Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/OfF7PvwCC27fW-6kfStrwwRrO7E.roa
File:                     OfF7PvwCC27fW-6kfStrwwRrO7E.roa (raw, json)
Hash identifier:          S4DRXm/lpOdZ+Tiabo7f1Eyfj8mMWn4Ersz+p+4G3hg=
Subject key identifier:   39:F1:7B:3E:FC:02:0B:6E:DF:5B:EE:A4:7D:2B:6B:C3:04:6B:3B:B1
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B9494B23EAA041AC086C4CD5F83722
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/OfF7PvwCC27fW-6kfStrwwRrO7E.roa
Signing time:             Mon 01 Jan 2024 20:31:20 +0000
ROA not before:           Mon 01 Jan 2024 20:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39020
IP address blocks:        37.235.53.0/24 maxlen: 24
                          151.236.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:49:4b:23:ea:a0:41:ac:08:6c:4c:d5:f8:37:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39f17b3efc020b6edf5beea47d2b6bc3046b3bb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:78:5a:89:cb:d1:3f:aa:25:3b:d4:c9:f3:e5:
                    24:dd:0f:9a:ee:f1:1e:60:6d:2f:71:08:7c:ab:19:
                    1d:16:8f:b9:26:10:13:f0:a1:3b:cf:70:0f:85:37:
                    ae:ff:68:66:2e:1e:bb:a3:73:c4:f8:f2:46:6e:d6:
                    26:d9:92:44:97:c6:17:ab:63:1c:13:30:6f:ab:f9:
                    6d:9f:7e:80:3a:f9:f1:51:4c:20:e9:57:89:b3:93:
                    57:81:70:45:0b:3a:b2:6c:55:aa:9f:60:d3:1f:e1:
                    c5:70:20:1a:54:85:e4:8e:cb:42:8a:1b:7f:bd:08:
                    05:46:47:21:00:f1:01:c9:fa:c8:65:90:67:3d:5e:
                    7c:c5:d8:a4:65:b2:d6:b4:1b:e7:94:40:ea:1e:ce:
                    72:68:29:56:d7:6d:a0:7b:08:e3:f1:2e:84:4b:15:
                    c5:ed:72:b1:7a:6e:af:47:63:c2:04:9c:a6:8b:29:
                    5e:bc:68:08:27:ef:c0:f9:34:6c:7a:03:9c:65:0a:
                    de:3c:97:63:8c:ce:27:d0:65:e6:40:6c:cf:eb:a3:
                    e5:8b:a5:8c:47:7b:fc:84:9d:e3:d2:5e:b0:2e:9c:
                    55:75:3a:c8:d2:8b:2c:40:12:ec:41:30:c1:25:66:
                    b9:3c:e0:a0:7e:26:c4:91:7d:31:56:6f:f6:a9:cc:
                    81:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:F1:7B:3E:FC:02:0B:6E:DF:5B:EE:A4:7D:2B:6B:C3:04:6B:3B:B1
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/OfF7PvwCC27fW-6kfStrwwRrO7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.53.0/24
                  151.236.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:2c:3e:2b:cd:a7:a0:dc:4c:e2:11:f4:e3:c5:77:a7:ca:d3:
         85:bb:0c:b4:a8:a2:86:f2:8b:db:c8:c2:f0:94:ad:f3:57:3f:
         09:d8:67:da:c7:5a:87:ec:71:17:28:8f:90:3f:f3:e3:10:f8:
         89:1e:49:0d:28:1d:64:ae:b2:27:f4:af:da:e1:30:49:f5:60:
         7a:bd:2c:a9:57:52:7a:44:fe:39:31:f7:b8:b7:67:f5:7c:68:
         35:60:1e:c8:82:52:5b:f7:39:3f:87:64:31:42:7e:d0:c9:a5:
         55:0c:77:e9:88:12:09:34:3b:9f:b4:14:e2:fe:cf:a2:48:64:
         fb:48:21:9d:8b:92:d4:7e:56:ab:19:d6:20:ed:65:b7:b6:a2:
         e1:39:7a:7a:a4:59:a9:0a:06:3d:bb:b8:3d:81:c5:c9:aa:6c:
         02:3d:95:17:75:3d:d2:ef:9f:0c:89:94:f2:b1:ec:04:d3:87:
         54:d5:35:b1:f9:ae:86:fe:40:64:f6:7e:54:f3:24:7d:9a:d8:
         df:79:c1:4d:d1:22:2e:07:73:75:c5:64:c9:08:7b:ca:47:5f:
         f6:14:30:c2:80:16:34:d9:a3:22:e9:f4:33:6a:39:14:aa:1f:
         5d:f1:f0:3c:8e:96:bf:89:96:d4:61:8c:16:37:c7:1a:25:ce:
         1a:1e:f8:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuUlLI+qgQawIbEzV+DciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWYxN2IzZWZjMDIwYjZlZGY1YmVlYTQ3ZDJiNmJjMzA0NmIzYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3haicvRP6olO9TJ8+Uk3Q+a7vEe
YG0vcQh8qxkdFo+5JhAT8KE7z3APhTeu/2hmLh67o3PE+PJGbtYm2ZJEl8YXq2Mc
EzBvq/ltn36AOvnxUUwg6VeJs5NXgXBFCzqybFWqn2DTH+HFcCAaVIXkjstCiht/
vQgFRkchAPEByfrIZZBnPV58xdikZbLWtBvnlEDqHs5yaClW122gewjj8S6ESxXF
7XKxem6vR2PCBJymiylevGgIJ+/A+TRsegOcZQrePJdjjM4n0GXmQGzP66Pli6WM
R3v8hJ3j0l6wLpxVdTrI0ossQBLsQTDBJWa5POCgfibEkX0xVm/2qcyBrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDnxez78Agtu31vupH0ra8MEazuxMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvT2ZGN1B2d0NDMjdmVy02a2ZTdHJ3d1JyTzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJes1AwQA
l+wXMA0GCSqGSIb3DQEBCwUAA4IBAQDBLD4rzaeg3EziEfTjxXenytOFuwy0qKKG
8ovbyMLwlK3zVz8J2Gfax1qH7HEXKI+QP/PjEPiJHkkNKB1krrIn9K/a4TBJ9WB6
vSypV1J6RP45Mfe4t2f1fGg1YB7IglJb9zk/h2QxQn7QyaVVDHfpiBIJNDuftBTi
/s+iSGT7SCGdi5LUflarGdYg7WW3tqLhOXp6pFmpCgY9u7g9gcXJqmwCPZUXdT3S
758MiZTysewE04dU1TWx+a6G/kBk9n5U8yR9mtjfecFN0SIuB3N1xWTJCHvKR1/2
FDDCgBY02aMi6fQzajkUqh9d8fA8jpa/iZbUYYwWN8caJc4aHvhY
-----END CERTIFICATE-----