Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/627c4c-f881-484f-b07b-d6df6b795dea/1/O495jmaKDYtPit0ZyOd2mLVHuCg.roa
File:                     O495jmaKDYtPit0ZyOd2mLVHuCg.roa (raw, json)
Hash identifier:          X4NhwrlFVJ0ibMyon9g3UUBmkcgLAPdQCxoXd02WSwg=
Subject key identifier:   3B:8F:79:8E:66:8A:0D:8B:4F:8A:DD:19:C8:E7:76:98:B5:47:B8:28
Certificate issuer:       /CN=07401351fc3cf73370a1e322e0527e569ef05797
Certificate serial:       018D5EC90E0968AF0A13029799434392CC45
Authority key identifier: 07:40:13:51:FC:3C:F7:33:70:A1:E3:22:E0:52:7E:56:9E:F0:57:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B0ATUfw89zNwoeMi4FJ-Vp7wV5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/627c4c-f881-484f-b07b-d6df6b795dea/1/O495jmaKDYtPit0ZyOd2mLVHuCg.roa
Signing time:             Wed 31 Jan 2024 09:10:51 +0000
ROA not before:           Wed 31 Jan 2024 09:10:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41236
IP address blocks:        193.239.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/627c4c-f881-484f-b07b-d6df6b795dea/1/B0ATUfw89zNwoeMi4FJ-Vp7wV5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/627c4c-f881-484f-b07b-d6df6b795dea/1/B0ATUfw89zNwoeMi4FJ-Vp7wV5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B0ATUfw89zNwoeMi4FJ-Vp7wV5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c9:0e:09:68:af:0a:13:02:97:99:43:43:92:cc:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07401351fc3cf73370a1e322e0527e569ef05797
        Validity
            Not Before: Jan 31 09:10:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b8f798e668a0d8b4f8add19c8e77698b547b828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:5b:d2:32:ce:36:fc:aa:b8:cb:b0:41:ba:68:
                    b3:2a:18:12:1a:96:51:8c:d6:6d:ad:a5:9d:28:52:
                    d1:b9:40:6c:a4:38:32:47:60:cb:f9:b2:80:79:fe:
                    73:44:ef:99:a3:92:4b:db:d6:76:18:fa:0a:95:a5:
                    52:2d:3e:6e:42:34:61:09:64:0c:9d:17:3b:c2:70:
                    1a:98:dd:0f:38:be:0d:5a:06:73:ea:5f:14:a0:ff:
                    a7:98:7b:a2:6f:37:91:51:31:70:5d:90:ef:b7:fe:
                    e7:9d:8d:62:1d:7b:46:65:07:3b:39:65:13:85:be:
                    b2:61:c1:94:4d:08:b6:83:2f:5f:0d:bb:00:02:3e:
                    b4:13:91:af:63:e8:02:7d:78:20:2c:68:2a:51:1b:
                    a9:e4:9f:77:f5:dd:e6:c9:7f:da:30:53:84:a0:2e:
                    0f:d9:60:ef:00:ac:c2:26:66:e7:4f:55:30:19:93:
                    f0:6a:71:73:93:c3:1f:c8:50:2b:02:b3:25:1d:5a:
                    fa:96:36:a1:ca:a9:6f:f5:4d:0a:ba:2d:a0:9a:6d:
                    8e:2c:05:28:8e:e5:8c:53:2e:f6:0d:21:6f:e5:60:
                    e6:55:33:1c:97:d6:8d:34:4f:7a:24:25:46:77:4e:
                    3e:4b:f8:21:44:d6:a3:3a:90:fc:0e:4c:24:22:bf:
                    46:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:8F:79:8E:66:8A:0D:8B:4F:8A:DD:19:C8:E7:76:98:B5:47:B8:28
            X509v3 Authority Key Identifier:
                keyid:07:40:13:51:FC:3C:F7:33:70:A1:E3:22:E0:52:7E:56:9E:F0:57:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B0ATUfw89zNwoeMi4FJ-Vp7wV5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/627c4c-f881-484f-b07b-d6df6b795dea/1/O495jmaKDYtPit0ZyOd2mLVHuCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/627c4c-f881-484f-b07b-d6df6b795dea/1/B0ATUfw89zNwoeMi4FJ-Vp7wV5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:c9:4d:1a:fd:8d:c5:5b:6d:4b:78:0e:94:67:70:db:84:75:
         ee:ae:91:5a:4f:00:40:0c:40:8b:2d:fd:ff:a7:cb:1c:ef:7d:
         85:c8:c3:be:64:b3:dd:3c:d5:80:92:43:82:60:39:37:e4:32:
         47:b7:5d:b7:2d:0a:8a:7e:c8:4c:f9:2a:d2:70:61:93:d9:89:
         7c:0f:3f:b2:31:dd:11:a1:15:e9:4d:26:6c:d1:41:6e:61:f4:
         fd:45:b1:7e:32:9e:62:2a:7e:5c:b6:6b:78:3b:98:fe:64:8e:
         73:50:5f:31:8c:21:94:e5:a5:25:aa:ac:03:f4:d0:9c:5c:9c:
         f7:23:a4:04:2a:47:74:4e:e0:3a:b5:53:6c:84:b7:6e:d0:33:
         f2:77:e5:c6:39:79:83:eb:e4:0d:a0:30:df:71:2e:42:54:e3:
         a7:32:9a:a9:ac:9b:cb:4f:63:e0:e2:2c:d1:00:a9:82:dc:5a:
         a2:56:5e:b5:c6:6e:40:11:cb:48:36:f8:e9:b8:8d:00:4f:6c:
         b9:1b:6a:dd:9c:9d:f2:77:b7:e5:2b:ce:96:0f:87:de:00:32:
         64:a5:43:32:cc:fa:e8:56:8d:9c:f0:fd:4d:73:95:69:b8:f9:
         56:f7:b6:dc:72:44:c1:bf:69:86:b6:6a:6d:0e:13:e7:2a:f0:
         9e:ad:7c:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1eyQ4JaK8KEwKXmUNDksxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NDAxMzUxZmMzY2Y3MzM3MGExZTMyMmUwNTI3ZTU2OWVm
MDU3OTcwHhcNMjQwMTMxMDkxMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhmNzk4ZTY2OGEwZDhiNGY4YWRkMTljOGU3NzY5OGI1NDdiODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41vSMs42/Kq4y7BBumizKhgSGpZR
jNZtraWdKFLRuUBspDgyR2DL+bKAef5zRO+Zo5JL29Z2GPoKlaVSLT5uQjRhCWQM
nRc7wnAamN0POL4NWgZz6l8UoP+nmHuibzeRUTFwXZDvt/7nnY1iHXtGZQc7OWUT
hb6yYcGUTQi2gy9fDbsAAj60E5GvY+gCfXggLGgqURup5J939d3myX/aMFOEoC4P
2WDvAKzCJmbnT1UwGZPwanFzk8MfyFArArMlHVr6ljahyqlv9U0Kui2gmm2OLAUo
juWMUy72DSFv5WDmVTMcl9aNNE96JCVGd04+S/ghRNajOpD8DkwkIr9GtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuPeY5mig2LT4rdGcjndpi1R7goMB8GA1UdIwQY
MBaAFAdAE1H8PPczcKHjIuBSflae8FeXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjBBVFVmdzg5ek53b2VNaTRGSi1WcDd3VjVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS82MjdjNGMtZjg4MS00ODRmLWIwN2It
ZDZkZjZiNzk1ZGVhLzEvTzQ5NWptYUtEWXRQaXQwWnlPZDJtTFZIdUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS82MjdjNGMtZjg4MS00ODRmLWIwN2ItZDZkZjZiNzk1ZGVh
LzEvQjBBVFVmdzg5ek53b2VNaTRGSi1WcDd3VjVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe+wMA0G
CSqGSIb3DQEBCwUAA4IBAQBsyU0a/Y3FW21LeA6UZ3DbhHXurpFaTwBADECLLf3/
p8sc732FyMO+ZLPdPNWAkkOCYDk35DJHt123LQqKfshM+SrScGGT2Yl8Dz+yMd0R
oRXpTSZs0UFuYfT9RbF+Mp5iKn5ctmt4O5j+ZI5zUF8xjCGU5aUlqqwD9NCcXJz3
I6QEKkd0TuA6tVNshLdu0DPyd+XGOXmD6+QNoDDfcS5CVOOnMpqprJvLT2Pg4izR
AKmC3FqiVl61xm5AEctINvjpuI0AT2y5G2rdnJ3yd7flK86WD4feADJkpUMyzPro
Vo2c8P1Nc5VpuPlW97bcckTBv2mGtmptDhPnKvCerXx6
-----END CERTIFICATE-----