Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/Ohci3aZvv2C_BR8Rv8AdYrUbbZI.roa
File:                     Ohci3aZvv2C_BR8Rv8AdYrUbbZI.roa (raw, json)
Hash identifier:          JZ7zL1+cpWeyxLc6r77ruBbKcszh+B7IAJy4rpNKhRE=
Subject key identifier:   3A:17:22:DD:A6:6F:BF:60:BF:05:1F:11:BF:C0:1D:62:B5:1B:6D:92
Certificate issuer:       /CN=712f2269d15633bdbc71d8cd3f458cbd03fe031f
Certificate serial:       018CC802EAD178F90DF00040054DDD29A704
Authority key identifier: 71:2F:22:69:D1:56:33:BD:BC:71:D8:CD:3F:45:8C:BD:03:FE:03:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/Ohci3aZvv2C_BR8Rv8AdYrUbbZI.roa
Signing time:             Tue 02 Jan 2024 02:31:23 +0000
ROA not before:           Tue 02 Jan 2024 02:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212626
IP address blocks:        93.175.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 20:41:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:ea:d1:78:f9:0d:f0:00:40:05:4d:dd:29:a7:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=712f2269d15633bdbc71d8cd3f458cbd03fe031f
        Validity
            Not Before: Jan  2 02:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a1722dda66fbf60bf051f11bfc01d62b51b6d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:54:07:7c:28:71:0c:8e:bf:34:22:13:c8:46:
                    85:74:2e:6d:cb:85:df:42:d5:b9:cb:e6:70:de:9f:
                    84:3f:3a:85:d5:d2:99:94:a3:da:2b:0d:a4:4c:d7:
                    d0:26:29:86:e2:f7:57:c5:ee:f7:87:64:d8:7e:0c:
                    81:e2:d9:a1:83:b1:f6:f2:3c:a4:23:cc:43:f7:22:
                    c4:1d:8c:a6:7b:b6:c8:1e:7f:e5:0a:dd:48:63:d4:
                    5d:05:41:06:8c:0d:48:44:4e:7e:8f:e3:41:37:da:
                    99:76:fc:9d:7e:70:3d:44:e9:db:82:25:41:4a:90:
                    aa:cf:39:37:05:22:1d:3c:f5:11:f6:36:d4:ee:58:
                    06:8a:1c:6c:76:4a:a7:d8:23:6d:6e:c7:06:4a:0d:
                    ac:60:8b:4f:a0:d3:90:d0:86:f5:15:97:16:f0:03:
                    80:00:82:e1:dc:74:d4:e6:83:3a:53:a8:57:51:21:
                    fe:2f:83:46:ef:3d:1d:07:14:54:b0:8f:dd:06:34:
                    6c:58:47:32:1b:6d:a2:93:b8:7b:41:b8:b9:05:7d:
                    89:18:94:d9:82:6f:7b:00:74:ef:55:a9:84:04:dc:
                    f0:19:1a:55:cf:3d:1a:b5:eb:47:b6:40:d3:6a:20:
                    9d:9c:52:77:a8:dc:4f:bd:dc:a4:b2:bb:c0:6a:3d:
                    b4:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:17:22:DD:A6:6F:BF:60:BF:05:1F:11:BF:C0:1D:62:B5:1B:6D:92
            X509v3 Authority Key Identifier:
                keyid:71:2F:22:69:D1:56:33:BD:BC:71:D8:CD:3F:45:8C:BD:03:FE:03:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/Ohci3aZvv2C_BR8Rv8AdYrUbbZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.175.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:df:f0:b8:31:3a:6d:12:ea:4a:d1:f7:c3:0d:89:6c:9e:11:
         07:4f:b0:8e:6e:0f:1a:25:a1:ed:c9:8e:74:f4:cc:2e:31:8c:
         94:99:ec:38:d5:3d:aa:db:44:eb:0e:06:9f:2a:ad:da:20:4b:
         ed:28:14:e7:90:45:1c:ad:24:76:b7:8e:19:c7:76:b7:a4:fb:
         04:d1:e8:7f:84:8c:9d:a9:f3:f2:dd:5b:57:59:50:38:9f:b4:
         12:30:93:58:c7:ed:7d:d9:f6:79:37:09:c7:01:47:c4:58:36:
         30:c7:55:6c:2f:f9:b6:ad:6a:fb:0b:9f:e8:06:e0:07:86:0a:
         8a:b9:6a:de:86:8d:37:27:b8:bd:4e:47:b9:59:a3:6d:68:fe:
         d4:da:a1:8b:ff:04:38:3c:bf:ef:7f:df:39:b5:c6:40:b4:b9:
         b4:da:a4:7d:41:df:5f:6c:f3:fd:01:a0:ff:d8:ca:4a:c3:16:
         9a:b7:44:5c:d0:e0:71:a1:f2:d5:7b:90:0a:0c:7f:e2:3f:73:
         11:82:88:51:04:36:35:c4:16:47:9b:8f:70:f0:05:e7:d4:bf:
         82:54:45:a8:27:89:e7:7c:cb:b6:69:a4:64:e8:dc:e0:71:60:
         3d:25:96:ff:ea:64:ae:35:52:00:fb:0c:c2:0b:40:35:ae:a6:
         24:3f:f3:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAurRePkN8ABABU3dKacEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMmYyMjY5ZDE1NjMzYmRiYzcxZDhjZDNmNDU4Y2JkMDNm
ZTAzMWYwHhcNMjQwMTAyMDIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTE3MjJkZGE2NmZiZjYwYmYwNTFmMTFiZmMwMWQ2MmI1MWI2ZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01QHfChxDI6/NCITyEaFdC5ty4Xf
QtW5y+Zw3p+EPzqF1dKZlKPaKw2kTNfQJimG4vdXxe73h2TYfgyB4tmhg7H28jyk
I8xD9yLEHYyme7bIHn/lCt1IY9RdBUEGjA1IRE5+j+NBN9qZdvydfnA9ROnbgiVB
SpCqzzk3BSIdPPUR9jbU7lgGihxsdkqn2CNtbscGSg2sYItPoNOQ0Ib1FZcW8AOA
AILh3HTU5oM6U6hXUSH+L4NG7z0dBxRUsI/dBjRsWEcyG22ik7h7Qbi5BX2JGJTZ
gm97AHTvVamEBNzwGRpVzz0atetHtkDTaiCdnFJ3qNxPvdyksrvAaj20RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoXIt2mb79gvwUfEb/AHWK1G22SMB8GA1UdIwQY
MBaAFHEvImnRVjO9vHHYzT9FjL0D/gMfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1M4aWFkRldNNzI4Y2RqTlAwV012UVAtQXg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9lNjM3M2MtNTNjZC00ZmQ1LWE0MzUt
ZDE4YmFiOTUxNWJmLzEvT2hjaTNhWnZ2MkNfQlI4UnY4QWRZclViYlpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9lNjM3M2MtNTNjZC00ZmQ1LWE0MzUtZDE4YmFiOTUxNWJm
LzEvY1M4aWFkRldNNzI4Y2RqTlAwV012UVAtQXg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXa88MA0G
CSqGSIb3DQEBCwUAA4IBAQBQ3/C4MTptEupK0ffDDYlsnhEHT7CObg8aJaHtyY50
9MwuMYyUmew41T2q20TrDgafKq3aIEvtKBTnkEUcrSR2t44Zx3a3pPsE0eh/hIyd
qfPy3VtXWVA4n7QSMJNYx+192fZ5NwnHAUfEWDYwx1VsL/m2rWr7C5/oBuAHhgqK
uWreho03J7i9Tke5WaNtaP7U2qGL/wQ4PL/vf985tcZAtLm02qR9Qd9fbPP9AaD/
2MpKwxaat0Rc0OBxofLVe5AKDH/iP3MRgohRBDY1xBZHm49w8AXn1L+CVEWoJ4nn
fMu2aaRk6NzgcWA9JZb/6mSuNVIA+wzCC0A1rqYkP/Pu
-----END CERTIFICATE-----