Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/Omc-NzBN2dxYiMi16TuLg7hzefA.roa
File:                     Omc-NzBN2dxYiMi16TuLg7hzefA.roa (raw, json)
Hash identifier:          bzBYxl8ZCmgzPMyFMfqjqhagIIhX/nzIxcgT7fp00Hs=
Subject key identifier:   3A:67:3E:37:30:4D:D9:DC:58:88:C8:B5:E9:3B:8B:83:B8:73:79:F0
Certificate issuer:       /CN=90f25e6a6893f466d2695e90670c047443643701
Certificate serial:       018CC8DD0F12143C3B875E72CC199D2833D1
Authority key identifier: 90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/Omc-NzBN2dxYiMi16TuLg7hzefA.roa
Signing time:             Tue 02 Jan 2024 06:29:39 +0000
ROA not before:           Tue 02 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        62.179.128.0/17 maxlen: 17
                          2001:67c:794::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:0f:12:14:3c:3b:87:5e:72:cc:19:9d:28:33:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f25e6a6893f466d2695e90670c047443643701
        Validity
            Not Before: Jan  2 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a673e37304dd9dc5888c8b5e93b8b83b87379f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a6:cd:65:48:6a:18:25:3c:00:f5:dc:94:98:
                    7d:6f:54:e8:c9:b2:67:2a:cc:43:0e:0d:83:a1:4b:
                    91:3a:ee:53:77:4c:26:7e:e1:b0:c3:9f:e9:65:9f:
                    80:f6:fb:ce:62:82:8b:64:d8:e9:cf:3d:11:40:12:
                    f5:ec:14:bc:22:36:dd:42:76:d8:f4:e3:1e:66:26:
                    55:59:de:1e:b7:23:b3:67:7e:3c:d9:cb:7c:7d:dc:
                    ee:90:ab:b6:b5:07:01:38:51:74:c7:e7:56:82:9e:
                    02:b9:89:87:fc:a7:43:46:67:8f:0b:12:10:fc:0a:
                    99:03:c0:c1:90:13:f0:65:69:36:98:be:36:b4:eb:
                    a4:31:b7:40:70:a1:d1:06:ec:e4:04:d7:ad:79:5f:
                    5b:e8:12:d7:6d:ab:ea:a0:b1:14:1c:69:a8:63:8d:
                    3a:23:28:8c:cb:44:a1:3d:ad:b5:d3:c8:2f:c4:de:
                    60:a0:42:5d:8b:a0:2d:39:25:4c:57:66:a1:89:76:
                    d5:9f:47:b6:2e:8b:30:17:b4:7c:eb:95:37:9b:d3:
                    7a:4a:68:26:91:c2:e8:3b:44:12:43:03:ac:b2:ac:
                    48:11:7d:4a:be:d9:26:97:f6:81:1e:0e:02:14:80:
                    47:e6:a5:f0:07:44:0a:62:e7:87:d2:f8:f7:82:9c:
                    41:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:67:3E:37:30:4D:D9:DC:58:88:C8:B5:E9:3B:8B:83:B8:73:79:F0
            X509v3 Authority Key Identifier:
                keyid:90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/Omc-NzBN2dxYiMi16TuLg7hzefA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.179.128.0/17
                IPv6:
                  2001:67c:794::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:a7:b8:f9:c3:e2:65:9c:ad:04:55:ab:48:69:e6:d1:81:18:
         8b:10:5c:9f:56:e8:ba:1d:1e:27:c9:dd:a8:5d:96:7d:f4:b6:
         d8:02:ac:0a:75:b9:44:61:d0:e6:b4:79:3c:5d:41:10:d1:38:
         8c:c3:70:23:6e:c6:9e:c5:d1:c8:a9:66:e0:94:f4:fb:a5:a7:
         3d:7c:0b:d4:7f:d1:69:dd:08:60:1a:34:2e:a2:e9:c7:fa:1b:
         72:4c:65:97:59:bc:e1:f3:0d:ca:f2:64:7c:00:4c:98:8a:60:
         6f:3c:57:b5:4b:9e:09:79:bd:d1:69:fb:64:80:52:8d:04:42:
         13:2f:64:1b:25:39:45:2d:b0:b6:57:3d:4f:c8:31:8e:41:8d:
         3b:f3:02:e3:24:5a:61:d3:07:64:1f:a0:3a:ab:9b:ea:5a:46:
         52:98:b4:e2:37:2b:e3:3f:f6:08:cc:a7:9e:74:36:5c:7c:f4:
         59:f7:42:51:29:ed:f5:82:a1:f2:0c:65:30:a3:e4:3a:03:c7:
         5e:3d:e0:02:5f:e8:68:18:fd:ce:57:99:e1:2b:fa:3f:0c:37:
         6c:5b:39:0d:ba:e4:fe:8a:7e:e5:d5:17:dd:2e:e1:ee:2e:cc:
         61:8f:c1:8f:ef:f3:69:70:40:bb:5c:72:68:c5:c3:11:5d:ba:
         2a:8a:c5:e2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3Q8SFDw7h15yzBmdKDPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjI1ZTZhNjg5M2Y0NjZkMjY5NWU5MDY3MGMwNDc0NDM2
NDM3MDEwHhcNMjQwMTAyMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTY3M2UzNzMwNGRkOWRjNTg4OGM4YjVlOTNiOGI4M2I4NzM3OWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqbNZUhqGCU8APXclJh9b1ToybJn
KsxDDg2DoUuROu5Td0wmfuGww5/pZZ+A9vvOYoKLZNjpzz0RQBL17BS8IjbdQnbY
9OMeZiZVWd4etyOzZ3482ct8fdzukKu2tQcBOFF0x+dWgp4CuYmH/KdDRmePCxIQ
/AqZA8DBkBPwZWk2mL42tOukMbdAcKHRBuzkBNeteV9b6BLXbavqoLEUHGmoY406
IyiMy0ShPa2108gvxN5goEJdi6AtOSVMV2ahiXbVn0e2LoswF7R865U3m9N6Smgm
kcLoO0QSQwOssqxIEX1Kvtkml/aBHg4CFIBH5qXwB0QKYueH0vj3gpxBjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDpnPjcwTdncWIjItek7i4O4c3nwMB8GA1UdIwQY
MBaAFJDyXmpok/Rm0mlekGcMBHRDZDcBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEt
M2IwYjRiOGEyOTgzLzEvT21jLU56Qk4yZHhZaU1pMTZUdUxnN2h6ZWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEtM2IwYjRiOGEyOTgz
LzEva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQHPrOAMA8E
AgACMAkDBwAgAQZ8B5QwDQYJKoZIhvcNAQELBQADggEBAISnuPnD4mWcrQRVq0hp
5tGBGIsQXJ9W6LodHifJ3ahdln30ttgCrAp1uURh0Oa0eTxdQRDROIzDcCNuxp7F
0cipZuCU9Pulpz18C9R/0WndCGAaNC6i6cf6G3JMZZdZvOHzDcryZHwATJiKYG88
V7VLngl5vdFp+2SAUo0EQhMvZBslOUUtsLZXPU/IMY5BjTvzAuMkWmHTB2QfoDqr
m+paRlKYtOI3K+M/9gjMp550Nlx89Fn3QlEp7fWCofIMZTCj5DoDx1494AJf6GgY
/c5XmeEr+j8MN2xbOQ265P6KfuXVF90u4e4uzGGPwY/v82lwQLtccmjFwxFduiqK
xeI=
-----END CERTIFICATE-----