Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/OTNr3p3QIGLPoo8UU9pIxa6aWSs.roa
File:                     OTNr3p3QIGLPoo8UU9pIxa6aWSs.roa (raw, json)
Hash identifier:          LGnnebGvPHTxl3REM06vR2gXpSs7/7ysR8FZZ44Qc/s=
Subject key identifier:   39:33:6B:DE:9D:D0:20:62:CF:A2:8F:14:53:DA:48:C5:AE:9A:59:2B
Certificate issuer:       /CN=a8dff01f56e3419d027be7591ceef62851ce0f6b
Certificate serial:       018CC8DFAA30D4F346CE2DF9EE9C18791C39
Authority key identifier: A8:DF:F0:1F:56:E3:41:9D:02:7B:E7:59:1C:EE:F6:28:51:CE:0F:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/OTNr3p3QIGLPoo8UU9pIxa6aWSs.roa
Signing time:             Tue 02 Jan 2024 06:32:30 +0000
ROA not before:           Tue 02 Jan 2024 06:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64510
IP address blocks:        185.201.174.208/28 maxlen: 28

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:aa:30:d4:f3:46:ce:2d:f9:ee:9c:18:79:1c:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8dff01f56e3419d027be7591ceef62851ce0f6b
        Validity
            Not Before: Jan  2 06:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39336bde9dd02062cfa28f1453da48c5ae9a592b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:53:97:e3:9c:38:1c:b7:37:9f:53:4e:6f:ed:
                    7b:a1:39:9d:b2:13:cf:c5:f0:ca:9c:99:7f:ce:ef:
                    42:a9:af:14:3b:dc:4e:cc:68:ff:c1:50:09:4a:28:
                    6f:df:2b:e3:b3:4a:73:7f:d1:81:ce:20:f5:70:de:
                    bf:6b:70:c0:27:88:b9:0d:ae:41:f0:fc:47:d9:45:
                    fe:5e:0d:9d:a3:a2:40:6a:9f:b7:83:22:66:1d:70:
                    a0:5c:3a:96:7c:1b:6a:13:ab:16:31:4d:dd:d8:55:
                    c7:ff:4b:eb:a9:78:84:10:02:72:a5:5b:5a:e2:aa:
                    fd:2c:cd:7f:a0:1a:f9:b8:7a:8b:95:da:22:d9:5b:
                    82:06:75:81:5e:71:5f:92:9a:ed:c6:ca:64:53:af:
                    8c:66:6f:d7:7e:b0:8c:65:e0:5e:7b:fc:cd:0a:b7:
                    b7:70:94:a8:bf:a2:53:3f:87:e1:09:71:89:96:0a:
                    45:1e:f1:84:61:17:9f:43:26:ab:59:54:9a:fe:ff:
                    46:ec:ba:d1:e6:0b:23:f5:9d:46:08:e7:0c:2c:ff:
                    e4:92:d2:37:48:0a:b4:3c:70:90:e8:e7:16:f9:2c:
                    71:ec:24:2b:35:9e:a0:68:4b:73:43:b9:d8:6c:62:
                    3b:8d:84:64:6e:c1:d9:a1:a0:56:f8:70:08:31:07:
                    a4:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:33:6B:DE:9D:D0:20:62:CF:A2:8F:14:53:DA:48:C5:AE:9A:59:2B
            X509v3 Authority Key Identifier:
                keyid:A8:DF:F0:1F:56:E3:41:9D:02:7B:E7:59:1C:EE:F6:28:51:CE:0F:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/OTNr3p3QIGLPoo8UU9pIxa6aWSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.174.208/28

    Signature Algorithm: sha256WithRSAEncryption
         92:64:af:23:15:b6:6f:1d:a4:e1:ef:f9:71:05:de:53:50:7f:
         30:f5:1d:ac:83:94:fd:33:99:96:ef:a7:45:44:9f:f2:6b:0e:
         32:20:04:13:6d:57:49:54:21:f1:0f:f5:19:a8:4c:28:56:30:
         ce:e7:18:f7:c1:39:8d:b3:70:32:c5:be:f4:87:f2:85:b5:97:
         4c:38:c1:85:e6:a7:4c:11:49:17:3c:07:38:e4:84:8d:f7:bc:
         3b:07:37:ee:44:1f:ff:52:79:4b:c8:d5:0d:e9:9b:fd:de:ac:
         f5:8a:4b:56:ca:cc:e4:37:81:13:83:5a:bd:fc:21:03:85:df:
         f4:ff:c3:e6:b1:67:de:cf:1d:fa:e5:11:4b:4c:59:36:59:ab:
         06:2d:8d:f0:75:93:10:be:be:06:2d:1b:f9:a2:4a:85:36:8f:
         06:59:95:d1:1b:fd:3e:b3:a5:28:6f:3f:de:b0:bc:4a:21:b5:
         86:ec:9f:af:85:55:fe:f5:0c:f4:b5:84:fb:94:be:cb:35:c3:
         be:2e:b5:46:d9:30:56:ca:7b:f7:3b:1e:c1:2c:15:a2:88:a6:
         5e:0d:b0:97:90:da:86:fe:59:1d:ad:33:a1:9c:e3:89:96:bc:
         58:82:12:10:0e:c0:a9:a9:68:95:ea:61:e4:4d:21:41:b6:8b:
         af:8f:e1:a5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI36ow1PNGzi357pwYeRw5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZGZmMDFmNTZlMzQxOWQwMjdiZTc1OTFjZWVmNjI4NTFj
ZTBmNmIwHhcNMjQwMTAyMDYzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTMzNmJkZTlkZDAyMDYyY2ZhMjhmMTQ1M2RhNDhjNWFlOWE1OTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFOX45w4HLc3n1NOb+17oTmdshPP
xfDKnJl/zu9Cqa8UO9xOzGj/wVAJSihv3yvjs0pzf9GBziD1cN6/a3DAJ4i5Da5B
8PxH2UX+Xg2do6JAap+3gyJmHXCgXDqWfBtqE6sWMU3d2FXH/0vrqXiEEAJypVta
4qr9LM1/oBr5uHqLldoi2VuCBnWBXnFfkprtxspkU6+MZm/XfrCMZeBee/zNCre3
cJSov6JTP4fhCXGJlgpFHvGEYRefQyarWVSa/v9G7LrR5gsj9Z1GCOcMLP/kktI3
SAq0PHCQ6OcW+Sxx7CQrNZ6gaEtzQ7nYbGI7jYRkbsHZoaBW+HAIMQekfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDkza96d0CBiz6KPFFPaSMWumlkrMB8GA1UdIwQY
MBaAFKjf8B9W40GdAnvnWRzu9ihRzg9rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU5fd0gxYmpRWjBDZS1kWkhPNzJLRkhPRDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS80NzMzNjYtNzAyZC00NzNmLWJmYmUt
ODgyYzQ0OGUyZWY2LzEvT1ROcjNwM1FJR0xQb284VVU5cEl4YTZhV1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS80NzMzNjYtNzAyZC00NzNmLWJmYmUtODgyYzQ0OGUyZWY2
LzEvcU5fd0gxYmpRWjBDZS1kWkhPNzJLRkhPRDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUEucmu0DAN
BgkqhkiG9w0BAQsFAAOCAQEAkmSvIxW2bx2k4e/5cQXeU1B/MPUdrIOU/TOZlu+n
RUSf8msOMiAEE21XSVQh8Q/1GahMKFYwzucY98E5jbNwMsW+9IfyhbWXTDjBhean
TBFJFzwHOOSEjfe8Owc37kQf/1J5S8jVDemb/d6s9YpLVsrM5DeBE4NavfwhA4Xf
9P/D5rFn3s8d+uURS0xZNlmrBi2N8HWTEL6+Bi0b+aJKhTaPBlmV0Rv9PrOlKG8/
3rC8SiG1huyfr4VV/vUM9LWE+5S+yzXDvi61RtkwVsp79zsewSwVooimXg2wl5Da
hv5ZHa0zoZzjiZa8WIISEA7Aqaloleph5E0hQbaLr4/hpQ==
-----END CERTIFICATE-----