Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/OUx6GPHPnzsQnqEqThAqd3s23w8.roa
File:                     OUx6GPHPnzsQnqEqThAqd3s23w8.roa (raw, json)
Hash identifier:          cftY8AE0/w0CzGovFuebr5nqkpyNao2CG66kKd6pZPA=
Subject key identifier:   39:4C:7A:18:F1:CF:9F:3B:10:9E:A1:2A:4E:10:2A:77:7B:36:DF:0F
Certificate issuer:       /CN=0562d5a67b7a20f865e753163a6ed0e5f347e839
Certificate serial:       018CC7955B842A62CF7554B3E92DABBCBFD9
Authority key identifier: 05:62:D5:A6:7B:7A:20:F8:65:E7:53:16:3A:6E:D0:E5:F3:47:E8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/OUx6GPHPnzsQnqEqThAqd3s23w8.roa
Signing time:             Tue 02 Jan 2024 00:31:43 +0000
ROA not before:           Tue 02 Jan 2024 00:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50128
IP address blocks:        194.1.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5b:84:2a:62:cf:75:54:b3:e9:2d:ab:bc:bf:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0562d5a67b7a20f865e753163a6ed0e5f347e839
        Validity
            Not Before: Jan  2 00:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=394c7a18f1cf9f3b109ea12a4e102a777b36df0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d0:e5:db:ee:ee:f3:cf:70:df:34:69:52:78:
                    ed:cf:81:2d:8c:66:4f:0b:b8:95:41:a8:1f:cd:12:
                    5e:c5:e1:0f:85:99:47:00:49:f3:d3:c3:5b:c6:1c:
                    a8:06:5b:f4:5b:6f:7e:09:89:95:29:e1:4f:ad:7e:
                    25:08:9d:37:49:45:42:db:4b:bc:56:18:f1:d4:f1:
                    0a:a8:69:4e:41:86:94:28:7b:3f:fe:9b:03:28:f2:
                    5d:e7:60:b2:85:82:d8:bc:78:ad:cb:58:56:eb:d5:
                    f3:26:23:f0:03:22:23:52:c6:45:b4:66:25:9c:11:
                    43:69:00:5d:49:92:ce:9b:da:70:88:bd:e8:50:40:
                    29:f8:f8:8f:61:c2:af:18:37:fa:69:00:f6:0d:5f:
                    7d:9e:ac:8d:2b:4d:e4:18:72:1d:c7:82:9a:76:2f:
                    82:f5:d6:54:0d:38:ae:7c:f4:5a:f1:8a:b3:40:1e:
                    aa:ab:4e:a9:b9:79:a1:16:e8:bf:d1:2b:46:9f:64:
                    cd:df:c9:4b:dd:f8:ab:47:f2:cb:08:e3:10:e4:54:
                    86:ac:4a:b9:63:ef:73:ba:03:ed:b5:af:61:d7:03:
                    2a:38:f2:c9:29:2b:a5:f1:df:96:45:36:74:0f:20:
                    60:74:e1:60:f3:fa:cb:70:6c:8c:2f:f8:3c:5a:bc:
                    ee:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:4C:7A:18:F1:CF:9F:3B:10:9E:A1:2A:4E:10:2A:77:7B:36:DF:0F
            X509v3 Authority Key Identifier:
                keyid:05:62:D5:A6:7B:7A:20:F8:65:E7:53:16:3A:6E:D0:E5:F3:47:E8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/OUx6GPHPnzsQnqEqThAqd3s23w8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:32:8f:f2:12:3d:01:9b:f2:bb:c6:9f:b2:24:ba:ea:5f:9c:
         5a:be:90:62:6b:a0:9c:29:3e:1d:7d:5e:7a:00:5f:5e:33:ed:
         b1:d1:f0:8f:2d:e9:cf:4d:de:a4:fe:89:a8:f7:7b:b6:e1:9e:
         1b:09:f6:2d:02:40:f2:f4:63:28:cb:e4:28:a6:c9:f6:ab:a0:
         84:76:e6:d2:d7:dd:e9:57:69:fc:b3:6f:8d:fc:7d:09:21:ab:
         59:d7:4b:b7:44:fd:75:c5:dc:58:33:b0:d7:97:65:0c:59:6e:
         2b:4c:27:2f:25:ab:27:af:20:13:ee:ae:2a:5d:9e:37:6d:af:
         73:6d:e8:a7:ee:3b:a8:49:a0:ad:15:ae:0f:ff:9f:0a:db:e4:
         a6:a7:70:b5:fb:00:e4:02:71:21:da:94:80:b7:72:06:87:6f:
         ab:c9:b5:05:77:c0:f3:cb:87:1f:3e:8a:6e:bb:31:66:27:eb:
         d7:97:11:3f:08:cd:24:48:41:cd:c7:eb:83:d7:a7:1b:ac:25:
         99:d7:8e:9a:2d:e1:c4:c3:d7:92:eb:b5:5f:26:47:14:a1:92:
         a6:3a:0e:17:9f:36:eb:ca:7f:e4:04:7c:9f:ee:eb:24:a2:b3:
         35:b3:1e:af:d3:dd:d6:e4:d9:33:20:8a:f2:80:59:d4:16:a1:
         f2:38:84:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVuEKmLPdVSz6S2rvL/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NjJkNWE2N2I3YTIwZjg2NWU3NTMxNjNhNmVkMGU1ZjM0
N2U4MzkwHhcNMjQwMTAyMDAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTRjN2ExOGYxY2Y5ZjNiMTA5ZWExMmE0ZTEwMmE3NzdiMzZkZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtDl2+7u889w3zRpUnjtz4EtjGZP
C7iVQagfzRJexeEPhZlHAEnz08NbxhyoBlv0W29+CYmVKeFPrX4lCJ03SUVC20u8
Vhjx1PEKqGlOQYaUKHs//psDKPJd52CyhYLYvHity1hW69XzJiPwAyIjUsZFtGYl
nBFDaQBdSZLOm9pwiL3oUEAp+PiPYcKvGDf6aQD2DV99nqyNK03kGHIdx4Kadi+C
9dZUDTiufPRa8YqzQB6qq06puXmhFui/0StGn2TN38lL3firR/LLCOMQ5FSGrEq5
Y+9zugPtta9h1wMqOPLJKSul8d+WRTZ0DyBgdOFg8/rLcGyML/g8Wrzu6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlMehjxz587EJ6hKk4QKnd7Nt8PMB8GA1UdIwQY
MBaAFAVi1aZ7eiD4ZedTFjpu0OXzR+g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQldMVnBudDZJUGhsNTFNV09tN1E1Zk5INkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi84YjAxYzItZWNiZS00Zjg4LWFlMzct
NTA0YzhmYzIyMGVhLzEvT1V4NkdQSFBuenNRbnFFcVRoQXFkM3MyM3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi84YjAxYzItZWNiZS00Zjg4LWFlMzctNTA0YzhmYzIyMGVh
LzEvQldMVnBudDZJUGhsNTFNV09tN1E1Zk5INkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgGCMA0G
CSqGSIb3DQEBCwUAA4IBAQCiMo/yEj0Bm/K7xp+yJLrqX5xavpBia6CcKT4dfV56
AF9eM+2x0fCPLenPTd6k/omo93u24Z4bCfYtAkDy9GMoy+Qopsn2q6CEdubS193p
V2n8s2+N/H0JIatZ10u3RP11xdxYM7DXl2UMWW4rTCcvJasnryAT7q4qXZ43ba9z
bein7juoSaCtFa4P/58K2+Smp3C1+wDkAnEh2pSAt3IGh2+rybUFd8Dzy4cfPopu
uzFmJ+vXlxE/CM0kSEHNx+uD16cbrCWZ146aLeHEw9eS67VfJkcUoZKmOg4Xnzbr
yn/kBHyf7uskorM1sx6v093W5NkzIIrygFnUFqHyOITQ
-----END CERTIFICATE-----