Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/OwvqdpOw1PPIZV7B3bZVg6x8s2s.roa
File:                     OwvqdpOw1PPIZV7B3bZVg6x8s2s.roa (raw, json)
Hash identifier:          b4sya34QQ9ov2U+79Jinh9oqFB8vbAgoxb+JyQTfCZQ=
Subject key identifier:   3B:0B:EA:76:93:B0:D4:F3:C8:65:5E:C1:DD:B6:55:83:AC:7C:B3:6B
Certificate issuer:       /CN=bf99d23c82729a8049e7565775a864bc3aa282ef
Certificate serial:       018CC2DB34021BF4A245738F53A9061E1F7D
Authority key identifier: BF:99:D2:3C:82:72:9A:80:49:E7:56:57:75:A8:64:BC:3A:A2:82:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v5nSPIJymoBJ51ZXdahkvDqigu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/OwvqdpOw1PPIZV7B3bZVg6x8s2s.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208950
IP address blocks:        185.134.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/v5nSPIJymoBJ51ZXdahkvDqigu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/v5nSPIJymoBJ51ZXdahkvDqigu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v5nSPIJymoBJ51ZXdahkvDqigu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:34:02:1b:f4:a2:45:73:8f:53:a9:06:1e:1f:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf99d23c82729a8049e7565775a864bc3aa282ef
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b0bea7693b0d4f3c8655ec1ddb65583ac7cb36b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:29:83:c0:cd:9f:1f:cf:be:7f:0e:92:d2:b1:
                    b3:54:96:87:d5:7e:87:a1:2f:c3:be:3a:51:81:88:
                    7a:61:a5:10:4d:a4:fc:58:af:1f:c5:a2:10:68:b9:
                    8d:33:44:4b:63:c6:c6:bb:92:e6:50:87:b3:2e:dd:
                    2a:0c:31:e7:d7:09:00:b6:5c:49:18:30:7e:d5:83:
                    0f:f0:40:a8:03:89:25:44:a8:1d:32:ba:63:3a:23:
                    e6:c6:54:27:a9:d1:96:65:52:4a:32:8f:32:e2:9f:
                    fd:71:78:6a:31:e3:91:dd:e5:b7:ea:bc:d2:5e:57:
                    86:e7:4b:05:3d:06:bc:86:a9:a9:61:fe:38:43:ff:
                    96:37:8a:6a:48:86:2c:66:c2:ee:9c:3d:0f:26:43:
                    d6:1c:08:b1:ca:96:0f:8f:e2:ad:11:de:e6:31:f1:
                    ee:f8:50:2c:f0:88:77:ab:40:d0:f9:ae:52:29:63:
                    2c:d9:89:67:f6:c1:c4:8d:01:db:25:ae:2c:90:ea:
                    42:88:2e:19:ca:dd:1b:09:32:45:77:8c:8e:53:8c:
                    75:a9:49:de:3f:18:fb:3a:75:f2:3d:df:10:32:93:
                    d6:31:c1:68:5b:05:18:74:44:8b:41:95:09:e3:a7:
                    e7:06:5f:89:ff:57:3d:31:97:b8:fa:67:b1:9a:a6:
                    e1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:0B:EA:76:93:B0:D4:F3:C8:65:5E:C1:DD:B6:55:83:AC:7C:B3:6B
            X509v3 Authority Key Identifier:
                keyid:BF:99:D2:3C:82:72:9A:80:49:E7:56:57:75:A8:64:BC:3A:A2:82:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v5nSPIJymoBJ51ZXdahkvDqigu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/OwvqdpOw1PPIZV7B3bZVg6x8s2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/v5nSPIJymoBJ51ZXdahkvDqigu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:54:e0:de:ea:34:3f:55:15:67:5c:31:a3:72:81:c9:f1:d0:
         6d:77:55:e3:e6:82:0f:49:f3:a7:b9:2c:ed:12:cd:88:32:23:
         cb:dd:5f:56:48:f3:d2:02:c0:9b:2b:aa:b9:97:fa:38:47:7d:
         26:e6:3c:48:cc:b6:64:96:18:e6:4e:88:85:56:6d:f4:61:0c:
         5f:a3:f7:12:9b:69:3e:20:e3:6c:e9:a3:63:06:23:93:ed:07:
         2b:a6:83:ac:0c:fb:bd:c2:ea:e1:05:20:86:55:17:84:8b:50:
         b7:34:a8:bb:46:45:31:91:4e:b8:61:fe:ae:cc:fb:db:f8:04:
         87:c6:be:19:bf:98:30:68:bc:88:73:22:2c:e8:21:fc:26:b3:
         7b:ac:ab:f4:57:fb:0b:ed:90:1a:6f:b7:56:37:04:8f:bb:49:
         01:09:5d:b2:39:7b:59:89:f5:25:8e:2b:e4:d0:da:f1:73:66:
         3b:7a:79:c5:dc:49:e6:58:9b:38:e9:18:3e:42:03:70:07:91:
         26:49:6e:04:24:b7:38:02:40:88:a3:4e:4b:26:69:1c:18:4f:
         e4:23:60:e0:cf:f0:cc:ba:38:47:71:8b:2c:b9:62:f6:bd:34:
         2f:8f:ba:d3:7d:40:05:b5:23:fa:bc:49:a3:16:2f:27:0e:3e:
         d4:bf:e1:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zQCG/SiRXOPU6kGHh99MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmOTlkMjNjODI3MjlhODA0OWU3NTY1Nzc1YTg2NGJjM2Fh
MjgyZWYwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjBiZWE3NjkzYjBkNGYzYzg2NTVlYzFkZGI2NTU4M2FjN2NiMzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlymDwM2fH8++fw6S0rGzVJaH1X6H
oS/DvjpRgYh6YaUQTaT8WK8fxaIQaLmNM0RLY8bGu5LmUIezLt0qDDHn1wkAtlxJ
GDB+1YMP8ECoA4klRKgdMrpjOiPmxlQnqdGWZVJKMo8y4p/9cXhqMeOR3eW36rzS
XleG50sFPQa8hqmpYf44Q/+WN4pqSIYsZsLunD0PJkPWHAixypYPj+KtEd7mMfHu
+FAs8Ih3q0DQ+a5SKWMs2Yln9sHEjQHbJa4skOpCiC4Zyt0bCTJFd4yOU4x1qUne
Pxj7OnXyPd8QMpPWMcFoWwUYdESLQZUJ46fnBl+J/1c9MZe4+mexmqbhbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsL6naTsNTzyGVewd22VYOsfLNrMB8GA1UdIwQY
MBaAFL+Z0jyCcpqASedWV3WoZLw6ooLvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjVuU1BJSnltb0JKNTFaWGRhaGt2RHFpZ3U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yYWQ1M2EtZjExOC00YTg4LThjMmYt
OTg3MDg2Y2NhYjg0LzEvT3d2cWRwT3cxUFBJWlY3QjNiWlZnNng4czJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yYWQ1M2EtZjExOC00YTg4LThjMmYtOTg3MDg2Y2NhYjg0
LzEvdjVuU1BJSnltb0JKNTFaWGRhaGt2RHFpZ3U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYY+MA0G
CSqGSIb3DQEBCwUAA4IBAQAuVODe6jQ/VRVnXDGjcoHJ8dBtd1Xj5oIPSfOnuSzt
Es2IMiPL3V9WSPPSAsCbK6q5l/o4R30m5jxIzLZklhjmToiFVm30YQxfo/cSm2k+
IONs6aNjBiOT7QcrpoOsDPu9wurhBSCGVReEi1C3NKi7RkUxkU64Yf6uzPvb+ASH
xr4Zv5gwaLyIcyIs6CH8JrN7rKv0V/sL7ZAab7dWNwSPu0kBCV2yOXtZifUljivk
0Nrxc2Y7ennF3EnmWJs46Rg+QgNwB5EmSW4EJLc4AkCIo05LJmkcGE/kI2Dgz/DM
ujhHcYssuWL2vTQvj7rTfUAFtSP6vEmjFi8nDj7Uv+GR
-----END CERTIFICATE-----