Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/OnPKbLfF-9o-x4y_V6zvXSPw1cw.roa
File:                     OnPKbLfF-9o-x4y_V6zvXSPw1cw.roa (raw, json)
Hash identifier:          I4KevYkHF4z86Q3G5r5PzkdMjMl900eP2lsltw+dL54=
Subject key identifier:   3A:73:CA:6C:B7:C5:FB:DA:3E:C7:8C:BF:57:AC:EF:5D:23:F0:D5:CC
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AE9DC10635D02869944119CA6265B
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/OnPKbLfF-9o-x4y_V6zvXSPw1cw.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47458
IP address blocks:        85.120.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e9:dc:10:63:5d:02:86:99:44:11:9c:a6:26:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a73ca6cb7c5fbda3ec78cbf57acef5d23f0d5cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f0:19:aa:44:cd:8c:9e:b7:fe:31:55:1b:15:
                    d6:8c:c9:62:ba:03:1d:07:6b:fb:cd:f8:3b:55:6a:
                    16:d3:05:ef:11:63:9f:37:b1:f5:02:a8:a5:ed:b9:
                    fb:ad:6b:d8:f8:cb:8a:7b:60:91:a7:87:30:08:c7:
                    1c:24:72:a2:05:5c:d9:37:a4:c8:21:14:f2:46:ae:
                    bb:5d:b0:10:a4:d0:5d:4b:3d:ed:c6:db:2c:df:15:
                    1f:11:bd:7c:aa:f5:47:7e:5f:99:d4:03:0e:17:88:
                    72:0e:a0:d6:41:e2:d2:f9:95:44:33:75:0a:2d:e6:
                    2a:52:a4:85:35:2c:65:45:26:a0:98:1d:06:67:83:
                    49:4d:24:53:f0:7f:b2:f2:db:c7:34:7e:f2:ed:1c:
                    f8:82:95:62:3d:95:98:fe:36:52:34:ca:ae:0b:8a:
                    52:d6:9d:1c:d5:10:cf:81:a6:88:36:93:26:f8:9c:
                    b7:11:ea:fc:69:bb:c1:92:02:1f:59:f4:36:66:19:
                    93:e0:7b:9b:ed:aa:3d:38:f3:64:9f:01:be:6e:1c:
                    2a:68:19:f5:05:2d:24:09:24:08:b9:56:42:11:17:
                    66:58:87:bc:be:f8:07:a6:67:d8:19:69:f9:e4:2a:
                    5f:bb:62:44:bf:b1:c8:77:fa:73:e8:1a:bd:8e:87:
                    1f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:73:CA:6C:B7:C5:FB:DA:3E:C7:8C:BF:57:AC:EF:5D:23:F0:D5:CC
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/OnPKbLfF-9o-x4y_V6zvXSPw1cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:5e:7b:da:a4:07:67:38:2d:e5:a2:75:3d:00:18:df:90:36:
         29:5e:77:4c:24:70:59:34:ae:f0:c6:68:31:f0:b3:d7:3f:11:
         bd:43:cd:5d:a4:9d:2c:53:5e:1e:d2:20:b0:af:35:f3:06:b7:
         6e:7f:4b:3a:30:dc:7b:d4:fb:bc:0c:fb:e4:0e:3a:55:7f:d5:
         38:3b:a3:72:15:8b:59:5e:b8:d0:25:8c:c6:a1:51:7c:ef:b4:
         ea:2f:00:5e:6a:c5:48:44:2a:7b:e4:db:57:c3:c4:c9:b9:50:
         5b:40:65:c1:12:16:46:fa:bd:b0:f7:ed:01:8f:c1:ea:a7:91:
         e1:81:37:3a:89:e5:a9:12:03:6b:49:51:ab:11:a3:b0:a4:8b:
         5f:c3:f5:3d:cb:79:4f:4a:b7:0b:9c:97:c8:4c:3e:7a:cc:b4:
         cc:96:2d:6b:0d:23:d2:41:b6:93:94:ad:65:41:75:ac:03:8d:
         20:4d:ed:c5:ec:d1:5c:cc:5c:b4:23:b1:91:21:19:df:eb:f1:
         99:dd:f9:6c:27:6c:82:a4:9d:12:dd:ca:6b:07:13:8d:7c:8c:
         d7:c8:ab:0e:72:be:86:0a:26:ea:b9:df:3a:93:58:f0:43:c6:
         29:8e:c4:ad:c1:f1:a6:5e:88:bf:ef:a7:07:18:10:7e:be:0a:
         13:c0:d5:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuncEGNdAoaZRBGcpiZbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTczY2E2Y2I3YzVmYmRhM2VjNzhjYmY1N2FjZWY1ZDIzZjBkNWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/AZqkTNjJ63/jFVGxXWjMliugMd
B2v7zfg7VWoW0wXvEWOfN7H1Aqil7bn7rWvY+MuKe2CRp4cwCMccJHKiBVzZN6TI
IRTyRq67XbAQpNBdSz3txtss3xUfEb18qvVHfl+Z1AMOF4hyDqDWQeLS+ZVEM3UK
LeYqUqSFNSxlRSagmB0GZ4NJTSRT8H+y8tvHNH7y7Rz4gpViPZWY/jZSNMquC4pS
1p0c1RDPgaaINpMm+Jy3Eer8abvBkgIfWfQ2ZhmT4Hub7ao9OPNknwG+bhwqaBn1
BS0kCSQIuVZCERdmWIe8vvgHpmfYGWn55Cpfu2JEv7HId/pz6Bq9jocfoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpzymy3xfvaPseMv1es710j8NXMMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvT25QS2JMZkYtOW8teDR5X1Y2enZYU1B3MWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXgVMA0G
CSqGSIb3DQEBCwUAA4IBAQC4XnvapAdnOC3lonU9ABjfkDYpXndMJHBZNK7wxmgx
8LPXPxG9Q81dpJ0sU14e0iCwrzXzBrduf0s6MNx71Pu8DPvkDjpVf9U4O6NyFYtZ
XrjQJYzGoVF877TqLwBeasVIRCp75NtXw8TJuVBbQGXBEhZG+r2w9+0Bj8Hqp5Hh
gTc6ieWpEgNrSVGrEaOwpItfw/U9y3lPSrcLnJfITD56zLTMli1rDSPSQbaTlK1l
QXWsA40gTe3F7NFczFy0I7GRIRnf6/GZ3flsJ2yCpJ0S3cprBxONfIzXyKsOcr6G
Cibqud86k1jwQ8YpjsStwfGmXoi/76cHGBB+vgoTwNUO
-----END CERTIFICATE-----