Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f49614-6c51-49a2-9ffa-f75f48bd94f4/1/OMTAIQWzRxbB5jtG8nYhSkptjZE.roa
File:                     OMTAIQWzRxbB5jtG8nYhSkptjZE.roa (raw, json)
Hash identifier:          Va2l+poKBCwFzczwIjtPQCCd757aRhyfP222Ypk/+6k=
Subject key identifier:   38:C4:C0:21:05:B3:47:16:C1:E6:3B:46:F2:76:21:4A:4A:6D:8D:91
Certificate issuer:       /CN=0e03f3c3cff6d8cd4b15240f6172836c7b53eb24
Certificate serial:       018CC794A5E02B4513A59381AD43783B71DC
Authority key identifier: 0E:03:F3:C3:CF:F6:D8:CD:4B:15:24:0F:61:72:83:6C:7B:53:EB:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgPzw8_22M1LFSQPYXKDbHtT6yQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f49614-6c51-49a2-9ffa-f75f48bd94f4/1/OMTAIQWzRxbB5jtG8nYhSkptjZE.roa
Signing time:             Tue 02 Jan 2024 00:30:56 +0000
ROA not before:           Tue 02 Jan 2024 00:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        193.17.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f49614-6c51-49a2-9ffa-f75f48bd94f4/1/DgPzw8_22M1LFSQPYXKDbHtT6yQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f49614-6c51-49a2-9ffa-f75f48bd94f4/1/DgPzw8_22M1LFSQPYXKDbHtT6yQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DgPzw8_22M1LFSQPYXKDbHtT6yQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a5:e0:2b:45:13:a5:93:81:ad:43:78:3b:71:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e03f3c3cff6d8cd4b15240f6172836c7b53eb24
        Validity
            Not Before: Jan  2 00:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38c4c02105b34716c1e63b46f276214a4a6d8d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9d:27:17:43:56:2c:bb:fd:20:dd:60:9d:71:
                    63:d0:42:25:db:6d:af:6f:24:38:ce:21:0a:d5:6e:
                    48:24:ca:30:ac:43:88:55:ac:f1:fe:07:3e:f7:a6:
                    82:17:8c:97:ea:61:54:f4:62:ed:23:ad:88:87:ce:
                    6b:7e:3f:b6:b9:26:70:9e:e5:cc:71:fe:1c:4b:75:
                    58:7f:b9:34:e4:7d:ef:79:20:52:75:1c:28:a0:62:
                    9d:76:e8:75:d7:c7:c4:75:23:4f:7b:52:cc:96:93:
                    16:4a:a1:b3:5d:5b:15:2b:b7:80:1e:72:c4:89:cb:
                    84:51:64:d7:27:2f:db:77:6e:21:bf:a3:21:d1:75:
                    35:82:49:55:f8:8a:34:cf:5b:86:6c:7b:07:e6:fe:
                    20:94:ff:84:ac:de:6f:bf:77:75:4b:72:4f:45:ac:
                    8c:3e:0b:65:2e:b0:b3:20:18:ad:55:a1:fd:75:92:
                    b1:9b:87:c7:28:9f:50:66:6d:e5:e6:9b:50:99:5e:
                    ae:a9:d7:3b:0f:91:23:23:10:15:15:7a:b1:fb:aa:
                    7b:b3:bf:a4:1e:51:33:52:4e:aa:3a:e9:98:19:b8:
                    33:2c:e3:be:1d:b6:e4:be:53:8d:ec:1a:0b:84:c9:
                    98:4d:43:2b:46:9a:0a:90:2e:26:3a:37:c5:7f:9d:
                    43:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:C4:C0:21:05:B3:47:16:C1:E6:3B:46:F2:76:21:4A:4A:6D:8D:91
            X509v3 Authority Key Identifier:
                keyid:0E:03:F3:C3:CF:F6:D8:CD:4B:15:24:0F:61:72:83:6C:7B:53:EB:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgPzw8_22M1LFSQPYXKDbHtT6yQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f49614-6c51-49a2-9ffa-f75f48bd94f4/1/OMTAIQWzRxbB5jtG8nYhSkptjZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f49614-6c51-49a2-9ffa-f75f48bd94f4/1/DgPzw8_22M1LFSQPYXKDbHtT6yQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:17:86:73:31:a1:26:9e:ee:9c:a1:02:de:2e:4d:fe:2e:6d:
         6f:c6:7a:eb:fb:ef:16:96:a8:b3:4e:29:4e:bc:69:39:a3:81:
         e1:ad:7c:1f:7d:d6:d2:9f:5e:25:ed:dd:3d:03:9e:82:32:78:
         d1:ad:28:62:b6:67:b3:d7:0a:09:f6:2e:2d:20:ba:9f:98:55:
         15:25:05:ee:e1:16:92:d4:3f:be:aa:88:ad:52:bd:1d:8b:60:
         5e:81:de:d1:f5:af:46:6a:8c:4b:22:53:07:5b:ed:7d:96:58:
         ad:34:20:c7:5e:88:b5:5d:bc:f5:8d:39:72:eb:42:7a:e8:a0:
         78:64:2f:8c:9a:16:f8:7a:4f:23:2c:a5:67:ed:81:f5:58:45:
         db:47:30:b5:f6:6c:c7:06:36:52:92:4f:79:dd:6c:04:0f:8d:
         f9:be:31:f0:e4:f3:05:bc:ed:a2:32:94:f7:eb:96:9d:c4:58:
         b1:9e:d8:b4:66:4f:39:8d:94:00:95:e2:62:56:4f:12:83:6f:
         be:ae:cc:65:c3:c7:b8:b2:06:32:36:62:4f:de:b7:58:7e:83:
         29:fc:c6:f3:52:00:f4:ca:c1:65:d3:62:ca:13:c8:de:a2:22:
         00:76:ed:8b:a7:1f:31:3a:a8:04:97:fe:f7:55:18:c5:18:e7:
         a2:07:3b:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKXgK0UTpZOBrUN4O3HcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMDNmM2MzY2ZmNmQ4Y2Q0YjE1MjQwZjYxNzI4MzZjN2I1
M2ViMjQwHhcNMjQwMTAyMDAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGM0YzAyMTA1YjM0NzE2YzFlNjNiNDZmMjc2MjE0YTRhNmQ4ZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJ0nF0NWLLv9IN1gnXFj0EIl222v
byQ4ziEK1W5IJMowrEOIVazx/gc+96aCF4yX6mFU9GLtI62Ih85rfj+2uSZwnuXM
cf4cS3VYf7k05H3veSBSdRwooGKdduh118fEdSNPe1LMlpMWSqGzXVsVK7eAHnLE
icuEUWTXJy/bd24hv6Mh0XU1gklV+Io0z1uGbHsH5v4glP+ErN5vv3d1S3JPRayM
PgtlLrCzIBitVaH9dZKxm4fHKJ9QZm3l5ptQmV6uqdc7D5EjIxAVFXqx+6p7s7+k
HlEzUk6qOumYGbgzLOO+HbbkvlON7BoLhMmYTUMrRpoKkC4mOjfFf51D7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjEwCEFs0cWweY7RvJ2IUpKbY2RMB8GA1UdIwQY
MBaAFA4D88PP9tjNSxUkD2Fyg2x7U+skMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdQenc4XzIyTTFMRlNRUFlYS0RiSHRUNnlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDk2MTQtNmM1MS00OWEyLTlmZmEt
Zjc1ZjQ4YmQ5NGY0LzEvT01UQUlRV3pSeGJCNWp0RzhuWWhTa3B0alpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDk2MTQtNmM1MS00OWEyLTlmZmEtZjc1ZjQ4YmQ5NGY0
LzEvRGdQenc4XzIyTTFMRlNRUFlYS0RiSHRUNnlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHJMA0G
CSqGSIb3DQEBCwUAA4IBAQBDF4ZzMaEmnu6coQLeLk3+Lm1vxnrr++8WlqizTilO
vGk5o4HhrXwffdbSn14l7d09A56CMnjRrShitmez1woJ9i4tILqfmFUVJQXu4RaS
1D++qoitUr0di2Begd7R9a9GaoxLIlMHW+19llitNCDHXoi1Xbz1jTly60J66KB4
ZC+Mmhb4ek8jLKVn7YH1WEXbRzC19mzHBjZSkk953WwED435vjHw5PMFvO2iMpT3
65adxFixnti0Zk85jZQAleJiVk8Sg2++rsxlw8e4sgYyNmJP3rdYfoMp/MbzUgD0
ysFl02LKE8jeoiIAdu2Lpx8xOqgEl/73VRjFGOeiBzvF
-----END CERTIFICATE-----