Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/296972-a1b9-4517-82cb-f2cdb7f575e9/1/oSMEcrBBd7TDfKAxMztKLNbZomw.roa
File:                     oSMEcrBBd7TDfKAxMztKLNbZomw.roa (raw, json)
Hash identifier:          Ec88srn/tIVbi1C1HNnX0czbDs3/mYNiDCqxxdPeEMA=
Subject key identifier:   A1:23:04:72:B0:41:77:B4:C3:7C:A0:31:33:3B:4A:2C:D6:D9:A2:6C
Certificate issuer:       /CN=bd8a8557df7fb2c418f8ebf17c0a1ef0625d74a3
Certificate serial:       018D9C74C812354519F0947132230B897E6B
Authority key identifier: BD:8A:85:57:DF:7F:B2:C4:18:F8:EB:F1:7C:0A:1E:F0:62:5D:74:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vYqFV99_ssQY-OvxfAoe8GJddKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/296972-a1b9-4517-82cb-f2cdb7f575e9/1/oSMEcrBBd7TDfKAxMztKLNbZomw.roa
Signing time:             Mon 12 Feb 2024 08:35:15 +0000
ROA not before:           Mon 12 Feb 2024 08:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16189
IP address blocks:        193.41.222.0/23 maxlen: 23
                          195.254.146.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/296972-a1b9-4517-82cb-f2cdb7f575e9/1/vYqFV99_ssQY-OvxfAoe8GJddKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/296972-a1b9-4517-82cb-f2cdb7f575e9/1/vYqFV99_ssQY-OvxfAoe8GJddKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vYqFV99_ssQY-OvxfAoe8GJddKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9c:74:c8:12:35:45:19:f0:94:71:32:23:0b:89:7e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd8a8557df7fb2c418f8ebf17c0a1ef0625d74a3
        Validity
            Not Before: Feb 12 08:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1230472b04177b4c37ca031333b4a2cd6d9a26c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8c:39:a2:9a:36:af:0e:8b:a6:1c:2c:d0:7f:
                    b9:dd:dc:83:0f:a3:34:a2:16:20:27:a7:94:73:37:
                    5d:60:85:05:9c:9b:1e:00:f6:05:21:e6:77:73:4a:
                    b3:8b:62:1d:50:1b:9f:34:c1:7b:e5:9c:d3:2b:98:
                    36:21:a7:61:a2:a2:e5:7c:b4:f9:02:49:0d:f4:1b:
                    6f:2a:48:f4:90:8c:4f:a8:20:2d:9c:3e:eb:36:05:
                    f8:7b:82:12:a3:b4:96:26:c9:8f:7d:37:44:00:26:
                    98:77:e2:ab:d6:45:ba:fd:9b:2d:7c:a0:53:2b:63:
                    71:9e:cd:30:c7:c2:3e:65:4a:7b:b3:62:37:3d:be:
                    69:e6:06:70:cd:fe:58:d9:dd:38:8b:ca:90:b5:8a:
                    97:c2:c0:06:68:70:3d:c4:82:c9:29:01:a2:ed:ee:
                    e3:77:c8:53:67:d0:fc:e5:54:a2:7f:e6:80:59:06:
                    7c:89:e6:f9:3c:13:cb:24:44:45:d3:0b:2b:46:24:
                    7f:6c:71:86:76:cd:46:e7:9c:89:57:62:a0:e1:cf:
                    30:c7:3e:3c:81:74:b5:46:c8:f5:af:53:d5:d2:78:
                    11:51:b5:cd:e7:8a:46:98:86:3b:d9:e0:3a:9e:c7:
                    76:da:66:e5:9f:cf:ec:10:82:ee:0a:e7:c8:b1:20:
                    4b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:23:04:72:B0:41:77:B4:C3:7C:A0:31:33:3B:4A:2C:D6:D9:A2:6C
            X509v3 Authority Key Identifier:
                keyid:BD:8A:85:57:DF:7F:B2:C4:18:F8:EB:F1:7C:0A:1E:F0:62:5D:74:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vYqFV99_ssQY-OvxfAoe8GJddKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/296972-a1b9-4517-82cb-f2cdb7f575e9/1/oSMEcrBBd7TDfKAxMztKLNbZomw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/296972-a1b9-4517-82cb-f2cdb7f575e9/1/vYqFV99_ssQY-OvxfAoe8GJddKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.222.0/23
                  195.254.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:e4:f5:c6:14:56:55:7a:d5:8f:2b:40:3b:ff:e1:18:8d:01:
         0a:6e:fb:57:8f:45:63:05:0b:4f:53:a9:a9:bd:e5:52:8e:ad:
         a8:19:cc:e5:8f:d9:a6:55:f1:57:15:d7:4a:06:9d:ec:f8:83:
         74:44:8a:b9:ac:d5:8c:7c:f6:bf:5d:1f:95:06:6e:02:a4:4a:
         db:d4:8d:ad:08:30:2d:ea:7d:5e:ea:4f:63:d2:89:5b:5c:34:
         e8:94:80:07:9a:27:49:c1:0d:99:61:f8:0f:7b:aa:fe:37:82:
         df:a0:0e:aa:b2:f4:82:1a:ba:14:6e:6c:58:4a:5d:3d:28:1d:
         53:90:1e:01:f3:d7:7f:6e:47:05:54:cd:2c:f5:fd:d9:f4:20:
         41:b4:40:fd:6c:ee:b3:49:45:9c:8d:72:68:32:4b:b2:0d:8d:
         0f:ac:a3:23:35:a0:ed:a4:51:4b:8a:99:21:c7:38:9c:16:58:
         ea:5a:e3:f6:2a:a9:3a:ca:6f:ee:79:3a:ac:05:a0:b2:79:19:
         d0:7a:2c:18:1a:14:5f:18:d2:40:95:46:8f:f7:ac:e2:d0:64:
         b6:59:7f:59:9a:c8:e8:3b:a9:e0:83:1b:1e:f1:68:81:85:8a:
         a4:95:6e:2d:8c:04:a5:ed:5a:d0:0f:ad:e0:26:24:ce:82:45:
         e0:58:1b:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2cdMgSNUUZ8JRxMiMLiX5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkOGE4NTU3ZGY3ZmIyYzQxOGY4ZWJmMTdjMGExZWYwNjI1
ZDc0YTMwHhcNMjQwMjEyMDgzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTIzMDQ3MmIwNDE3N2I0YzM3Y2EwMzEzMzNiNGEyY2Q2ZDlhMjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4w5opo2rw6Lphws0H+53dyDD6M0
ohYgJ6eUczddYIUFnJseAPYFIeZ3c0qzi2IdUBufNMF75ZzTK5g2IadhoqLlfLT5
AkkN9BtvKkj0kIxPqCAtnD7rNgX4e4ISo7SWJsmPfTdEACaYd+Kr1kW6/ZstfKBT
K2Nxns0wx8I+ZUp7s2I3Pb5p5gZwzf5Y2d04i8qQtYqXwsAGaHA9xILJKQGi7e7j
d8hTZ9D85VSif+aAWQZ8ieb5PBPLJERF0wsrRiR/bHGGds1G55yJV2Kg4c8wxz48
gXS1Rsj1r1PV0ngRUbXN54pGmIY72eA6nsd22mbln8/sEILuCufIsSBLjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKEjBHKwQXe0w3ygMTM7SizW2aJsMB8GA1UdIwQY
MBaAFL2KhVfff7LEGPjr8XwKHvBiXXSjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdllxRlY5OV9zc1FZLU92eGZBb2U4R0pkZEtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8yOTY5NzItYTFiOS00NTE3LTgyY2It
ZjJjZGI3ZjU3NWU5LzEvb1NNRWNyQkJkN1REZktBeE16dEtMTmJab213LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8yOTY5NzItYTFiOS00NTE3LTgyY2ItZjJjZGI3ZjU3NWU5
LzEvdllxRlY5OV9zc1FZLU92eGZBb2U4R0pkZEtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwSneAwQB
w/6SMA0GCSqGSIb3DQEBCwUAA4IBAQCB5PXGFFZVetWPK0A7/+EYjQEKbvtXj0Vj
BQtPU6mpveVSjq2oGczlj9mmVfFXFddKBp3s+IN0RIq5rNWMfPa/XR+VBm4CpErb
1I2tCDAt6n1e6k9j0olbXDTolIAHmidJwQ2ZYfgPe6r+N4LfoA6qsvSCGroUbmxY
Sl09KB1TkB4B89d/bkcFVM0s9f3Z9CBBtED9bO6zSUWcjXJoMkuyDY0PrKMjNaDt
pFFLipkhxzicFljqWuP2Kqk6ym/ueTqsBaCyeRnQeiwYGhRfGNJAlUaP96zi0GS2
WX9ZmsjoO6nggxse8WiBhYqklW4tjASl7VrQD63gJiTOgkXgWBvL
-----END CERTIFICATE-----