Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/OaUbixlXG3OJBvGCRVJ5CqcLE_8.roa
File:                     OaUbixlXG3OJBvGCRVJ5CqcLE_8.roa (raw, json)
Hash identifier:          H1FSKkUHV5QpczsTiLn0qYDoQGUZS/Grh45R7txDBqM=
Subject key identifier:   39:A5:1B:8B:19:57:1B:73:89:06:F1:82:45:52:79:0A:A7:0B:13:FF
Certificate issuer:       /CN=bb936933dc3aa03b3daa06e5b3873f35bdab55d2
Certificate serial:       0190DC3440BA6A8EF8036B138B8AA07221B7
Authority key identifier: BB:93:69:33:DC:3A:A0:3B:3D:AA:06:E5:B3:87:3F:35:BD:AB:55:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u5NpM9w6oDs9qgbls4c_Nb2rVdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/OaUbixlXG3OJBvGCRVJ5CqcLE_8.roa
Signing time:             Mon 22 Jul 2024 20:48:50 +0000
ROA not before:           Mon 22 Jul 2024 20:48:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        194.39.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/u5NpM9w6oDs9qgbls4c_Nb2rVdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/u5NpM9w6oDs9qgbls4c_Nb2rVdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u5NpM9w6oDs9qgbls4c_Nb2rVdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:dc:34:40:ba:6a:8e:f8:03:6b:13:8b:8a:a0:72:21:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb936933dc3aa03b3daa06e5b3873f35bdab55d2
        Validity
            Not Before: Jul 22 20:48:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39a51b8b19571b738906f1824552790aa70b13ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d1:65:42:42:18:57:ef:bb:54:89:83:ab:9c:
                    f9:ba:4b:61:7a:67:7b:f1:79:1c:9c:47:25:4e:59:
                    bb:92:0e:e4:4a:cb:1b:67:d2:8f:ec:5a:d0:28:b8:
                    24:93:e8:9f:1d:03:c8:d2:c9:ee:f0:85:a8:a1:9c:
                    0c:57:71:46:44:8b:ed:f0:78:14:a4:e5:9d:50:01:
                    fa:4c:19:c1:98:b1:35:87:75:cc:81:ed:32:19:5d:
                    f4:9e:c8:a5:db:76:ee:5c:4c:b4:57:93:03:d1:a6:
                    59:55:6d:23:b8:d4:81:e5:15:75:1f:1f:d2:23:73:
                    62:cd:03:11:4c:93:93:77:a5:fc:9f:58:e4:0c:32:
                    1f:9a:23:8b:da:18:5c:d2:31:20:83:a8:7d:5c:09:
                    16:6c:26:40:01:ed:a8:b2:1a:76:55:f8:cf:f6:48:
                    c2:5e:7a:43:61:a1:9d:24:04:a4:7b:07:6d:08:2f:
                    6b:86:6f:32:fe:d0:a2:50:d9:3b:56:d9:86:c7:d5:
                    4c:ec:20:60:1c:77:47:e5:5d:15:91:ae:9d:45:13:
                    e8:81:43:c7:f6:d7:45:86:6e:d2:88:0e:b9:83:fc:
                    1f:cb:ba:83:af:25:29:c2:8b:71:c7:e4:5f:8e:6a:
                    3a:05:95:db:6b:dd:46:69:d8:f2:38:58:af:1d:37:
                    a5:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:A5:1B:8B:19:57:1B:73:89:06:F1:82:45:52:79:0A:A7:0B:13:FF
            X509v3 Authority Key Identifier:
                keyid:BB:93:69:33:DC:3A:A0:3B:3D:AA:06:E5:B3:87:3F:35:BD:AB:55:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u5NpM9w6oDs9qgbls4c_Nb2rVdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/OaUbixlXG3OJBvGCRVJ5CqcLE_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/u5NpM9w6oDs9qgbls4c_Nb2rVdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:08:41:92:ef:90:fd:43:49:9e:5d:86:dc:a3:a6:57:1a:29:
         fd:19:0f:6a:ce:ec:ab:c5:b7:2c:4f:e7:37:89:1f:04:8b:22:
         c6:cc:46:7b:ef:f1:12:9d:da:bd:cf:49:aa:cc:15:4c:58:bb:
         fa:88:e4:31:a9:17:2e:a6:35:98:cf:d3:da:c6:18:72:34:5f:
         45:b0:48:94:c5:4e:bc:2d:c3:c5:53:ad:df:df:fb:2f:c5:57:
         62:ab:f7:e1:b4:17:67:f0:68:26:03:65:0f:d1:c0:71:a6:0a:
         27:3e:5e:6b:65:1a:18:e9:5a:16:14:f2:ec:f7:9a:0b:20:67:
         78:de:0b:7b:a5:df:c1:99:c8:ff:33:0b:bd:b5:20:8e:14:28:
         fa:80:05:fa:23:ee:52:84:81:1e:ad:65:d7:54:73:50:be:49:
         f9:3a:9c:7b:90:47:03:85:51:88:28:42:d6:cb:a5:3f:30:2b:
         df:e2:ef:8b:53:b5:22:fe:e9:d2:a5:09:e6:de:d2:b0:2b:d5:
         a0:b1:e1:1e:09:5e:a3:23:48:ab:2d:2e:f6:39:09:9a:24:ce:
         1e:75:26:49:63:84:11:d4:71:da:28:1f:71:f0:89:9e:00:79:
         35:30:f2:7c:ff:c3:af:29:b5:c3:07:af:42:16:f8:07:8d:26:
         b6:2e:83:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDcNEC6ao74A2sTi4qgciG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOTM2OTMzZGMzYWEwM2IzZGFhMDZlNWIzODczZjM1YmRh
YjU1ZDIwHhcNMjQwNzIyMjA0ODUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWE1MWI4YjE5NTcxYjczODkwNmYxODI0NTUyNzkwYWE3MGIxM2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktFlQkIYV++7VImDq5z5ukthemd7
8XkcnEclTlm7kg7kSssbZ9KP7FrQKLgkk+ifHQPI0snu8IWooZwMV3FGRIvt8HgU
pOWdUAH6TBnBmLE1h3XMge0yGV30nsil23buXEy0V5MD0aZZVW0juNSB5RV1Hx/S
I3NizQMRTJOTd6X8n1jkDDIfmiOL2hhc0jEgg6h9XAkWbCZAAe2oshp2VfjP9kjC
XnpDYaGdJASkewdtCC9rhm8y/tCiUNk7VtmGx9VM7CBgHHdH5V0Vka6dRRPogUPH
9tdFhm7SiA65g/wfy7qDryUpwotxx+Rfjmo6BZXba91GadjyOFivHTelIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmlG4sZVxtziQbxgkVSeQqnCxP/MB8GA1UdIwQY
MBaAFLuTaTPcOqA7PaoG5bOHPzW9q1XSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTVOcE05dzZvRHM5cWdibHM0Y19OYjJyVmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8wY2E1OWItMzJkMS00NmEyLWJlNDgt
MGMzM2UxMjY0ZDdmLzEvT2FVYml4bFhHM09KQnZHQ1JWSjVDcWNMRV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi8wY2E1OWItMzJkMS00NmEyLWJlNDgtMGMzM2UxMjY0ZDdm
LzEvdTVOcE05dzZvRHM5cWdibHM0Y19OYjJyVmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwif4MA0G
CSqGSIb3DQEBCwUAA4IBAQB6CEGS75D9Q0meXYbco6ZXGin9GQ9qzuyrxbcsT+c3
iR8EiyLGzEZ77/ESndq9z0mqzBVMWLv6iOQxqRcupjWYz9PaxhhyNF9FsEiUxU68
LcPFU63f3/svxVdiq/fhtBdn8GgmA2UP0cBxpgonPl5rZRoY6VoWFPLs95oLIGd4
3gt7pd/Bmcj/Mwu9tSCOFCj6gAX6I+5ShIEerWXXVHNQvkn5Opx7kEcDhVGIKELW
y6U/MCvf4u+LU7Ui/unSpQnm3tKwK9WgseEeCV6jI0irLS72OQmaJM4edSZJY4QR
1HHaKB9x8ImeAHk1MPJ8/8OvKbXDB69CFvgHjSa2LoN7
-----END CERTIFICATE-----