Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/OPaKhqn7n9SnLSW8T4kp51rUYVU.roa
File:                     OPaKhqn7n9SnLSW8T4kp51rUYVU.roa (raw, json)
Hash identifier:          LJNtVCH+zBiPjDoYwjCjLu8a26ENoKtCbQByMbP4Kk4=
Subject key identifier:   38:F6:8A:86:A9:FB:9F:D4:A7:2D:25:BC:4F:89:29:E7:5A:D4:61:55
Certificate issuer:       /CN=331706b915bab8dac2b5547fbc87adeb61e6aede
Certificate serial:       018CC3B68216082DF65ED6912576F5A3610B
Authority key identifier: 33:17:06:B9:15:BA:B8:DA:C2:B5:54:7F:BC:87:AD:EB:61:E6:AE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/OPaKhqn7n9SnLSW8T4kp51rUYVU.roa
Signing time:             Mon 01 Jan 2024 06:29:27 +0000
ROA not before:           Mon 01 Jan 2024 06:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24989
IP address blocks:        185.7.71.0/24 maxlen: 24
                          89.110.128.0/18 maxlen: 18
                          2a05:c700::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:82:16:08:2d:f6:5e:d6:91:25:76:f5:a3:61:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331706b915bab8dac2b5547fbc87adeb61e6aede
        Validity
            Not Before: Jan  1 06:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38f68a86a9fb9fd4a72d25bc4f8929e75ad46155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6f:59:a8:21:4d:4e:a2:9d:74:0c:70:75:36:
                    a1:0f:fc:a5:f1:2e:b4:dd:e8:96:5c:79:8c:a4:16:
                    31:82:8e:ae:7b:39:48:67:f0:1d:68:2f:f6:85:0a:
                    75:59:21:9a:ba:c6:0e:fb:63:dd:5b:d3:62:de:67:
                    e2:1f:fd:53:66:24:1f:b3:45:ee:ae:d3:8d:79:0a:
                    8e:36:43:61:9a:41:fa:e7:fd:f3:11:f9:d4:35:cb:
                    f7:0f:56:23:73:3f:c6:06:67:39:17:50:b1:a9:f4:
                    9f:ea:8e:77:03:a3:c7:2e:90:f5:5c:e4:29:7b:a6:
                    f3:39:58:21:e9:5b:ea:97:c3:f5:46:23:da:c4:1e:
                    b4:66:cc:a4:5a:c8:06:29:bd:83:21:c7:85:de:71:
                    4e:d7:e4:96:8f:05:22:6a:03:bc:d5:e5:10:b8:e5:
                    c2:17:fd:e1:ba:32:91:5a:99:e2:df:09:94:ce:37:
                    50:e2:ba:03:a9:4a:36:3a:69:d0:b7:ca:a4:96:02:
                    ec:4f:e4:05:44:d7:6a:4e:e6:f0:9a:95:66:0e:8a:
                    a5:3b:40:1d:f3:99:8b:1d:78:be:c9:92:60:82:9f:
                    1e:63:06:17:39:c4:ec:da:88:82:7e:5c:e4:10:67:
                    aa:d9:1b:48:97:5d:7f:25:c0:14:f2:65:72:16:31:
                    7a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F6:8A:86:A9:FB:9F:D4:A7:2D:25:BC:4F:89:29:E7:5A:D4:61:55
            X509v3 Authority Key Identifier:
                keyid:33:17:06:B9:15:BA:B8:DA:C2:B5:54:7F:BC:87:AD:EB:61:E6:AE:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/OPaKhqn7n9SnLSW8T4kp51rUYVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.110.128.0/18
                  185.7.71.0/24
                IPv6:
                  2a05:c700::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:29:a0:b3:92:1e:ef:e8:e2:64:3b:de:6a:a4:cf:88:26:2e:
         5c:65:72:db:ec:6b:71:e6:c7:77:74:92:35:77:fa:18:d0:81:
         74:f1:f0:71:04:85:29:f4:85:d3:3c:2d:a1:0d:8e:6f:5e:84:
         34:34:c6:e5:61:12:ca:5e:8b:46:8a:f8:b5:4d:f0:11:e1:e0:
         f9:fa:6c:7d:7e:6d:76:9a:80:71:ea:e2:94:f8:28:a1:b2:cb:
         e4:c6:1d:72:3e:ba:11:bc:57:dd:b1:89:41:82:c5:37:37:3d:
         0e:4c:6d:73:5a:da:0b:29:6a:95:03:4e:41:e7:b3:b4:b1:76:
         9f:c6:56:a3:5e:8b:9c:85:97:e7:5a:b9:44:56:a6:09:82:cc:
         4b:bb:76:24:d1:bc:dd:68:63:f5:a0:bd:3a:37:c6:2a:14:be:
         6c:dd:e7:39:b5:55:19:85:69:6e:01:6d:1b:20:b5:47:31:2e:
         70:80:67:b6:d7:8a:27:25:d1:00:86:f7:67:5e:08:a6:cb:74:
         76:33:aa:89:e8:d2:73:d8:5f:dc:d2:2d:60:79:ef:d4:dc:31:
         df:1b:d2:44:4b:d8:0b:6a:b1:8a:5f:4f:ea:5a:8a:53:75:1c:
         93:5c:7a:d5:56:8c:f6:48:75:61:9e:5a:d6:dc:32:1a:8b:98:
         53:ed:77:2f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDtoIWCC32XtaRJXb1o2ELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMTcwNmI5MTViYWI4ZGFjMmI1NTQ3ZmJjODdhZGViNjFl
NmFlZGUwHhcNMjQwMTAxMDYyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGY2OGE4NmE5ZmI5ZmQ0YTcyZDI1YmM0Zjg5MjllNzVhZDQ2MTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu29ZqCFNTqKddAxwdTahD/yl8S60
3eiWXHmMpBYxgo6uezlIZ/AdaC/2hQp1WSGausYO+2PdW9Ni3mfiH/1TZiQfs0Xu
rtONeQqONkNhmkH65/3zEfnUNcv3D1Yjcz/GBmc5F1CxqfSf6o53A6PHLpD1XOQp
e6bzOVgh6Vvql8P1RiPaxB60ZsykWsgGKb2DIceF3nFO1+SWjwUiagO81eUQuOXC
F/3hujKRWpni3wmUzjdQ4roDqUo2OmnQt8qklgLsT+QFRNdqTubwmpVmDoqlO0Ad
85mLHXi+yZJggp8eYwYXOcTs2oiCflzkEGeq2RtIl11/JcAU8mVyFjF6gwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDj2ioap+5/Upy0lvE+JKeda1GFVMB8GA1UdIwQY
MBaAFDMXBrkVurjawrVUf7yHreth5q7eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXhjR3VSVzZ1TnJDdFZSX3ZJZXQ2MkhtcnQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xMTJjZTctNzQxNS00YzVkLWE4OTAt
ZWM5NTE0OGZkMjM2LzEvT1BhS2hxbjduOVNuTFNXOFQ0a3A1MXJVWVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xMTJjZTctNzQxNS00YzVkLWE4OTAtZWM5NTE0OGZkMjM2
LzEvTXhjR3VSVzZ1TnJDdFZSX3ZJZXQ2MkhtcnQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGWW6AAwQA
uQdHMA0EAgACMAcDBQAqBccAMA0GCSqGSIb3DQEBCwUAA4IBAQAyKaCzkh7v6OJk
O95qpM+IJi5cZXLb7Gtx5sd3dJI1d/oY0IF08fBxBIUp9IXTPC2hDY5vXoQ0NMbl
YRLKXotGivi1TfAR4eD5+mx9fm12moBx6uKU+Cihssvkxh1yProRvFfdsYlBgsU3
Nz0OTG1zWtoLKWqVA05B57O0sXafxlajXouchZfnWrlEVqYJgsxLu3Yk0bzdaGP1
oL06N8YqFL5s3ec5tVUZhWluAW0bILVHMS5wgGe214onJdEAhvdnXgimy3R2M6qJ
6NJz2F/c0i1gee/U3DHfG9JES9gLarGKX0/qWopTdRyTXHrVVoz2SHVhnlrW3DIa
i5hT7Xcv
-----END CERTIFICATE-----