Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/o3gfpdoaEPOeOyn5_ES4aHO69xU.roa
File:                     o3gfpdoaEPOeOyn5_ES4aHO69xU.roa (raw, json)
Hash identifier:          3D8+/E64wi6fJ007I4HpaJkSqXcn16+5gLU5sWwiafs=
Subject key identifier:   A3:78:1F:A5:DA:1A:10:F3:9E:3B:29:F9:FC:44:B8:68:73:BA:F7:15
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC5167133EA30467AE5142188219D3
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/o3gfpdoaEPOeOyn5_ES4aHO69xU.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210993
IP address blocks:        194.226.42.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 07:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:51:67:13:3e:a3:04:67:ae:51:42:18:82:19:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3781fa5da1a10f39e3b29f9fc44b86873baf715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:63:35:36:c2:eb:0f:dc:10:7d:c0:75:36:71:
                    07:ae:a4:c1:9f:ea:b5:68:e3:19:45:7f:72:37:10:
                    11:bc:29:ad:ca:b1:1c:7d:c7:9f:84:9b:75:9a:33:
                    83:71:b1:96:91:fa:fa:22:b3:00:26:23:78:2f:31:
                    ec:7b:d1:e6:a8:a5:ee:3b:97:37:7c:96:53:be:45:
                    5e:16:e5:eb:b9:9b:19:3d:58:76:72:8a:3f:9a:3f:
                    ba:d3:d0:3c:50:87:84:c4:a3:fd:9f:02:e2:61:24:
                    98:4e:3a:32:0b:31:97:f4:88:ae:fc:9f:d8:2e:68:
                    a9:77:29:62:4d:24:9e:17:6d:27:97:c2:02:8a:86:
                    68:de:02:f3:1c:39:79:f1:c3:53:70:d5:5c:78:d8:
                    c7:58:fc:1a:43:58:fe:8a:d6:de:17:be:ad:e4:12:
                    5d:5c:82:54:82:6b:e2:97:50:72:cb:25:76:19:f0:
                    56:38:d9:e7:fa:e0:5a:9f:93:4e:02:c3:c3:a3:44:
                    8d:4d:22:b1:97:6c:e4:41:9f:57:17:4b:d1:10:36:
                    3a:92:20:64:03:d4:3d:71:9c:9b:66:40:d2:5d:88:
                    1a:5a:ac:b3:00:34:02:21:22:74:b8:b8:d0:02:72:
                    1a:0f:b7:3e:fa:58:37:01:92:60:6b:b4:3d:c9:ad:
                    19:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:78:1F:A5:DA:1A:10:F3:9E:3B:29:F9:FC:44:B8:68:73:BA:F7:15
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/o3gfpdoaEPOeOyn5_ES4aHO69xU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.226.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:0c:ee:2e:14:61:c2:bb:a3:59:20:74:b1:7a:8b:0e:55:0d:
         c1:b8:5d:18:17:1e:91:5d:da:4a:a2:3d:68:48:4d:58:cf:56:
         eb:bd:69:21:4e:52:80:09:dc:73:3f:8f:f2:b8:7e:d0:af:2c:
         95:0c:4d:3e:da:25:68:c4:0b:b2:5f:b6:f1:91:4d:ba:fb:0c:
         63:c3:e1:3d:62:e0:8b:d6:ea:95:c0:bf:c5:7a:48:48:69:ac:
         8c:02:f8:cd:ff:8b:36:17:70:5b:51:59:84:38:cd:15:c2:5b:
         7b:5c:71:a8:03:71:85:92:cb:19:2a:69:ff:6b:6e:ea:f0:a8:
         7c:c1:ae:56:e4:54:b7:a1:d4:02:51:c4:7e:ba:3c:73:4d:6d:
         fb:0a:17:40:e3:85:1a:b9:89:f6:2d:89:40:ba:fa:e6:39:59:
         8a:4c:4e:85:b0:55:4c:6e:f2:4e:bc:b5:b4:9d:6f:9d:f7:be:
         53:9e:db:9c:41:8b:7b:36:43:ca:8f:92:cf:66:f3:56:2b:0c:
         0b:e1:9e:48:d4:18:08:c1:c7:be:af:00:10:74:8c:fe:02:5d:
         b6:c0:71:56:13:2e:51:57:03:33:93:0e:06:8d:bd:cf:07:98:
         98:b5:76:6d:02:92:de:a5:ca:78:66:39:61:2e:d6:8c:d3:5d:
         bf:fa:f6:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FFnEz6jBGeuUUIYghnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzc4MWZhNWRhMWExMGYzOWUzYjI5ZjlmYzQ0Yjg2ODczYmFmNzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWM1NsLrD9wQfcB1NnEHrqTBn+q1
aOMZRX9yNxARvCmtyrEcfcefhJt1mjODcbGWkfr6IrMAJiN4LzHse9HmqKXuO5c3
fJZTvkVeFuXruZsZPVh2coo/mj+609A8UIeExKP9nwLiYSSYTjoyCzGX9Iiu/J/Y
LmipdyliTSSeF20nl8ICioZo3gLzHDl58cNTcNVceNjHWPwaQ1j+itbeF76t5BJd
XIJUgmvil1ByyyV2GfBWONnn+uBan5NOAsPDo0SNTSKxl2zkQZ9XF0vREDY6kiBk
A9Q9cZybZkDSXYgaWqyzADQCISJ0uLjQAnIaD7c++lg3AZJga7Q9ya0ZKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKN4H6XaGhDznjsp+fxEuGhzuvcVMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvbzNnZnBkb2FFUE9lT3luNV9FUzRhSE82OXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuIqMA0G
CSqGSIb3DQEBCwUAA4IBAQCPDO4uFGHCu6NZIHSxeosOVQ3BuF0YFx6RXdpKoj1o
SE1Yz1brvWkhTlKACdxzP4/yuH7QryyVDE0+2iVoxAuyX7bxkU26+wxjw+E9YuCL
1uqVwL/FekhIaayMAvjN/4s2F3BbUVmEOM0Vwlt7XHGoA3GFkssZKmn/a27q8Kh8
wa5W5FS3odQCUcR+ujxzTW37ChdA44UauYn2LYlAuvrmOVmKTE6FsFVMbvJOvLW0
nW+d975TntucQYt7NkPKj5LPZvNWKwwL4Z5I1BgIwce+rwAQdIz+Al22wHFWEy5R
VwMzkw4Gjb3PB5iYtXZtApLepcp4ZjlhLtaM012/+vbk
-----END CERTIFICATE-----