Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/O_4hNGkkAJbwBC2s_bsfL6zhZlQ.roa
File:                     O_4hNGkkAJbwBC2s_bsfL6zhZlQ.roa (raw, json)
Hash identifier:          V93RyaLYkWjv13bKE9pXYnVk+Cwb3NtoFAw3Jzce3wI=
Subject key identifier:   3B:FE:21:34:69:24:00:96:F0:04:2D:AC:FD:BB:1F:2F:AC:E1:66:54
Certificate issuer:       /CN=864abd435f899d570a8e5fb83bdad1153455dee0
Certificate serial:       018CC7949226F4FA8019315EACDD7997252A
Authority key identifier: 86:4A:BD:43:5F:89:9D:57:0A:8E:5F:B8:3B:DA:D1:15:34:55:DE:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/O_4hNGkkAJbwBC2s_bsfL6zhZlQ.roa
Signing time:             Tue 02 Jan 2024 00:30:51 +0000
ROA not before:           Tue 02 Jan 2024 00:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38924
IP address blocks:        95.87.0.0/18 maxlen: 24
                          2a00:fc40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:92:26:f4:fa:80:19:31:5e:ac:dd:79:97:25:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=864abd435f899d570a8e5fb83bdad1153455dee0
        Validity
            Not Before: Jan  2 00:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bfe213469240096f0042dacfdbb1f2face16654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:70:e9:d6:c6:ac:48:76:2b:bd:03:8d:30:1f:
                    07:51:38:d2:88:36:9e:51:3a:f6:57:66:78:39:99:
                    71:dd:8d:d5:a3:ed:d1:0f:ee:99:2f:c7:d6:e5:f7:
                    52:65:fd:42:ab:74:cd:1d:e6:fe:f8:56:0a:79:bb:
                    07:93:b2:1c:54:07:40:00:99:c0:4b:65:30:0b:eb:
                    be:bb:9e:1e:ab:e9:a2:b9:de:0b:63:57:f8:5f:5c:
                    d9:22:ef:19:58:79:eb:fb:84:b8:54:15:ba:1d:49:
                    3d:c9:c8:b6:39:09:8a:62:70:08:ad:e2:70:96:ec:
                    23:ea:e9:bd:eb:bf:66:3f:44:43:f8:d0:fa:77:90:
                    24:ad:40:d0:43:d4:9b:5c:c4:7a:12:63:60:eb:62:
                    0e:da:fa:be:e5:3b:1b:e3:47:fe:ed:ea:5a:72:34:
                    48:f0:56:4e:62:6a:82:94:dc:ba:9a:12:a6:07:4e:
                    57:77:d2:63:51:6e:c1:6b:fe:50:1b:af:f2:0c:b2:
                    15:30:6c:53:e0:ad:d3:bf:6f:14:6b:a4:ee:8c:46:
                    7f:cf:d9:a2:76:30:4e:40:10:4b:fd:66:cf:13:24:
                    f2:5e:18:dd:18:8f:75:0c:29:27:19:c6:f0:c4:01:
                    9a:ad:29:04:07:0f:6e:0b:8d:21:5e:cc:be:f0:e8:
                    61:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:FE:21:34:69:24:00:96:F0:04:2D:AC:FD:BB:1F:2F:AC:E1:66:54
            X509v3 Authority Key Identifier:
                keyid:86:4A:BD:43:5F:89:9D:57:0A:8E:5F:B8:3B:DA:D1:15:34:55:DE:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/O_4hNGkkAJbwBC2s_bsfL6zhZlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.87.0.0/18
                IPv6:
                  2a00:fc40::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:33:03:a3:77:a7:1b:a5:35:34:68:7b:a5:64:d1:10:43:f6:
         97:6c:f7:18:01:d2:eb:1e:22:26:8a:57:71:af:f6:b4:f5:11:
         c4:20:6b:81:79:5e:22:4c:97:b9:7b:95:04:ec:8f:38:58:e2:
         cc:03:24:f4:50:7c:55:8a:4a:7b:3f:46:a5:51:e7:30:10:10:
         8f:97:c5:61:62:b2:1f:77:43:4b:2d:73:3b:fe:5f:e4:04:35:
         31:9c:6b:03:8c:9c:ab:61:dd:b9:e6:15:82:07:48:61:bb:96:
         41:7c:dc:41:c7:44:56:c2:57:de:0f:cd:47:cd:cc:f7:4b:a1:
         4b:34:a4:78:b9:64:cd:fc:6c:d4:ba:3a:98:23:8e:b0:af:4b:
         34:8d:3b:f1:6e:45:25:65:9d:10:1f:ba:e5:a8:75:fe:48:1d:
         f2:67:0e:dc:80:fe:72:1a:3c:f7:fd:2a:74:d3:cf:07:97:af:
         af:c8:f5:b9:2c:0c:c8:1f:2c:1b:4f:32:e8:01:d4:21:4a:65:
         e8:f9:d1:1b:ef:43:c3:36:d9:ca:5e:c1:a6:81:9c:42:9a:0b:
         9a:ba:31:d6:08:ab:e2:fb:7d:90:e6:93:50:d4:1d:fc:9e:de:
         2a:04:df:21:95:e4:8a:6e:9a:a0:0d:4b:c3:af:ec:f5:64:50:
         83:43:e2:85
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlJIm9PqAGTFerN15lyUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NGFiZDQzNWY4OTlkNTcwYThlNWZiODNiZGFkMTE1MzQ1
NWRlZTAwHhcNMjQwMTAyMDAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmZlMjEzNDY5MjQwMDk2ZjAwNDJkYWNmZGJiMWYyZmFjZTE2NjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3Dp1sasSHYrvQONMB8HUTjSiDae
UTr2V2Z4OZlx3Y3Vo+3RD+6ZL8fW5fdSZf1Cq3TNHeb++FYKebsHk7IcVAdAAJnA
S2UwC+u+u54eq+miud4LY1f4X1zZIu8ZWHnr+4S4VBW6HUk9yci2OQmKYnAIreJw
luwj6um9679mP0RD+ND6d5AkrUDQQ9SbXMR6EmNg62IO2vq+5Tsb40f+7epacjRI
8FZOYmqClNy6mhKmB05Xd9JjUW7Ba/5QG6/yDLIVMGxT4K3Tv28Ua6TujEZ/z9mi
djBOQBBL/WbPEyTyXhjdGI91DCknGcbwxAGarSkEBw9uC40hXsy+8Ohh5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDv+ITRpJACW8AQtrP27Hy+s4WZUMB8GA1UdIwQY
MBaAFIZKvUNfiZ1XCo5fuDva0RU0Vd7gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGtxOVExLUpuVmNLamwtNE85clJGVFJWM3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zZjEzM2YtMWM4MS00YTRiLWEyNTUt
M2UzNjQ2NTkxYWEwLzEvT180aE5Ha2tBSmJ3QkMyc19ic2ZMNnpoWmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zZjEzM2YtMWM4MS00YTRiLWEyNTUtM2UzNjQ2NTkxYWEw
LzEvaGtxOVExLUpuVmNLamwtNE85clJGVFJWM3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGX1cAMA0E
AgACMAcDBQAqAPxAMA0GCSqGSIb3DQEBCwUAA4IBAQAiMwOjd6cbpTU0aHulZNEQ
Q/aXbPcYAdLrHiImildxr/a09RHEIGuBeV4iTJe5e5UE7I84WOLMAyT0UHxVikp7
P0alUecwEBCPl8VhYrIfd0NLLXM7/l/kBDUxnGsDjJyrYd255hWCB0hhu5ZBfNxB
x0RWwlfeD81Hzcz3S6FLNKR4uWTN/GzUujqYI46wr0s0jTvxbkUlZZ0QH7rlqHX+
SB3yZw7cgP5yGjz3/Sp0088Hl6+vyPW5LAzIHywbTzLoAdQhSmXo+dEb70PDNtnK
XsGmgZxCmguaujHWCKvi+32Q5pNQ1B38nt4qBN8hleSKbpqgDUvDr+z1ZFCDQ+KF
-----END CERTIFICATE-----