Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/OrBZXV6cFL73qXEhcUd2Ya_knf8.roa
File:                     OrBZXV6cFL73qXEhcUd2Ya_knf8.roa (raw, json)
Hash identifier:          1JBtea6RfTth99vJylK+Rf093uBUnMCZlfQZRmyrlFU=
Subject key identifier:   3A:B0:59:5D:5E:9C:14:BE:F7:A9:71:21:71:47:76:61:AF:E4:9D:FF
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79548F98D9170B3919FB19D710D1C01
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/OrBZXV6cFL73qXEhcUd2Ya_knf8.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39383
IP address blocks:        93.114.82.0/24 maxlen: 24
                          188.212.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:48:f9:8d:91:70:b3:91:9f:b1:9d:71:0d:1c:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ab0595d5e9c14bef7a9712171477661afe49dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e7:07:ff:e0:8a:d6:59:55:dc:94:53:bb:28:
                    33:75:f6:54:6d:4b:86:7b:8d:52:69:80:6d:5c:dc:
                    f5:22:f1:d9:e6:0a:b6:a3:6e:49:e4:8c:0f:70:49:
                    a5:b2:d1:3c:cc:81:e4:96:73:a4:1a:86:4b:c0:15:
                    83:87:22:9c:5a:e8:56:56:21:61:c0:8f:49:dc:20:
                    b0:c1:52:54:25:40:32:e1:ba:af:90:5f:f0:5c:fe:
                    f4:96:a6:3b:61:a0:ac:2e:ef:73:50:12:74:f2:49:
                    ce:e7:0d:f4:0f:cd:14:fc:14:85:e5:98:9c:39:62:
                    15:f3:70:b5:39:84:f4:e3:3b:f8:1c:5a:e5:11:2e:
                    e1:0a:f5:02:69:dc:91:18:3f:84:0c:5a:39:e6:41:
                    3c:8c:56:be:24:a9:c2:45:0d:2b:8f:a7:06:98:56:
                    9d:92:dc:33:ba:dd:e0:c8:aa:19:b2:a6:5a:fa:48:
                    8a:99:0d:43:a6:fc:11:33:a1:77:ef:0a:af:50:1e:
                    f8:d4:7b:f2:3d:1a:56:95:30:c6:7f:69:8b:42:87:
                    ee:8d:f9:54:77:c7:b5:89:60:41:c6:38:2e:8b:e5:
                    18:f2:f4:e5:84:86:77:97:a0:f1:f1:cf:8b:66:aa:
                    93:c2:36:19:5f:15:7d:7b:32:d4:86:24:63:6c:dd:
                    09:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:B0:59:5D:5E:9C:14:BE:F7:A9:71:21:71:47:76:61:AF:E4:9D:FF
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/OrBZXV6cFL73qXEhcUd2Ya_knf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.82.0/24
                  188.212.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:a9:87:07:4c:02:fb:d3:d2:0b:09:76:ba:b8:e5:cc:0f:a2:
         3c:57:91:21:20:c6:69:d7:82:c7:60:87:26:76:d6:81:5e:8d:
         1b:48:21:b5:d1:56:0a:54:dd:31:9f:d8:3f:61:2b:a2:9b:4d:
         02:bd:ed:f1:c1:a3:10:1c:a3:cc:20:cd:3f:01:f4:af:d4:26:
         9e:b0:c5:f4:c7:d3:f4:14:8b:54:84:4b:1f:37:12:7d:2b:a7:
         bc:25:49:0d:61:ca:67:e0:e5:9a:2b:0b:1c:90:46:69:c4:51:
         b0:0d:28:1e:c9:47:f7:ec:7c:e2:ce:bf:5a:0a:fd:bd:c9:95:
         df:7f:8a:2f:10:90:01:96:56:09:16:8d:17:06:9e:17:f9:65:
         eb:ac:f9:c2:72:7e:cc:84:12:9b:dc:b6:61:b8:65:2b:14:2c:
         71:b5:5d:04:19:bf:19:f9:74:8d:9e:25:49:86:53:c0:76:5b:
         2c:c4:51:8b:38:fc:05:26:5b:1a:6f:19:85:35:c3:3c:a6:2a:
         01:cf:cf:c8:47:8e:f7:ba:10:de:1e:c6:82:dd:8d:80:dc:98:
         7e:74:03:30:df:38:89:43:d3:06:10:68:8b:fe:84:52:64:c7:
         f9:5f:62:a5:13:f2:2f:6d:1f:4f:69:37:b8:8d:0d:87:f8:06:
         ce:1a:3a:6f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlUj5jZFws5GfsZ1xDRwBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWIwNTk1ZDVlOWMxNGJlZjdhOTcxMjE3MTQ3NzY2MWFmZTQ5ZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhecH/+CK1llV3JRTuygzdfZUbUuG
e41SaYBtXNz1IvHZ5gq2o25J5IwPcEmlstE8zIHklnOkGoZLwBWDhyKcWuhWViFh
wI9J3CCwwVJUJUAy4bqvkF/wXP70lqY7YaCsLu9zUBJ08knO5w30D80U/BSF5Zic
OWIV83C1OYT04zv4HFrlES7hCvUCadyRGD+EDFo55kE8jFa+JKnCRQ0rj6cGmFad
ktwzut3gyKoZsqZa+kiKmQ1DpvwRM6F37wqvUB741HvyPRpWlTDGf2mLQofujflU
d8e1iWBBxjgui+UY8vTlhIZ3l6Dx8c+LZqqTwjYZXxV9ezLUhiRjbN0JjQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDqwWV1enBS+96lxIXFHdmGv5J3/MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL09yQlpYVjZjRkw3M3FYRWhjVWQyWWFfa25mOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABdclID
BAK81GQwDQYJKoZIhvcNAQELBQADggEBAAuphwdMAvvT0gsJdrq45cwPojxXkSEg
xmnXgsdghyZ21oFejRtIIbXRVgpU3TGf2D9hK6KbTQK97fHBoxAco8wgzT8B9K/U
Jp6wxfTH0/QUi1SESx83En0rp7wlSQ1hymfg5ZorCxyQRmnEUbANKB7JR/fsfOLO
v1oK/b3Jld9/ii8QkAGWVgkWjRcGnhf5Zeus+cJyfsyEEpvctmG4ZSsULHG1XQQZ
vxn5dI2eJUmGU8B2WyzEUYs4/AUmWxpvGYU1wzymKgHPz8hHjve6EN4exoLdjYDc
mH50AzDfOIlD0wYQaIv+hFJkx/lfYqUT8i9tH09pN7iNDYf4Bs4aOm8=
-----END CERTIFICATE-----