Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/OabrQ2IG7lLzi3tra4eQ4todayU.roa
File:                     OabrQ2IG7lLzi3tra4eQ4todayU.roa (raw, json)
Hash identifier:          VPrC0JD2TisAWXeKTrKUyuS77BkygEhO3sB4dcYCmXo=
Subject key identifier:   39:A6:EB:43:62:06:EE:52:F3:8B:7B:6B:6B:87:90:E2:DA:1D:6B:25
Certificate issuer:       /CN=d0de618822b8af6f9ecaffcd7d5459b7cc11449a
Certificate serial:       018D79983A32B009411179CD7347469F1DE3
Authority key identifier: D0:DE:61:88:22:B8:AF:6F:9E:CA:FF:CD:7D:54:59:B7:CC:11:44:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0N5hiCK4r2-eyv_NfVRZt8wRRJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/OabrQ2IG7lLzi3tra4eQ4todayU.roa
Signing time:             Mon 05 Feb 2024 14:07:15 +0000
ROA not before:           Mon 05 Feb 2024 14:07:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        185.156.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/0N5hiCK4r2-eyv_NfVRZt8wRRJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/0N5hiCK4r2-eyv_NfVRZt8wRRJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0N5hiCK4r2-eyv_NfVRZt8wRRJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:79:98:3a:32:b0:09:41:11:79:cd:73:47:46:9f:1d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0de618822b8af6f9ecaffcd7d5459b7cc11449a
        Validity
            Not Before: Feb  5 14:07:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39a6eb436206ee52f38b7b6b6b8790e2da1d6b25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f9:b9:07:c2:65:d1:c8:48:93:5f:ed:21:57:
                    90:03:6e:06:2f:33:bc:8f:05:50:78:8c:a8:cd:d3:
                    75:46:5a:0d:1e:95:65:1c:58:ce:37:46:d3:0d:db:
                    17:2f:3e:6b:45:e5:ea:81:16:1f:6e:22:33:19:e5:
                    c7:1e:b7:29:da:6a:2d:b5:f3:38:aa:9a:d5:6c:a9:
                    1b:96:34:35:4a:d5:0e:98:a5:76:1d:ab:19:f9:73:
                    e5:0a:64:11:5f:15:20:3d:9f:b7:01:33:c4:d3:5f:
                    d2:b3:e3:64:97:5d:20:27:a4:08:d8:38:4d:f4:1b:
                    04:d6:4d:fb:f3:22:4c:c3:1e:a1:cc:c4:0d:64:97:
                    d2:93:68:9f:ad:e8:73:9c:0d:74:33:6a:fe:4b:d7:
                    22:00:26:89:72:ad:b1:34:38:47:11:13:40:51:f4:
                    a4:63:63:7a:23:42:63:69:99:a1:fe:7f:04:e7:b4:
                    30:e5:55:77:26:4e:55:bf:17:3e:8f:b6:19:79:ac:
                    ce:18:21:e9:4b:d7:52:56:71:99:46:0d:ac:2e:4e:
                    55:3d:88:3e:cd:a5:80:73:af:06:14:33:51:02:54:
                    21:08:e3:e4:43:8b:aa:40:d3:f5:a3:11:cc:bf:09:
                    1c:ac:0a:3b:41:80:ac:1f:5b:0f:86:7b:bb:cc:b1:
                    5a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:A6:EB:43:62:06:EE:52:F3:8B:7B:6B:6B:87:90:E2:DA:1D:6B:25
            X509v3 Authority Key Identifier:
                keyid:D0:DE:61:88:22:B8:AF:6F:9E:CA:FF:CD:7D:54:59:B7:CC:11:44:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0N5hiCK4r2-eyv_NfVRZt8wRRJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/OabrQ2IG7lLzi3tra4eQ4todayU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5acd78-d670-4192-b564-040e0644fbe8/1/0N5hiCK4r2-eyv_NfVRZt8wRRJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:67:f0:16:92:e9:ef:28:c3:c9:39:a2:c0:88:80:30:a8:f5:
         33:86:4e:59:86:35:30:ef:94:7b:f1:15:18:29:0a:63:da:2a:
         2d:aa:1d:1b:e7:4c:cf:15:56:ec:04:19:28:68:1f:40:5c:3c:
         31:19:27:89:ac:ba:97:24:36:90:68:c8:49:e4:f2:55:44:6e:
         0a:b2:83:ca:4e:30:1d:53:7a:57:60:b0:3f:45:29:25:8e:f0:
         71:22:43:b5:9d:d9:92:70:5c:f8:ed:94:73:e9:70:1f:fe:7a:
         d9:09:cf:a9:79:22:a7:93:c1:2a:d1:cc:dd:3f:57:2c:e5:f0:
         9b:43:5e:19:b1:54:7e:5b:e7:32:13:1a:5a:68:2c:f4:b1:4c:
         f7:1e:11:11:93:f4:48:c9:37:74:49:83:20:5b:1a:20:39:fc:
         4f:16:76:fc:d2:d3:56:bc:4d:b4:ec:6f:04:07:54:dc:0d:39:
         a7:41:c6:94:cf:2e:fe:75:96:01:40:bf:4d:fd:6a:8a:5e:52:
         a9:4e:35:c8:81:73:2f:13:03:81:3f:78:67:6d:e0:d1:ff:dd:
         4e:cd:d7:8c:67:0a:7b:a4:97:32:c0:35:06:53:92:05:6c:d4:
         8f:f1:70:1d:54:d3:21:e0:bc:c3:2a:8e:b1:b3:9b:fc:41:4f:
         b7:5e:0c:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY15mDoysAlBEXnNc0dGnx3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZGU2MTg4MjJiOGFmNmY5ZWNhZmZjZDdkNTQ1OWI3Y2Mx
MTQ0OWEwHhcNMjQwMjA1MTQwNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWE2ZWI0MzYyMDZlZTUyZjM4YjdiNmI2Yjg3OTBlMmRhMWQ2YjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPm5B8Jl0chIk1/tIVeQA24GLzO8
jwVQeIyozdN1RloNHpVlHFjON0bTDdsXLz5rReXqgRYfbiIzGeXHHrcp2mottfM4
qprVbKkbljQ1StUOmKV2HasZ+XPlCmQRXxUgPZ+3ATPE01/Ss+Nkl10gJ6QI2DhN
9BsE1k378yJMwx6hzMQNZJfSk2ifrehznA10M2r+S9ciACaJcq2xNDhHERNAUfSk
Y2N6I0JjaZmh/n8E57Qw5VV3Jk5Vvxc+j7YZeazOGCHpS9dSVnGZRg2sLk5VPYg+
zaWAc68GFDNRAlQhCOPkQ4uqQNP1oxHMvwkcrAo7QYCsH1sPhnu7zLFaWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmm60NiBu5S84t7a2uHkOLaHWslMB8GA1UdIwQY
MBaAFNDeYYgiuK9vnsr/zX1UWbfMEUSaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME41aGlDSzRyMi1leXZfTmZWUlp0OHdSUkpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC81YWNkNzgtZDY3MC00MTkyLWI1NjQt
MDQwZTA2NDRmYmU4LzEvT2FiclEySUc3bEx6aTN0cmE0ZVE0dG9kYXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC81YWNkNzgtZDY3MC00MTkyLWI1NjQtMDQwZTA2NDRmYmU4
LzEvME41aGlDSzRyMi1leXZfTmZWUlp0OHdSUkpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZwEMA0G
CSqGSIb3DQEBCwUAA4IBAQAaZ/AWkunvKMPJOaLAiIAwqPUzhk5ZhjUw75R78RUY
KQpj2iotqh0b50zPFVbsBBkoaB9AXDwxGSeJrLqXJDaQaMhJ5PJVRG4KsoPKTjAd
U3pXYLA/RSkljvBxIkO1ndmScFz47ZRz6XAf/nrZCc+peSKnk8Eq0czdP1cs5fCb
Q14ZsVR+W+cyExpaaCz0sUz3HhERk/RIyTd0SYMgWxogOfxPFnb80tNWvE207G8E
B1TcDTmnQcaUzy7+dZYBQL9N/WqKXlKpTjXIgXMvEwOBP3hnbeDR/91OzdeMZwp7
pJcywDUGU5IFbNSP8XAdVNMh4LzDKo6xs5v8QU+3Xgyy
-----END CERTIFICATE-----