Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/OHRe_ZoNHRZdxjg3K1HCM-QxEpQ.roa
File:                     OHRe_ZoNHRZdxjg3K1HCM-QxEpQ.roa (raw, json)
Hash identifier:          jX5k2ciVze6L9BzctsbIJtfKOZnx1A46RyyCkwuDDNQ=
Subject key identifier:   38:74:5E:FD:9A:0D:1D:16:5D:C6:38:37:2B:51:C2:33:E4:31:12:94
Certificate issuer:       /CN=37689eaacbaf68af35d3fafb9674de48a6fc0978
Certificate serial:       018CC8017EC2EB660877A426E3DDF22628F7
Authority key identifier: 37:68:9E:AA:CB:AF:68:AF:35:D3:FA:FB:96:74:DE:48:A6:FC:09:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N2ieqsuvaK810_r7lnTeSKb8CXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/OHRe_ZoNHRZdxjg3K1HCM-QxEpQ.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210482
IP address blocks:        141.80.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/N2ieqsuvaK810_r7lnTeSKb8CXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/N2ieqsuvaK810_r7lnTeSKb8CXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N2ieqsuvaK810_r7lnTeSKb8CXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7e:c2:eb:66:08:77:a4:26:e3:dd:f2:26:28:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37689eaacbaf68af35d3fafb9674de48a6fc0978
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38745efd9a0d1d165dc638372b51c233e4311294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:1f:41:9b:f5:0f:13:10:05:e9:7d:15:78:f6:
                    14:23:8f:dd:b8:fe:6f:61:b3:22:36:b0:ae:84:70:
                    eb:ba:1c:ba:90:5b:69:b8:a9:35:b8:9c:ff:07:26:
                    ee:ec:07:64:60:1d:7e:e4:b0:2f:5b:7f:0b:bd:73:
                    49:05:66:89:b9:77:48:14:2e:1b:81:ed:43:df:d3:
                    b4:da:80:d7:9e:9b:1e:33:b9:3e:ba:05:9a:b4:0b:
                    68:d0:93:64:b6:25:aa:0c:f2:46:fa:85:8e:dd:02:
                    32:ee:1e:aa:28:c9:7e:e2:a8:96:69:b1:5e:a1:40:
                    aa:97:97:97:64:da:c5:36:65:3b:99:e2:cc:ca:5c:
                    91:2c:06:35:ea:0e:be:1d:dd:ae:45:00:4f:df:92:
                    7a:cc:b5:bd:05:66:0b:54:47:9e:ab:f8:18:ff:cf:
                    c3:41:3f:54:c3:48:3a:5d:7c:37:05:fe:be:6e:fd:
                    16:d6:68:a7:cd:28:b8:35:a4:0c:a1:8a:28:b0:74:
                    73:a3:f6:73:ee:50:bc:83:c8:ce:d1:c7:2a:a1:bc:
                    dc:05:33:b8:13:27:92:e7:7d:08:7e:18:ff:40:62:
                    2f:69:e9:d3:5f:4b:61:8d:d1:0b:74:77:2d:71:19:
                    81:33:dc:7f:0b:13:52:2f:33:0e:dc:de:43:14:dd:
                    dc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:74:5E:FD:9A:0D:1D:16:5D:C6:38:37:2B:51:C2:33:E4:31:12:94
            X509v3 Authority Key Identifier:
                keyid:37:68:9E:AA:CB:AF:68:AF:35:D3:FA:FB:96:74:DE:48:A6:FC:09:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N2ieqsuvaK810_r7lnTeSKb8CXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/OHRe_ZoNHRZdxjg3K1HCM-QxEpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/N2ieqsuvaK810_r7lnTeSKb8CXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.80.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ae:be:2d:83:21:89:f2:3a:6b:5f:a2:bd:f6:e0:28:63:29:e6:
         ac:95:ad:1e:ab:5c:5c:8a:ac:77:8f:ca:e6:d7:e4:16:d3:e7:
         75:1d:a6:e3:cf:63:ba:14:49:5a:96:13:c1:1f:93:37:ee:10:
         9c:ee:79:70:db:7e:4f:97:59:48:7c:1e:45:02:05:79:06:ed:
         89:8e:87:a4:28:2f:f6:ae:87:97:ba:39:78:f1:e8:9b:0b:0a:
         6b:37:37:5d:e0:8c:73:6e:20:a2:4c:c1:2c:d0:09:b2:75:32:
         56:3a:80:d9:76:6a:bd:9b:ce:e0:8f:3d:94:50:39:77:e3:62:
         5c:ca:cb:80:bd:9c:0b:bb:ff:d5:92:31:96:3c:d9:c3:b5:6d:
         63:9c:c4:3d:23:4c:7e:3e:ca:0d:11:96:15:61:56:b0:7f:ff:
         3b:99:fd:bd:4d:7d:3a:7c:be:0f:18:57:7d:b3:58:73:45:34:
         3e:f6:81:89:e7:47:90:3b:77:0f:fc:cc:34:d4:b3:3d:c8:1c:
         42:04:2c:8b:7c:95:90:8e:b5:13:f6:cb:84:d1:50:dd:d5:c3:
         70:d7:fd:05:22:ef:92:6f:a9:59:94:aa:e2:98:f8:db:db:b2:
         9b:e0:3e:26:75:14:8c:b2:dc:c1:61:3c:70:af:f0:3b:db:1a:
         0a:b9:35:99
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIAX7C62YId6Qm493yJij3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3Njg5ZWFhY2JhZjY4YWYzNWQzZmFmYjk2NzRkZTQ4YTZm
YzA5NzgwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODc0NWVmZDlhMGQxZDE2NWRjNjM4MzcyYjUxYzIzM2U0MzExMjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiR9Bm/UPExAF6X0VePYUI4/duP5v
YbMiNrCuhHDruhy6kFtpuKk1uJz/Bybu7AdkYB1+5LAvW38LvXNJBWaJuXdIFC4b
ge1D39O02oDXnpseM7k+ugWatAto0JNktiWqDPJG+oWO3QIy7h6qKMl+4qiWabFe
oUCql5eXZNrFNmU7meLMylyRLAY16g6+Hd2uRQBP35J6zLW9BWYLVEeeq/gY/8/D
QT9Uw0g6XXw3Bf6+bv0W1minzSi4NaQMoYoosHRzo/Zz7lC8g8jO0ccqobzcBTO4
EyeS530Ifhj/QGIvaenTX0thjdELdHctcRmBM9x/CxNSLzMO3N5DFN3cJQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDh0Xv2aDR0WXcY4NytRwjPkMRKUMB8GA1UdIwQY
MBaAFDdonqrLr2ivNdP6+5Z03kim/Al4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjJpZXFzdXZhSzgxMF9yN2xuVGVTS2I4Q1hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS84NDE3OWQtNGM2NS00NGI4LWIzMGIt
NWRhYmI0ZTQ3YWJiLzEvT0hSZV9ab05IUlpkeGpnM0sxSENNLVF4RXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS84NDE3OWQtNGM2NS00NGI4LWIzMGItNWRhYmI0ZTQ3YWJi
LzEvTjJpZXFzdXZhSzgxMF9yN2xuVGVTS2I4Q1hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjVAwDQYJ
KoZIhvcNAQELBQADggEBAK6+LYMhifI6a1+ivfbgKGMp5qyVrR6rXFyKrHePyubX
5BbT53UdpuPPY7oUSVqWE8EfkzfuEJzueXDbfk+XWUh8HkUCBXkG7YmOh6QoL/au
h5e6OXjx6JsLCms3N13gjHNuIKJMwSzQCbJ1MlY6gNl2ar2bzuCPPZRQOXfjYlzK
y4C9nAu7/9WSMZY82cO1bWOcxD0jTH4+yg0RlhVhVrB//zuZ/b1NfTp8vg8YV32z
WHNFND72gYnnR5A7dw/8zDTUsz3IHEIELIt8lZCOtRP2y4TRUN3Vw3DX/QUi75Jv
qVmUquKY+NvbspvgPiZ1FIyy3MFhPHCv8DvbGgq5NZk=
-----END CERTIFICATE-----