Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/qOm-eMcbGZJGYWxHhOEV14qAGI4.roa
File:                     qOm-eMcbGZJGYWxHhOEV14qAGI4.roa (raw, json)
Hash identifier:          oMXbviUR5nPHM66byWv1zeqe5rChaKihwHw740K7kDs=
Subject key identifier:   A8:E9:BE:78:C7:1B:19:92:46:61:6C:47:84:E1:15:D7:8A:80:18:8E
Certificate issuer:       /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial:       018CC500CF4AC789796808447EA347536E95
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/qOm-eMcbGZJGYWxHhOEV14qAGI4.roa
Signing time:             Mon 01 Jan 2024 12:30:13 +0000
ROA not before:           Mon 01 Jan 2024 12:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209371
IP address blocks:        185.161.64.0/24 maxlen: 24
                          185.161.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:cf:4a:c7:89:79:68:08:44:7e:a3:47:53:6e:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
        Validity
            Not Before: Jan  1 12:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8e9be78c71b199246616c4784e115d78a80188e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bb:89:ac:80:d6:d2:81:e1:81:44:e8:77:1d:
                    5f:47:82:93:6a:49:49:ae:a3:61:00:96:a2:66:5e:
                    b1:10:3a:62:e5:22:18:55:af:cb:a1:09:10:f2:53:
                    17:49:cb:26:ab:9a:03:74:bf:f6:20:69:dd:bb:ae:
                    c1:0c:ba:ba:3c:0e:2c:31:83:d4:7f:25:ba:dc:5e:
                    14:07:a2:5b:70:7e:2c:df:13:ee:f7:d2:0e:26:8f:
                    b4:17:2d:6e:ed:85:2f:e2:10:33:e7:8e:09:27:4c:
                    3e:e4:12:30:d5:9a:fe:14:34:4d:57:ca:ca:06:04:
                    6d:3d:c7:e1:39:f2:a9:56:72:bb:61:17:00:2d:09:
                    58:5f:bc:b3:37:d0:1c:86:46:f5:69:e8:92:71:d3:
                    a2:5f:45:f3:1c:d3:ef:16:06:31:a4:f3:a7:54:75:
                    d8:24:4c:bc:4b:98:4c:10:90:f4:d9:b1:6b:3c:28:
                    5e:03:ca:cc:3c:65:75:8f:a7:65:a5:6e:e9:0b:b7:
                    13:db:ec:16:f0:a9:e6:95:8c:31:93:07:22:bb:88:
                    df:7c:56:70:63:39:44:6e:c6:5d:32:88:ec:af:6e:
                    42:21:33:89:1a:62:6b:31:1d:86:4f:da:a7:32:27:
                    51:b2:be:30:3e:19:e2:33:c7:87:0e:e9:2a:48:f2:
                    f3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E9:BE:78:C7:1B:19:92:46:61:6C:47:84:E1:15:D7:8A:80:18:8E
            X509v3 Authority Key Identifier:
                keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/qOm-eMcbGZJGYWxHhOEV14qAGI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:8e:3c:22:bb:0d:3c:50:1f:ed:51:e4:d5:95:17:1a:b8:99:
         6c:96:93:a2:7a:0e:1c:e3:d1:f0:2a:bf:97:1b:4b:a2:6d:bd:
         c9:6b:d3:b9:df:89:26:72:40:24:ee:99:cf:22:8e:5b:73:6e:
         ee:2f:2c:2b:f6:3e:92:83:93:b1:36:84:73:fa:9d:89:3f:66:
         58:6d:78:85:ca:4f:c6:a0:e7:a9:77:3d:55:d5:ae:46:f1:3d:
         be:b7:bf:f6:f9:57:45:69:e0:f0:51:26:38:cb:75:30:2e:72:
         50:1e:b5:9e:8b:97:71:fc:3c:c6:8e:a0:cf:d2:37:1f:12:e9:
         db:c4:34:7e:d4:02:99:47:62:70:23:52:7d:11:6c:0b:35:a8:
         01:47:98:79:c1:80:af:60:81:e6:20:2f:f2:9d:6f:a3:05:fd:
         b0:3b:6a:ff:87:be:09:31:c3:41:a9:e8:ee:f1:c6:cf:29:75:
         6d:62:99:fe:c3:86:ae:06:ad:29:78:3e:14:39:fe:e2:c1:a4:
         84:bc:58:22:90:a9:2a:b9:63:cc:75:fc:7b:31:c9:33:f0:48:
         8f:7a:f6:ad:0f:f1:95:0d:02:9b:b9:c1:08:8f:fb:2c:e9:f5:
         48:03:3c:9c:2b:2e:26:87:d0:82:49:9d:6e:0e:01:e9:e6:ba:
         42:45:cc:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAM9Kx4l5aAhEfqNHU26VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjQwMTAxMTIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGU5YmU3OGM3MWIxOTkyNDY2MTZjNDc4NGUxMTVkNzhhODAxODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7uJrIDW0oHhgUTodx1fR4KTaklJ
rqNhAJaiZl6xEDpi5SIYVa/LoQkQ8lMXScsmq5oDdL/2IGndu67BDLq6PA4sMYPU
fyW63F4UB6JbcH4s3xPu99IOJo+0Fy1u7YUv4hAz544JJ0w+5BIw1Zr+FDRNV8rK
BgRtPcfhOfKpVnK7YRcALQlYX7yzN9Achkb1aeiScdOiX0XzHNPvFgYxpPOnVHXY
JEy8S5hMEJD02bFrPCheA8rMPGV1j6dlpW7pC7cT2+wW8KnmlYwxkwciu4jffFZw
YzlEbsZdMojsr25CITOJGmJrMR2GT9qnMidRsr4wPhniM8eHDukqSPLzAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjpvnjHGxmSRmFsR4ThFdeKgBiOMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvcU9tLWVNY2JHWkpHWVd4SGhPRVYxNHFBR0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaFAMA0G
CSqGSIb3DQEBCwUAA4IBAQCQjjwiuw08UB/tUeTVlRcauJlslpOieg4c49HwKr+X
G0uibb3Ja9O534kmckAk7pnPIo5bc27uLywr9j6Sg5OxNoRz+p2JP2ZYbXiFyk/G
oOepdz1V1a5G8T2+t7/2+VdFaeDwUSY4y3UwLnJQHrWei5dx/DzGjqDP0jcfEunb
xDR+1AKZR2JwI1J9EWwLNagBR5h5wYCvYIHmIC/ynW+jBf2wO2r/h74JMcNBqeju
8cbPKXVtYpn+w4auBq0peD4UOf7iwaSEvFgikKkquWPMdfx7Mckz8EiPevatD/GV
DQKbucEIj/ss6fVIAzycKy4mh9CCSZ1uDgHp5rpCRcxU
-----END CERTIFICATE-----