Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/OEZLKnA_dhO3CavmVRNVk5fv-vo.roa
File:                     OEZLKnA_dhO3CavmVRNVk5fv-vo.roa (raw, json)
Hash identifier:          dFI3u0zR7r4g4J7Gqn9zgvAEAf2Jqba9A85c5NYYUms=
Subject key identifier:   38:46:4B:2A:70:3F:76:13:B7:09:AB:E6:55:13:55:93:97:EF:FA:FA
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       01918F9045DE07A724A24D7695C096DD770E
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/OEZLKnA_dhO3CavmVRNVk5fv-vo.roa
Signing time:             Mon 26 Aug 2024 16:41:22 +0000
ROA not before:           Mon 26 Aug 2024 16:41:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214653
IP address blocks:        93.185.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8f:90:45:de:07:a7:24:a2:4d:76:95:c0:96:dd:77:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Aug 26 16:41:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38464b2a703f7613b709abe65513559397effafa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c9:f6:d7:22:53:c7:4d:fe:9e:6a:b0:01:97:
                    dc:2a:39:7a:1b:6a:a2:01:47:b5:5b:6a:36:6c:99:
                    90:28:7f:30:1d:0f:40:54:f0:a7:8c:75:51:ca:27:
                    51:62:e8:33:58:e1:c6:6d:48:83:83:4f:ac:0d:96:
                    29:f8:c8:a7:b0:43:21:e2:42:42:af:e1:91:97:bd:
                    90:ec:a8:27:9b:d8:2f:00:73:16:e9:a2:41:a8:4a:
                    cf:b7:ed:ba:b4:7b:88:21:c8:a6:74:71:7d:62:ce:
                    1b:22:65:be:7c:0a:5b:bc:92:7f:12:03:ff:17:19:
                    22:3b:df:78:88:75:59:14:92:21:84:18:98:69:1f:
                    de:96:6d:0f:b7:be:a1:eb:07:0e:3a:13:21:a1:3e:
                    76:c0:00:a5:75:7c:34:fd:27:a5:e0:a4:af:3c:88:
                    8a:9b:78:f4:0a:9d:e6:00:dd:1f:4f:d6:27:f1:80:
                    1b:57:31:05:2d:b7:61:19:b6:84:83:e8:94:13:84:
                    00:0b:8f:1d:a5:4f:40:d9:99:23:33:ac:11:4f:7c:
                    74:b7:6a:fb:2e:7a:74:41:be:65:6f:74:93:78:cd:
                    62:32:13:81:15:32:50:4b:64:39:51:fe:3f:df:4f:
                    bc:94:32:77:4a:fc:f9:da:b4:62:ae:ae:4e:bb:0c:
                    ee:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:46:4B:2A:70:3F:76:13:B7:09:AB:E6:55:13:55:93:97:EF:FA:FA
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/OEZLKnA_dhO3CavmVRNVk5fv-vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:ab:37:f5:81:1e:12:91:12:ae:17:0e:54:62:11:ff:e6:12:
         01:8b:36:92:ff:d8:5a:46:c6:c7:60:ce:92:c0:44:ce:b6:fb:
         e5:aa:55:e9:2e:96:4b:26:52:de:4e:70:4e:a5:38:4f:54:57:
         8f:6d:2d:c2:27:e3:e7:3f:58:0c:c0:54:42:d4:2a:11:2f:a5:
         6c:51:c7:b1:4a:d4:a6:1d:c3:c1:95:0f:4a:09:84:9c:b9:d0:
         0a:16:a1:8a:e0:92:f2:dd:76:66:8a:84:b8:f2:fe:dc:f4:1f:
         16:ce:b4:a5:af:a1:6d:0f:84:b2:52:69:5a:94:8f:c2:30:0b:
         53:26:cc:5e:82:bb:40:19:e8:87:6e:23:03:35:fa:73:1b:aa:
         66:a8:4e:67:a0:8d:0d:37:3e:15:5f:eb:63:98:bb:ae:e3:d8:
         d6:58:fe:67:86:63:00:49:60:5d:93:26:3f:67:f0:58:ed:37:
         47:61:a7:5d:3e:3d:ec:8b:30:af:27:1f:f8:1d:24:c1:e4:c6:
         31:c7:ea:14:67:4c:98:04:ab:c6:88:41:f2:f9:0d:2a:2b:4a:
         cb:ab:74:c5:96:38:7f:c5:82:50:92:1f:c8:96:ba:4c:c8:f6:
         33:34:3a:2b:33:98:2a:aa:5b:95:21:2f:a9:dd:2b:f9:07:9d:
         13:c0:68:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGPkEXeB6ckok12lcCW3XcOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjQwODI2MTY0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODQ2NGIyYTcwM2Y3NjEzYjcwOWFiZTY1NTEzNTU5Mzk3ZWZmYWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8n21yJTx03+nmqwAZfcKjl6G2qi
AUe1W2o2bJmQKH8wHQ9AVPCnjHVRyidRYugzWOHGbUiDg0+sDZYp+MinsEMh4kJC
r+GRl72Q7Kgnm9gvAHMW6aJBqErPt+26tHuIIcimdHF9Ys4bImW+fApbvJJ/EgP/
FxkiO994iHVZFJIhhBiYaR/elm0Pt76h6wcOOhMhoT52wACldXw0/Sel4KSvPIiK
m3j0Cp3mAN0fT9Yn8YAbVzEFLbdhGbaEg+iUE4QAC48dpU9A2ZkjM6wRT3x0t2r7
Lnp0Qb5lb3STeM1iMhOBFTJQS2Q5Uf4/30+8lDJ3Svz52rRirq5OuwzuKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhGSypwP3YTtwmr5lUTVZOX7/r6MB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvT0VaTEtuQV9kaE8zQ2F2bVZSTlZrNWZ2LXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbmkMA0G
CSqGSIb3DQEBCwUAA4IBAQChqzf1gR4SkRKuFw5UYhH/5hIBizaS/9haRsbHYM6S
wETOtvvlqlXpLpZLJlLeTnBOpThPVFePbS3CJ+PnP1gMwFRC1CoRL6VsUcexStSm
HcPBlQ9KCYScudAKFqGK4JLy3XZmioS48v7c9B8WzrSlr6FtD4SyUmlalI/CMAtT
JsxegrtAGeiHbiMDNfpzG6pmqE5noI0NNz4VX+tjmLuu49jWWP5nhmMASWBdkyY/
Z/BY7TdHYaddPj3sizCvJx/4HSTB5MYxx+oUZ0yYBKvGiEHy+Q0qK0rLq3TFljh/
xYJQkh/IlrpMyPYzNDorM5gqqluVIS+p3Sv5B50TwGjd
-----END CERTIFICATE-----