Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/0OIQJZml7hVvMP3YYKGf5-G-3K0.roa
File:                     0OIQJZml7hVvMP3YYKGf5-G-3K0.roa (raw, json)
Hash identifier:          jaChc35PhRQs16fA5Xk4AfBHhgS5h+oK3BL3ilBiD4M=
Subject key identifier:   D0:E2:10:25:99:A5:EE:15:6F:30:FD:D8:60:A1:9F:E7:E1:BE:DC:AD
Certificate issuer:       /CN=bab232c1d72dc1cabbda16c870ec941d458a9fdc
Certificate serial:       019011437F02284700E47A17CECF5E05393B
Authority key identifier: BA:B2:32:C1:D7:2D:C1:CA:BB:DA:16:C8:70:EC:94:1D:45:8A:9F:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/urIywdctwcq72hbIcOyUHUWKn9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/0OIQJZml7hVvMP3YYKGf5-G-3K0.roa
Signing time:             Thu 13 Jun 2024 11:02:34 +0000
ROA not before:           Thu 13 Jun 2024 11:02:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.214.81.0/24 maxlen: 24
                          185.214.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/urIywdctwcq72hbIcOyUHUWKn9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/urIywdctwcq72hbIcOyUHUWKn9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/urIywdctwcq72hbIcOyUHUWKn9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:43:7f:02:28:47:00:e4:7a:17:ce:cf:5e:05:39:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bab232c1d72dc1cabbda16c870ec941d458a9fdc
        Validity
            Not Before: Jun 13 11:02:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0e2102599a5ee156f30fdd860a19fe7e1bedcad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:43:ae:63:84:e6:18:d1:d9:fb:cd:d1:a0:7f:
                    b5:36:45:6a:b3:29:e4:fe:31:d5:a0:f8:cc:96:15:
                    2e:4d:eb:fd:14:6a:81:ce:0b:89:a5:d6:62:9b:56:
                    b9:51:fd:af:0c:50:6f:a6:d4:f7:c5:d9:3d:fe:e8:
                    8d:99:a3:04:61:bf:61:cf:2c:27:23:d1:2c:d9:01:
                    82:d0:ef:38:de:1a:17:a6:51:0e:ed:c6:79:27:dd:
                    c6:ed:d0:f7:ac:d3:bc:d9:cd:22:f6:a6:0a:89:44:
                    44:0c:41:5f:ee:81:31:fc:62:86:7a:8b:b9:c3:86:
                    a4:c9:21:6f:58:7e:de:12:d1:17:3b:cb:83:5e:8a:
                    48:b7:87:7f:bc:f7:7e:80:9c:27:c0:8e:13:01:f8:
                    da:a8:ad:b7:02:db:70:0f:bd:59:c1:5d:6e:7f:76:
                    65:2e:21:99:86:37:46:53:db:39:41:a0:53:fc:13:
                    77:dd:2a:84:7e:a9:6c:d3:aa:51:2e:48:77:69:77:
                    ae:4d:0b:e7:00:e5:eb:49:57:c3:b0:f1:f7:e6:24:
                    ab:a5:59:7f:b7:83:32:49:03:ab:9d:56:38:3b:57:
                    41:d3:4f:1c:d7:00:c3:e7:32:2f:93:70:7b:ee:b1:
                    53:8f:96:5e:d1:3d:1a:a9:9a:e3:b2:91:30:cb:b8:
                    8f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E2:10:25:99:A5:EE:15:6F:30:FD:D8:60:A1:9F:E7:E1:BE:DC:AD
            X509v3 Authority Key Identifier:
                keyid:BA:B2:32:C1:D7:2D:C1:CA:BB:DA:16:C8:70:EC:94:1D:45:8A:9F:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/urIywdctwcq72hbIcOyUHUWKn9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/0OIQJZml7hVvMP3YYKGf5-G-3K0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/urIywdctwcq72hbIcOyUHUWKn9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.81.0/24
                  185.214.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:49:17:24:3b:1d:31:70:e8:25:9e:20:48:5f:89:4f:da:15:
         d4:4c:7d:f0:26:c7:60:da:52:07:d4:06:fa:e0:d9:fc:f6:ab:
         55:e3:65:72:d0:75:27:46:e5:7e:06:ee:6e:ee:1d:b1:5b:f0:
         3a:1c:05:08:c8:a0:1b:eb:9d:87:77:f6:ab:22:21:0c:8a:a0:
         09:03:c3:10:e8:61:2e:7c:5e:3a:b6:0b:6a:74:5d:e6:c2:45:
         1a:81:3e:1c:51:1c:db:51:cd:7b:9e:ab:27:f2:06:c6:53:60:
         b9:a1:3b:ac:3e:1b:05:c2:82:2b:da:c2:c7:d0:93:b3:7c:83:
         b2:1b:40:11:8b:18:62:02:5d:bd:96:af:30:b9:df:ee:86:45:
         15:34:01:e1:11:37:23:42:7a:17:55:4f:25:34:a6:1c:c7:33:
         4b:40:72:c3:42:be:b0:a5:7a:99:ab:ca:09:1f:df:76:75:9c:
         d7:f6:54:66:b5:7d:3f:d4:94:3e:a3:1d:a7:68:99:44:c7:92:
         af:33:41:56:39:2e:61:e5:26:a9:dc:ab:34:b8:92:cf:59:cb:
         d1:c0:20:4b:d6:00:48:00:7e:cd:3b:aa:5d:a3:76:7d:5a:37:
         91:23:4a:b8:f3:52:84:bf:23:3e:f8:88:53:bf:e8:80:4d:4b:
         29:60:f1:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZARQ38CKEcA5HoXzs9eBTk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYjIzMmMxZDcyZGMxY2FiYmRhMTZjODcwZWM5NDFkNDU4
YTlmZGMwHhcNMjQwNjEzMTEwMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGUyMTAyNTk5YTVlZTE1NmYzMGZkZDg2MGExOWZlN2UxYmVkY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkOuY4TmGNHZ+83RoH+1NkVqsynk
/jHVoPjMlhUuTev9FGqBzguJpdZim1a5Uf2vDFBvptT3xdk9/uiNmaMEYb9hzywn
I9Es2QGC0O843hoXplEO7cZ5J93G7dD3rNO82c0i9qYKiUREDEFf7oEx/GKGeou5
w4akySFvWH7eEtEXO8uDXopIt4d/vPd+gJwnwI4TAfjaqK23AttwD71ZwV1uf3Zl
LiGZhjdGU9s5QaBT/BN33SqEfqls06pRLkh3aXeuTQvnAOXrSVfDsPH35iSrpVl/
t4MySQOrnVY4O1dB008c1wDD5zIvk3B77rFTj5Ze0T0aqZrjspEwy7iPZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNDiECWZpe4VbzD92GChn+fhvtytMB8GA1UdIwQY
MBaAFLqyMsHXLcHKu9oWyHDslB1Fip/cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXJJeXdkY3R3Y3E3MmhiSWNPeVVIVVdLbjl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83OTU3NzQtZmI5ZS00MTNmLTlmNzAt
N2QzZWZiNGE2YTdmLzEvME9JUUpabWw3aFZ2TVAzWVlLR2Y1LUctM0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83OTU3NzQtZmI5ZS00MTNmLTlmNzAtN2QzZWZiNGE2YTdm
LzEvdXJJeXdkY3R3Y3E3MmhiSWNPeVVIVVdLbjl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudZRAwQA
udZTMA0GCSqGSIb3DQEBCwUAA4IBAQB4SRckOx0xcOglniBIX4lP2hXUTH3wJsdg
2lIH1Ab64Nn89qtV42Vy0HUnRuV+Bu5u7h2xW/A6HAUIyKAb652Hd/arIiEMiqAJ
A8MQ6GEufF46tgtqdF3mwkUagT4cURzbUc17nqsn8gbGU2C5oTusPhsFwoIr2sLH
0JOzfIOyG0ARixhiAl29lq8wud/uhkUVNAHhETcjQnoXVU8lNKYcxzNLQHLDQr6w
pXqZq8oJH992dZzX9lRmtX0/1JQ+ox2naJlEx5KvM0FWOS5h5Sap3Ks0uJLPWcvR
wCBL1gBIAH7NO6pdo3Z9WjeRI0q481KEvyM++IhTv+iATUspYPH6
-----END CERTIFICATE-----