Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/olm-MMnrDUZ3VfMwhqBGdoqYnVU.roa
File:                     olm-MMnrDUZ3VfMwhqBGdoqYnVU.roa (raw, json)
Hash identifier:          x+wTz7rkGPnBwjf86oDrqShWyqIrjL7p2yGmpqjknXU=
Subject key identifier:   A2:59:BE:30:C9:EB:0D:46:77:55:F3:30:86:A0:46:76:8A:98:9D:55
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018D8F9C35171B073586B63C5A53C5CCFAF8
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/olm-MMnrDUZ3VfMwhqBGdoqYnVU.roa
Signing time:             Fri 09 Feb 2024 20:43:15 +0000
ROA not before:           Fri 09 Feb 2024 20:43:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        178.253.38.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 15:42:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8f:9c:35:17:1b:07:35:86:b6:3c:5a:53:c5:cc:fa:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Feb  9 20:43:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a259be30c9eb0d467755f33086a046768a989d55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7c:1e:79:34:36:cc:67:0b:96:6e:df:ea:20:
                    35:bc:a0:90:9e:f4:63:2d:e6:f2:1b:94:90:b5:b8:
                    88:9d:a6:c9:52:5c:20:46:00:e1:f0:d7:42:9a:16:
                    f8:5e:a8:e7:32:4a:a3:5a:13:b1:d0:44:04:2e:58:
                    9c:cb:1a:74:14:3a:69:d3:e8:5f:99:94:c0:21:cc:
                    3e:32:22:67:83:b5:c6:91:9b:8d:95:60:2b:1b:22:
                    02:88:90:30:32:8e:6f:19:68:e7:ea:7e:87:f4:96:
                    9a:e3:e2:00:6d:da:2f:e5:b1:16:e4:bd:12:71:a0:
                    16:1c:14:7c:eb:3f:3e:3a:3c:cc:a8:6d:30:8a:ee:
                    c8:7e:de:44:e5:c9:03:5a:a0:06:65:6b:ee:a4:5f:
                    be:b5:a8:2a:ca:02:e6:99:9b:bd:37:fa:f0:21:e7:
                    f6:aa:33:a1:19:29:a4:0c:11:f1:b5:c6:53:c3:9e:
                    c0:cc:f7:b6:d9:1d:88:48:19:cf:62:b2:24:3d:c2:
                    87:64:52:97:39:ff:78:e3:cd:ba:57:3c:13:bc:fd:
                    52:de:84:c8:f2:b0:78:89:c4:0d:be:10:81:f4:f1:
                    1f:d5:7f:66:eb:ee:8d:cd:e1:6d:68:94:f4:97:c2:
                    3b:18:1a:31:39:8a:7d:cd:20:42:fe:82:2e:19:da:
                    5f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:59:BE:30:C9:EB:0D:46:77:55:F3:30:86:A0:46:76:8A:98:9D:55
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/olm-MMnrDUZ3VfMwhqBGdoqYnVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:f4:b6:4c:c0:59:c7:58:d0:85:49:b7:7f:c0:52:84:b5:d7:
         08:fa:57:6c:d4:c2:49:ae:d9:81:14:c8:33:bb:11:36:8d:3b:
         72:70:5e:77:95:91:cb:fe:b7:66:ae:a2:96:85:b9:cf:90:28:
         6a:0d:d3:e4:79:43:ac:c3:74:0a:11:ec:4b:c6:59:15:5c:23:
         5f:58:bd:e1:3d:35:0a:3a:69:1b:c6:ab:c6:63:4b:d6:f2:71:
         83:93:10:b2:3a:38:21:41:43:30:6d:12:e9:5d:64:30:fa:bd:
         cb:e3:77:24:01:56:af:52:fe:22:f2:f6:ec:78:5e:32:2e:73:
         83:e1:c1:5d:fa:0a:a1:9b:23:f9:45:8a:1a:e6:0c:55:5a:6e:
         87:fc:b9:3d:c0:88:33:cd:b6:b4:0d:11:85:b5:df:6b:e7:04:
         db:ef:53:e0:2c:88:9e:fe:64:9d:5d:95:5a:3a:74:9b:dd:72:
         c7:85:dd:cb:9c:e6:ff:21:8e:c6:e4:26:95:33:70:7d:30:cd:
         e4:ac:68:1d:65:4b:3f:69:7e:39:41:1e:2f:56:f0:69:c3:9d:
         ee:21:dc:b0:e2:4d:54:e7:2e:58:55:84:30:eb:4a:fe:ef:d7:
         5b:ca:c8:bf:62:8a:0f:54:6b:ad:d1:96:63:80:f0:e8:d2:bf:
         f8:24:14:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2PnDUXGwc1hrY8WlPFzPr4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMjA5MjA0MzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjU5YmUzMGM5ZWIwZDQ2Nzc1NWYzMzA4NmEwNDY3NjhhOTg5ZDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnweeTQ2zGcLlm7f6iA1vKCQnvRj
LebyG5SQtbiInabJUlwgRgDh8NdCmhb4XqjnMkqjWhOx0EQELlicyxp0FDpp0+hf
mZTAIcw+MiJng7XGkZuNlWArGyICiJAwMo5vGWjn6n6H9Jaa4+IAbdov5bEW5L0S
caAWHBR86z8+OjzMqG0wiu7Ift5E5ckDWqAGZWvupF++tagqygLmmZu9N/rwIef2
qjOhGSmkDBHxtcZTw57AzPe22R2ISBnPYrIkPcKHZFKXOf944826VzwTvP1S3oTI
8rB4icQNvhCB9PEf1X9m6+6NzeFtaJT0l8I7GBoxOYp9zSBC/oIuGdpf6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJZvjDJ6w1Gd1XzMIagRnaKmJ1VMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvb2xtLU1NbnJEVVozVmZNd2hxQkdkb3FZblZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsv0mMA0G
CSqGSIb3DQEBCwUAA4IBAQAi9LZMwFnHWNCFSbd/wFKEtdcI+lds1MJJrtmBFMgz
uxE2jTtycF53lZHL/rdmrqKWhbnPkChqDdPkeUOsw3QKEexLxlkVXCNfWL3hPTUK
OmkbxqvGY0vW8nGDkxCyOjghQUMwbRLpXWQw+r3L43ckAVavUv4i8vbseF4yLnOD
4cFd+gqhmyP5RYoa5gxVWm6H/Lk9wIgzzba0DRGFtd9r5wTb71PgLIie/mSdXZVa
OnSb3XLHhd3LnOb/IY7G5CaVM3B9MM3krGgdZUs/aX45QR4vVvBpw53uIdyw4k1U
5y5YVYQw60r+79dbysi/YooPVGut0ZZjgPDo0r/4JBSi
-----END CERTIFICATE-----