Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/oJD-04GHIJicaV-xHytr1PSIB18.roa
File:                     oJD-04GHIJicaV-xHytr1PSIB18.roa (raw, json)
Hash identifier:          7NwtU28JX/B4JluCmfr9KODkJ98lyepni8zNXcNz/iQ=
Subject key identifier:   A0:90:FE:D3:81:87:20:98:9C:69:5F:B1:1F:2B:6B:D4:F4:88:07:5F
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F8F89A5F18FEE5335702CAAF88A89
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/oJD-04GHIJicaV-xHytr1PSIB18.roa
Signing time:             Tue 02 Jan 2024 04:30:03 +0000
ROA not before:           Tue 02 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35809
IP address blocks:        80.233.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8f:89:a5:f1:8f:ee:53:35:70:2c:aa:f8:8a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a090fed3818720989c695fb11f2b6bd4f488075f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:82:a1:a5:b2:05:b7:7f:f0:8d:c2:7f:5c:99:
                    26:43:a9:cf:a0:c9:8d:64:70:da:15:02:08:8a:2d:
                    47:e1:ef:1a:90:48:d9:22:bf:48:e9:b1:ad:f6:60:
                    3c:86:a4:81:af:d9:ce:e1:fe:19:9a:25:4d:89:4f:
                    37:e1:23:c8:f9:73:36:20:15:8b:f7:98:e9:6b:4e:
                    e1:3f:5d:46:ad:c1:40:31:98:d5:9c:2b:c4:72:5f:
                    d9:97:bc:75:ea:c5:b1:3b:69:35:21:16:a6:55:ae:
                    23:59:cb:26:31:8a:59:d5:74:2a:2c:5e:93:8c:a0:
                    e5:bd:f0:d3:09:ff:2b:4e:d4:c0:5a:97:b1:7a:a5:
                    0a:2d:8c:1c:53:a4:12:6b:d1:fe:05:8f:8f:74:4a:
                    0f:15:90:5d:ac:91:09:96:9d:a6:ad:82:e8:90:c5:
                    f7:25:95:55:2c:2c:d3:68:16:b3:94:4a:95:58:da:
                    f9:ea:90:dc:b8:f3:48:08:a8:37:2f:82:07:e8:f6:
                    86:85:b6:e4:b8:20:c8:0a:39:04:d9:d0:e6:b4:d8:
                    1a:dd:ec:2b:12:b4:b7:40:cf:0f:73:6e:4f:a8:4f:
                    c5:1e:6b:ae:7c:69:96:fe:36:67:90:e1:9c:40:c3:
                    b9:d9:7c:1f:31:fa:74:7c:b7:cd:3f:88:41:39:54:
                    17:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:90:FE:D3:81:87:20:98:9C:69:5F:B1:1F:2B:6B:D4:F4:88:07:5F
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/oJD-04GHIJicaV-xHytr1PSIB18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.233.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:1b:0f:11:86:35:32:31:f6:12:18:45:74:2e:09:45:04:d6:
         51:c7:9a:71:09:08:3f:e5:cd:03:70:21:ff:bd:b0:14:91:8e:
         2d:01:f1:40:58:fa:b5:96:20:f0:66:d4:ed:66:3a:df:cd:b4:
         e7:db:47:9c:bc:07:98:4c:4a:37:21:b6:be:bf:a5:4b:b6:78:
         48:8a:66:1f:89:56:2a:63:96:1a:5a:25:0d:05:8e:25:d2:91:
         a9:40:18:12:2f:cf:98:07:77:a1:82:7c:d6:6a:f0:72:b3:b6:
         4a:a9:55:f9:3c:89:10:89:10:a5:39:3b:9f:55:3f:ba:37:18:
         16:8c:06:dc:d9:c7:84:62:35:62:1f:47:9a:45:01:04:ac:4e:
         9e:cb:bf:d6:fb:f2:84:1d:ee:42:aa:4c:b0:e2:4f:62:23:1d:
         be:83:ed:62:ac:e0:ca:24:d3:85:3f:e1:29:e6:bc:16:f6:22:
         2a:ae:ba:c9:cc:e7:3e:f1:0c:fb:9a:68:f3:70:16:8b:55:49:
         fb:03:6c:cc:68:96:77:a8:14:e5:be:5d:a8:75:06:68:28:ed:
         e1:25:3e:5c:0f:6c:49:19:e4:8c:94:6f:c0:44:ae:40:0e:fc:
         9d:a9:b2:47:f7:0e:c4:88:b7:c7:37:ba:aa:41:b1:0f:86:31:
         82:e0:e0:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4+JpfGP7lM1cCyq+IqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDkwZmVkMzgxODcyMDk4OWM2OTVmYjExZjJiNmJkNGY0ODgwNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoKhpbIFt3/wjcJ/XJkmQ6nPoMmN
ZHDaFQIIii1H4e8akEjZIr9I6bGt9mA8hqSBr9nO4f4ZmiVNiU834SPI+XM2IBWL
95jpa07hP11GrcFAMZjVnCvEcl/Zl7x16sWxO2k1IRamVa4jWcsmMYpZ1XQqLF6T
jKDlvfDTCf8rTtTAWpexeqUKLYwcU6QSa9H+BY+PdEoPFZBdrJEJlp2mrYLokMX3
JZVVLCzTaBazlEqVWNr56pDcuPNICKg3L4IH6PaGhbbkuCDICjkE2dDmtNga3ewr
ErS3QM8Pc25PqE/FHmuufGmW/jZnkOGcQMO52XwfMfp0fLfNP4hBOVQX+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCQ/tOBhyCYnGlfsR8ra9T0iAdfMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvb0pELTA0R0hJSmljYVYteEh5dHIxUFNJQjE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUOmnMA0G
CSqGSIb3DQEBCwUAA4IBAQAcGw8RhjUyMfYSGEV0LglFBNZRx5pxCQg/5c0DcCH/
vbAUkY4tAfFAWPq1liDwZtTtZjrfzbTn20ecvAeYTEo3Iba+v6VLtnhIimYfiVYq
Y5YaWiUNBY4l0pGpQBgSL8+YB3ehgnzWavBys7ZKqVX5PIkQiRClOTufVT+6NxgW
jAbc2ceEYjViH0eaRQEErE6ey7/W+/KEHe5Cqkyw4k9iIx2+g+1irODKJNOFP+Ep
5rwW9iIqrrrJzOc+8Qz7mmjzcBaLVUn7A2zMaJZ3qBTlvl2odQZoKO3hJT5cD2xJ
GeSMlG/ARK5ADvydqbJH9w7EiLfHN7qqQbEPhjGC4OBq
-----END CERTIFICATE-----