Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/Om4v8oe3ndQRMcxlAIEEdyAfNYw.roa
File:                     Om4v8oe3ndQRMcxlAIEEdyAfNYw.roa (raw, json)
Hash identifier:          Lxs/rrQf2ldIx/IDkPGUxYKz/hCHJzwSh8KMUnuJjoU=
Subject key identifier:   3A:6E:2F:F2:87:B7:9D:D4:11:31:CC:65:00:81:04:77:20:1F:35:8C
Certificate issuer:       /CN=80a9fff63a3477957ff75ccdc003dab68cf9d155
Certificate serial:       018CC801B7767B83341B43DDFFD780BD16B9
Authority key identifier: 80:A9:FF:F6:3A:34:77:95:7F:F7:5C:CD:C0:03:DA:B6:8C:F9:D1:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gKn_9jo0d5V_91zNwAPatoz50VU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/Om4v8oe3ndQRMcxlAIEEdyAfNYw.roa
Signing time:             Tue 02 Jan 2024 02:30:04 +0000
ROA not before:           Tue 02 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35540
IP address blocks:        151.127.0.0/16 maxlen: 16
                          109.190.0.0/16 maxlen: 16
                          2001:41d0:fc00::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/gKn_9jo0d5V_91zNwAPatoz50VU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/gKn_9jo0d5V_91zNwAPatoz50VU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gKn_9jo0d5V_91zNwAPatoz50VU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b7:76:7b:83:34:1b:43:dd:ff:d7:80:bd:16:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80a9fff63a3477957ff75ccdc003dab68cf9d155
        Validity
            Not Before: Jan  2 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a6e2ff287b79dd41131cc6500810477201f358c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:89:60:b2:47:e2:9f:2f:a5:fb:59:fd:77:ec:
                    b1:c2:db:c1:af:eb:9c:6b:47:63:35:d2:f4:7b:b5:
                    9c:c0:94:d0:99:ac:69:3d:4b:f2:50:96:94:b1:9f:
                    29:92:3c:08:8d:66:e4:e5:40:ef:c6:38:b3:5d:42:
                    0f:a3:5d:49:7e:3a:d6:b6:35:a6:2f:31:fe:7d:bc:
                    1c:2f:84:39:59:6c:66:b9:dd:5d:20:aa:6f:1a:a2:
                    17:70:ad:a1:6e:71:ea:c5:62:4d:40:fc:1e:cb:44:
                    2c:54:b5:a1:71:e0:0b:e8:fe:73:94:9f:34:90:b0:
                    b9:9f:9f:a9:59:6e:40:1d:48:6b:79:be:24:8c:26:
                    37:f2:62:57:0c:4f:18:50:bb:fb:e2:68:8e:ec:52:
                    c0:ce:26:34:1b:7d:c0:20:d8:b8:c7:b1:b1:52:a9:
                    71:65:ef:f0:b9:58:9c:75:4b:b4:8d:f9:b4:26:98:
                    c4:0d:b6:31:28:d7:96:4e:a7:86:0b:8c:89:0d:b3:
                    76:f2:4b:03:44:8b:06:c4:93:91:0b:86:87:29:2b:
                    87:a5:c4:02:cb:29:6e:04:62:d7:6a:72:7b:e8:f5:
                    81:22:71:61:e4:8f:ec:58:c5:23:7b:e7:ff:b1:61:
                    3c:13:09:1a:d4:1c:27:d2:92:f0:b8:fc:be:78:38:
                    b5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:6E:2F:F2:87:B7:9D:D4:11:31:CC:65:00:81:04:77:20:1F:35:8C
            X509v3 Authority Key Identifier:
                keyid:80:A9:FF:F6:3A:34:77:95:7F:F7:5C:CD:C0:03:DA:B6:8C:F9:D1:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gKn_9jo0d5V_91zNwAPatoz50VU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/Om4v8oe3ndQRMcxlAIEEdyAfNYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/gKn_9jo0d5V_91zNwAPatoz50VU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.190.0.0/16
                  151.127.0.0/16
                IPv6:
                  2001:41d0:fc00::/38

    Signature Algorithm: sha256WithRSAEncryption
         00:07:00:a8:a8:e6:aa:78:13:a8:d9:aa:17:3c:39:fe:02:63:
         a6:f4:65:f9:9b:e5:74:38:3a:0b:eb:f1:37:da:d7:8f:c2:aa:
         79:3e:94:d8:ff:a2:7a:56:d7:a0:0a:36:ae:a4:43:17:7a:5d:
         0b:f6:61:c7:7a:e9:4e:3b:d8:57:c0:2f:57:3b:37:48:c7:53:
         73:99:87:95:2c:eb:b5:5c:02:bf:22:e5:70:23:8a:0b:fb:5b:
         30:c5:47:14:b0:f7:76:5b:c0:5b:92:87:39:ce:87:d5:53:b1:
         e7:fb:7e:de:52:a6:f2:4c:7e:00:2f:8d:f0:f6:1b:3c:4b:d3:
         cd:1d:b9:94:d9:ee:6d:9c:cd:11:03:c3:6f:98:ca:e4:4c:cc:
         e2:0d:92:4e:da:3a:f7:8d:cf:7a:2c:ae:25:ac:66:60:b1:a6:
         89:e0:8e:06:02:1e:e7:c6:8d:cb:75:fc:d0:62:ea:c7:b2:68:
         96:dd:54:ba:9e:83:d4:7a:cc:aa:87:14:6d:0a:30:5e:c4:d1:
         e0:c7:47:33:13:29:3e:98:00:4c:a1:ec:5d:c4:dd:9b:b4:25:
         b1:36:3a:c6:48:8b:bc:41:04:a9:f1:2c:b3:a7:a5:d7:d4:7f:
         2c:a1:09:89:8f:89:cb:5c:e2:39:d4:d7:e5:51:d3:e7:6d:0c:
         7d:a9:12:df
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzIAbd2e4M0G0Pd/9eAvRa5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYTlmZmY2M2EzNDc3OTU3ZmY3NWNjZGMwMDNkYWI2OGNm
OWQxNTUwHhcNMjQwMTAyMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTZlMmZmMjg3Yjc5ZGQ0MTEzMWNjNjUwMDgxMDQ3NzIwMWYzNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYlgskfiny+l+1n9d+yxwtvBr+uc
a0djNdL0e7WcwJTQmaxpPUvyUJaUsZ8pkjwIjWbk5UDvxjizXUIPo11JfjrWtjWm
LzH+fbwcL4Q5WWxmud1dIKpvGqIXcK2hbnHqxWJNQPwey0QsVLWhceAL6P5zlJ80
kLC5n5+pWW5AHUhreb4kjCY38mJXDE8YULv74miO7FLAziY0G33AINi4x7GxUqlx
Ze/wuVicdUu0jfm0JpjEDbYxKNeWTqeGC4yJDbN28ksDRIsGxJORC4aHKSuHpcQC
yyluBGLXanJ76PWBInFh5I/sWMUje+f/sWE8Ewka1Bwn0pLwuPy+eDi1hQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDpuL/KHt53UETHMZQCBBHcgHzWMMB8GA1UdIwQY
MBaAFICp//Y6NHeVf/dczcAD2raM+dFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0tuXzlqbzBkNVZfOTF6TndBUGF0b3o1MFZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iMDg0YmYtYTQ1NC00M2NmLWFjOTIt
NDdkOThlNTg1NDVhLzEvT200djhvZTNuZFFSTWN4bEFJRUVkeUFmTll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iMDg0YmYtYTQ1NC00M2NmLWFjOTItNDdkOThlNTg1NDVh
LzEvZ0tuXzlqbzBkNVZfOTF6TndBUGF0b3o1MFZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAQBAIAATAKAwMAbb4DAwCX
fzAOBAIAAjAIAwYCIAFB0PwwDQYJKoZIhvcNAQELBQADggEBAAAHAKio5qp4E6jZ
qhc8Of4CY6b0Zfmb5XQ4Ogvr8Tfa14/Cqnk+lNj/onpW16AKNq6kQxd6XQv2Ycd6
6U472FfAL1c7N0jHU3OZh5Us67VcAr8i5XAjigv7WzDFRxSw93ZbwFuShznOh9VT
sef7ft5SpvJMfgAvjfD2GzxL080duZTZ7m2czREDw2+YyuRMzOINkk7aOveNz3os
riWsZmCxpongjgYCHufGjct1/NBi6seyaJbdVLqeg9R6zKqHFG0KMF7E0eDHRzMT
KT6YAEyh7F3E3Zu0JbE2OsZIi7xBBKnxLLOnpdfUfyyhCYmPictc4jnU1+VR0+dt
DH2pEt8=
-----END CERTIFICATE-----