRLiBL1HnSGmC+diEtY/0LG4g6NaKE/Xb635w=
Subject key identifier:   A3:14:59:74:CE:01:02:D9:E5:27:41:96:CA:00:06:6B:6E:CB:19:16
Certificate issuer:       /CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
Certificate serial:       018CC26D6C28CB510FB19FA28DD6E124447B
Authority key identifier: 84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/oxRZdM4BAtnlJ0GWygAGa27LGRY.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52013
IP address blocks:        46.183.224.0/21 maxlen: 24
                          185.106.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6c:28:cb:51:0f:b1:9f:a2:8d:d6:e1:24:44:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3145974ce0102d9e5274196ca00066b6ecb1916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5d:8f:7a:ab:d2:d1:6b:0e:91:28:d8:70:73:
                    56:ad:79:8e:e9:07:46:4c:d8:6f:93:0b:7f:40:44:
                    9f:87:d3:c8:bf:e4:8d:33:48:82:9c:90:52:17:f3:
                    d6:db:84:c5:7a:dc:8f:62:40:c0:9a:52:2d:b2:f0:
                    9d:35:16:03:7c:f3:49:b9:af:8d:6d:2e:e6:fa:f5:
                    49:54:d0:67:c4:a1:d1:03:3d:24:85:a3:ac:aa:1e:
                    cb:af:73:55:3e:33:0f:b7:f0:a4:f6:d6:69:67:05:
                    e7:ce:a9:73:fe:14:53:d7:4b:8f:81:34:de:00:22:
                    dc:26:86:c8:42:84:07:36:85:a0:ec:84:a6:1d:de:
                    09:56:e6:2a:84:8b:6f:bb:76:26:ea:1e:51:41:e4:
                    41:05:b8:fc:85:41:12:2b:c6:c7:3a:c5:cd:c3:4e:
                    71:76:2f:cc:f3:a7:dd:1e:bc:e7:9c:cc:da:7c:e5:
                    d6:49:f6:0d:e4:7f:20:70:8c:ab:e7:47:9c:d4:79:
                    68:4f:26:e1:79:00:b7:86:76:07:3d:c0:f3:6f:31:
                    2a:a9:d1:d8:a6:75:d8:5d:c8:55:32:74:ec:24:08:
                    a7:ed:9e:0d:b0:17:02:92:eb:50:ae:88:b5:07:8f:
                    fa:4a:b8:59:a6:de:d3:a8:b0:3e:e4:a6:dc:e3:7c:
                    3c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:14:59:74:CE:01:02:D9:E5:27:41:96:CA:00:06:6B:6E:CB:19:16
            X509v3 Authority Key Identifier:
                keyid:84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/oxRZdM4BAtnlJ0GWygAGa27LGRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.224.0/21
                  185.106.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:fe:e2:d7:0f:4f:6b:2f:1d:b9:85:18:58:73:bd:b9:1b:9c:
         86:5b:42:ee:c0:dd:55:18:50:fe:7b:e9:b9:de:45:11:ab:a8:
         67:2a:2a:d8:67:ca:62:cb:0c:9c:3b:a4:91:bd:bb:7a:ae:d7:
         58:db:2b:ab:f9:0d:e3:31:a7:da:b8:9c:6a:3a:0c:90:56:1a:
         6c:69:bf:44:da:58:53:d1:a1:27:da:fe:47:18:37:dc:03:10:
         83:31:81:e1:0d:34:d4:b2:99:01:2f:ae:94:5e:91:5d:87:e7:
         c7:8d:88:95:3b:ca:77:03:f1:bc:bd:0c:e1:61:e4:3f:93:48:
         d4:ea:89:5b:58:35:b5:f0:de:5b:b2:f6:fd:34:b3:87:20:8f:
         bb:88:de:7c:39:61:be:85:94:c4:a6:54:1e:82:a7:73:64:7f:
         36:80:52:17:48:b7:ba:a1:af:67:55:bd:ae:9a:03:03:de:57:
         7f:a1:ec:f1:7d:ad:d1:57:9a:fd:f0:55:19:6f:8d:7f:d8:ae:
         7d:9d:31:e4:17:6a:65:c6:7c:4f:9b:ba:3c:af:80:35:a6:97:
         8c:cc:23:89:44:ba:d7:2b:db:16:bf:21:83:49:15:aa:b8:d1:
         b5:92:97:be:ad:c7:e5:14:4d:61:79:30:70:5f:f4:3f:32:7b:
         91:d2:d4:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbWwoy1EPsZ+ijdbhJER7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MWYzNmZjYmY3MzM0ZWZmNmI5MWU4MDI5N2VhNWIyNWM0
ZWNmZDIwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzE0NTk3NGNlMDEwMmQ5ZTUyNzQxOTZjYTAwMDY2YjZlY2IxOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF2PeqvS0WsOkSjYcHNWrXmO6QdG
TNhvkwt/QESfh9PIv+SNM0iCnJBSF/PW24TFetyPYkDAmlItsvCdNRYDfPNJua+N
bS7m+vVJVNBnxKHRAz0khaOsqh7Lr3NVPjMPt/Ck9tZpZwXnzqlz/hRT10uPgTTe
ACLcJobIQoQHNoWg7ISmHd4JVuYqhItvu3Ym6h5RQeRBBbj8hUESK8bHOsXNw05x
di/M86fdHrznnMzafOXWSfYN5H8gcIyr50ec1HloTybheQC3hnYHPcDzbzEqqdHY
pnXYXchVMnTsJAin7Z4NsBcCkutQroi1B4/6SrhZpt7TqLA+5Kbc43w8nQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKMUWXTOAQLZ5SdBlsoABmtuyxkWMB8GA1UdIwQY
MBaAFIQfNvy/czTv9rkegCl+pbJcTs/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQt
OTVkZGIwOTc0ZTRiLzEvb3hSWmRNNEJBdG5sSjBHV3lnQUdhMjdMR1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQtOTVkZGIwOTc0ZTRi
LzEvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLrfgAwQA
uWqHMA0GCSqGSIb3DQEBCwUAA4IBAQCw/uLXD09rLx25hRhYc725G5yGW0LuwN1V
GFD+e+m53kURq6hnKirYZ8piywycO6SRvbt6rtdY2yur+Q3jMafauJxqOgyQVhps
ab9E2lhT0aEn2v5HGDfcAxCDMYHhDTTUspkBL66UXpFdh+fHjYiVO8p3A/G8vQzh
YeQ/k0jU6olbWDW18N5bsvb9NLOHII+7iN58OWG+hZTEplQegqdzZH82gFIXSLe6
oa9nVb2umgMD3ld/oezxfa3RV5r98FUZb41/2K59nTHkF2plxnxPm7o8r4A1ppeM
zCOJRLrXK9sWvyGDSRWquNG1kpe+rcflFE1heTBwX/Q/MnuR0tSu
-----END CERTIFICATE-----