Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/oLtPBhYoYmsO9IDcfyHhUt_xPZQ.roa
File:                     oLtPBhYoYmsO9IDcfyHhUt_xPZQ.roa (raw, json)
Hash identifier:          8/Flsf5VzMIeW0iRMkmcd8/I7rclbQSI01vB4oR/0HY=
Subject key identifier:   A0:BB:4F:06:16:28:62:6B:0E:F4:80:DC:7F:21:E1:52:DF:F1:3D:94
Certificate issuer:       /CN=785ef4bd2976bf292ab73304907f510cd00cc8a2
Certificate serial:       018CC56E014790426B2921CBF48CFC999877
Authority key identifier: 78:5E:F4:BD:29:76:BF:29:2A:B7:33:04:90:7F:51:0C:D0:0C:C8:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eF70vSl2vykqtzMEkH9RDNAMyKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/oLtPBhYoYmsO9IDcfyHhUt_xPZQ.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27363
IP address blocks:        193.134.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/eF70vSl2vykqtzMEkH9RDNAMyKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/eF70vSl2vykqtzMEkH9RDNAMyKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eF70vSl2vykqtzMEkH9RDNAMyKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:01:47:90:42:6b:29:21:cb:f4:8c:fc:99:98:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=785ef4bd2976bf292ab73304907f510cd00cc8a2
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0bb4f061628626b0ef480dc7f21e152dff13d94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b7:3f:73:37:fa:16:45:ab:b1:21:96:3c:74:
                    fb:c5:57:f0:62:d8:ec:9a:e0:30:ca:ab:38:f4:80:
                    de:11:c4:f1:35:c6:dd:36:d2:af:8b:ff:7f:eb:1e:
                    e9:9e:da:b3:16:d9:8b:36:1d:ae:5e:a1:98:68:3f:
                    87:e2:ac:9c:ee:3f:06:fc:9c:45:64:a4:61:3d:a7:
                    9b:92:81:79:8c:60:cb:43:06:c9:2e:bf:0e:99:f9:
                    f5:c3:f9:64:72:3a:55:8c:b4:04:8d:af:7b:26:67:
                    6f:45:ea:b0:e8:51:fd:d2:b4:43:dd:17:50:66:76:
                    52:cb:a2:22:9a:15:b6:2e:c0:00:cc:b2:0f:65:7c:
                    f1:37:0c:d4:7c:90:f5:f6:32:6c:0b:68:71:13:21:
                    a3:e0:f4:d9:99:8d:ed:ee:55:5f:b4:94:01:4f:c9:
                    46:e4:f2:d0:fa:27:92:9e:be:70:2f:bc:85:e8:be:
                    dc:e2:5a:7c:18:44:11:b9:a1:82:d3:49:81:98:14:
                    dc:4e:f1:27:33:ed:ed:c1:9e:1b:f3:4b:92:3d:6f:
                    b0:0f:f3:e9:d5:aa:14:fc:e2:42:f6:98:e4:d0:74:
                    d9:d8:22:66:9d:9e:3d:02:95:77:2a:90:e6:d0:ec:
                    17:65:39:09:84:f2:61:62:22:89:6e:b2:49:97:12:
                    5c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:BB:4F:06:16:28:62:6B:0E:F4:80:DC:7F:21:E1:52:DF:F1:3D:94
            X509v3 Authority Key Identifier:
                keyid:78:5E:F4:BD:29:76:BF:29:2A:B7:33:04:90:7F:51:0C:D0:0C:C8:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eF70vSl2vykqtzMEkH9RDNAMyKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/oLtPBhYoYmsO9IDcfyHhUt_xPZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/eF70vSl2vykqtzMEkH9RDNAMyKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:d9:68:ee:e0:83:56:c9:6c:be:95:d2:1f:74:8b:90:23:83:
         c3:87:76:f7:9b:d9:0f:05:a7:0b:5d:91:4b:1e:01:68:03:54:
         7f:13:a3:ed:56:c8:e1:6f:ee:81:2f:93:c1:ec:e4:f8:76:99:
         c8:0d:66:94:0d:aa:41:cd:47:e6:f8:88:b5:78:af:62:3b:75:
         b4:43:22:b1:78:17:56:e8:09:e6:4f:eb:32:8d:66:fe:d3:9f:
         db:6c:83:09:e1:3c:f5:26:de:0d:cc:3f:f9:d9:79:ff:16:a3:
         62:ec:a0:26:e9:22:18:2b:1a:a8:18:08:d3:55:96:a4:66:f6:
         38:a7:ed:ff:80:a4:7e:3a:e1:ee:ce:cb:40:fd:b6:fa:a7:34:
         db:7e:b7:ef:a2:29:77:fa:a6:9a:b3:44:22:39:e3:e2:42:21:
         ed:2a:92:83:a3:40:f7:85:af:11:78:b5:0e:aa:0c:3b:84:f5:
         f2:27:4c:5a:e0:64:33:82:4d:60:6b:bf:2f:cf:b3:23:91:82:
         30:73:3e:fa:2d:e9:89:c5:5c:b8:a6:a0:63:d6:90:7e:cd:57:
         42:3c:20:8f:e4:85:57:5d:7e:d4:e5:32:69:b6:71:87:1c:11:
         f1:1a:e6:b9:05:af:75:cf:e1:d1:95:67:55:9d:f4:28:86:fb:
         1d:09:d3:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgFHkEJrKSHL9Iz8mZh3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NWVmNGJkMjk3NmJmMjkyYWI3MzMwNDkwN2Y1MTBjZDAw
Y2M4YTIwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGJiNGYwNjE2Mjg2MjZiMGVmNDgwZGM3ZjIxZTE1MmRmZjEzZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrc/czf6FkWrsSGWPHT7xVfwYtjs
muAwyqs49IDeEcTxNcbdNtKvi/9/6x7pntqzFtmLNh2uXqGYaD+H4qyc7j8G/JxF
ZKRhPaebkoF5jGDLQwbJLr8Omfn1w/lkcjpVjLQEja97JmdvReqw6FH90rRD3RdQ
ZnZSy6IimhW2LsAAzLIPZXzxNwzUfJD19jJsC2hxEyGj4PTZmY3t7lVftJQBT8lG
5PLQ+ieSnr5wL7yF6L7c4lp8GEQRuaGC00mBmBTcTvEnM+3twZ4b80uSPW+wD/Pp
1aoU/OJC9pjk0HTZ2CJmnZ49ApV3KpDm0OwXZTkJhPJhYiKJbrJJlxJcXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKC7TwYWKGJrDvSA3H8h4VLf8T2UMB8GA1UdIwQY
MBaAFHhe9L0pdr8pKrczBJB/UQzQDMiiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUY3MHZTbDJ2eWtxdHpNRWtIOVJETkFNeUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xOGU4ODItOTdkNy00MWRkLTllZmIt
N2Q0ZmE0Y2RjN2EyLzEvb0x0UEJoWW9ZbXNPOUlEY2Z5SGhVdF94UFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xOGU4ODItOTdkNy00MWRkLTllZmItN2Q0ZmE0Y2RjN2Ey
LzEvZUY3MHZTbDJ2eWtxdHpNRWtIOVJETkFNeUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYaiMA0G
CSqGSIb3DQEBCwUAA4IBAQBX2Wju4INWyWy+ldIfdIuQI4PDh3b3m9kPBacLXZFL
HgFoA1R/E6PtVsjhb+6BL5PB7OT4dpnIDWaUDapBzUfm+Ii1eK9iO3W0QyKxeBdW
6AnmT+syjWb+05/bbIMJ4Tz1Jt4NzD/52Xn/FqNi7KAm6SIYKxqoGAjTVZakZvY4
p+3/gKR+OuHuzstA/bb6pzTbfrfvoil3+qaas0QiOePiQiHtKpKDo0D3ha8ReLUO
qgw7hPXyJ0xa4GQzgk1ga78vz7MjkYIwcz76LemJxVy4pqBj1pB+zVdCPCCP5IVX
XX7U5TJptnGHHBHxGua5Ba91z+HRlWdVnfQohvsdCdMb
-----END CERTIFICATE-----