Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/OVVurWILl50Wy3vmdlTcF5dWlBs.roa
File:                     OVVurWILl50Wy3vmdlTcF5dWlBs.roa (raw, json)
Hash identifier:          WH46Gjn1b5TE0+ygCKYQqS/Gls2Z1w/Tvg7QJf/4DGI=
Subject key identifier:   39:55:6E:AD:62:0B:97:9D:16:CB:7B:E6:76:54:DC:17:97:56:94:1B
Certificate issuer:       /CN=00f4cc412cc30fb2f9f7c37c3e390bec5e6256b0
Certificate serial:       018CC801FBFF6AB103B4C348D0F74EF43442
Authority key identifier: 00:F4:CC:41:2C:C3:0F:B2:F9:F7:C3:7C:3E:39:0B:EC:5E:62:56:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/OVVurWILl50Wy3vmdlTcF5dWlBs.roa
Signing time:             Tue 02 Jan 2024 02:30:22 +0000
ROA not before:           Tue 02 Jan 2024 02:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15525
IP address blocks:        158.162.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:fb:ff:6a:b1:03:b4:c3:48:d0:f7:4e:f4:34:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f4cc412cc30fb2f9f7c37c3e390bec5e6256b0
        Validity
            Not Before: Jan  2 02:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39556ead620b979d16cb7be67654dc179756941b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cf:4c:ff:25:8e:c0:8c:44:b1:85:36:4b:73:
                    18:33:3d:2c:c5:86:4f:2d:76:1e:2f:dc:56:ba:e7:
                    6e:77:b7:d3:7e:5c:5e:83:e7:3b:b9:69:17:7a:5b:
                    a6:a4:b7:c8:b1:c7:d1:c6:d1:9c:3a:96:66:6d:5d:
                    2d:a5:e8:e1:80:72:68:2d:86:fb:29:6f:b6:17:39:
                    da:6d:95:1f:a4:5e:86:4a:71:33:af:c3:1e:1c:c2:
                    8f:6b:82:31:19:2f:e3:f0:78:d7:56:b0:14:12:18:
                    c2:a2:7d:d0:c7:15:03:88:fb:83:ce:18:56:39:5d:
                    47:b4:b8:91:2d:49:5e:a1:ba:3f:bc:ec:a2:81:fe:
                    63:f8:0c:13:07:3e:17:3c:9b:8d:9e:7b:2f:cb:27:
                    25:18:7a:d6:cd:ec:f0:e1:3e:e8:fd:66:09:8a:10:
                    af:a5:b5:3d:e8:fe:11:3e:08:4d:3e:f3:46:17:2c:
                    77:3c:2f:a7:9b:6b:d9:df:fe:17:16:dc:49:e6:28:
                    24:f5:e3:05:df:a5:4b:82:c3:a5:02:c0:53:61:e6:
                    37:db:78:6d:dc:d5:57:c7:7f:e8:d7:fb:a3:e1:43:
                    88:ce:98:36:80:ce:9b:84:d5:1f:d2:f4:c1:d1:9b:
                    56:bc:32:a1:b6:cb:91:42:9c:8a:ef:1c:83:5d:16:
                    96:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:55:6E:AD:62:0B:97:9D:16:CB:7B:E6:76:54:DC:17:97:56:94:1B
            X509v3 Authority Key Identifier:
                keyid:00:F4:CC:41:2C:C3:0F:B2:F9:F7:C3:7C:3E:39:0B:EC:5E:62:56:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/OVVurWILl50Wy3vmdlTcF5dWlBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.162.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:05:74:ff:e8:f0:be:bd:86:76:07:0f:b7:73:bd:b8:1f:f4:
         17:db:c5:ce:7f:12:f4:f2:e3:ec:d5:69:c3:b6:04:a6:be:bd:
         46:78:5c:27:39:ec:09:fd:9a:7f:4d:49:ec:67:24:92:ac:bf:
         86:fd:5a:e0:88:2b:45:2c:34:f6:f0:9b:0a:76:f9:cf:40:d9:
         53:c6:50:37:3c:be:51:d4:d3:b9:04:ee:ff:46:9a:b7:50:6a:
         35:80:9d:ff:3e:d9:45:c8:c5:73:45:e9:38:0e:51:02:d5:9e:
         68:20:b4:80:81:b6:b5:0d:d3:39:c3:66:38:65:61:a2:f2:11:
         68:de:16:8a:14:02:bb:8e:8c:e4:ee:9e:8d:dd:d5:35:36:82:
         ad:e2:1e:e0:ba:67:e1:62:31:75:d7:8a:61:11:fb:c0:ec:f6:
         81:91:f6:e6:78:d9:99:56:f5:7d:e1:27:7b:68:9c:fc:0a:af:
         87:10:b2:bc:6e:76:49:04:0b:d5:4e:94:1c:53:26:79:7e:bb:
         a9:e9:66:e8:5c:47:83:69:a2:1d:c4:b7:69:79:65:4b:83:da:
         5b:33:be:d8:bc:b4:fa:3c:38:56:19:68:45:5d:83:4a:20:8c:
         4c:d9:d3:dc:d3:cf:8f:6f:d9:c9:69:a0:66:01:cb:03:fe:d6:
         76:3f:e3:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAfv/arEDtMNI0PdO9DRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjRjYzQxMmNjMzBmYjJmOWY3YzM3YzNlMzkwYmVjNWU2
MjU2YjAwHhcNMjQwMTAyMDIzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTU1NmVhZDYyMGI5NzlkMTZjYjdiZTY3NjU0ZGMxNzk3NTY5NDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn89M/yWOwIxEsYU2S3MYMz0sxYZP
LXYeL9xWuudud7fTflxeg+c7uWkXelumpLfIscfRxtGcOpZmbV0tpejhgHJoLYb7
KW+2FznabZUfpF6GSnEzr8MeHMKPa4IxGS/j8HjXVrAUEhjCon3QxxUDiPuDzhhW
OV1HtLiRLUleobo/vOyigf5j+AwTBz4XPJuNnnsvyyclGHrWzezw4T7o/WYJihCv
pbU96P4RPghNPvNGFyx3PC+nm2vZ3/4XFtxJ5igk9eMF36VLgsOlAsBTYeY323ht
3NVXx3/o1/uj4UOIzpg2gM6bhNUf0vTB0ZtWvDKhtsuRQpyK7xyDXRaWDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlVbq1iC5edFst75nZU3BeXVpQbMB8GA1UdIwQY
MBaAFAD0zEEsww+y+ffDfD45C+xeYlawMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBUTVFTekREN0w1OThOOFBqa0w3RjVpVnJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy85Mzc1YTItM2U2Zi00NTc3LTg1ZDEt
NWYxNDVjZmQyMDcwLzEvT1ZWdXJXSUxsNTBXeTN2bWRsVGNGNWRXbEJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy85Mzc1YTItM2U2Zi00NTc3LTg1ZDEtNWYxNDVjZmQyMDcw
LzEvQVBUTVFTekREN0w1OThOOFBqa0w3RjVpVnJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCnqJ4MA0G
CSqGSIb3DQEBCwUAA4IBAQBKBXT/6PC+vYZ2Bw+3c724H/QX28XOfxL08uPs1WnD
tgSmvr1GeFwnOewJ/Zp/TUnsZySSrL+G/VrgiCtFLDT28JsKdvnPQNlTxlA3PL5R
1NO5BO7/Rpq3UGo1gJ3/PtlFyMVzRek4DlEC1Z5oILSAgba1DdM5w2Y4ZWGi8hFo
3haKFAK7jozk7p6N3dU1NoKt4h7gumfhYjF114phEfvA7PaBkfbmeNmZVvV94Sd7
aJz8Cq+HELK8bnZJBAvVTpQcUyZ5frup6WboXEeDaaIdxLdpeWVLg9pbM77YvLT6
PDhWGWhFXYNKIIxM2dPc08+Pb9nJaaBmAcsD/tZ2P+OL
-----END CERTIFICATE-----