Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1ob3zGJERteBGtHlt35uRs3Dn6g.roa
File:                     1ob3zGJERteBGtHlt35uRs3Dn6g.roa (raw, json)
Hash identifier:          VnNGKGuyV9xxH2Mng6rj71JbV8J1j/eQsih1OL/iv0Y=
Subject key identifier:   D6:86:F7:CC:62:44:46:D7:81:1A:D1:E5:B7:7E:6E:46:CD:C3:9F:A8
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC727791F37CB2BB32C958136C28723A0
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1ob3zGJERteBGtHlt35uRs3Dn6g.roa
Signing time:             Mon 01 Jan 2024 22:31:41 +0000
ROA not before:           Mon 01 Jan 2024 22:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197467
IP address blocks:        82.179.48.0/22 maxlen: 22
                          2001:b08:19::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:79:1f:37:cb:2b:b3:2c:95:81:36:c2:87:23:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d686f7cc624446d7811ad1e5b77e6e46cdc39fa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:1f:a3:b6:d5:04:9d:5d:91:8a:ed:2d:77:a2:
                    c1:dd:32:67:4a:ce:59:83:0b:57:23:bc:17:b1:05:
                    5f:bc:5a:42:cc:3b:fd:88:21:d7:70:69:ab:30:63:
                    1c:d5:3c:38:78:f3:99:dd:75:57:ab:d7:24:36:f1:
                    2a:a2:49:4c:45:9f:ef:b3:80:22:17:98:4e:c6:b0:
                    3d:e9:12:ee:19:fb:a3:62:47:14:cb:4e:a8:59:fa:
                    52:9e:07:2d:a6:07:f1:db:3a:96:68:99:96:c0:4d:
                    24:5d:3c:ee:93:00:0c:4d:3c:e4:50:8c:26:5b:1b:
                    8e:96:0f:20:c4:23:3d:fe:8c:08:b6:95:66:50:42:
                    31:3c:83:03:4e:f1:6f:e7:79:a0:39:5d:a1:49:e3:
                    71:c1:5d:29:70:1a:c3:a7:9d:82:3c:88:6e:a0:b1:
                    1f:13:21:ad:1f:6f:25:c9:35:ec:11:1f:37:60:7f:
                    88:2f:86:88:9c:78:16:9a:2f:fc:3f:42:0d:66:e3:
                    fb:cb:67:48:dc:3d:c5:2f:47:ab:1b:58:ed:41:ea:
                    e6:31:69:d3:c8:c1:3b:4d:5b:30:a8:6f:dd:85:6e:
                    72:4e:fc:f1:4f:bf:d4:ae:a0:f5:04:82:63:ad:95:
                    bb:6d:fa:c1:75:25:c9:d6:2f:55:8b:4f:6a:2d:88:
                    5f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:86:F7:CC:62:44:46:D7:81:1A:D1:E5:B7:7E:6E:46:CD:C3:9F:A8
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1ob3zGJERteBGtHlt35uRs3Dn6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.179.48.0/22
                IPv6:
                  2001:b08:19::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:8a:7a:88:6b:fc:38:b2:97:3e:ee:b2:51:06:5d:a1:50:60:
         2f:e2:38:6f:84:1e:1b:6d:bc:4b:26:f5:bc:ae:fd:20:51:98:
         6d:89:18:55:59:36:f8:05:29:6b:c4:53:55:f1:c0:19:ab:60:
         fe:d0:cd:4f:77:98:6a:d8:52:b6:8e:51:2b:94:c7:92:d2:f0:
         9e:9e:94:eb:8f:28:92:34:5e:78:ab:ef:5f:00:94:fe:ad:6f:
         69:7d:ed:52:f8:2c:6a:d8:11:ef:92:22:80:dc:0b:cd:be:2c:
         23:3d:9b:11:e4:2e:99:0e:0c:c5:ea:81:90:e8:a2:62:4f:1b:
         3e:d2:5b:ba:77:4c:d2:3c:97:19:7f:b2:c5:da:8e:47:56:d5:
         e8:3d:e4:8a:32:f7:a1:6a:80:e9:e0:49:09:1c:40:af:f5:87:
         37:ee:ac:42:b5:0c:72:ad:97:e7:de:b1:61:a5:59:e0:c4:fc:
         d5:8f:07:0b:b8:ba:43:95:aa:61:a6:89:07:9a:fd:3a:41:c6:
         ff:35:74:f7:37:70:42:b5:89:46:34:c6:8d:49:95:00:8d:ba:
         9f:f2:23:8b:c6:3b:1f:aa:65:06:4a:8f:5a:dd:a5:b6:a8:ca:
         47:57:72:ef:19:72:5d:e6:68:a9:91:27:8b:80:ef:07:f3:bc:
         ef:95:73:82
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJ3kfN8srsyyVgTbChyOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjg2ZjdjYzYyNDQ0NmQ3ODExYWQxZTViNzdlNmU0NmNkYzM5ZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9B+jttUEnV2Riu0td6LB3TJnSs5Z
gwtXI7wXsQVfvFpCzDv9iCHXcGmrMGMc1Tw4ePOZ3XVXq9ckNvEqoklMRZ/vs4Ai
F5hOxrA96RLuGfujYkcUy06oWfpSngctpgfx2zqWaJmWwE0kXTzukwAMTTzkUIwm
WxuOlg8gxCM9/owItpVmUEIxPIMDTvFv53mgOV2hSeNxwV0pcBrDp52CPIhuoLEf
EyGtH28lyTXsER83YH+IL4aInHgWmi/8P0INZuP7y2dI3D3FL0erG1jtQermMWnT
yME7TVswqG/dhW5yTvzxT7/UrqD1BIJjrZW7bfrBdSXJ1i9Vi09qLYhfuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNaG98xiREbXgRrR5bd+bkbNw5+oMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvMW9iM3pHSkVSdGVCR3RIbHQzNXVSczNEbjZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCUrMwMA8E
AgACMAkDBwAgAQsIABkwDQYJKoZIhvcNAQELBQADggEBABmKeohr/Diylz7uslEG
XaFQYC/iOG+EHhttvEsm9byu/SBRmG2JGFVZNvgFKWvEU1XxwBmrYP7QzU93mGrY
UraOUSuUx5LS8J6elOuPKJI0Xnir718AlP6tb2l97VL4LGrYEe+SIoDcC82+LCM9
mxHkLpkODMXqgZDoomJPGz7SW7p3TNI8lxl/ssXajkdW1eg95Ioy96FqgOngSQkc
QK/1hzfurEK1DHKtl+fesWGlWeDE/NWPBwu4ukOVqmGmiQea/TpBxv81dPc3cEK1
iUY0xo1JlQCNup/yI4vGOx+qZQZKj1rdpbaoykdXcu8Zcl3maKmRJ4uA7wfzvO+V
c4I=
-----END CERTIFICATE-----