Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OK_TjJ3dcTld520xRtr2uLdKzco.roa
File:                     OK_TjJ3dcTld520xRtr2uLdKzco.roa (raw, json)
Hash identifier:          wshdX+rUszfArPerbVeEgwhf64nT5BvnUATGOF0m630=
Subject key identifier:   38:AF:D3:8C:9D:DD:71:39:5D:E7:6D:31:46:DA:F6:B8:B7:4A:CD:CA
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0190C541FE5099035A44F9703992EC6CE8E1
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OK_TjJ3dcTld520xRtr2uLdKzco.roa
Signing time:             Thu 18 Jul 2024 09:52:34 +0000
ROA not before:           Thu 18 Jul 2024 09:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        84.32.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 05:42:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:41:fe:50:99:03:5a:44:f9:70:39:92:ec:6c:e8:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jul 18 09:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38afd38c9ddd71395de76d3146daf6b8b74acdca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7d:cc:ce:0f:4a:8f:a2:fc:ac:a7:e2:9a:85:
                    7d:bb:dc:2f:dc:68:31:d9:83:3d:e8:2d:33:52:15:
                    7e:64:d8:f2:d0:f8:f4:6a:c7:b1:89:85:4b:53:9c:
                    60:c5:75:0f:51:74:ae:04:79:c0:79:b8:a6:c9:8a:
                    ca:51:61:94:b8:7f:3d:69:0e:6c:e9:31:9f:90:34:
                    f7:81:82:6d:87:79:fa:53:44:f1:46:13:f0:c5:26:
                    43:ae:e9:16:42:c4:f8:df:8d:2b:51:43:fd:5c:c8:
                    4b:05:ac:16:10:03:7a:24:48:eb:5c:6a:5e:14:fb:
                    e3:4b:11:e8:24:6a:76:3d:72:3e:05:c1:e8:ff:61:
                    3a:d8:9e:d2:cb:15:51:81:7d:c5:5d:3e:48:af:d7:
                    36:b4:37:5e:0d:50:80:ed:fd:34:d5:eb:12:45:a9:
                    39:5f:d5:7b:81:a3:9f:da:96:3d:82:e5:2e:39:65:
                    c1:ec:fa:16:54:ed:0a:4d:d5:5f:ca:e6:7e:c8:43:
                    88:d9:7a:1b:93:57:82:c2:c1:35:80:3e:75:13:ea:
                    2e:90:43:5f:da:86:6a:af:70:b0:2c:4d:c5:8e:14:
                    c4:58:f8:32:6b:05:40:3b:0d:cd:f5:a1:8a:9b:6c:
                    3a:48:0b:6e:6f:33:8b:9c:a5:ff:4b:f0:a7:ce:90:
                    cd:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:AF:D3:8C:9D:DD:71:39:5D:E7:6D:31:46:DA:F6:B8:B7:4A:CD:CA
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OK_TjJ3dcTld520xRtr2uLdKzco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:7e:cb:b0:b5:a4:49:30:88:9d:fb:3c:67:02:ec:15:5b:61:
         e4:53:93:08:ab:ff:ab:f4:cc:1d:e1:07:be:e2:73:19:50:49:
         be:61:86:15:a3:ce:a7:29:8f:23:62:71:6c:50:a2:7e:c3:86:
         b8:fd:77:67:7e:50:00:cb:95:6f:fd:51:20:bd:51:6c:db:cd:
         a1:b6:4e:35:1d:ca:48:17:53:fb:e8:78:f3:a4:58:f2:7a:ce:
         f1:96:28:b6:b1:d7:bb:ca:11:3d:be:bf:9f:93:ce:b7:4a:0c:
         40:1c:57:5d:4f:38:dd:5e:ae:f8:6e:15:03:79:7e:1c:bf:a0:
         a9:f5:ea:bf:87:20:65:2d:6e:54:6a:97:62:a4:30:e0:46:ed:
         03:8e:2b:04:41:0d:f7:8c:6d:ab:0e:55:83:36:b2:89:c1:74:
         f7:19:d5:0b:0e:ce:dc:b8:2a:28:86:e9:03:ae:3c:35:46:68:
         73:21:c7:1b:5c:f6:89:42:65:4e:91:47:1d:40:b1:07:1e:9e:
         f5:0d:fb:30:4a:15:0b:04:72:97:ab:7f:3e:7e:09:1b:db:d0:
         ec:ab:01:2e:71:fb:b0:c1:c9:6b:97:bf:3b:1c:0e:40:1c:d5:
         f0:c8:56:e1:2f:c1:b7:ae:50:83:18:83:44:2b:db:4b:0c:c2:
         a3:19:a3:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDFQf5QmQNaRPlwOZLsbOjhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwNzE4MDk1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGFmZDM4YzlkZGQ3MTM5NWRlNzZkMzE0NmRhZjZiOGI3NGFjZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsX3Mzg9Kj6L8rKfimoV9u9wv3Ggx
2YM96C0zUhV+ZNjy0Pj0asexiYVLU5xgxXUPUXSuBHnAebimyYrKUWGUuH89aQ5s
6TGfkDT3gYJth3n6U0TxRhPwxSZDrukWQsT4340rUUP9XMhLBawWEAN6JEjrXGpe
FPvjSxHoJGp2PXI+BcHo/2E62J7SyxVRgX3FXT5Ir9c2tDdeDVCA7f001esSRak5
X9V7gaOf2pY9guUuOWXB7PoWVO0KTdVfyuZ+yEOI2Xobk1eCwsE1gD51E+oukENf
2oZqr3CwLE3FjhTEWPgyawVAOw3N9aGKm2w6SAtubzOLnKX/S/CnzpDNIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiv04yd3XE5XedtMUba9ri3Ss3KMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvT0tfVGpKM2RjVGxkNTIweFJ0cjJ1TGRLemNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAVMA0G
CSqGSIb3DQEBCwUAA4IBAQB6fsuwtaRJMIid+zxnAuwVW2HkU5MIq/+r9Mwd4Qe+
4nMZUEm+YYYVo86nKY8jYnFsUKJ+w4a4/XdnflAAy5Vv/VEgvVFs282htk41HcpI
F1P76HjzpFjyes7xlii2sde7yhE9vr+fk863SgxAHFddTzjdXq74bhUDeX4cv6Cp
9eq/hyBlLW5UapdipDDgRu0DjisEQQ33jG2rDlWDNrKJwXT3GdULDs7cuCoohukD
rjw1RmhzIccbXPaJQmVOkUcdQLEHHp71DfswShULBHKXq38+fgkb29DsqwEucfuw
wclrl787HA5AHNXwyFbhL8G3rlCDGINEK9tLDMKjGaNU
-----END CERTIFICATE-----