Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ojvviu0NFpBEYMPDcjIe24IOsPc.roa
File:                     ojvviu0NFpBEYMPDcjIe24IOsPc.roa (raw, json)
Hash identifier:          ocpXC5fBvF7nw06Y0r3f1YmSvqffJoeM3JaUofApOK0=
Subject key identifier:   A2:3B:EF:8A:ED:0D:16:90:44:60:C3:C3:72:32:1E:DB:82:0E:B0:F7
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DF5FA05C52787F921C3B35A11D8E8
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ojvviu0NFpBEYMPDcjIe24IOsPc.roa
Signing time:             Mon 01 Jan 2024 14:29:27 +0000
ROA not before:           Mon 01 Jan 2024 14:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212967
IP address blocks:        5.8.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f5:fa:05:c5:27:87:f9:21:c3:b3:5a:11:d8:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a23bef8aed0d16904460c3c372321edb820eb0f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:79:08:37:54:18:ba:bd:5f:00:de:e6:19:42:
                    d5:5e:e1:a0:50:09:11:ca:3f:a6:4b:a0:9c:94:13:
                    77:f4:51:38:c7:38:20:c5:05:67:50:ac:1b:6a:ac:
                    6e:7a:a8:9b:23:d8:74:f7:72:44:65:e1:d7:28:be:
                    65:8c:a3:58:56:28:45:d9:d1:2e:fc:fb:05:35:9c:
                    c1:12:8e:5d:7a:c8:9a:13:8b:2d:d4:2e:a0:a3:69:
                    8e:0b:4c:22:89:a3:a4:bd:50:55:f9:57:61:3c:68:
                    f6:3d:51:d9:e1:69:f8:e2:d7:46:6b:9b:dc:07:71:
                    d4:9a:dd:17:8c:85:2f:10:24:5c:cf:db:34:9d:b2:
                    c7:7a:57:70:2c:bd:00:ab:20:e4:70:24:32:38:7a:
                    97:01:d9:16:5e:1f:1e:68:91:56:93:79:dc:d6:c0:
                    73:39:de:d9:93:a4:9f:60:11:27:44:64:14:e2:7d:
                    d2:02:96:a0:16:a5:35:4a:c9:ad:e7:cb:07:d5:61:
                    59:c8:c7:ac:c3:e0:e0:c8:2a:a8:76:c1:4d:84:2e:
                    56:27:92:21:b8:a4:4b:70:90:ac:6c:cd:dc:d4:8b:
                    d8:2a:64:cf:95:f5:27:f7:f2:2b:1b:1b:c9:e2:69:
                    94:0e:db:d3:c7:ff:4e:7a:0d:1a:73:09:08:99:36:
                    f4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:3B:EF:8A:ED:0D:16:90:44:60:C3:C3:72:32:1E:DB:82:0E:B0:F7
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ojvviu0NFpBEYMPDcjIe24IOsPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:9f:c0:6a:36:6c:7b:51:f5:db:0e:ce:36:70:ea:e9:77:0c:
         ea:d9:14:ec:f3:e8:51:5c:25:91:5d:73:ec:1b:42:7f:ef:01:
         90:e9:2e:de:6e:17:0c:17:08:c8:3d:e3:3f:ce:7c:bd:20:95:
         4f:99:3c:66:04:53:b1:fd:41:bd:81:aa:8e:2e:a9:20:3a:d0:
         10:f0:19:f9:7b:20:89:27:81:f1:9b:77:2c:48:ae:a5:6e:f8:
         0c:aa:11:8b:07:ff:a8:42:fe:45:9d:04:39:76:f8:1a:c1:88:
         91:da:17:72:a6:94:61:9c:57:bb:6d:28:fb:d1:98:5d:ab:ef:
         bb:f3:7e:4f:55:82:13:05:74:1b:42:47:bd:f6:40:a4:5e:52:
         d7:e6:75:fc:99:39:44:a0:22:3b:0f:83:aa:c5:0e:af:6d:70:
         c0:67:b4:eb:b4:dc:5e:08:8c:3b:a5:9d:c5:97:0c:d7:f9:b6:
         18:f2:fe:f6:4e:31:95:b9:c3:78:76:65:6b:57:e0:f0:39:5a:
         08:26:54:7e:83:00:6c:2d:6c:3f:1b:b9:ab:41:45:59:e6:cc:
         65:5c:c2:52:0b:e8:d3:ce:0b:e9:d1:d5:65:54:17:a8:ce:92:
         ed:c0:59:91:8c:27:70:9e:d2:74:7d:8d:f9:a6:ec:d8:05:ed:
         b5:8d:83:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfX6BcUnh/khw7NaEdjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjNiZWY4YWVkMGQxNjkwNDQ2MGMzYzM3MjMyMWVkYjgyMGViMGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXkIN1QYur1fAN7mGULVXuGgUAkR
yj+mS6CclBN39FE4xzggxQVnUKwbaqxueqibI9h093JEZeHXKL5ljKNYVihF2dEu
/PsFNZzBEo5desiaE4st1C6go2mOC0wiiaOkvVBV+VdhPGj2PVHZ4Wn44tdGa5vc
B3HUmt0XjIUvECRcz9s0nbLHeldwLL0AqyDkcCQyOHqXAdkWXh8eaJFWk3nc1sBz
Od7Zk6SfYBEnRGQU4n3SApagFqU1Ssmt58sH1WFZyMesw+DgyCqodsFNhC5WJ5Ih
uKRLcJCsbM3c1IvYKmTPlfUn9/IrGxvJ4mmUDtvTx/9Oeg0acwkImTb0DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKI774rtDRaQRGDDw3IyHtuCDrD3MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvb2p2dml1ME5GcEJFWU1QRGNqSWUyNElPc1BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQi3MA0G
CSqGSIb3DQEBCwUAA4IBAQBTn8BqNmx7UfXbDs42cOrpdwzq2RTs8+hRXCWRXXPs
G0J/7wGQ6S7ebhcMFwjIPeM/zny9IJVPmTxmBFOx/UG9gaqOLqkgOtAQ8Bn5eyCJ
J4Hxm3csSK6lbvgMqhGLB/+oQv5FnQQ5dvgawYiR2hdyppRhnFe7bSj70Zhdq++7
835PVYITBXQbQke99kCkXlLX5nX8mTlEoCI7D4OqxQ6vbXDAZ7TrtNxeCIw7pZ3F
lwzX+bYY8v72TjGVucN4dmVrV+DwOVoIJlR+gwBsLWw/G7mrQUVZ5sxlXMJSC+jT
zgvp0dVlVBeozpLtwFmRjCdwntJ0fY35puzYBe21jYNW
-----END CERTIFICATE-----