Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/a275fe-86f0-41e9-8263-69db6a8f58d7/1/oISC95YbhOOyfJTo9frISoKcfuU.roa
File:                     oISC95YbhOOyfJTo9frISoKcfuU.roa (raw, json)
Hash identifier:          yPLqZ+9vGASlhmWuSg8LeVZiDq/4Ekjezm//DVI+MzM=
Subject key identifier:   A0:84:82:F7:96:1B:84:E3:B2:7C:94:E8:F5:FA:C8:4A:82:9C:7E:E5
Certificate issuer:       /CN=d2c81b1d028f2af61ea9b422679a5f8de90572e7
Certificate serial:       018CC8DF337773BAA22689D5E8D2DD4A84F9
Authority key identifier: D2:C8:1B:1D:02:8F:2A:F6:1E:A9:B4:22:67:9A:5F:8D:E9:05:72:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0sgbHQKPKvYeqbQiZ5pfjekFcuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/a275fe-86f0-41e9-8263-69db6a8f58d7/1/oISC95YbhOOyfJTo9frISoKcfuU.roa
Signing time:             Tue 02 Jan 2024 06:32:00 +0000
ROA not before:           Tue 02 Jan 2024 06:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62061
IP address blocks:        185.180.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/a275fe-86f0-41e9-8263-69db6a8f58d7/1/0sgbHQKPKvYeqbQiZ5pfjekFcuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/a275fe-86f0-41e9-8263-69db6a8f58d7/1/0sgbHQKPKvYeqbQiZ5pfjekFcuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0sgbHQKPKvYeqbQiZ5pfjekFcuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:33:77:73:ba:a2:26:89:d5:e8:d2:dd:4a:84:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2c81b1d028f2af61ea9b422679a5f8de90572e7
        Validity
            Not Before: Jan  2 06:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a08482f7961b84e3b27c94e8f5fac84a829c7ee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:df:6a:90:7d:91:27:fc:d3:b2:66:fe:9a:ab:
                    16:b1:23:23:5c:41:af:6b:16:3b:7f:e4:83:8f:2c:
                    1a:9b:7e:1b:af:42:1e:ba:9c:bc:e6:be:e6:b5:21:
                    7e:6b:aa:95:6d:6c:75:8b:60:69:a6:cd:67:f3:57:
                    73:59:0f:77:f9:74:00:0d:8a:fb:24:08:d4:a0:9e:
                    5b:d1:48:d8:24:19:51:f2:36:e4:ce:66:08:a9:ec:
                    4e:49:bd:26:cc:3c:b6:d7:ec:58:27:1e:37:a1:3d:
                    f7:02:a1:1b:eb:bf:30:48:f5:d1:b2:b8:7d:b7:ed:
                    ed:15:e2:b2:6d:93:f1:88:42:e8:ed:db:e2:ee:c0:
                    87:64:90:e5:3a:f2:f6:d3:8f:c5:bb:43:de:02:10:
                    89:c2:9b:36:02:77:e5:46:ce:cc:ae:b4:3b:83:99:
                    16:77:56:e3:99:7f:9d:b0:23:78:19:57:d3:8d:e6:
                    1d:3e:fa:08:c0:bf:b7:bd:40:b1:0a:6d:4d:f3:67:
                    9f:40:88:a4:8b:1d:48:fd:14:5a:4d:be:44:c3:69:
                    d3:2b:d7:fc:1f:f8:2a:a8:0a:bf:02:01:21:7e:9d:
                    43:c1:83:87:c4:27:a8:23:30:5f:96:43:0c:3e:73:
                    92:ac:d1:d8:ff:d1:27:fe:58:2e:f0:bf:7f:4f:e1:
                    b7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:84:82:F7:96:1B:84:E3:B2:7C:94:E8:F5:FA:C8:4A:82:9C:7E:E5
            X509v3 Authority Key Identifier:
                keyid:D2:C8:1B:1D:02:8F:2A:F6:1E:A9:B4:22:67:9A:5F:8D:E9:05:72:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0sgbHQKPKvYeqbQiZ5pfjekFcuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a275fe-86f0-41e9-8263-69db6a8f58d7/1/oISC95YbhOOyfJTo9frISoKcfuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a275fe-86f0-41e9-8263-69db6a8f58d7/1/0sgbHQKPKvYeqbQiZ5pfjekFcuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:ff:09:68:a0:af:15:97:07:2a:ab:58:66:30:80:14:99:00:
         a9:72:94:21:67:70:8e:2e:16:d3:85:b3:d7:65:bb:25:0d:cc:
         30:30:7e:0b:b2:7f:b4:27:63:4a:30:c6:d8:89:60:9c:e6:cc:
         e2:32:5a:98:8b:c7:58:74:eb:f6:d8:43:00:1f:66:c0:55:1e:
         36:7d:ce:e3:ef:41:6d:28:15:f6:59:7f:8e:0a:cc:ad:25:46:
         3f:88:93:b8:86:55:90:9c:02:48:ff:04:8f:15:60:5f:9b:4d:
         46:5b:b0:be:3a:4e:07:7f:9b:0d:65:04:96:c4:77:c0:5d:b4:
         24:75:0b:2d:37:5a:5c:c7:f7:f5:1e:cd:a4:13:eb:fc:ca:c9:
         b2:fc:d8:bc:17:93:40:51:ac:42:15:3b:aa:92:bc:0a:8b:ab:
         8a:b5:73:07:be:2a:df:f6:5d:7d:d9:2b:4d:6b:29:33:b3:d4:
         be:ca:50:86:ba:27:28:97:cc:73:61:61:69:26:1f:56:56:cf:
         42:9a:65:c5:28:f4:11:68:6a:10:fb:06:46:65:11:34:7b:10:
         9c:e8:5c:ce:63:0a:10:c5:c3:d8:c9:14:e0:88:98:08:62:57:
         a2:11:3e:91:5d:79:b8:fc:21:6c:5b:1e:40:a4:19:12:98:d2:
         6c:89:95:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zN3c7qiJonV6NLdSoT5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzgxYjFkMDI4ZjJhZjYxZWE5YjQyMjY3OWE1ZjhkZTkw
NTcyZTcwHhcNMjQwMTAyMDYzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDg0ODJmNzk2MWI4NGUzYjI3Yzk0ZThmNWZhYzg0YTgyOWM3ZWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA199qkH2RJ/zTsmb+mqsWsSMjXEGv
axY7f+SDjywam34br0Ieupy85r7mtSF+a6qVbWx1i2Bpps1n81dzWQ93+XQADYr7
JAjUoJ5b0UjYJBlR8jbkzmYIqexOSb0mzDy21+xYJx43oT33AqEb678wSPXRsrh9
t+3tFeKybZPxiELo7dvi7sCHZJDlOvL204/Fu0PeAhCJwps2AnflRs7MrrQ7g5kW
d1bjmX+dsCN4GVfTjeYdPvoIwL+3vUCxCm1N82efQIikix1I/RRaTb5Ew2nTK9f8
H/gqqAq/AgEhfp1DwYOHxCeoIzBflkMMPnOSrNHY/9En/lgu8L9/T+G3FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCEgveWG4TjsnyU6PX6yEqCnH7lMB8GA1UdIwQY
MBaAFNLIGx0Cjyr2Hqm0ImeaX43pBXLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNnYkhRS1BLdlllcWJRaVo1cGZqZWtGY3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9hMjc1ZmUtODZmMC00MWU5LTgyNjMt
NjlkYjZhOGY1OGQ3LzEvb0lTQzk1WWJoT095ZkpUbzlmcklTb0tjZnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9hMjc1ZmUtODZmMC00MWU5LTgyNjMtNjlkYjZhOGY1OGQ3
LzEvMHNnYkhRS1BLdlllcWJRaVo1cGZqZWtGY3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubQnMA0G
CSqGSIb3DQEBCwUAA4IBAQCX/wlooK8Vlwcqq1hmMIAUmQCpcpQhZ3COLhbThbPX
ZbslDcwwMH4Lsn+0J2NKMMbYiWCc5sziMlqYi8dYdOv22EMAH2bAVR42fc7j70Ft
KBX2WX+OCsytJUY/iJO4hlWQnAJI/wSPFWBfm01GW7C+Ok4Hf5sNZQSWxHfAXbQk
dQstN1pcx/f1Hs2kE+v8ysmy/Ni8F5NAUaxCFTuqkrwKi6uKtXMHvirf9l192StN
aykzs9S+ylCGuicol8xzYWFpJh9WVs9CmmXFKPQRaGoQ+wZGZRE0exCc6FzOYwoQ
xcPYyRTgiJgIYleiET6RXXm4/CFsWx5ApBkSmNJsiZWv
-----END CERTIFICATE-----