Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/293d36-9da2-4405-8de3-4afd8254ae43/1/o4W31CnKgxta-Hj1usi8RWeZGao.roa
File:                     o4W31CnKgxta-Hj1usi8RWeZGao.roa (raw, json)
Hash identifier:          SpfXW0v0LaOswFRz6pi7aSp47BVVm8ATHfyfCLBkUrA=
Subject key identifier:   A3:85:B7:D4:29:CA:83:1B:5A:F8:78:F5:BA:C8:BC:45:67:99:19:AA
Certificate issuer:       /CN=fae16b493d2a12897caf4757bb18a02eec2cde17
Certificate serial:       018CC8015EA751B5E8EAE11AB0FBC3A6FDAF
Authority key identifier: FA:E1:6B:49:3D:2A:12:89:7C:AF:47:57:BB:18:A0:2E:EC:2C:DE:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-uFrST0qEol8r0dXuxigLuws3hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/293d36-9da2-4405-8de3-4afd8254ae43/1/o4W31CnKgxta-Hj1usi8RWeZGao.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.149.160.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/293d36-9da2-4405-8de3-4afd8254ae43/1/1-uFrST0qEol8r0dXuxigLuws3hc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/293d36-9da2-4405-8de3-4afd8254ae43/1/1-uFrST0qEol8r0dXuxigLuws3hc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-uFrST0qEol8r0dXuxigLuws3hc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5e:a7:51:b5:e8:ea:e1:1a:b0:fb:c3:a6:fd:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fae16b493d2a12897caf4757bb18a02eec2cde17
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a385b7d429ca831b5af878f5bac8bc45679919aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f1:bf:f4:1d:de:19:c3:c1:82:ba:bf:08:11:
                    eb:c0:01:1e:58:35:73:43:03:b8:5b:d1:ee:38:71:
                    d0:91:3e:8a:cb:fb:e9:97:0d:20:4a:b2:4c:78:eb:
                    5c:87:e7:9b:d2:2a:fb:41:42:a5:e6:21:6e:f0:05:
                    c0:dd:e5:29:c0:77:a0:d4:35:79:a8:cf:c8:81:51:
                    71:7a:38:f9:01:ae:4c:df:71:c0:ce:c0:af:c6:ff:
                    90:e0:e4:16:79:fb:24:b6:9c:4e:33:6e:6f:14:84:
                    9a:8e:f7:9c:d7:08:2e:31:54:71:9a:f1:bc:9f:06:
                    08:74:4b:8f:93:34:94:8d:75:df:a2:f6:c2:a1:24:
                    a9:3a:01:df:97:9e:bd:1c:a4:28:b7:3e:c1:0a:2f:
                    ca:06:fe:3a:0b:b7:45:0d:59:9f:ea:fa:23:07:1e:
                    ae:ad:c1:55:2c:8d:03:2f:d1:80:27:98:28:57:50:
                    e9:64:c1:ae:3d:38:f9:2d:87:06:a8:96:11:2a:25:
                    90:4f:db:93:f7:53:9f:6b:64:09:cb:c7:37:05:7a:
                    5f:4c:59:98:70:ec:02:74:bb:8e:c2:ae:ee:34:58:
                    f7:bd:b3:c5:a2:53:be:35:20:18:f0:46:ca:e7:c2:
                    5e:0b:77:16:82:da:d1:ca:85:c4:4b:7a:0b:14:ca:
                    1c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:85:B7:D4:29:CA:83:1B:5A:F8:78:F5:BA:C8:BC:45:67:99:19:AA
            X509v3 Authority Key Identifier:
                keyid:FA:E1:6B:49:3D:2A:12:89:7C:AF:47:57:BB:18:A0:2E:EC:2C:DE:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-uFrST0qEol8r0dXuxigLuws3hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/293d36-9da2-4405-8de3-4afd8254ae43/1/o4W31CnKgxta-Hj1usi8RWeZGao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/293d36-9da2-4405-8de3-4afd8254ae43/1/1-uFrST0qEol8r0dXuxigLuws3hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.149.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         62:a7:83:11:e7:ef:ba:72:d9:7c:80:7a:04:7a:7c:34:3d:23:
         a1:2e:62:64:1e:4b:69:6c:dd:84:92:25:1f:a3:9e:93:bc:28:
         30:0d:9b:a0:25:d0:89:94:89:93:2f:bf:69:40:82:94:af:f3:
         f2:9b:c0:22:19:a2:4d:e7:ec:71:6b:38:a2:4e:a7:f4:65:e0:
         09:59:bf:4a:21:6e:2d:a6:7f:f4:ba:24:6a:17:94:62:3c:c0:
         bd:f4:03:56:9c:77:57:6d:4f:90:1a:49:d2:dc:5d:64:17:0e:
         82:81:66:12:af:53:6b:23:89:d6:4e:0d:fa:bb:7c:89:eb:4b:
         4a:e4:23:d0:5d:5e:8b:c8:31:5f:a5:0f:05:86:f0:95:c8:c2:
         00:9e:c1:41:6b:7d:5e:70:68:d2:c0:06:df:ed:18:44:d3:39:
         ef:66:1c:b3:9e:6c:16:f6:cb:b7:4e:41:1f:c3:e5:36:b2:5b:
         9b:fe:97:48:c8:3b:24:6c:37:70:08:15:f8:61:6a:78:27:08:
         1b:9f:8b:bf:d9:60:c6:b0:1f:9c:31:6a:00:b8:ed:71:1b:6b:
         60:ac:55:02:6b:53:ff:ab:d7:bc:25:0a:d0:de:c6:ed:0b:f7:
         8f:cc:3b:18:23:a0:f1:b9:b2:7e:1b:0a:45:84:d0:1b:2d:33:
         25:cf:3a:c3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAV6nUbXo6uEasPvDpv2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZTE2YjQ5M2QyYTEyODk3Y2FmNDc1N2JiMThhMDJlZWMy
Y2RlMTcwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzg1YjdkNDI5Y2E4MzFiNWFmODc4ZjViYWM4YmM0NTY3OTkxOWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vG/9B3eGcPBgrq/CBHrwAEeWDVz
QwO4W9HuOHHQkT6Ky/vplw0gSrJMeOtch+eb0ir7QUKl5iFu8AXA3eUpwHeg1DV5
qM/IgVFxejj5Aa5M33HAzsCvxv+Q4OQWefsktpxOM25vFISajvec1wguMVRxmvG8
nwYIdEuPkzSUjXXfovbCoSSpOgHfl569HKQotz7BCi/KBv46C7dFDVmf6vojBx6u
rcFVLI0DL9GAJ5goV1DpZMGuPTj5LYcGqJYRKiWQT9uT91Ofa2QJy8c3BXpfTFmY
cOwCdLuOwq7uNFj3vbPFolO+NSAY8EbK58JeC3cWgtrRyoXES3oLFMocUwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKOFt9QpyoMbWvh49brIvEVnmRmqMB8GA1UdIwQY
MBaAFPrha0k9KhKJfK9HV7sYoC7sLN4XMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS11RnJTVDBxRW9sOHIwZFh1eGlnTHV3czNoYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTMvMjkzZDM2LTlkYTItNDQwNS04ZGUz
LTRhZmQ4MjU0YWU0My8xL280VzMxQ25LZ3h0YS1IajF1c2k4UldlWkdhby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTMvMjkzZDM2LTlkYTItNDQwNS04ZGUzLTRhZmQ4MjU0YWU0
My8xLzEtdUZyU1QwcUVvbDhyMGRYdXhpZ0x1d3MzaGMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAXClaAw
DQYJKoZIhvcNAQELBQADggEBAGKngxHn77py2XyAegR6fDQ9I6EuYmQeS2ls3YSS
JR+jnpO8KDANm6Al0ImUiZMvv2lAgpSv8/KbwCIZok3n7HFrOKJOp/Rl4AlZv0oh
bi2mf/S6JGoXlGI8wL30A1acd1dtT5AaSdLcXWQXDoKBZhKvU2sjidZODfq7fInr
S0rkI9BdXovIMV+lDwWG8JXIwgCewUFrfV5waNLABt/tGETTOe9mHLOebBb2y7dO
QR/D5TayW5v+l0jIOyRsN3AIFfhhangnCBufi7/ZYMawH5wxagC47XEba2CsVQJr
U/+r17wlCtDexu0L94/MOxgjoPG5sn4bCkWE0BstMyXPOsM=
-----END CERTIFICATE-----