Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/4OIH-Un4yy4-pSE4nKbPDHGPbFk.roa
File:                     4OIH-Un4yy4-pSE4nKbPDHGPbFk.roa (raw, json)
Hash identifier:          y2kF5QVQDo4B+KA5N0Dskl5cwATEuYWUah4UN3OB11c=
Subject key identifier:   E0:E2:07:F9:49:F8:CB:2E:3E:A5:21:38:9C:A6:CF:0C:71:8F:6C:59
Certificate issuer:       /CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
Certificate serial:       018CC5011F439CD0961670B1E20ED7459B0B
Authority key identifier: 0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/4OIH-Un4yy4-pSE4nKbPDHGPbFk.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206112
IP address blocks:        80.92.237.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1f:43:9c:d0:96:16:70:b1:e2:0e:d7:45:9b:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0e207f949f8cb2e3ea521389ca6cf0c718f6c59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a3:f3:25:a6:1c:60:c4:49:32:98:de:50:78:
                    39:ce:e8:c7:30:ba:63:6e:79:b9:ca:ef:8d:55:3a:
                    ed:6b:9c:2d:77:20:cc:58:b1:dd:2b:77:77:4a:d2:
                    95:25:a6:e3:13:8e:b5:54:14:b7:b0:0a:18:87:92:
                    67:55:4c:c8:45:e4:86:d5:c1:4a:a2:93:53:7b:3f:
                    b2:3f:98:1e:a1:bd:5a:96:eb:dd:26:ec:67:4e:4f:
                    52:f4:44:38:b6:63:a1:b7:1f:43:e4:1e:1b:f9:7e:
                    0a:25:23:10:f8:ba:78:30:c3:87:46:d8:b4:a2:29:
                    d2:5a:9f:3e:57:2c:4f:74:31:eb:e8:e1:a5:4e:f6:
                    99:75:22:31:5b:cc:15:48:ea:21:5f:85:62:87:39:
                    d5:18:a9:99:4c:29:08:53:b8:41:0f:e6:5a:2f:cc:
                    b8:14:35:a3:6d:74:71:cf:56:a7:96:31:df:53:bc:
                    fe:87:71:30:a3:89:31:c3:00:73:5e:d6:f8:e2:2a:
                    08:cc:21:64:42:9f:e4:ba:e8:7d:c3:ac:72:05:92:
                    a3:37:c2:f9:d3:b3:45:c9:4d:d0:c2:cd:25:52:5a:
                    40:7e:8e:a6:7e:00:3b:80:4d:d2:2b:47:cf:8e:50:
                    18:6c:80:17:7b:5c:32:5f:ed:d9:fb:22:40:85:90:
                    e6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:E2:07:F9:49:F8:CB:2E:3E:A5:21:38:9C:A6:CF:0C:71:8F:6C:59
            X509v3 Authority Key Identifier:
                keyid:0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/4OIH-Un4yy4-pSE4nKbPDHGPbFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.92.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:bd:95:16:90:b9:61:3e:91:78:50:95:38:b9:72:a4:53:71:
         48:30:27:6b:bb:17:31:b0:9d:9c:7f:e2:01:db:38:17:eb:c6:
         60:b5:aa:61:bd:be:57:9d:6a:ca:df:6d:91:60:eb:91:2d:b8:
         50:37:52:b4:e1:34:2e:95:da:a6:fe:c8:eb:9b:e7:d7:c2:1a:
         14:71:f8:a5:ba:c5:d3:4a:1b:f9:2a:5c:9f:86:77:be:e2:ab:
         3f:bc:63:20:b0:0a:92:24:18:c6:8e:f4:67:e0:1b:25:20:0e:
         0e:d5:6c:d1:01:bb:c1:72:e4:32:88:be:98:e1:70:94:79:3d:
         89:6b:a7:c8:52:ba:3c:d9:be:f8:23:99:21:0b:7c:09:3f:bb:
         80:6c:6b:6c:e6:4d:90:16:6f:5c:1a:76:15:a6:c6:f9:75:7c:
         f0:03:cf:ef:2c:85:d6:b9:db:0e:ea:27:cd:f7:7a:d6:e3:97:
         46:53:c5:76:4e:ec:95:bc:2c:fe:0e:5d:68:4c:0d:4e:e0:3d:
         fb:fc:42:11:89:6f:69:6e:7a:7d:65:a0:dc:d3:98:10:64:85:
         d7:b8:85:be:a5:3a:86:eb:9a:7a:45:a5:da:32:76:81:55:5b:
         2b:ad:07:1b:95:3e:06:9f:83:ac:7c:4b:33:25:5c:a8:c6:24:
         05:d3:5d:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAR9DnNCWFnCx4g7XRZsLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkODcxNDJiZGMyYjNmMGQwODQ4YTBkODAwYjY5MzBiMWFi
YjM0YmMwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGUyMDdmOTQ5ZjhjYjJlM2VhNTIxMzg5Y2E2Y2YwYzcxOGY2YzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaPzJaYcYMRJMpjeUHg5zujHMLpj
bnm5yu+NVTrta5wtdyDMWLHdK3d3StKVJabjE461VBS3sAoYh5JnVUzIReSG1cFK
opNTez+yP5geob1aluvdJuxnTk9S9EQ4tmOhtx9D5B4b+X4KJSMQ+Lp4MMOHRti0
oinSWp8+VyxPdDHr6OGlTvaZdSIxW8wVSOohX4VihznVGKmZTCkIU7hBD+ZaL8y4
FDWjbXRxz1anljHfU7z+h3Ewo4kxwwBzXtb44ioIzCFkQp/kuuh9w6xyBZKjN8L5
07NFyU3Qws0lUlpAfo6mfgA7gE3SK0fPjlAYbIAXe1wyX+3Z+yJAhZDmkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODiB/lJ+MsuPqUhOJymzwxxj2xZMB8GA1UdIwQY
MBaAFA2HFCvcKz8NCEig2AC2kwsauzS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQt
YTMxNzA4ZDQwMzkxLzEvNE9JSC1VbjR5eTQtcFNFNG5LYlBESEdQYkZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQtYTMxNzA4ZDQwMzkx
LzEvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFztMA0G
CSqGSIb3DQEBCwUAA4IBAQC4vZUWkLlhPpF4UJU4uXKkU3FIMCdruxcxsJ2cf+IB
2zgX68Zgtaphvb5XnWrK322RYOuRLbhQN1K04TQuldqm/sjrm+fXwhoUcfilusXT
Shv5Klyfhne+4qs/vGMgsAqSJBjGjvRn4BslIA4O1WzRAbvBcuQyiL6Y4XCUeT2J
a6fIUro82b74I5khC3wJP7uAbGts5k2QFm9cGnYVpsb5dXzwA8/vLIXWudsO6ifN
93rW45dGU8V2TuyVvCz+Dl1oTA1O4D37/EIRiW9pbnp9ZaDc05gQZIXXuIW+pTqG
65p6RaXaMnaBVVsrrQcblT4Gn4OsfEszJVyoxiQF011g
-----END CERTIFICATE-----