Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/92c0a7-2c00-4a0d-b0f9-bce3eb5775eb/1/oz_XQxh3K7c4yQcIMADlKjkLOZg.roa
File:                     oz_XQxh3K7c4yQcIMADlKjkLOZg.roa (raw, json)
Hash identifier:          cOzBl5dhgV7eWiJw4X8P1aE9f4CoKxwgd9gPu5r04g0=
Subject key identifier:   A3:3F:D7:43:18:77:2B:B7:38:C9:07:08:30:00:E5:2A:39:0B:39:98
Certificate issuer:       /CN=01d288e54730b1093af4999380342f85d8198d0a
Certificate serial:       018D11D7D298412D07CC57F7BDD86D67E6BA
Authority key identifier: 01:D2:88:E5:47:30:B1:09:3A:F4:99:93:80:34:2F:85:D8:19:8D:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AdKI5UcwsQk69JmTgDQvhdgZjQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/92c0a7-2c00-4a0d-b0f9-bce3eb5775eb/1/oz_XQxh3K7c4yQcIMADlKjkLOZg.roa
Signing time:             Tue 16 Jan 2024 10:36:13 +0000
ROA not before:           Tue 16 Jan 2024 10:36:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198497
IP address blocks:        188.241.122.0/24 maxlen: 24
                          188.241.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/92c0a7-2c00-4a0d-b0f9-bce3eb5775eb/1/AdKI5UcwsQk69JmTgDQvhdgZjQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/92c0a7-2c00-4a0d-b0f9-bce3eb5775eb/1/AdKI5UcwsQk69JmTgDQvhdgZjQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AdKI5UcwsQk69JmTgDQvhdgZjQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:11:d7:d2:98:41:2d:07:cc:57:f7:bd:d8:6d:67:e6:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01d288e54730b1093af4999380342f85d8198d0a
        Validity
            Not Before: Jan 16 10:36:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a33fd74318772bb738c907083000e52a390b3998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0d:f3:e7:85:84:4e:b1:3d:46:51:13:5b:7e:
                    3e:a3:2c:87:e6:5c:b5:a0:ba:d0:0a:74:1a:9f:d9:
                    b0:b1:0c:1e:43:a2:00:79:11:ef:30:8a:81:77:c6:
                    69:f4:a4:02:2e:12:a3:97:bb:8a:b7:02:4b:32:df:
                    3a:df:ad:fb:53:eb:2d:5f:16:1d:6d:f8:bc:0a:d9:
                    0e:bb:0c:d4:20:c5:95:ac:28:ea:f8:88:ee:94:0a:
                    e5:c0:2a:b8:b6:8e:71:9f:70:ec:e3:fd:01:a6:61:
                    34:bc:b1:c6:60:2a:96:43:9f:92:7c:52:01:bb:36:
                    ff:23:a9:cb:8c:f2:32:eb:0c:e9:00:a0:57:8e:65:
                    06:8b:7c:ae:f7:06:69:26:26:cd:16:d2:ab:a4:28:
                    bb:c7:ad:79:b7:91:86:3a:56:a3:1f:31:b4:48:ec:
                    b8:16:48:dd:7d:ea:ed:76:78:3e:ee:91:35:25:49:
                    93:55:b0:70:30:4e:98:a8:ee:08:11:bf:d8:b2:19:
                    53:23:44:73:9e:fe:2a:57:66:24:46:47:9d:8b:1c:
                    5a:17:f1:33:32:95:d4:c0:d3:c0:8b:ef:ea:e5:0c:
                    d5:f9:91:fa:7c:b2:d2:cc:71:8b:85:f4:b3:e1:63:
                    b1:c2:03:47:42:33:35:41:99:e5:bb:7c:b0:8a:d9:
                    f9:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:3F:D7:43:18:77:2B:B7:38:C9:07:08:30:00:E5:2A:39:0B:39:98
            X509v3 Authority Key Identifier:
                keyid:01:D2:88:E5:47:30:B1:09:3A:F4:99:93:80:34:2F:85:D8:19:8D:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AdKI5UcwsQk69JmTgDQvhdgZjQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/92c0a7-2c00-4a0d-b0f9-bce3eb5775eb/1/oz_XQxh3K7c4yQcIMADlKjkLOZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/92c0a7-2c00-4a0d-b0f9-bce3eb5775eb/1/AdKI5UcwsQk69JmTgDQvhdgZjQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:2d:bf:22:60:e3:00:9d:90:85:5c:d8:39:c0:d2:4a:fd:fb:
         53:e4:12:77:f7:78:48:67:50:c5:14:59:6a:78:6e:95:5e:4f:
         49:94:c7:ac:31:96:6c:59:ab:09:87:5b:fb:78:e5:b9:a7:29:
         86:cf:a5:73:da:d7:50:77:42:1c:7a:7f:22:2e:33:a6:d6:f4:
         74:91:0a:46:80:ce:60:b8:8b:cb:d8:29:5d:66:12:14:01:24:
         02:54:d8:db:97:a4:b2:54:1e:4a:46:55:e7:f5:fb:62:20:a2:
         da:88:db:0a:9c:5c:51:56:60:3f:f4:85:cd:8f:8a:33:5d:d3:
         8e:33:e9:62:dd:a8:6d:df:9a:27:ab:72:f9:24:75:26:58:6d:
         a2:30:41:8a:d7:49:02:b3:67:78:80:19:68:a1:f6:f5:7f:98:
         a3:58:1f:6c:4e:8a:98:a3:f8:cc:0d:b6:8f:d3:b3:ca:14:7d:
         63:7c:a6:12:a8:63:40:24:18:b1:bb:30:32:cb:bc:27:be:8c:
         ed:55:e8:26:a2:fa:fc:54:39:2e:38:a4:c5:aa:64:21:5d:09:
         6c:2c:c0:96:45:02:34:47:e2:2f:29:8e:a8:73:3b:4e:7d:67:
         2f:83:e8:e4:61:c6:76:e3:66:12:53:cf:e8:44:8b:4e:4c:df:
         c4:d2:11:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0R19KYQS0HzFf3vdhtZ+a6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZDI4OGU1NDczMGIxMDkzYWY0OTk5MzgwMzQyZjg1ZDgx
OThkMGEwHhcNMjQwMTE2MTAzNjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzNmZDc0MzE4NzcyYmI3MzhjOTA3MDgzMDAwZTUyYTM5MGIzOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlw3z54WETrE9RlETW34+oyyH5ly1
oLrQCnQan9mwsQweQ6IAeRHvMIqBd8Zp9KQCLhKjl7uKtwJLMt863637U+stXxYd
bfi8CtkOuwzUIMWVrCjq+IjulArlwCq4to5xn3Ds4/0BpmE0vLHGYCqWQ5+SfFIB
uzb/I6nLjPIy6wzpAKBXjmUGi3yu9wZpJibNFtKrpCi7x615t5GGOlajHzG0SOy4
Fkjdfertdng+7pE1JUmTVbBwME6YqO4IEb/YshlTI0Rznv4qV2YkRkedixxaF/Ez
MpXUwNPAi+/q5QzV+ZH6fLLSzHGLhfSz4WOxwgNHQjM1QZnlu3ywitn5aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKM/10MYdyu3OMkHCDAA5So5CzmYMB8GA1UdIwQY
MBaAFAHSiOVHMLEJOvSZk4A0L4XYGY0KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWRLSTVVY3dzUWs2OUptVGdEUXZoZGdaalFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85MmMwYTctMmMwMC00YTBkLWIwZjkt
YmNlM2ViNTc3NWViLzEvb3pfWFF4aDNLN2M0eVFjSU1BRGxLamtMT1pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85MmMwYTctMmMwMC00YTBkLWIwZjktYmNlM2ViNTc3NWVi
LzEvQWRLSTVVY3dzUWs2OUptVGdEUXZoZGdaalFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvPF6MA0G
CSqGSIb3DQEBCwUAA4IBAQAXLb8iYOMAnZCFXNg5wNJK/ftT5BJ393hIZ1DFFFlq
eG6VXk9JlMesMZZsWasJh1v7eOW5pymGz6Vz2tdQd0Icen8iLjOm1vR0kQpGgM5g
uIvL2CldZhIUASQCVNjbl6SyVB5KRlXn9ftiIKLaiNsKnFxRVmA/9IXNj4ozXdOO
M+li3aht35onq3L5JHUmWG2iMEGK10kCs2d4gBloofb1f5ijWB9sToqYo/jMDbaP
07PKFH1jfKYSqGNAJBixuzAyy7wnvoztVegmovr8VDkuOKTFqmQhXQlsLMCWRQI0
R+IvKY6ocztOfWcvg+jkYcZ242YSU8/oRItOTN/E0hFt
-----END CERTIFICATE-----