Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/ohN5Vr-pCrwgUkAocrgxMEe93NA.roa
File:                     ohN5Vr-pCrwgUkAocrgxMEe93NA.roa (raw, json)
Hash identifier:          b/qdw7HLCo/xIt07t711pV0UMrv/tLCDBDQIIR+SdA4=
Subject key identifier:   A2:13:79:56:BF:A9:0A:BC:20:52:40:28:72:B8:31:30:47:BD:DC:D0
Certificate issuer:       /CN=b537115961c6abf5b87abe4a20053e4aca1b6ec2
Certificate serial:       018CC794E7D4A8955224F06480EC1A3EAA45
Authority key identifier: B5:37:11:59:61:C6:AB:F5:B8:7A:BE:4A:20:05:3E:4A:CA:1B:6E:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tTcRWWHGq_W4er5KIAU-SsobbsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/ohN5Vr-pCrwgUkAocrgxMEe93NA.roa
Signing time:             Tue 02 Jan 2024 00:31:13 +0000
ROA not before:           Tue 02 Jan 2024 00:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207413
IP address blocks:        91.194.140.0/23 maxlen: 24
                          91.194.166.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/tTcRWWHGq_W4er5KIAU-SsobbsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/tTcRWWHGq_W4er5KIAU-SsobbsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tTcRWWHGq_W4er5KIAU-SsobbsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e7:d4:a8:95:52:24:f0:64:80:ec:1a:3e:aa:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b537115961c6abf5b87abe4a20053e4aca1b6ec2
        Validity
            Not Before: Jan  2 00:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2137956bfa90abc2052402872b8313047bddcd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8d:e6:2e:6a:95:10:f6:08:c0:ea:b5:f9:1b:
                    72:5a:01:b8:7a:ee:09:45:e9:b1:b0:d0:48:80:b4:
                    a7:68:68:40:b4:75:6e:2b:56:af:b8:07:74:18:e3:
                    9c:43:09:7c:0a:fd:77:5f:62:31:80:b1:74:d9:c6:
                    05:a4:50:d1:2e:08:69:da:ea:ca:9e:b4:cd:28:58:
                    18:a2:85:77:14:93:98:dc:4a:a5:b1:71:63:99:29:
                    22:0f:da:0c:3b:26:da:4f:11:68:c8:5d:92:6d:2b:
                    d7:b5:50:09:1b:62:12:a2:91:a5:63:a5:18:2d:f1:
                    2c:99:57:f1:85:fb:ad:be:3f:3a:81:38:58:4b:2a:
                    af:6f:77:11:8d:96:18:55:2a:cd:d1:08:21:4c:f9:
                    24:4a:fa:da:65:e0:d6:59:15:ed:a6:59:46:f2:f3:
                    58:fd:7f:8e:5c:84:38:58:ea:37:d6:0c:ec:ee:0f:
                    53:13:92:08:58:bb:1c:cf:bb:02:f1:7c:ce:e1:f9:
                    aa:63:9e:5c:87:0c:e9:9b:4b:dd:52:bc:5c:a5:1a:
                    32:c9:89:29:21:ad:55:3e:42:81:a1:09:c8:81:d4:
                    41:02:1b:32:1a:0f:a3:b4:c1:83:ef:22:6f:48:1d:
                    d3:fd:1e:62:3b:e9:2d:01:8a:84:21:e5:11:22:5e:
                    fc:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:13:79:56:BF:A9:0A:BC:20:52:40:28:72:B8:31:30:47:BD:DC:D0
            X509v3 Authority Key Identifier:
                keyid:B5:37:11:59:61:C6:AB:F5:B8:7A:BE:4A:20:05:3E:4A:CA:1B:6E:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tTcRWWHGq_W4er5KIAU-SsobbsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/ohN5Vr-pCrwgUkAocrgxMEe93NA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/tTcRWWHGq_W4er5KIAU-SsobbsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.140.0/23
                  91.194.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b6:5c:23:2f:9c:9a:e7:30:fb:35:c4:4e:63:b0:ba:66:c5:de:
         2c:0d:b5:6b:b0:50:93:47:8e:21:c0:dd:58:0f:ce:64:a5:52:
         48:df:3c:6b:d4:a8:7b:b3:e8:d1:e2:9b:ac:b7:76:9b:8e:fc:
         75:1f:25:12:71:6e:4f:46:7b:25:41:35:2b:61:bc:20:1e:4a:
         3c:c6:cb:57:5a:c4:4d:e3:ce:54:34:ec:66:9e:c1:a1:3f:b7:
         d6:80:a2:f8:b2:a4:14:74:14:2b:3a:d4:ef:cb:03:76:58:1c:
         cd:05:8e:15:ae:62:69:d5:57:3c:02:cd:f4:a0:05:38:e1:16:
         15:4d:67:4f:54:48:9e:fa:d0:84:58:dd:25:2d:3e:73:67:bf:
         cd:1f:11:c8:83:09:d7:8b:99:19:24:d6:7f:e0:c3:1d:4f:f4:
         e6:a3:d1:ad:96:a6:34:41:a7:6a:fd:48:57:b2:49:a3:13:02:
         be:93:c3:70:19:a3:1c:0e:81:7f:22:e9:93:07:99:da:bf:52:
         d7:d8:af:35:b8:e1:2d:d6:2b:a3:de:66:22:4c:ec:d0:36:9c:
         e4:25:7e:58:0e:c2:f2:a0:46:67:55:50:b9:6c:12:17:87:b8:
         5c:19:c0:cc:55:c9:ba:b9:7f:b2:32:4f:86:e7:73:76:80:3f:
         c1:81:90:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlOfUqJVSJPBkgOwaPqpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MzcxMTU5NjFjNmFiZjViODdhYmU0YTIwMDUzZTRhY2Ex
YjZlYzIwHhcNMjQwMTAyMDAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjEzNzk1NmJmYTkwYWJjMjA1MjQwMjg3MmI4MzEzMDQ3YmRkY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn43mLmqVEPYIwOq1+RtyWgG4eu4J
RemxsNBIgLSnaGhAtHVuK1avuAd0GOOcQwl8Cv13X2IxgLF02cYFpFDRLghp2urK
nrTNKFgYooV3FJOY3EqlsXFjmSkiD9oMOybaTxFoyF2SbSvXtVAJG2ISopGlY6UY
LfEsmVfxhfutvj86gThYSyqvb3cRjZYYVSrN0QghTPkkSvraZeDWWRXtpllG8vNY
/X+OXIQ4WOo31gzs7g9TE5IIWLscz7sC8XzO4fmqY55chwzpm0vdUrxcpRoyyYkp
Ia1VPkKBoQnIgdRBAhsyGg+jtMGD7yJvSB3T/R5iO+ktAYqEIeURIl78kwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKITeVa/qQq8IFJAKHK4MTBHvdzQMB8GA1UdIwQY
MBaAFLU3EVlhxqv1uHq+SiAFPkrKG27CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFRjUldXSEdxX1c0ZXI1S0lBVS1Tc29iYnNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8yNmNjNmEtNmYxNy00MGE5LWI5ODct
NmZjNzE3MTc1ZTU4LzEvb2hONVZyLXBDcndnVWtBb2NyZ3hNRWU5M05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8yNmNjNmEtNmYxNy00MGE5LWI5ODctNmZjNzE3MTc1ZTU4
LzEvdFRjUldXSEdxX1c0ZXI1S0lBVS1Tc29iYnNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8KMAwQB
W8KmMA0GCSqGSIb3DQEBCwUAA4IBAQC2XCMvnJrnMPs1xE5jsLpmxd4sDbVrsFCT
R44hwN1YD85kpVJI3zxr1Kh7s+jR4pust3abjvx1HyUScW5PRnslQTUrYbwgHko8
xstXWsRN485UNOxmnsGhP7fWgKL4sqQUdBQrOtTvywN2WBzNBY4VrmJp1Vc8As30
oAU44RYVTWdPVEie+tCEWN0lLT5zZ7/NHxHIgwnXi5kZJNZ/4MMdT/Tmo9GtlqY0
Qadq/UhXskmjEwK+k8NwGaMcDoF/IumTB5nav1LX2K81uOEt1iuj3mYiTOzQNpzk
JX5YDsLyoEZnVVC5bBIXh7hcGcDMVcm6uX+yMk+G53N2gD/BgZAp
-----END CERTIFICATE-----