Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/o1LgdYBt9VC-Km2SOadvRSsCJZ4.roa
File:                     o1LgdYBt9VC-Km2SOadvRSsCJZ4.roa (raw, json)
Hash identifier:          vOWUMso7dWlMYUWLjY76PtaPe8jl4W7ZtN9q+vfEkIY=
Subject key identifier:   A3:52:E0:75:80:6D:F5:50:BE:2A:6D:92:39:A7:6F:45:2B:02:25:9E
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       018CC794C999E4D054367F931BD02CF3FA70
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/o1LgdYBt9VC-Km2SOadvRSsCJZ4.roa
Signing time:             Tue 02 Jan 2024 00:31:06 +0000
ROA not before:           Tue 02 Jan 2024 00:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.192.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 15:42:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:c9:99:e4:d0:54:36:7f:93:1b:d0:2c:f3:fa:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Jan  2 00:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a352e075806df550be2a6d9239a76f452b02259e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:6f:b3:d0:af:ef:f2:6a:16:7a:35:21:6b:31:
                    47:93:f1:36:62:50:ff:d1:b8:54:f4:a9:1f:43:6f:
                    32:dd:11:5d:2f:49:d4:80:65:5f:37:eb:91:e5:1a:
                    63:b5:09:ad:d0:f1:49:ee:02:96:11:e0:1b:69:b7:
                    ba:8f:e9:dc:cc:3d:19:64:49:22:82:30:77:34:4d:
                    de:0a:7b:82:54:27:3a:59:0f:e3:00:eb:f8:fa:95:
                    99:d1:71:f1:7f:40:bd:92:cc:70:b0:74:a3:30:f2:
                    e9:a6:50:99:a1:d8:de:0d:73:6d:e4:df:a9:bf:83:
                    70:1a:24:f4:a2:36:6e:ec:db:4d:f1:0c:b3:f3:ad:
                    8d:43:15:4b:72:9a:e7:07:b7:77:8d:18:f1:5b:fe:
                    fd:18:7f:3d:4b:ff:1b:1b:02:1e:36:f8:e2:02:17:
                    fd:7f:1f:6e:1a:f4:1a:85:f0:99:89:23:86:e1:a3:
                    7a:09:87:b8:44:f8:f4:61:64:6d:46:cb:49:02:3c:
                    02:c8:ad:90:7d:a9:e3:d3:50:53:08:9e:1f:71:8d:
                    45:31:57:0c:80:df:5a:ee:79:a2:f8:a8:02:01:7b:
                    e4:ae:10:95:c5:01:df:b8:23:b5:6e:bd:f9:8f:a9:
                    a0:8d:1b:f7:3b:5d:93:7b:32:9b:44:88:53:98:e0:
                    2a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:52:E0:75:80:6D:F5:50:BE:2A:6D:92:39:A7:6F:45:2B:02:25:9E
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/o1LgdYBt9VC-Km2SOadvRSsCJZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:95:43:f6:28:58:50:a5:10:49:b8:16:41:d9:11:f9:3c:51:
         4e:17:12:77:57:82:a2:d2:0c:c1:9b:8d:a6:09:73:c7:22:e3:
         1b:f1:af:8b:da:4c:eb:16:ba:7f:fb:ec:da:f4:7d:e9:f5:94:
         60:b9:47:6f:3f:05:fa:5c:37:ca:cb:39:c8:22:59:3f:7f:5c:
         b6:78:13:74:83:71:cd:ff:b7:87:db:cf:3b:08:46:93:fe:9a:
         73:61:99:72:1b:71:83:10:94:44:9e:94:ed:be:a1:83:d5:c8:
         c0:a2:41:14:14:ca:8e:db:8b:f7:d0:87:9b:3d:4a:40:e9:93:
         72:22:79:5f:97:8e:76:06:8a:2a:29:d3:26:1a:92:87:3a:55:
         04:83:2c:26:c3:9f:ac:fd:37:f2:ad:67:b1:68:fe:f3:10:ea:
         7f:39:5b:3c:e6:67:42:6d:97:04:3c:64:e1:47:ab:c9:0b:0e:
         ba:5a:73:83:df:63:12:8b:86:d6:aa:84:bc:2c:a8:d8:5d:de:
         40:ee:e3:58:65:1a:2e:d5:cc:d4:3a:ad:5e:98:b8:e4:1b:d0:
         62:ec:97:d9:0e:ee:ce:85:40:39:6d:7b:f8:11:b6:4c:d1:ad:
         5c:02:98:f0:1d:4c:be:b3:c1:01:9a:32:fd:35:08:dd:49:ad:
         7b:84:2d:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlMmZ5NBUNn+TG9As8/pwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTY5NzE2ZDBhZTY0MDY4NzAzMTQwYWEzNzMwZTM3ODhm
ZGQ0YzYwHhcNMjQwMTAyMDAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzUyZTA3NTgwNmRmNTUwYmUyYTZkOTIzOWE3NmY0NTJiMDIyNTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2+z0K/v8moWejUhazFHk/E2YlD/
0bhU9KkfQ28y3RFdL0nUgGVfN+uR5RpjtQmt0PFJ7gKWEeAbabe6j+nczD0ZZEki
gjB3NE3eCnuCVCc6WQ/jAOv4+pWZ0XHxf0C9ksxwsHSjMPLpplCZodjeDXNt5N+p
v4NwGiT0ojZu7NtN8Qyz862NQxVLcprnB7d3jRjxW/79GH89S/8bGwIeNvjiAhf9
fx9uGvQahfCZiSOG4aN6CYe4RPj0YWRtRstJAjwCyK2Qfanj01BTCJ4fcY1FMVcM
gN9a7nmi+KgCAXvkrhCVxQHfuCO1br35j6mgjRv3O12TezKbRIhTmOAqZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNS4HWAbfVQviptkjmnb0UrAiWeMB8GA1UdIwQY
MBaAFMYWlxbQrmQGhwMUCqNzDjeI/dTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2Yt
MDQyNDQ2YjcwZmIxLzEvbzFMZ2RZQnQ5VkMtS20yU09hZHZSU3NDSlo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2YtMDQyNDQ2YjcwZmIx
LzEveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucAUMA0G
CSqGSIb3DQEBCwUAA4IBAQB0lUP2KFhQpRBJuBZB2RH5PFFOFxJ3V4Ki0gzBm42m
CXPHIuMb8a+L2kzrFrp/++za9H3p9ZRguUdvPwX6XDfKyznIIlk/f1y2eBN0g3HN
/7eH2887CEaT/ppzYZlyG3GDEJREnpTtvqGD1cjAokEUFMqO24v30IebPUpA6ZNy
Inlfl452BooqKdMmGpKHOlUEgywmw5+s/TfyrWexaP7zEOp/OVs85mdCbZcEPGTh
R6vJCw66WnOD32MSi4bWqoS8LKjYXd5A7uNYZRou1czUOq1emLjkG9Bi7JfZDu7O
hUA5bXv4EbZM0a1cApjwHUy+s8EBmjL9NQjdSa17hC0i
-----END CERTIFICATE-----