Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/OzgLp6R3YPOm-oIFrRvuH5rZXBE.roa
File:                     OzgLp6R3YPOm-oIFrRvuH5rZXBE.roa (raw, json)
Hash identifier:          VKSensHRu6zIUN4vjqic4U0HmL2nIMG3Z+vMNFKPAT0=
Subject key identifier:   3B:38:0B:A7:A4:77:60:F3:A6:FA:82:05:AD:1B:EE:1F:9A:D9:5C:11
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018F80CACE7C55EB766F1DF7AF36F9AC337E
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/OzgLp6R3YPOm-oIFrRvuH5rZXBE.roa
Signing time:             Thu 16 May 2024 09:45:25 +0000
ROA not before:           Thu 16 May 2024 09:45:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209178
IP address blocks:        185.233.19.0/24 maxlen: 24
                          185.235.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:80:ca:ce:7c:55:eb:76:6f:1d:f7:af:36:f9:ac:33:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: May 16 09:45:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b380ba7a47760f3a6fa8205ad1bee1f9ad95c11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d5:ff:19:83:fe:63:b0:76:24:ad:74:77:ae:
                    38:e9:98:b0:38:4b:6e:84:b5:e5:9f:03:2d:28:d7:
                    eb:ba:e1:4b:a8:69:b4:81:de:36:27:45:19:97:f1:
                    3b:7d:29:75:a8:e1:8a:93:f3:e7:29:8c:7f:be:0a:
                    52:90:e2:e9:7a:50:4a:a2:4f:fb:e0:2b:69:21:b3:
                    18:5d:64:db:b2:b0:97:c2:4a:db:d9:16:6e:ae:15:
                    c5:6f:99:a7:d4:36:1c:c5:1d:95:53:eb:bb:00:8d:
                    93:94:24:9f:cd:99:69:c5:68:a4:1a:c4:20:84:8b:
                    19:fc:1f:71:fc:ef:79:4a:21:07:cd:d6:c4:92:13:
                    71:1d:df:cb:b0:00:3f:b5:af:16:c5:20:a4:62:83:
                    f9:a0:2d:cd:5a:66:fd:d1:fb:1f:89:07:9f:ab:18:
                    f0:46:8d:2f:f6:0e:b0:94:4e:9e:41:ad:90:47:45:
                    33:35:11:43:e2:e3:6c:c9:6f:be:f6:6a:18:d1:d7:
                    ba:1c:b3:cc:ec:dc:70:eb:11:5a:48:2d:da:17:88:
                    47:f9:03:7d:d0:2c:bc:59:ce:d2:35:c0:e2:7d:49:
                    44:40:0f:ec:5d:76:b3:a5:22:8b:ca:e7:20:3a:ac:
                    b4:8f:24:bc:bd:4e:4d:f1:c6:51:71:26:22:9e:f0:
                    88:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:38:0B:A7:A4:77:60:F3:A6:FA:82:05:AD:1B:EE:1F:9A:D9:5C:11
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/OzgLp6R3YPOm-oIFrRvuH5rZXBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.19.0/24
                  185.235.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:30:9d:87:fb:5b:0c:5d:f0:1f:07:f8:66:d3:7e:8c:49:06:
         3c:14:81:82:79:0a:2e:df:4a:e7:e9:7b:d0:89:48:29:bc:7c:
         c2:86:f6:bc:a1:12:1b:83:24:9c:af:fb:43:47:c2:41:db:b3:
         b5:d6:b7:f6:53:0b:e0:48:5e:74:7e:b5:2a:75:bd:4b:58:bc:
         af:54:e9:f1:19:b9:8a:15:79:a8:7d:e2:af:fb:bb:ac:11:ae:
         32:84:7f:4f:5e:a1:bd:34:78:ff:79:7d:43:41:50:b5:df:1d:
         86:a9:5c:4e:70:8a:50:2d:9f:e3:a1:cb:27:2a:5b:b5:ab:37:
         2b:9d:d2:55:16:ea:ee:56:14:a1:08:d7:b3:7e:4b:4f:31:b7:
         1d:0b:1c:9e:7e:4b:1e:e5:27:30:b5:23:e8:48:07:26:84:a0:
         ae:f7:b9:ea:ea:8c:b6:8a:83:67:92:d0:24:3c:03:80:ad:cc:
         51:66:24:15:67:2d:90:32:70:55:6f:31:e9:66:1e:29:70:d7:
         a1:28:57:1f:09:8f:a8:66:68:4d:59:6e:2b:91:38:36:d2:4f:
         42:4b:a0:41:cb:87:86:49:68:9d:fc:16:7f:63:a8:f5:80:51:
         25:c2:aa:6b:f2:52:4d:42:88:5d:85:cd:85:58:2f:92:b9:8f:
         47:5a:89:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+Ays58Vet2bx33rzb5rDN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwNTE2MDk0NTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjM4MGJhN2E0Nzc2MGYzYTZmYTgyMDVhZDFiZWUxZjlhZDk1YzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltX/GYP+Y7B2JK10d6446ZiwOEtu
hLXlnwMtKNfruuFLqGm0gd42J0UZl/E7fSl1qOGKk/PnKYx/vgpSkOLpelBKok/7
4CtpIbMYXWTbsrCXwkrb2RZurhXFb5mn1DYcxR2VU+u7AI2TlCSfzZlpxWikGsQg
hIsZ/B9x/O95SiEHzdbEkhNxHd/LsAA/ta8WxSCkYoP5oC3NWmb90fsfiQefqxjw
Ro0v9g6wlE6eQa2QR0UzNRFD4uNsyW++9moY0de6HLPM7Nxw6xFaSC3aF4hH+QN9
0Cy8Wc7SNcDifUlEQA/sXXazpSKLyucgOqy0jyS8vU5N8cZRcSYinvCIAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDs4C6ekd2DzpvqCBa0b7h+a2VwRMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvT3pnTHA2UjNZUE9tLW9JRnJSdnVINXJaWEJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuekTAwQA
ueulMA0GCSqGSIb3DQEBCwUAA4IBAQCwMJ2H+1sMXfAfB/hm036MSQY8FIGCeQou
30rn6XvQiUgpvHzChva8oRIbgyScr/tDR8JB27O11rf2UwvgSF50frUqdb1LWLyv
VOnxGbmKFXmofeKv+7usEa4yhH9PXqG9NHj/eX1DQVC13x2GqVxOcIpQLZ/jocsn
Klu1qzcrndJVFuruVhShCNezfktPMbcdCxyefkse5ScwtSPoSAcmhKCu97nq6oy2
ioNnktAkPAOArcxRZiQVZy2QMnBVbzHpZh4pcNehKFcfCY+oZmhNWW4rkTg20k9C
S6BBy4eGSWid/BZ/Y6j1gFElwqpr8lJNQohdhc2FWC+SuY9HWomB
-----END CERTIFICATE-----