Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/37b63e-9c88-42dc-b043-de844964f5ee/1/oVJIpvHEFVSZKMOPsKtfllBj_ss.roa
File:                     oVJIpvHEFVSZKMOPsKtfllBj_ss.roa (raw, json)
Hash identifier:          LylZJ4lBF/jq2Hy9/s61S0y2ClDRuKyuO38SibF/GMs=
Subject key identifier:   A1:52:48:A6:F1:C4:15:54:99:28:C3:8F:B0:AB:5F:96:50:63:FE:CB
Certificate issuer:       /CN=930a463d67e4b42d8639acdf0d15424f82f19a60
Certificate serial:       018CCA2664A90D1CA51FD942C165405C60BC
Authority key identifier: 93:0A:46:3D:67:E4:B4:2D:86:39:AC:DF:0D:15:42:4F:82:F1:9A:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kwpGPWfktC2GOazfDRVCT4LxmmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/37b63e-9c88-42dc-b043-de844964f5ee/1/oVJIpvHEFVSZKMOPsKtfllBj_ss.roa
Signing time:             Tue 02 Jan 2024 12:29:22 +0000
ROA not before:           Tue 02 Jan 2024 12:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15598
IP address blocks:        193.239.185.0/24 maxlen: 32
                          2001:67c:2a7c::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/37b63e-9c88-42dc-b043-de844964f5ee/1/kwpGPWfktC2GOazfDRVCT4LxmmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/37b63e-9c88-42dc-b043-de844964f5ee/1/kwpGPWfktC2GOazfDRVCT4LxmmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kwpGPWfktC2GOazfDRVCT4LxmmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:26:64:a9:0d:1c:a5:1f:d9:42:c1:65:40:5c:60:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=930a463d67e4b42d8639acdf0d15424f82f19a60
        Validity
            Not Before: Jan  2 12:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a15248a6f1c415549928c38fb0ab5f965063fecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b1:4b:25:b5:ef:a4:93:55:f9:bc:eb:ab:c7:
                    be:28:90:b0:46:7a:33:82:67:5d:fa:ab:f1:62:db:
                    15:8c:d0:ef:05:e9:9e:f2:bc:02:5b:6e:c3:e0:de:
                    95:10:da:66:2c:b8:3e:b8:b3:f4:33:08:c5:5e:af:
                    f8:53:ba:be:39:fb:5b:48:26:77:81:a7:13:35:60:
                    57:27:d1:12:ae:ba:9b:43:78:36:39:dc:5f:6d:6f:
                    82:39:bf:85:73:74:ef:35:eb:f2:fa:12:35:33:02:
                    33:04:a9:2f:74:c8:65:38:54:2d:0f:10:56:b1:6b:
                    eb:8f:ef:94:39:bd:ab:d0:df:ea:0f:60:20:a7:72:
                    b0:5c:61:b3:0f:7d:87:13:b8:f9:77:28:82:85:be:
                    f3:5a:7e:e7:66:eb:5f:b8:54:be:1c:99:ea:9a:bb:
                    b4:dd:e8:1d:b8:e0:77:58:27:54:ec:32:47:87:15:
                    39:dc:61:69:01:d2:af:15:fb:31:e9:c3:d4:84:e9:
                    ce:b6:3d:3e:3a:b4:6e:62:02:d5:5e:19:b4:55:f2:
                    5f:dc:74:76:13:6e:8f:3a:3c:d3:38:75:f7:e3:60:
                    fd:2e:c4:bf:70:81:50:93:c1:5b:72:a9:31:da:03:
                    bd:e3:de:f5:19:77:82:35:e4:cf:17:01:51:19:91:
                    84:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:52:48:A6:F1:C4:15:54:99:28:C3:8F:B0:AB:5F:96:50:63:FE:CB
            X509v3 Authority Key Identifier:
                keyid:93:0A:46:3D:67:E4:B4:2D:86:39:AC:DF:0D:15:42:4F:82:F1:9A:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kwpGPWfktC2GOazfDRVCT4LxmmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/37b63e-9c88-42dc-b043-de844964f5ee/1/oVJIpvHEFVSZKMOPsKtfllBj_ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/37b63e-9c88-42dc-b043-de844964f5ee/1/kwpGPWfktC2GOazfDRVCT4LxmmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.185.0/24
                IPv6:
                  2001:67c:2a7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:95:31:e7:7c:86:76:a1:67:0d:02:8d:1c:5b:ec:64:cd:eb:
         91:14:8c:97:71:f8:bc:f4:e9:d6:3c:15:9c:dc:3b:a9:53:37:
         ab:55:52:27:d0:43:30:15:4f:d9:52:6b:db:0b:43:8f:62:30:
         93:ce:f9:92:f3:26:16:37:18:d7:e0:e4:3e:35:c8:2d:c4:0e:
         6e:91:82:98:ef:5e:34:cf:1b:26:1b:43:08:02:3e:f2:88:0e:
         84:d2:cc:1c:1e:ad:3d:1c:65:c8:77:35:d0:aa:5b:71:f2:b5:
         7a:47:d9:f2:74:df:aa:a3:59:05:ee:f0:80:5c:4a:57:13:c6:
         8a:5f:62:49:11:7e:6a:24:a9:e2:a7:18:77:77:b7:d6:7c:25:
         08:2a:0c:67:53:15:d0:51:e6:4f:ba:6c:36:23:ff:4b:cd:b1:
         e0:96:f1:0a:71:80:ac:b7:c8:f4:a7:61:1e:43:e6:47:71:f0:
         07:b4:c7:70:91:06:ba:fd:81:e2:47:a3:87:e3:d5:c6:51:7d:
         f0:bc:73:43:23:70:0a:48:91:30:70:fb:66:2f:da:6c:84:15:
         8d:3c:68:7e:05:b3:03:51:fd:2e:7d:16:2e:2d:91:b6:14:1e:
         cc:fa:7c:40:31:64:bf:2b:c2:56:20:df:22:db:08:08:41:ec:
         5b:37:b2:09
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKJmSpDRylH9lCwWVAXGC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMGE0NjNkNjdlNGI0MmQ4NjM5YWNkZjBkMTU0MjRmODJm
MTlhNjAwHhcNMjQwMTAyMTIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTUyNDhhNmYxYzQxNTU0OTkyOGMzOGZiMGFiNWY5NjUwNjNmZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3bFLJbXvpJNV+bzrq8e+KJCwRnoz
gmdd+qvxYtsVjNDvBeme8rwCW27D4N6VENpmLLg+uLP0MwjFXq/4U7q+OftbSCZ3
gacTNWBXJ9ESrrqbQ3g2OdxfbW+COb+Fc3TvNevy+hI1MwIzBKkvdMhlOFQtDxBW
sWvrj++UOb2r0N/qD2Agp3KwXGGzD32HE7j5dyiChb7zWn7nZutfuFS+HJnqmru0
3egduOB3WCdU7DJHhxU53GFpAdKvFfsx6cPUhOnOtj0+OrRuYgLVXhm0VfJf3HR2
E26POjzTOHX342D9LsS/cIFQk8Fbcqkx2gO94971GXeCNeTPFwFRGZGEFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKFSSKbxxBVUmSjDj7CrX5ZQY/7LMB8GA1UdIwQY
MBaAFJMKRj1n5LQthjms3w0VQk+C8ZpgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3dwR1BXZmt0QzJHT2F6ZkRSVkNUNEx4bW1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8zN2I2M2UtOWM4OC00MmRjLWIwNDMt
ZGU4NDQ5NjRmNWVlLzEvb1ZKSXB2SEVGVlNaS01PUHNLdGZsbEJqX3NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8zN2I2M2UtOWM4OC00MmRjLWIwNDMtZGU4NDQ5NjRmNWVl
LzEva3dwR1BXZmt0QzJHT2F6ZkRSVkNUNEx4bW1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwe+5MA8E
AgACMAkDBwAgAQZ8KnwwDQYJKoZIhvcNAQELBQADggEBAFCVMed8hnahZw0CjRxb
7GTN65EUjJdx+Lz06dY8FZzcO6lTN6tVUifQQzAVT9lSa9sLQ49iMJPO+ZLzJhY3
GNfg5D41yC3EDm6RgpjvXjTPGyYbQwgCPvKIDoTSzBwerT0cZch3NdCqW3HytXpH
2fJ036qjWQXu8IBcSlcTxopfYkkRfmokqeKnGHd3t9Z8JQgqDGdTFdBR5k+6bDYj
/0vNseCW8QpxgKy3yPSnYR5D5kdx8Ae0x3CRBrr9geJHo4fj1cZRffC8c0MjcApI
kTBw+2Yv2myEFY08aH4FswNR/S59Fi4tkbYUHsz6fEAxZL8rwlYg3yLbCAhB7Fs3
sgk=
-----END CERTIFICATE-----