Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/mo2o2QmU5q_aBoxYQet4Yhose9c.roa
File:                     mo2o2QmU5q_aBoxYQet4Yhose9c.roa (raw, json)
Hash identifier:          XU/0F4GEd6+d7ZobL6xdUadMKLtx75fkjoOO0EBOoqs=
Subject key identifier:   9A:8D:A8:D9:09:94:E6:AF:DA:06:8C:58:41:EB:78:62:1A:2C:7B:D7
Certificate issuer:       /CN=6a03e10b6ea3b8f362cfb23aef589c77771e7eca
Certificate serial:       018CC26D19DC0731770E5A853F7AC94B9799
Authority key identifier: 6A:03:E1:0B:6E:A3:B8:F3:62:CF:B2:3A:EF:58:9C:77:77:1E:7E:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/agPhC26juPNiz7I671icd3cefso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/mo2o2QmU5q_aBoxYQet4Yhose9c.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56798
IP address blocks:        195.114.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/agPhC26juPNiz7I671icd3cefso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/agPhC26juPNiz7I671icd3cefso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/agPhC26juPNiz7I671icd3cefso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:19:dc:07:31:77:0e:5a:85:3f:7a:c9:4b:97:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a03e10b6ea3b8f362cfb23aef589c77771e7eca
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a8da8d90994e6afda068c5841eb78621a2c7bd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:82:19:22:89:93:28:d1:04:dc:85:2d:c6:1b:
                    c0:f7:f1:a3:01:2c:01:b9:8a:3a:ed:86:bf:d7:a1:
                    67:68:72:53:a2:9a:8f:e9:e0:bb:0b:44:ca:14:f7:
                    a9:63:f9:bd:cf:39:97:f5:b9:fb:e1:d2:5c:69:a2:
                    50:e1:1a:22:85:f1:46:6e:8d:95:b1:e0:03:ed:05:
                    dd:29:11:be:96:0b:83:ea:4b:12:f5:aa:15:87:91:
                    1d:04:58:d0:2c:5b:db:f8:19:50:a9:20:1c:02:37:
                    2d:f6:03:da:ae:79:a5:e9:57:e6:c6:f2:59:fd:7a:
                    93:39:b6:78:62:28:05:29:2e:0d:a8:e5:81:18:98:
                    fe:b3:d8:e3:03:0e:d3:d4:3d:16:7f:08:a9:10:ba:
                    a2:f3:f1:e8:27:d3:9f:fc:5a:6b:b8:77:e4:c0:a9:
                    34:9f:56:4d:77:23:a4:19:c3:45:86:ca:91:5f:83:
                    ba:73:ea:66:70:13:57:27:dc:21:fe:4f:0a:a0:5b:
                    ba:ff:24:2b:b9:a4:6e:bf:74:12:8e:6a:4d:7a:d2:
                    d4:7f:2f:3d:7f:1c:88:09:18:02:28:37:97:eb:c5:
                    ee:f5:8d:1a:ad:94:fb:7a:1a:4d:da:1c:ed:2b:4f:
                    ed:82:d1:ae:b9:8d:26:6f:2c:39:f2:de:30:a3:0f:
                    1c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:8D:A8:D9:09:94:E6:AF:DA:06:8C:58:41:EB:78:62:1A:2C:7B:D7
            X509v3 Authority Key Identifier:
                keyid:6A:03:E1:0B:6E:A3:B8:F3:62:CF:B2:3A:EF:58:9C:77:77:1E:7E:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/agPhC26juPNiz7I671icd3cefso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/mo2o2QmU5q_aBoxYQet4Yhose9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/agPhC26juPNiz7I671icd3cefso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:d0:ed:2a:8e:85:c7:62:01:a5:a0:6b:3e:13:eb:6b:a6:39:
         9c:ed:35:00:4f:3f:27:be:09:f0:8c:af:09:7e:24:bc:3a:3e:
         c8:2c:5d:8c:6a:4b:c2:f9:bd:18:46:5d:ce:8d:95:5b:90:ed:
         89:22:9e:e5:13:86:28:ba:c8:11:b8:b9:c9:b0:54:b8:6b:f1:
         6f:87:29:6d:6b:23:cd:92:35:08:69:70:13:5e:24:eb:b4:02:
         62:f8:be:a3:22:67:85:88:35:d3:b3:d5:51:31:36:52:5b:0b:
         fb:67:49:9f:a5:43:fa:44:59:70:a6:59:bb:19:3f:69:6b:07:
         bf:f5:f9:b4:e3:62:d6:28:12:4a:c4:9a:86:8b:1a:ca:a7:b0:
         28:2e:95:54:e6:27:1b:06:8d:cf:72:fb:20:bd:72:96:cf:0c:
         7a:20:b6:ee:85:b9:8f:e1:c0:80:0c:dd:b1:bd:39:de:c1:64:
         27:bc:51:af:f1:38:34:58:29:cb:68:53:2e:96:9e:ce:a2:84:
         95:5e:cf:77:0f:9d:29:cf:b1:14:4b:dc:17:ba:0e:82:91:c7:
         63:80:92:ec:7d:11:32:94:20:b8:b1:93:dd:01:cd:1d:79:9b:
         85:b2:a3:50:5a:af:16:f2:55:a4:4c:a3:24:3c:f2:f9:66:da:
         dd:a6:8c:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRncBzF3DlqFP3rJS5eZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMDNlMTBiNmVhM2I4ZjM2MmNmYjIzYWVmNTg5Yzc3Nzcx
ZTdlY2EwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YThkYThkOTA5OTRlNmFmZGEwNjhjNTg0MWViNzg2MjFhMmM3YmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIIZIomTKNEE3IUtxhvA9/GjASwB
uYo67Ya/16FnaHJTopqP6eC7C0TKFPepY/m9zzmX9bn74dJcaaJQ4RoihfFGbo2V
seAD7QXdKRG+lguD6ksS9aoVh5EdBFjQLFvb+BlQqSAcAjct9gParnml6VfmxvJZ
/XqTObZ4YigFKS4NqOWBGJj+s9jjAw7T1D0WfwipELqi8/HoJ9Of/FpruHfkwKk0
n1ZNdyOkGcNFhsqRX4O6c+pmcBNXJ9wh/k8KoFu6/yQruaRuv3QSjmpNetLUfy89
fxyICRgCKDeX68Xu9Y0arZT7ehpN2hztK0/tgtGuuY0mbyw58t4wow8cuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqNqNkJlOav2gaMWEHreGIaLHvXMB8GA1UdIwQY
MBaAFGoD4Qtuo7jzYs+yOu9YnHd3Hn7KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWdQaEMyNmp1UE5pejdJNjcxaWNkM2NlZnNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS83NTdlYWUtZjQzOS00YzUwLTk2OWMt
NWI2ZDdiY2Y4MDgxLzEvbW8ybzJRbVU1cV9hQm94WVFldDRZaG9zZTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS83NTdlYWUtZjQzOS00YzUwLTk2OWMtNWI2ZDdiY2Y4MDgx
LzEvYWdQaEMyNmp1UE5pejdJNjcxaWNkM2NlZnNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3J9MA0G
CSqGSIb3DQEBCwUAA4IBAQBx0O0qjoXHYgGloGs+E+trpjmc7TUATz8nvgnwjK8J
fiS8Oj7ILF2MakvC+b0YRl3OjZVbkO2JIp7lE4YousgRuLnJsFS4a/FvhyltayPN
kjUIaXATXiTrtAJi+L6jImeFiDXTs9VRMTZSWwv7Z0mfpUP6RFlwplm7GT9pawe/
9fm042LWKBJKxJqGixrKp7AoLpVU5icbBo3PcvsgvXKWzwx6ILbuhbmP4cCADN2x
vTnewWQnvFGv8Tg0WCnLaFMulp7OooSVXs93D50pz7EUS9wXug6CkcdjgJLsfREy
lCC4sZPdAc0deZuFsqNQWq8W8lWkTKMkPPL5Ztrdpoxz
-----END CERTIFICATE-----