Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/OzMjRCcLnCKRVCA-8NVL6eUthz8.roa
File:                     OzMjRCcLnCKRVCA-8NVL6eUthz8.roa (raw, json)
Hash identifier:          nGiR+DtuDNrlW7UDEtWe6OVwS5fS6c13HT1zzFDyuDg=
Subject key identifier:   3B:33:23:44:27:0B:9C:22:91:54:20:3E:F0:D5:4B:E9:E5:2D:87:3F
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5011A2A358D8A03DDD91220EA2F0D9E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/OzMjRCcLnCKRVCA-8NVL6eUthz8.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62096
IP address blocks:        192.159.102.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1a:2a:35:8d:8a:03:dd:d9:12:20:ea:2f:0d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b332344270b9c229154203ef0d54be9e52d873f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a6:be:f2:99:cf:a8:f0:c0:78:24:14:0b:6b:
                    cf:5c:1a:89:97:16:e3:6a:bb:4a:7e:40:73:27:a6:
                    0e:02:54:40:ca:db:f7:36:0b:ad:21:2b:06:ee:2b:
                    c3:ab:05:d3:81:9b:c6:33:0b:eb:b2:17:61:b3:03:
                    fc:55:16:3d:f9:5a:b9:22:c7:e9:48:66:93:b6:d3:
                    5b:9c:27:2e:f3:d9:f7:ab:16:e1:6d:df:a3:c0:8c:
                    30:25:40:28:c6:c0:9c:6a:bc:25:58:73:6d:bc:a8:
                    f4:98:d8:60:55:e5:76:98:d6:6b:2b:78:53:eb:bb:
                    a1:f7:57:90:3d:82:6e:50:9d:e2:41:95:eb:b5:95:
                    0b:2f:44:48:d3:b6:b9:4f:bc:53:12:99:5a:b3:92:
                    32:c9:e4:eb:8d:d8:0f:1b:7a:fc:ef:5d:cb:22:5d:
                    f5:cd:13:ac:79:84:81:54:c3:08:81:7f:31:35:38:
                    9c:5f:90:16:38:fa:41:c9:9c:51:58:03:48:38:be:
                    39:50:86:94:c7:cc:31:34:b5:5e:a9:2e:e0:3f:eb:
                    56:70:80:06:18:a2:7f:19:3c:55:f7:95:4c:ea:df:
                    d5:2f:1b:ea:47:ed:68:f7:53:90:9c:7f:59:73:c9:
                    b1:26:5d:78:41:f3:a0:f6:a0:c7:6f:19:4d:ed:84:
                    ed:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:33:23:44:27:0B:9C:22:91:54:20:3E:F0:D5:4B:E9:E5:2D:87:3F
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/OzMjRCcLnCKRVCA-8NVL6eUthz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.159.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:32:8c:29:89:0d:82:01:13:57:32:ee:3f:f4:65:6f:47:94:
         0e:3a:6a:21:79:12:fa:a9:d2:59:1b:d3:14:e1:ab:a4:0e:1b:
         22:90:29:6e:f4:0e:79:c8:e0:93:d9:4c:cd:18:0a:34:f3:f0:
         04:a5:ee:bf:a6:fb:9b:31:1e:08:f3:21:5a:97:7b:16:e6:7e:
         dc:76:21:b5:ae:cf:e5:96:84:03:72:76:fa:7f:30:c7:a1:73:
         33:a7:f5:69:bd:95:17:fe:b7:c7:27:c6:82:9f:7b:ec:d8:e0:
         6b:c9:73:f6:70:fa:31:ec:c9:3e:e0:39:c7:32:75:66:d1:7b:
         82:8c:7a:82:83:62:a3:51:b2:4c:57:d1:c1:57:fb:89:ee:d1:
         b6:a5:ff:76:e4:3d:df:46:5e:5a:fc:fc:ee:7c:83:3d:15:14:
         0d:ef:3e:1b:8d:a9:34:dc:7d:2e:53:49:56:be:b3:cb:ba:b6:
         1b:e2:6a:99:19:79:89:85:ac:45:81:ce:69:61:91:ef:34:ca:
         ac:32:0d:02:d1:80:c0:ea:5f:f7:dd:df:3a:49:84:72:42:10:
         42:1e:8c:4a:a0:b1:6f:c0:ec:88:f8:de:67:5b:1d:23:7a:2c:
         dd:e3:7f:b3:79:d6:b6:fe:b6:27:e7:7d:05:a3:3e:4a:2a:b1:
         ee:05:ef:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARoqNY2KA93ZEiDqLw2eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjMzMjM0NDI3MGI5YzIyOTE1NDIwM2VmMGQ1NGJlOWU1MmQ4NzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKa+8pnPqPDAeCQUC2vPXBqJlxbj
artKfkBzJ6YOAlRAytv3NgutISsG7ivDqwXTgZvGMwvrshdhswP8VRY9+Vq5Isfp
SGaTttNbnCcu89n3qxbhbd+jwIwwJUAoxsCcarwlWHNtvKj0mNhgVeV2mNZrK3hT
67uh91eQPYJuUJ3iQZXrtZULL0RI07a5T7xTEplas5IyyeTrjdgPG3r8713LIl31
zROseYSBVMMIgX8xNTicX5AWOPpByZxRWANIOL45UIaUx8wxNLVeqS7gP+tWcIAG
GKJ/GTxV95VM6t/VLxvqR+1o91OQnH9Zc8mxJl14QfOg9qDHbxlN7YTtkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDszI0QnC5wikVQgPvDVS+nlLYc/MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvT3pNalJDY0xuQ0tSVkNBLThOVkw2ZVV0aHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwJ9mMA0G
CSqGSIb3DQEBCwUAA4IBAQBhMowpiQ2CARNXMu4/9GVvR5QOOmoheRL6qdJZG9MU
4aukDhsikClu9A55yOCT2UzNGAo08/AEpe6/pvubMR4I8yFal3sW5n7cdiG1rs/l
loQDcnb6fzDHoXMzp/VpvZUX/rfHJ8aCn3vs2OBryXP2cPox7Mk+4DnHMnVm0XuC
jHqCg2KjUbJMV9HBV/uJ7tG2pf925D3fRl5a/PzufIM9FRQN7z4bjak03H0uU0lW
vrPLurYb4mqZGXmJhaxFgc5pYZHvNMqsMg0C0YDA6l/33d86SYRyQhBCHoxKoLFv
wOyI+N5nWx0jeizd43+zeda2/rYn530Foz5KKrHuBe9x
-----END CERTIFICATE-----