Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4da2ea-abc0-4bf4-9e06-075e83dd3356/1/OLB98a84NaUJlhj9AHKeiug5y5E.roa
File:                     OLB98a84NaUJlhj9AHKeiug5y5E.roa (raw, json)
Hash identifier:          U5/1etObseoPEelPf0MAZx8JxpPsCX7gwjFKnwl7Hqg=
Subject key identifier:   38:B0:7D:F1:AF:38:35:A5:09:96:18:FD:00:72:9E:8A:E8:39:CB:91
Certificate issuer:       /CN=b092425ab7d66bab711fbaa22757377807834159
Certificate serial:       018CC2DACA88872F4904FD8FB6F07300474D
Authority key identifier: B0:92:42:5A:B7:D6:6B:AB:71:1F:BA:A2:27:57:37:78:07:83:41:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sJJCWrfWa6txH7qiJ1c3eAeDQVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4da2ea-abc0-4bf4-9e06-075e83dd3356/1/OLB98a84NaUJlhj9AHKeiug5y5E.roa
Signing time:             Mon 01 Jan 2024 02:29:27 +0000
ROA not before:           Mon 01 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44410
IP address blocks:        193.3.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4da2ea-abc0-4bf4-9e06-075e83dd3356/1/sJJCWrfWa6txH7qiJ1c3eAeDQVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4da2ea-abc0-4bf4-9e06-075e83dd3356/1/sJJCWrfWa6txH7qiJ1c3eAeDQVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sJJCWrfWa6txH7qiJ1c3eAeDQVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ca:88:87:2f:49:04:fd:8f:b6:f0:73:00:47:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b092425ab7d66bab711fbaa22757377807834159
        Validity
            Not Before: Jan  1 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38b07df1af3835a5099618fd00729e8ae839cb91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e9:13:a0:83:f7:d5:d1:09:5e:8f:49:19:55:
                    01:86:99:30:93:35:5a:95:af:d3:47:f8:ba:25:0f:
                    c9:33:34:3b:0b:16:ff:2b:dd:f0:0f:09:4a:8f:21:
                    da:80:d2:42:77:b6:11:9d:e2:60:6c:22:85:37:44:
                    48:ee:f6:34:25:07:eb:e1:77:5f:77:ea:ca:2e:81:
                    0a:60:9a:fd:4d:89:25:ad:26:f5:cb:fb:1d:cb:cc:
                    6b:f7:31:ea:12:96:07:f0:e5:cf:d7:55:b8:f4:34:
                    8c:b3:c5:7d:99:21:65:a3:f6:73:f3:f5:09:8d:11:
                    d0:1d:26:c2:6b:aa:1d:cb:8e:cd:67:bc:88:27:56:
                    b1:ed:ca:cd:2f:ed:0d:9c:8c:26:28:38:59:15:a5:
                    be:ea:b6:88:e1:17:7f:25:4f:19:a4:61:a6:cf:44:
                    f3:91:bf:bd:81:30:c0:4b:43:4d:82:c9:bb:d9:3e:
                    55:f4:31:19:b5:17:5d:3b:6e:db:89:a7:d9:42:1e:
                    c2:f6:cf:15:27:08:95:ce:51:f8:37:be:b9:cc:06:
                    66:de:a2:1c:4c:da:26:43:03:e4:06:4e:50:94:9b:
                    68:07:7a:8a:10:b9:99:2e:64:9e:42:49:63:f0:cd:
                    8d:0f:7a:b5:84:25:38:05:02:74:b4:8a:f8:da:40:
                    c1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B0:7D:F1:AF:38:35:A5:09:96:18:FD:00:72:9E:8A:E8:39:CB:91
            X509v3 Authority Key Identifier:
                keyid:B0:92:42:5A:B7:D6:6B:AB:71:1F:BA:A2:27:57:37:78:07:83:41:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sJJCWrfWa6txH7qiJ1c3eAeDQVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4da2ea-abc0-4bf4-9e06-075e83dd3356/1/OLB98a84NaUJlhj9AHKeiug5y5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4da2ea-abc0-4bf4-9e06-075e83dd3356/1/sJJCWrfWa6txH7qiJ1c3eAeDQVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:4b:72:ae:80:09:00:9d:8d:21:7a:58:f0:60:64:62:0f:08:
         73:07:d0:5b:cf:fb:4e:1a:d3:ab:22:cf:c4:0b:7c:af:ad:53:
         bc:43:78:d9:9f:46:5a:b5:d2:1d:d8:fd:6b:ff:fa:96:74:55:
         f9:8b:29:88:25:1f:a2:4d:58:67:54:d1:46:ad:36:b9:06:b0:
         b1:7e:53:da:40:33:b8:e9:49:4c:9d:83:29:a2:53:c8:df:16:
         77:b9:50:8c:ae:f5:f2:6c:59:b3:8e:e0:b8:f5:98:92:16:8e:
         30:17:ff:aa:1c:7c:fa:3f:2c:fa:6f:98:9d:d5:2d:97:04:86:
         a4:57:23:29:40:92:be:d5:b6:4a:fe:ae:6a:8b:3a:84:71:7c:
         83:a4:29:39:ae:b9:4f:6c:55:32:d3:ee:cc:bd:a6:ec:ef:92:
         8b:bb:04:43:93:cd:ab:b4:0f:38:f7:dd:0d:3e:e7:34:99:d0:
         07:b1:c8:c4:59:70:dd:39:16:f4:c3:87:c8:32:c6:0d:bb:c8:
         27:67:06:0a:7f:bc:c0:cc:bf:05:15:92:62:dc:28:c1:6b:51:
         d8:c0:48:c1:66:e3:22:6e:f5:dc:05:e0:e7:8a:7d:09:26:d9:
         fe:42:dc:f6:1c:a3:77:ef:cc:e7:1e:7b:9a:39:39:29:a2:8f:
         74:5e:4c:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sqIhy9JBP2PtvBzAEdNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwOTI0MjVhYjdkNjZiYWI3MTFmYmFhMjI3NTczNzc4MDc4
MzQxNTkwHhcNMjQwMTAxMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGIwN2RmMWFmMzgzNWE1MDk5NjE4ZmQwMDcyOWU4YWU4MzljYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnukToIP31dEJXo9JGVUBhpkwkzVa
la/TR/i6JQ/JMzQ7Cxb/K93wDwlKjyHagNJCd7YRneJgbCKFN0RI7vY0JQfr4Xdf
d+rKLoEKYJr9TYklrSb1y/sdy8xr9zHqEpYH8OXP11W49DSMs8V9mSFlo/Zz8/UJ
jRHQHSbCa6ody47NZ7yIJ1ax7crNL+0NnIwmKDhZFaW+6raI4Rd/JU8ZpGGmz0Tz
kb+9gTDAS0NNgsm72T5V9DEZtRddO27biafZQh7C9s8VJwiVzlH4N765zAZm3qIc
TNomQwPkBk5QlJtoB3qKELmZLmSeQklj8M2ND3q1hCU4BQJ0tIr42kDBgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiwffGvODWlCZYY/QBynoroOcuRMB8GA1UdIwQY
MBaAFLCSQlq31murcR+6oidXN3gHg0FZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0pKQ1dyZldhNnR4SDdxaUoxYzNlQWVEUVZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80ZGEyZWEtYWJjMC00YmY0LTllMDYt
MDc1ZTgzZGQzMzU2LzEvT0xCOThhODROYVVKbGhqOUFIS2VpdWc1eTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80ZGEyZWEtYWJjMC00YmY0LTllMDYtMDc1ZTgzZGQzMzU2
LzEvc0pKQ1dyZldhNnR4SDdxaUoxYzNlQWVEUVZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQP/MA0G
CSqGSIb3DQEBCwUAA4IBAQAeS3KugAkAnY0heljwYGRiDwhzB9Bbz/tOGtOrIs/E
C3yvrVO8Q3jZn0ZatdId2P1r//qWdFX5iymIJR+iTVhnVNFGrTa5BrCxflPaQDO4
6UlMnYMpolPI3xZ3uVCMrvXybFmzjuC49ZiSFo4wF/+qHHz6Pyz6b5id1S2XBIak
VyMpQJK+1bZK/q5qizqEcXyDpCk5rrlPbFUy0+7Mvabs75KLuwRDk82rtA84990N
Puc0mdAHscjEWXDdORb0w4fIMsYNu8gnZwYKf7zAzL8FFZJi3CjBa1HYwEjBZuMi
bvXcBeDnin0JJtn+Qtz2HKN378znHnuaOTkpoo90XkyM
-----END CERTIFICATE-----