Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/d0a1fe-0b65-4d50-ae2f-12898697a862/1/OG3XOwCckIClse_-73KQEJwQCWE.roa
File:                     OG3XOwCckIClse_-73KQEJwQCWE.roa (raw, json)
Hash identifier:          rABrls9mDGA+WVLh8PFJY+Ndk2Al9x12CJiCXuIFhPU=
Subject key identifier:   38:6D:D7:3B:00:9C:90:80:A5:B1:EF:FE:EF:72:90:10:9C:10:09:61
Certificate issuer:       /CN=d2a3c8cc63d0e7e069ca523f34efb3953ee21b65
Certificate serial:       018CC86FA4023CA508CAF9C93FCA4FA2DC98
Authority key identifier: D2:A3:C8:CC:63:D0:E7:E0:69:CA:52:3F:34:EF:B3:95:3E:E2:1B:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0qPIzGPQ5-BpylI_NO-zlT7iG2U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/d0a1fe-0b65-4d50-ae2f-12898697a862/1/OG3XOwCckIClse_-73KQEJwQCWE.roa
Signing time:             Tue 02 Jan 2024 04:30:08 +0000
ROA not before:           Tue 02 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25353
IP address blocks:        193.162.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/d0a1fe-0b65-4d50-ae2f-12898697a862/1/0qPIzGPQ5-BpylI_NO-zlT7iG2U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/d0a1fe-0b65-4d50-ae2f-12898697a862/1/0qPIzGPQ5-BpylI_NO-zlT7iG2U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0qPIzGPQ5-BpylI_NO-zlT7iG2U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a4:02:3c:a5:08:ca:f9:c9:3f:ca:4f:a2:dc:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2a3c8cc63d0e7e069ca523f34efb3953ee21b65
        Validity
            Not Before: Jan  2 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=386dd73b009c9080a5b1effeef7290109c100961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:74:83:88:b1:de:33:3e:30:7d:58:f5:0b:0d:
                    36:fa:24:cf:0c:0f:5c:af:e9:79:4e:82:b7:f8:32:
                    5e:96:c4:09:29:0a:cf:da:78:f1:bb:40:90:10:54:
                    73:ad:70:ee:52:46:a5:58:0d:92:cd:21:ad:6d:a7:
                    3c:9f:54:6c:3f:b2:3f:52:7b:df:ce:73:e5:b7:b0:
                    c5:cc:04:7c:45:64:03:ee:e4:b5:0f:7d:46:68:3c:
                    34:ca:5b:1c:eb:8d:8d:3f:17:e5:c6:e8:ee:8b:9f:
                    78:6d:50:fa:b7:dd:92:2d:04:98:69:b0:e6:4e:6b:
                    22:78:a9:b4:c9:6a:22:7a:f6:8a:9d:9a:08:97:2b:
                    b1:d7:f2:20:71:fd:36:e3:fc:c0:01:e2:df:08:53:
                    db:81:0b:bb:7b:6a:4f:b3:d6:2a:54:1a:29:5b:23:
                    18:3f:42:40:be:43:4b:8c:e6:cb:0e:19:6d:37:44:
                    b0:26:42:5e:90:a9:71:92:42:67:07:5c:33:22:db:
                    26:43:46:06:12:16:04:6f:91:cf:12:0d:3f:dc:f0:
                    e8:59:30:cf:4e:32:fe:cf:36:0e:12:81:26:72:68:
                    d6:0a:7b:eb:0a:e4:d5:ed:0a:02:34:b4:57:5f:01:
                    a8:82:27:91:35:05:57:25:4b:b2:8c:5c:ae:5b:09:
                    6d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6D:D7:3B:00:9C:90:80:A5:B1:EF:FE:EF:72:90:10:9C:10:09:61
            X509v3 Authority Key Identifier:
                keyid:D2:A3:C8:CC:63:D0:E7:E0:69:CA:52:3F:34:EF:B3:95:3E:E2:1B:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0qPIzGPQ5-BpylI_NO-zlT7iG2U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d0a1fe-0b65-4d50-ae2f-12898697a862/1/OG3XOwCckIClse_-73KQEJwQCWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d0a1fe-0b65-4d50-ae2f-12898697a862/1/0qPIzGPQ5-BpylI_NO-zlT7iG2U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:76:bb:9b:5c:a6:18:30:52:e7:62:7c:c0:01:c4:fc:4b:6b:
         66:b0:c6:a0:46:c0:bb:b3:c3:a6:39:b6:9f:88:4f:d1:f7:eb:
         2a:1c:d1:e0:28:50:7d:a0:d4:d2:51:f6:31:e1:24:98:03:bf:
         a5:aa:eb:3f:8e:dc:f1:44:ac:cd:e3:7c:7e:c0:16:87:cd:b3:
         da:ec:ec:61:2b:4f:50:e8:2d:d9:91:d8:99:0e:5a:be:67:4b:
         a8:5e:2d:86:37:0d:2b:52:c4:f8:9e:86:c1:8a:c5:28:ce:c2:
         77:3f:1e:ce:fa:ea:8c:65:cf:0f:03:e8:6a:35:36:97:27:9d:
         94:c6:74:3b:81:a6:7b:14:86:3b:da:ad:5a:0a:93:4b:a5:bd:
         64:8d:31:fe:7f:85:9f:81:45:26:8b:a2:a7:7d:1a:d5:8d:de:
         31:ac:85:3d:a6:2c:6f:94:3b:38:cf:35:51:42:62:49:4a:d8:
         b0:4d:19:92:08:50:f5:98:fe:0d:fc:a6:68:35:ec:3b:9b:cd:
         fa:75:52:24:f5:8f:d1:de:ed:05:3e:a5:d7:0c:99:f0:83:da:
         56:9b:ee:d8:2c:08:7f:a9:30:46:2c:7f:8c:c1:6c:07:3f:c5:
         28:1e:2a:ff:55:e3:99:c1:b2:5b:00:5f:35:27:99:8d:ef:03:
         a5:f6:05:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb6QCPKUIyvnJP8pPotyYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYTNjOGNjNjNkMGU3ZTA2OWNhNTIzZjM0ZWZiMzk1M2Vl
MjFiNjUwHhcNMjQwMTAyMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZkZDczYjAwOWM5MDgwYTViMWVmZmVlZjcyOTAxMDljMTAwOTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXSDiLHeMz4wfVj1Cw02+iTPDA9c
r+l5ToK3+DJelsQJKQrP2njxu0CQEFRzrXDuUkalWA2SzSGtbac8n1RsP7I/Unvf
znPlt7DFzAR8RWQD7uS1D31GaDw0ylsc642NPxflxujui594bVD6t92SLQSYabDm
TmsieKm0yWoievaKnZoIlyux1/Igcf024/zAAeLfCFPbgQu7e2pPs9YqVBopWyMY
P0JAvkNLjObLDhltN0SwJkJekKlxkkJnB1wzItsmQ0YGEhYEb5HPEg0/3PDoWTDP
TjL+zzYOEoEmcmjWCnvrCuTV7QoCNLRXXwGogieRNQVXJUuyjFyuWwltcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDht1zsAnJCApbHv/u9ykBCcEAlhMB8GA1UdIwQY
MBaAFNKjyMxj0OfgacpSPzTvs5U+4htlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHFQSXpHUFE1LUJweWxJX05PLXpsVDdpRzJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9kMGExZmUtMGI2NS00ZDUwLWFlMmYt
MTI4OTg2OTdhODYyLzEvT0czWE93Q2NrSUNsc2VfLTczS1FFSndRQ1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9kMGExZmUtMGI2NS00ZDUwLWFlMmYtMTI4OTg2OTdhODYy
LzEvMHFQSXpHUFE1LUJweWxJX05PLXpsVDdpRzJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaJPMA0G
CSqGSIb3DQEBCwUAA4IBAQBIdrubXKYYMFLnYnzAAcT8S2tmsMagRsC7s8OmObaf
iE/R9+sqHNHgKFB9oNTSUfYx4SSYA7+lqus/jtzxRKzN43x+wBaHzbPa7OxhK09Q
6C3ZkdiZDlq+Z0uoXi2GNw0rUsT4nobBisUozsJ3Px7O+uqMZc8PA+hqNTaXJ52U
xnQ7gaZ7FIY72q1aCpNLpb1kjTH+f4WfgUUmi6KnfRrVjd4xrIU9pixvlDs4zzVR
QmJJStiwTRmSCFD1mP4N/KZoNew7m836dVIk9Y/R3u0FPqXXDJnwg9pWm+7YLAh/
qTBGLH+MwWwHP8UoHir/VeOZwbJbAF81J5mN7wOl9gVn
-----END CERTIFICATE-----