Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/c20633-f797-4b65-b983-06a4123b461e/1/o4LxCJBFN1mvgOljdvcTlRH0yPI.roa
File:                     o4LxCJBFN1mvgOljdvcTlRH0yPI.roa (raw, json)
Hash identifier:          a4fDzBu1KSIutL9089fnpHDUn3OpzdgoKwGMjGiCip4=
Subject key identifier:   A3:82:F1:08:90:45:37:59:AF:80:E9:63:76:F7:13:95:11:F4:C8:F2
Certificate issuer:       /CN=9b37f13abd98277c691fc76ce933410d5d3f37c8
Certificate serial:       018CC64B036B36DBF96979EC1207351E5225
Authority key identifier: 9B:37:F1:3A:BD:98:27:7C:69:1F:C7:6C:E9:33:41:0D:5D:3F:37:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mzfxOr2YJ3xpH8ds6TNBDV0_N8g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/c20633-f797-4b65-b983-06a4123b461e/1/o4LxCJBFN1mvgOljdvcTlRH0yPI.roa
Signing time:             Mon 01 Jan 2024 18:30:53 +0000
ROA not before:           Mon 01 Jan 2024 18:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41273
IP address blocks:        83.171.216.0/22 maxlen: 24
                          2a09:2f00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/c20633-f797-4b65-b983-06a4123b461e/1/mzfxOr2YJ3xpH8ds6TNBDV0_N8g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/c20633-f797-4b65-b983-06a4123b461e/1/mzfxOr2YJ3xpH8ds6TNBDV0_N8g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mzfxOr2YJ3xpH8ds6TNBDV0_N8g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:03:6b:36:db:f9:69:79:ec:12:07:35:1e:52:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b37f13abd98277c691fc76ce933410d5d3f37c8
        Validity
            Not Before: Jan  1 18:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a382f10890453759af80e96376f7139511f4c8f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f8:0f:b3:c3:8c:3c:1c:5f:b7:2f:68:aa:99:
                    56:ec:ff:21:4c:63:68:5b:dc:73:5c:10:c1:9d:46:
                    9c:e2:e8:7b:eb:cc:99:a8:46:4d:24:c6:95:bb:79:
                    11:6e:a6:18:c6:ac:ad:b8:da:d3:f4:c0:e8:4f:e0:
                    3c:67:72:e1:e1:54:f2:87:76:81:da:25:4c:a0:ce:
                    fd:cf:cc:ef:f0:79:c3:9f:14:b1:a2:d8:37:85:11:
                    30:58:e8:41:0a:e3:18:8b:82:d5:07:57:3e:33:7e:
                    c3:69:95:fd:0d:fc:80:7d:c4:36:a9:8f:4e:3c:29:
                    2e:be:e2:01:17:18:30:19:88:0d:0a:d5:e6:1d:84:
                    bd:c6:8b:5b:47:45:86:ea:a5:b0:79:d3:74:d3:ef:
                    72:ef:82:48:6e:88:09:18:0d:4d:1a:cd:3e:7f:27:
                    02:c8:d0:bc:58:99:4b:33:20:41:9b:46:75:3e:80:
                    2c:b8:9b:d9:44:37:88:a0:b0:5f:da:43:05:37:e6:
                    ab:0c:7c:f6:e0:21:50:00:88:e0:56:e9:aa:1b:34:
                    8e:b0:6f:eb:3c:15:b3:c4:11:4a:d2:f2:d0:06:82:
                    ec:24:64:e1:48:bf:e6:7d:fc:a7:80:6d:82:99:e7:
                    b0:66:88:df:05:df:a8:a1:fb:a2:4e:db:46:3d:e5:
                    96:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:82:F1:08:90:45:37:59:AF:80:E9:63:76:F7:13:95:11:F4:C8:F2
            X509v3 Authority Key Identifier:
                keyid:9B:37:F1:3A:BD:98:27:7C:69:1F:C7:6C:E9:33:41:0D:5D:3F:37:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mzfxOr2YJ3xpH8ds6TNBDV0_N8g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/c20633-f797-4b65-b983-06a4123b461e/1/o4LxCJBFN1mvgOljdvcTlRH0yPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/c20633-f797-4b65-b983-06a4123b461e/1/mzfxOr2YJ3xpH8ds6TNBDV0_N8g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.171.216.0/22
                IPv6:
                  2a09:2f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:54:e6:94:27:95:76:a4:c3:0f:f8:a7:86:82:4a:34:23:43:
         04:8a:70:72:e9:d2:0f:1b:20:e1:00:1f:c8:80:64:81:c6:37:
         74:f2:42:6b:c6:57:f9:ee:58:b2:0a:0c:e6:d9:30:17:c7:74:
         8f:7c:0c:fb:4e:3d:0e:47:97:0e:2a:11:a6:96:14:a5:64:f9:
         cc:c6:9e:21:68:5b:d2:f8:e0:68:db:d2:4a:a4:55:da:a9:b0:
         af:f8:ad:5e:cc:ba:03:9c:9d:8b:42:52:a5:57:d1:20:79:c7:
         cf:11:d5:ba:52:81:bb:74:64:39:c0:da:26:96:70:a9:ef:69:
         7e:89:c4:fc:45:66:30:83:f7:68:ac:6e:31:ee:56:3a:af:bf:
         33:6f:a9:76:e7:a4:8c:9b:da:a0:6f:a7:11:f8:d8:cd:b8:c7:
         01:f5:1b:20:a2:29:11:de:21:aa:b4:c7:2b:39:71:a8:af:13:
         59:a9:dd:ed:5b:15:f6:cd:e1:5c:ba:b4:56:10:1e:94:fd:8c:
         0b:cf:c9:a6:8b:0f:06:af:55:75:29:b7:dd:c2:29:17:96:73:
         45:82:8b:be:4b:5c:2d:af:5e:fc:cc:12:95:97:83:d0:e7:60:
         77:6f:4f:98:8d:59:5f:2e:ed:e6:84:17:ee:de:e5:88:63:ca:
         3d:b3:c8:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSwNrNtv5aXnsEgc1HlIlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMzdmMTNhYmQ5ODI3N2M2OTFmYzc2Y2U5MzM0MTBkNWQz
ZjM3YzgwHhcNMjQwMTAxMTgzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzgyZjEwODkwNDUzNzU5YWY4MGU5NjM3NmY3MTM5NTExZjRjOGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPgPs8OMPBxfty9oqplW7P8hTGNo
W9xzXBDBnUac4uh768yZqEZNJMaVu3kRbqYYxqytuNrT9MDoT+A8Z3Lh4VTyh3aB
2iVMoM79z8zv8HnDnxSxotg3hREwWOhBCuMYi4LVB1c+M37DaZX9DfyAfcQ2qY9O
PCkuvuIBFxgwGYgNCtXmHYS9xotbR0WG6qWwedN00+9y74JIbogJGA1NGs0+fycC
yNC8WJlLMyBBm0Z1PoAsuJvZRDeIoLBf2kMFN+arDHz24CFQAIjgVumqGzSOsG/r
PBWzxBFK0vLQBoLsJGThSL/mffyngG2CmeewZojfBd+oofuiTttGPeWWmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKOC8QiQRTdZr4DpY3b3E5UR9MjyMB8GA1UdIwQY
MBaAFJs38Tq9mCd8aR/HbOkzQQ1dPzfIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXpmeE9yMllKM3hwSDhkczZUTkJEVjBfTjhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jMjA2MzMtZjc5Ny00YjY1LWI5ODMt
MDZhNDEyM2I0NjFlLzEvbzRMeENKQkZOMW12Z09samR2Y1RsUkgweVBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jMjA2MzMtZjc5Ny00YjY1LWI5ODMtMDZhNDEyM2I0NjFl
LzEvbXpmeE9yMllKM3hwSDhkczZUTkJEVjBfTjhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCU6vYMA0E
AgACMAcDBQMqCS8AMA0GCSqGSIb3DQEBCwUAA4IBAQBOVOaUJ5V2pMMP+KeGgko0
I0MEinBy6dIPGyDhAB/IgGSBxjd08kJrxlf57liyCgzm2TAXx3SPfAz7Tj0OR5cO
KhGmlhSlZPnMxp4haFvS+OBo29JKpFXaqbCv+K1ezLoDnJ2LQlKlV9EgecfPEdW6
UoG7dGQ5wNomlnCp72l+icT8RWYwg/dorG4x7lY6r78zb6l256SMm9qgb6cR+NjN
uMcB9RsgoikR3iGqtMcrOXGorxNZqd3tWxX2zeFcurRWEB6U/YwLz8mmiw8Gr1V1
KbfdwikXlnNFgou+S1wtr178zBKVl4PQ52B3b0+YjVlfLu3mhBfu3uWIY8o9s8iU
-----END CERTIFICATE-----