Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/O5T--ed-zmmBqTovzq5SJXaZtzI.roa
File:                     O5T--ed-zmmBqTovzq5SJXaZtzI.roa (raw, json)
Hash identifier:          +XVjavciNDZjg5tNzAu7Pk1jpoIKwbu20keXj4brjDo=
Subject key identifier:   3B:94:FE:F9:E7:7E:CE:69:81:A9:3A:2F:CE:AE:52:25:76:99:B7:32
Certificate issuer:       /CN=9098153bde0e34584bac91fa1868d7ef24d68bcf
Certificate serial:       018DF4216FF558B301D5188905C938ED9891
Authority key identifier: 90:98:15:3B:DE:0E:34:58:4B:AC:91:FA:18:68:D7:EF:24:D6:8B:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/O5T--ed-zmmBqTovzq5SJXaZtzI.roa
Signing time:             Thu 29 Feb 2024 09:10:48 +0000
ROA not before:           Thu 29 Feb 2024 09:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43317
IP address blocks:        193.218.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:21:6f:f5:58:b3:01:d5:18:89:05:c9:38:ed:98:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9098153bde0e34584bac91fa1868d7ef24d68bcf
        Validity
            Not Before: Feb 29 09:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b94fef9e77ece6981a93a2fceae52257699b732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4e:70:ac:0a:1f:01:75:f5:16:d7:5d:2d:b2:
                    43:88:d6:8c:20:8f:c5:d3:8c:11:e9:bd:f4:5b:e2:
                    e2:5e:ed:ed:47:69:68:79:a1:39:5e:9b:ec:d0:72:
                    f0:dd:78:d5:7a:f5:dd:7c:14:e4:c3:32:45:84:5b:
                    9a:e8:d2:e7:d1:37:89:eb:de:36:02:14:53:8a:f2:
                    0e:28:55:12:f6:2b:f3:16:65:dd:8a:46:41:bb:7e:
                    fa:df:97:7c:1a:4e:3f:2f:84:4b:4a:e6:63:68:99:
                    ff:b5:87:7c:1c:12:a6:eb:9d:33:13:35:9b:77:ab:
                    b7:18:11:87:4a:be:9d:55:07:98:e7:86:0c:49:ab:
                    b2:93:67:c2:63:15:8a:f7:8a:f6:bb:89:3d:e1:fc:
                    74:8f:36:72:c5:e7:33:fd:ff:7f:6d:e3:b5:bd:13:
                    34:54:63:74:36:2c:28:ca:27:82:7c:71:22:99:10:
                    6e:ec:f5:c2:11:0f:d8:03:ad:bc:17:bd:8f:69:8b:
                    48:c0:f4:87:b0:85:5a:fb:d8:9c:81:60:85:42:89:
                    f9:60:92:ca:c9:24:24:ab:34:18:9e:f5:c7:bc:83:
                    2c:92:68:40:29:44:f8:6c:69:50:10:c4:e5:62:61:
                    90:3b:68:10:d5:0b:5a:80:4e:db:ce:da:23:29:af:
                    c3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:94:FE:F9:E7:7E:CE:69:81:A9:3A:2F:CE:AE:52:25:76:99:B7:32
            X509v3 Authority Key Identifier:
                keyid:90:98:15:3B:DE:0E:34:58:4B:AC:91:FA:18:68:D7:EF:24:D6:8B:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/O5T--ed-zmmBqTovzq5SJXaZtzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.218.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:bd:89:30:86:30:af:c9:51:75:84:a9:ba:f8:8f:75:01:29:
         44:f5:84:e6:58:f4:aa:97:5e:a9:de:63:07:e8:7a:ac:19:e5:
         32:e2:45:51:21:c0:05:a2:64:5a:94:1d:96:b5:b1:c1:3c:5e:
         eb:66:0d:6d:bd:42:bb:5b:bd:9c:c8:18:6c:5e:0f:99:e3:46:
         40:bd:0f:56:49:53:8b:86:96:e4:58:71:3b:3b:cf:5e:15:63:
         fb:84:f6:11:83:2c:99:78:77:a3:1e:d3:58:86:95:34:5f:85:
         a6:53:4f:0c:0d:16:59:56:2f:3f:70:25:85:06:69:e5:68:58:
         07:b8:da:8e:d1:60:44:1d:25:28:23:f8:09:c0:f5:23:e9:79:
         0c:bf:88:1c:0f:6e:3e:52:e9:3c:ab:00:dd:b6:75:eb:12:59:
         d8:49:9f:be:6e:c7:f5:6c:38:a1:b3:ca:1b:09:5b:81:30:4a:
         ee:8c:04:32:94:d7:c3:57:02:2f:b5:2b:7c:54:ea:3c:cd:0d:
         3a:0a:69:96:32:49:88:df:96:3e:0f:55:2c:51:c0:7e:81:44:
         dc:e6:37:b6:a1:a1:ce:ae:df:12:43:80:93:e3:5e:44:d3:37:
         2c:ef:02:f3:04:ce:94:e8:ec:39:2b:39:f4:98:fa:9d:c8:69:
         ed:8f:fa:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY30IW/1WLMB1RiJBck47ZiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwOTgxNTNiZGUwZTM0NTg0YmFjOTFmYTE4NjhkN2VmMjRk
NjhiY2YwHhcNMjQwMjI5MDkxMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjk0ZmVmOWU3N2VjZTY5ODFhOTNhMmZjZWFlNTIyNTc2OTliNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhU5wrAofAXX1FtddLbJDiNaMII/F
04wR6b30W+LiXu3tR2loeaE5Xpvs0HLw3XjVevXdfBTkwzJFhFua6NLn0TeJ6942
AhRTivIOKFUS9ivzFmXdikZBu37635d8Gk4/L4RLSuZjaJn/tYd8HBKm650zEzWb
d6u3GBGHSr6dVQeY54YMSauyk2fCYxWK94r2u4k94fx0jzZyxecz/f9/beO1vRM0
VGN0NiwoyieCfHEimRBu7PXCEQ/YA628F72PaYtIwPSHsIVa+9icgWCFQon5YJLK
ySQkqzQYnvXHvIMskmhAKUT4bGlQEMTlYmGQO2gQ1QtagE7bztojKa/DMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuU/vnnfs5pgak6L86uUiV2mbcyMB8GA1UdIwQY
MBaAFJCYFTveDjRYS6yR+hho1+8k1ovPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0pnVk85NE9ORmhMckpINkdHalg3eVRXaTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9iYTkwMDMtZDQzMy00MDk1LTg0Yjct
MmY5MzNkOTg5NmUwLzEvTzVULS1lZC16bW1CcVRvdnpxNVNKWGFadHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9iYTkwMDMtZDQzMy00MDk1LTg0YjctMmY5MzNkOTg5NmUw
LzEva0pnVk85NE9ORmhMckpINkdHalg3eVRXaTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwdq+MA0G
CSqGSIb3DQEBCwUAA4IBAQBjvYkwhjCvyVF1hKm6+I91ASlE9YTmWPSql16p3mMH
6HqsGeUy4kVRIcAFomRalB2WtbHBPF7rZg1tvUK7W72cyBhsXg+Z40ZAvQ9WSVOL
hpbkWHE7O89eFWP7hPYRgyyZeHejHtNYhpU0X4WmU08MDRZZVi8/cCWFBmnlaFgH
uNqO0WBEHSUoI/gJwPUj6XkMv4gcD24+Uuk8qwDdtnXrElnYSZ++bsf1bDihs8ob
CVuBMErujAQylNfDVwIvtSt8VOo8zQ06CmmWMkmI35Y+D1UsUcB+gUTc5je2oaHO
rt8SQ4CT415E0zcs7wLzBM6U6Ow5Kzn0mPqdyGntj/r9
-----END CERTIFICATE-----