Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/ozO1CA0XgWkoJsek8riCYKsu6Aw.roa
File:                     ozO1CA0XgWkoJsek8riCYKsu6Aw.roa (raw, json)
Hash identifier:          ua2+mg3Tka1wyRGgatcmvBH47duQysmdBTO65y1ddMA=
Subject key identifier:   A3:33:B5:08:0D:17:81:69:28:26:C7:A4:F2:B8:82:60:AB:2E:E8:0C
Certificate issuer:       /CN=c7a2e4eb9fd3ccd1ba44a362f76f989b7b44d5f2
Certificate serial:       0190DECAEC607C05282514C4524F7EF8CA61
Authority key identifier: C7:A2:E4:EB:9F:D3:CC:D1:BA:44:A3:62:F7:6F:98:9B:7B:44:D5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/ozO1CA0XgWkoJsek8riCYKsu6Aw.roa
Signing time:             Tue 23 Jul 2024 08:52:39 +0000
ROA not before:           Tue 23 Jul 2024 08:52:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35280
IP address blocks:        194.33.68.0/24 maxlen: 24
                          194.33.70.0/23 maxlen: 23
                          2001:67c:2994::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:de:ca:ec:60:7c:05:28:25:14:c4:52:4f:7e:f8:ca:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7a2e4eb9fd3ccd1ba44a362f76f989b7b44d5f2
        Validity
            Not Before: Jul 23 08:52:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a333b5080d1781692826c7a4f2b88260ab2ee80c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:43:47:43:ac:e7:f8:38:b8:cb:a9:c9:f8:46:
                    1e:c7:2b:3a:9f:33:9b:e7:34:8d:a5:3f:44:25:f3:
                    b8:8e:c5:66:28:11:29:6d:60:10:b2:9a:aa:21:74:
                    22:26:89:18:7c:0d:56:34:1a:74:eb:06:b6:bc:f2:
                    48:05:72:0e:5f:d7:51:e8:3a:47:85:5b:84:c4:44:
                    d6:98:0c:b0:70:05:11:f9:ad:65:a6:3a:a1:e5:b8:
                    d7:db:93:28:d8:c6:01:f2:ce:1c:ed:b3:d4:9e:b4:
                    a1:39:b5:31:70:83:57:fd:94:15:1a:48:47:f8:de:
                    30:de:55:7f:c8:98:4e:9d:2f:8f:94:68:5e:c7:71:
                    43:20:60:d9:8c:d9:d1:ef:72:5e:34:76:01:ed:11:
                    a8:dc:35:83:0f:d0:35:6b:04:59:53:cc:70:a2:00:
                    48:05:9e:52:2e:e3:8f:b3:b6:09:87:69:e1:c2:75:
                    9d:84:e7:81:35:9e:9f:f5:a0:e9:92:e8:65:59:fb:
                    fe:2a:ec:69:0e:b5:a3:5e:6c:68:e4:b3:82:77:a6:
                    48:cd:3c:12:6a:14:02:18:bf:4d:f9:54:e6:f8:21:
                    64:4f:97:6a:a1:a1:c7:5e:d8:73:98:be:b4:00:32:
                    00:fc:90:75:0b:bf:bf:c7:4e:4e:2c:05:cc:37:e0:
                    dc:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:33:B5:08:0D:17:81:69:28:26:C7:A4:F2:B8:82:60:AB:2E:E8:0C
            X509v3 Authority Key Identifier:
                keyid:C7:A2:E4:EB:9F:D3:CC:D1:BA:44:A3:62:F7:6F:98:9B:7B:44:D5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/ozO1CA0XgWkoJsek8riCYKsu6Aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.68.0/24
                  194.33.70.0/23
                IPv6:
                  2001:67c:2994::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:8d:73:95:15:5b:95:47:7a:6b:ad:11:0e:36:9c:a9:67:62:
         1a:12:89:7b:65:3e:89:39:f2:cc:ce:4e:3b:42:3e:db:8f:0d:
         fe:b1:a9:8b:71:37:05:0c:88:f5:5b:28:74:97:ee:77:37:08:
         d2:87:c9:c6:57:16:27:b4:f8:60:ef:bd:48:64:22:50:08:00:
         28:65:2c:2c:59:d4:fb:34:da:26:6e:95:38:11:c5:b7:7e:d5:
         42:4d:77:88:65:8d:21:c1:25:06:1e:b2:96:ac:68:6d:f8:58:
         3f:46:a4:c4:01:7f:db:78:26:28:19:2f:74:61:2a:c5:5c:cc:
         9c:cc:55:4e:92:d0:22:f6:6a:81:1b:f1:55:39:b9:6d:84:81:
         c4:8c:09:83:00:ae:95:cf:9b:ee:dc:e0:c0:16:56:fd:42:cb:
         5f:fc:2b:f9:8e:dc:fe:66:16:9b:ed:af:89:27:83:ad:d1:11:
         a5:08:fb:e5:0c:2f:cf:42:cf:63:5d:96:80:8f:9a:e1:28:29:
         a7:f6:b3:5f:50:db:ed:6f:91:15:aa:34:5c:59:be:b6:61:38:
         20:45:30:dd:f3:ed:34:45:75:41:b8:05:9b:19:51:cc:95:7e:
         e4:2a:be:ee:82:07:3f:99:ef:bc:76:9a:44:70:2d:e7:b5:20:
         37:bb:20:ef
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZDeyuxgfAUoJRTEUk9++MphMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YTJlNGViOWZkM2NjZDFiYTQ0YTM2MmY3NmY5ODliN2I0
NGQ1ZjIwHhcNMjQwNzIzMDg1MjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzMzYjUwODBkMTc4MTY5MjgyNmM3YTRmMmI4ODI2MGFiMmVlODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzENHQ6zn+Di4y6nJ+EYexys6nzOb
5zSNpT9EJfO4jsVmKBEpbWAQspqqIXQiJokYfA1WNBp06wa2vPJIBXIOX9dR6DpH
hVuExETWmAywcAUR+a1lpjqh5bjX25Mo2MYB8s4c7bPUnrShObUxcINX/ZQVGkhH
+N4w3lV/yJhOnS+PlGhex3FDIGDZjNnR73JeNHYB7RGo3DWDD9A1awRZU8xwogBI
BZ5SLuOPs7YJh2nhwnWdhOeBNZ6f9aDpkuhlWfv+KuxpDrWjXmxo5LOCd6ZIzTwS
ahQCGL9N+VTm+CFkT5dqoaHHXthzmL60ADIA/JB1C7+/x05OLAXMN+Dc3QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFKMztQgNF4FpKCbHpPK4gmCrLugMMB8GA1UdIwQY
MBaAFMei5Ouf08zRukSjYvdvmJt7RNXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDZMazY1X1R6Tkc2UktOaTkyLVltM3RFMWZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8wZTQ5NzYtZTc1MC00NTY4LTg1ODMt
ZGU2ZWY3Yzk1NTI2LzEvb3pPMUNBMFhnV2tvSnNlazhyaUNZS3N1NkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8wZTQ5NzYtZTc1MC00NTY4LTg1ODMtZGU2ZWY3Yzk1NTI2
LzEveDZMazY1X1R6Tkc2UktOaTkyLVltM3RFMWZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwiFEAwQB
wiFGMA8EAgACMAkDBwAgAQZ8KZQwDQYJKoZIhvcNAQELBQADggEBADSNc5UVW5VH
emutEQ42nKlnYhoSiXtlPok58szOTjtCPtuPDf6xqYtxNwUMiPVbKHSX7nc3CNKH
ycZXFie0+GDvvUhkIlAIAChlLCxZ1Ps02iZulTgRxbd+1UJNd4hljSHBJQYespas
aG34WD9GpMQBf9t4JigZL3RhKsVczJzMVU6S0CL2aoEb8VU5uW2EgcSMCYMArpXP
m+7c4MAWVv1Cy1/8K/mO3P5mFpvtr4kng63REaUI++UML89Cz2NdloCPmuEoKaf2
s19Q2+1vkRWqNFxZvrZhOCBFMN3z7TRFdUG4BZsZUcyVfuQqvu6CBz+Z77x2mkRw
Lee1IDe7IO8=
-----END CERTIFICATE-----