Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/Oce2CgCOOBKTfudc5OaASKSnOUs.roa
File:                     Oce2CgCOOBKTfudc5OaASKSnOUs.roa (raw, json)
Hash identifier:          zdCK5iY0ninsgfXhDz89vO1M/Nku5wsg08FIPhPxW7w=
Subject key identifier:   39:C7:B6:0A:00:8E:38:12:93:7E:E7:5C:E4:E6:80:48:A4:A7:39:4B
Certificate issuer:       /CN=c8531ae2ce57c95f5a398930ea45503542801ba1
Certificate serial:       018CC49398D985BCA1365E333F137E81376D
Authority key identifier: C8:53:1A:E2:CE:57:C9:5F:5A:39:89:30:EA:45:50:35:42:80:1B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/Oce2CgCOOBKTfudc5OaASKSnOUs.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        93.95.48.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 13:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:98:d9:85:bc:a1:36:5e:33:3f:13:7e:81:37:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8531ae2ce57c95f5a398930ea45503542801ba1
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39c7b60a008e3812937ee75ce4e68048a4a7394b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fc:d8:02:21:58:18:7a:8e:af:d2:4e:c3:42:
                    6f:a6:9b:d8:5f:22:e4:cc:42:9c:db:91:9e:e8:a2:
                    8d:3d:9e:59:70:ad:9d:48:29:4c:b6:02:f2:da:6a:
                    c8:e1:a9:22:63:19:15:21:2f:d9:6d:a9:7e:74:e1:
                    6d:71:7e:0f:48:5f:35:80:24:10:23:84:4b:d0:6a:
                    0b:4c:81:f7:39:93:22:ad:5f:43:d8:07:1e:44:48:
                    07:dc:1b:2d:cc:c7:d0:3f:db:91:95:78:89:ce:ec:
                    69:17:24:b1:bc:a4:a4:f6:f3:c4:ca:70:f3:b8:8f:
                    77:e6:60:8c:b6:29:56:48:77:58:27:c3:9c:dd:a2:
                    a7:b0:7f:60:42:d6:0f:90:9e:97:aa:5e:29:cf:05:
                    6d:74:3a:dd:31:44:8b:b7:59:c1:f2:d3:f0:d5:1f:
                    19:23:81:cd:88:0a:5d:86:11:e9:ca:38:f1:f3:e5:
                    a4:55:b7:14:15:3d:2e:5f:a4:89:bb:0f:04:24:2d:
                    56:2a:a1:02:34:fe:74:df:41:96:85:9d:ed:42:70:
                    8a:79:da:54:b6:df:54:cb:cd:82:a4:fe:c8:d1:75:
                    57:4c:de:e2:4b:4b:d6:15:bd:b6:5a:e2:42:19:6e:
                    19:9a:c3:9c:a1:1c:28:c2:52:7a:c5:e6:a3:73:66:
                    a4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C7:B6:0A:00:8E:38:12:93:7E:E7:5C:E4:E6:80:48:A4:A7:39:4B
            X509v3 Authority Key Identifier:
                keyid:C8:53:1A:E2:CE:57:C9:5F:5A:39:89:30:EA:45:50:35:42:80:1B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/Oce2CgCOOBKTfudc5OaASKSnOUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b9:d7:35:7d:40:14:11:95:67:e9:78:85:b5:6b:4c:99:b1:8f:
         f6:ca:27:74:1f:58:9e:4f:a1:8c:a4:00:76:07:ef:61:e9:43:
         d2:21:fe:43:58:82:49:0b:79:7c:07:5c:70:78:5b:a7:c8:06:
         5e:c0:25:7d:82:c6:32:95:12:0c:09:92:95:c7:ad:7a:52:e4:
         69:4b:c7:0c:6d:67:de:75:30:92:53:c2:7c:ab:df:22:3e:9d:
         30:79:ea:4e:43:85:8e:1c:73:e8:4b:7d:7c:d4:75:2d:7c:49:
         10:fb:31:d0:ff:e9:24:61:51:6b:e6:2b:7a:13:11:89:f3:6c:
         31:8d:01:3d:a2:d8:c9:f4:77:2a:a8:75:39:df:de:2a:b8:db:
         41:77:4a:12:cc:73:d1:78:4b:e2:e1:db:a3:8a:1a:e1:5e:94:
         e4:d5:b6:cf:55:fa:e4:41:fa:7a:5f:ca:cb:3a:43:01:6f:79:
         25:87:d2:3d:af:f5:9d:30:7c:d2:9b:bf:d5:88:78:34:8a:16:
         af:81:8d:23:2a:c9:7d:0d:cd:85:19:3d:43:25:0a:24:16:89:
         62:b2:0f:fa:e0:8d:ed:16:06:a2:5a:42:5a:cf:ce:c7:dd:8e:
         46:d4:20:12:89:11:35:99:35:db:fd:97:06:c3:de:fc:ff:30:
         ba:ae:99:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5jZhbyhNl4zPxN+gTdtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTMxYWUyY2U1N2M5NWY1YTM5ODkzMGVhNDU1MDM1NDI4
MDFiYTEwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWM3YjYwYTAwOGUzODEyOTM3ZWU3NWNlNGU2ODA0OGE0YTczOTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvzYAiFYGHqOr9JOw0JvppvYXyLk
zEKc25Ge6KKNPZ5ZcK2dSClMtgLy2mrI4akiYxkVIS/Zbal+dOFtcX4PSF81gCQQ
I4RL0GoLTIH3OZMirV9D2AceREgH3BstzMfQP9uRlXiJzuxpFySxvKSk9vPEynDz
uI935mCMtilWSHdYJ8Oc3aKnsH9gQtYPkJ6Xql4pzwVtdDrdMUSLt1nB8tPw1R8Z
I4HNiApdhhHpyjjx8+WkVbcUFT0uX6SJuw8EJC1WKqECNP5030GWhZ3tQnCKedpU
tt9Uy82CpP7I0XVXTN7iS0vWFb22WuJCGW4ZmsOcoRwowlJ6xeajc2ak5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnHtgoAjjgSk37nXOTmgEikpzlLMB8GA1UdIwQY
MBaAFMhTGuLOV8lfWjmJMOpFUDVCgBuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZNYTRzNVh5VjlhT1lrdzZrVlFOVUtBRzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9jNGMzMmMtMzIyZS00ZWQ3LThhMjkt
NDVkNTQyZDVmNTVmLzEvT2NlMkNnQ09PQktUZnVkYzVPYUFTS1NuT1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9jNGMzMmMtMzIyZS00ZWQ3LThhMjktNDVkNTQyZDVmNTVm
LzEveUZNYTRzNVh5VjlhT1lrdzZrVlFOVUtBRzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXV8wMA0G
CSqGSIb3DQEBCwUAA4IBAQC51zV9QBQRlWfpeIW1a0yZsY/2yid0H1ieT6GMpAB2
B+9h6UPSIf5DWIJJC3l8B1xweFunyAZewCV9gsYylRIMCZKVx616UuRpS8cMbWfe
dTCSU8J8q98iPp0weepOQ4WOHHPoS3181HUtfEkQ+zHQ/+kkYVFr5it6ExGJ82wx
jQE9otjJ9HcqqHU5394quNtBd0oSzHPReEvi4dujihrhXpTk1bbPVfrkQfp6X8rL
OkMBb3klh9I9r/WdMHzSm7/ViHg0ihavgY0jKsl9Dc2FGT1DJQokFolisg/64I3t
FgaiWkJaz87H3Y5G1CASiRE1mTXb/ZcGw978/zC6rpmS
-----END CERTIFICATE-----