Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/22392e-aa67-4588-b809-ef1aaaabfe2b/1/kOJKOdGZF1lYrf3K3sx8yJXh6cI.roa
File:                     kOJKOdGZF1lYrf3K3sx8yJXh6cI.roa (raw, json)
Hash identifier:          9u4nNnm49SaSoHKpCtV/kWapwJVz9MgpvgMBnTe3RAI=
Subject key identifier:   90:E2:4A:39:D1:99:17:59:58:AD:FD:CA:DE:CC:7C:C8:95:E1:E9:C2
Certificate issuer:       /CN=6bc1ad1676a2a32a45a0cf392f7f9c5ea68e2dea
Certificate serial:       018CCA2A684556E19781998710F1868DA152
Authority key identifier: 6B:C1:AD:16:76:A2:A3:2A:45:A0:CF:39:2F:7F:9C:5E:A6:8E:2D:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8GtFnaioypFoM85L3-cXqaOLeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/22392e-aa67-4588-b809-ef1aaaabfe2b/1/kOJKOdGZF1lYrf3K3sx8yJXh6cI.roa
Signing time:             Tue 02 Jan 2024 12:33:46 +0000
ROA not before:           Tue 02 Jan 2024 12:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33867
IP address blocks:        195.248.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/22392e-aa67-4588-b809-ef1aaaabfe2b/1/a8GtFnaioypFoM85L3-cXqaOLeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/22392e-aa67-4588-b809-ef1aaaabfe2b/1/a8GtFnaioypFoM85L3-cXqaOLeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a8GtFnaioypFoM85L3-cXqaOLeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 13:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:68:45:56:e1:97:81:99:87:10:f1:86:8d:a1:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc1ad1676a2a32a45a0cf392f7f9c5ea68e2dea
        Validity
            Not Before: Jan  2 12:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90e24a39d199175958adfdcadecc7cc895e1e9c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d1:26:57:33:68:c1:2d:3e:b9:91:f2:26:5a:
                    b9:df:64:32:d5:99:32:9a:15:8b:29:44:e2:eb:52:
                    1d:ad:58:48:eb:65:6f:f3:76:99:23:bc:00:2f:f4:
                    1b:f5:a1:12:a6:43:6a:46:cf:2a:6c:03:d3:fe:e1:
                    c1:0f:fc:cf:37:dd:81:d2:e0:c9:26:93:ca:f4:10:
                    cd:dc:13:6c:9c:73:59:ca:ae:c6:95:c8:97:1d:f4:
                    86:ac:75:15:d4:e4:51:bd:00:34:80:78:00:5a:d5:
                    cd:68:90:1b:16:44:3d:29:e3:0b:ad:19:94:77:8e:
                    b0:f6:4f:41:df:9b:24:d7:e3:db:b4:63:a3:d7:c9:
                    de:d7:5d:5b:1e:01:ce:73:33:1f:ac:57:a5:65:43:
                    5b:47:3a:24:69:34:05:74:95:32:16:51:46:ae:dc:
                    18:71:35:e4:2d:4d:44:26:64:9c:15:6b:55:fe:14:
                    bb:f9:f7:8b:ee:99:af:fc:3a:26:5d:96:70:72:29:
                    ca:22:47:de:b3:62:4e:cc:59:31:4d:a2:e9:4c:68:
                    56:b6:16:9b:14:2d:ec:b9:9b:97:9c:75:5b:fd:c1:
                    3f:da:9a:f6:48:c0:4a:4f:eb:4e:08:84:c5:bf:07:
                    92:36:7b:89:17:62:53:ff:8d:56:fe:41:34:a3:96:
                    0f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:E2:4A:39:D1:99:17:59:58:AD:FD:CA:DE:CC:7C:C8:95:E1:E9:C2
            X509v3 Authority Key Identifier:
                keyid:6B:C1:AD:16:76:A2:A3:2A:45:A0:CF:39:2F:7F:9C:5E:A6:8E:2D:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8GtFnaioypFoM85L3-cXqaOLeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/22392e-aa67-4588-b809-ef1aaaabfe2b/1/kOJKOdGZF1lYrf3K3sx8yJXh6cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/22392e-aa67-4588-b809-ef1aaaabfe2b/1/a8GtFnaioypFoM85L3-cXqaOLeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:99:1c:13:4c:8b:95:2c:47:d0:06:1f:5b:11:a9:58:13:21:
         3a:92:bd:01:30:ec:21:5c:5c:1e:16:7e:0a:d3:80:47:49:e3:
         c1:1c:54:5d:a2:9b:53:39:12:ea:86:5a:77:1c:8b:5a:eb:aa:
         ab:0f:3c:48:d5:f8:ec:8d:e9:70:0c:09:e3:d1:10:2f:cd:10:
         5b:b7:cd:a9:20:ff:21:da:05:f9:75:c5:84:17:67:67:c3:6b:
         75:54:42:6b:b9:f2:92:5a:68:eb:b4:1d:35:b9:03:74:58:ac:
         14:8f:a7:44:58:88:f2:46:07:cd:18:d0:83:eb:03:96:2c:5c:
         ea:c8:d4:b6:7e:71:23:c8:d4:dc:a1:9a:81:aa:cd:0e:2c:fe:
         8c:3d:59:d3:1f:cf:91:8e:80:77:27:59:08:59:41:5d:fe:92:
         c3:d1:b9:97:be:a9:53:82:0f:b2:a7:f3:8d:1e:56:0c:4e:07:
         3e:53:3a:2a:36:87:be:1b:1c:bb:b5:78:d5:69:5c:bc:51:be:
         95:9f:48:d3:77:c5:ec:c0:1b:ba:df:3e:1a:46:0f:0b:12:4d:
         22:f0:0d:c8:a1:01:64:86:f7:b2:0f:f8:58:76:97:72:e6:b8:
         c4:cc:7b:a7:73:8a:be:81:6e:f8:63:c9:4a:9c:cf:b4:68:63:
         2d:47:4e:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKmhFVuGXgZmHEPGGjaFSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzFhZDE2NzZhMmEzMmE0NWEwY2YzOTJmN2Y5YzVlYTY4
ZTJkZWEwHhcNMjQwMTAyMTIzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGUyNGEzOWQxOTkxNzU5NThhZGZkY2FkZWNjN2NjODk1ZTFlOWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9EmVzNowS0+uZHyJlq532Qy1Zky
mhWLKUTi61IdrVhI62Vv83aZI7wAL/Qb9aESpkNqRs8qbAPT/uHBD/zPN92B0uDJ
JpPK9BDN3BNsnHNZyq7GlciXHfSGrHUV1ORRvQA0gHgAWtXNaJAbFkQ9KeMLrRmU
d46w9k9B35sk1+PbtGOj18ne111bHgHOczMfrFelZUNbRzokaTQFdJUyFlFGrtwY
cTXkLU1EJmScFWtV/hS7+feL7pmv/DomXZZwcinKIkfes2JOzFkxTaLpTGhWthab
FC3suZuXnHVb/cE/2pr2SMBKT+tOCITFvweSNnuJF2JT/41W/kE0o5YPAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDiSjnRmRdZWK39yt7MfMiV4enCMB8GA1UdIwQY
MBaAFGvBrRZ2oqMqRaDPOS9/nF6mji3qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThHdEZuYWlveXBGb004NUwzLWNYcWFPTGVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8yMjM5MmUtYWE2Ny00NTg4LWI4MDkt
ZWYxYWFhYWJmZTJiLzEva09KS09kR1pGMWxZcmYzSzNzeDh5SlhoNmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8yMjM5MmUtYWE2Ny00NTg4LWI4MDktZWYxYWFhYWJmZTJi
LzEvYThHdEZuYWlveXBGb004NUwzLWNYcWFPTGVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/hAMA0G
CSqGSIb3DQEBCwUAA4IBAQCEmRwTTIuVLEfQBh9bEalYEyE6kr0BMOwhXFweFn4K
04BHSePBHFRdoptTORLqhlp3HIta66qrDzxI1fjsjelwDAnj0RAvzRBbt82pIP8h
2gX5dcWEF2dnw2t1VEJrufKSWmjrtB01uQN0WKwUj6dEWIjyRgfNGNCD6wOWLFzq
yNS2fnEjyNTcoZqBqs0OLP6MPVnTH8+RjoB3J1kIWUFd/pLD0bmXvqlTgg+yp/ON
HlYMTgc+UzoqNoe+Gxy7tXjVaVy8Ub6Vn0jTd8XswBu63z4aRg8LEk0i8A3IoQFk
hveyD/hYdpdy5rjEzHunc4q+gW74Y8lKnM+0aGMtR06S
-----END CERTIFICATE-----