Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/OFfAo4wd-dkpThTvWgQ9MH1MPn0.roa
File:                     OFfAo4wd-dkpThTvWgQ9MH1MPn0.roa (raw, json)
Hash identifier:          lN7WQhxCnNgB2/aufghaCwVWlQVoWYT5UX41SbmJ1UA=
Subject key identifier:   38:57:C0:A3:8C:1D:F9:D9:29:4E:14:EF:5A:04:3D:30:7D:4C:3E:7D
Certificate issuer:       /CN=4c2b89c3c57a3e296aa4061e962840be7ae8f018
Certificate serial:       018ED155D40973A1A7A6A357FE60CFDCA3E2
Authority key identifier: 4C:2B:89:C3:C5:7A:3E:29:6A:A4:06:1E:96:28:40:BE:7A:E8:F0:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/OFfAo4wd-dkpThTvWgQ9MH1MPn0.roa
Signing time:             Fri 12 Apr 2024 08:04:06 +0000
ROA not before:           Fri 12 Apr 2024 08:04:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50538
IP address blocks:        85.234.108.0/24 maxlen: 24
                          85.234.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:55:d4:09:73:a1:a7:a6:a3:57:fe:60:cf:dc:a3:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c2b89c3c57a3e296aa4061e962840be7ae8f018
        Validity
            Not Before: Apr 12 08:04:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3857c0a38c1df9d9294e14ef5a043d307d4c3e7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:93:21:f7:b2:46:af:81:b9:e8:d6:96:68:bd:
                    b2:91:5b:f2:66:6a:ad:ac:21:00:a7:36:d9:f9:ca:
                    0a:58:1b:5a:f9:4e:0a:8d:3b:97:80:59:a3:b4:cb:
                    07:8b:d2:76:da:22:19:ce:c2:9b:66:35:41:fd:2e:
                    66:e2:49:57:7c:1c:37:36:17:06:7b:b2:43:08:de:
                    81:9b:ae:9a:18:f9:74:ee:92:af:58:0b:b9:bf:de:
                    32:24:8e:ab:1b:11:bf:a5:62:5d:80:9b:41:6a:dc:
                    dc:41:ee:1a:3c:50:84:93:16:43:cb:b0:c9:27:82:
                    37:2f:a2:9d:2e:6a:32:8d:0f:53:b6:c0:63:2c:b1:
                    10:85:33:31:e4:b0:85:71:5b:4b:49:07:73:05:a0:
                    5d:b4:97:62:de:fb:14:e8:f8:88:40:11:d1:17:81:
                    36:e7:cb:4e:1e:17:c7:3b:36:5b:63:f3:c8:80:ca:
                    9e:02:9a:5d:70:52:0b:e7:e8:d2:d9:ad:02:bf:65:
                    dc:34:9c:56:38:eb:81:54:f8:db:1d:1e:37:00:45:
                    3f:fc:b8:28:88:46:da:71:7b:3b:98:c7:33:26:0a:
                    36:8c:12:f5:cd:22:71:f0:99:83:ab:6c:27:bb:1f:
                    02:64:a7:25:7f:16:36:08:a2:1f:40:5d:41:f5:c4:
                    47:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:57:C0:A3:8C:1D:F9:D9:29:4E:14:EF:5A:04:3D:30:7D:4C:3E:7D
            X509v3 Authority Key Identifier:
                keyid:4C:2B:89:C3:C5:7A:3E:29:6A:A4:06:1E:96:28:40:BE:7A:E8:F0:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/OFfAo4wd-dkpThTvWgQ9MH1MPn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.234.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:84:14:d6:43:2a:e4:2b:00:9e:d2:0b:2f:f4:87:cc:44:de:
         8a:9a:84:12:19:48:fe:25:f2:1b:e9:12:1f:70:c1:07:f4:60:
         33:2e:5d:30:9d:d2:31:9f:60:b6:6b:0d:c3:eb:49:0b:57:55:
         a0:b8:6f:23:73:d6:7a:4d:26:15:f0:91:3e:7d:8f:04:8a:88:
         c4:d1:fa:28:a0:c1:98:f1:26:36:55:c3:66:6b:0b:e8:32:4f:
         31:e0:c9:80:2a:ad:c8:75:09:1a:a1:22:3d:d0:a4:d0:dc:41:
         e0:93:08:e8:3e:77:cc:d9:d2:f9:20:aa:8b:92:d5:35:1e:e1:
         48:ed:e4:95:f2:4c:18:e0:ff:79:20:f1:93:ec:22:ac:ab:8f:
         a0:7a:ab:17:a2:7d:6b:d2:14:bf:43:29:b2:d7:42:45:da:37:
         8b:89:63:f5:a9:fa:09:52:8e:50:87:ed:fd:b1:ba:b1:99:2c:
         51:ad:5f:bf:0b:31:fd:02:d7:5d:b5:85:8e:fd:4f:c0:4b:ba:
         41:01:0f:e0:e2:c5:2e:77:91:b6:fe:61:df:d9:96:77:fa:a5:
         b8:40:0c:8a:0e:5f:f4:a7:f2:ca:28:cd:fb:1a:3f:81:36:ec:
         45:8c:77:3f:68:bc:d1:4f:17:f2:f0:28:74:fc:3a:81:8f:57:
         01:70:64:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7RVdQJc6GnpqNX/mDP3KPiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMmI4OWMzYzU3YTNlMjk2YWE0MDYxZTk2Mjg0MGJlN2Fl
OGYwMTgwHhcNMjQwNDEyMDgwNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU3YzBhMzhjMWRmOWQ5Mjk0ZTE0ZWY1YTA0M2QzMDdkNGMzZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5Mh97JGr4G56NaWaL2ykVvyZmqt
rCEApzbZ+coKWBta+U4KjTuXgFmjtMsHi9J22iIZzsKbZjVB/S5m4klXfBw3NhcG
e7JDCN6Bm66aGPl07pKvWAu5v94yJI6rGxG/pWJdgJtBatzcQe4aPFCEkxZDy7DJ
J4I3L6KdLmoyjQ9TtsBjLLEQhTMx5LCFcVtLSQdzBaBdtJdi3vsU6PiIQBHRF4E2
58tOHhfHOzZbY/PIgMqeAppdcFIL5+jS2a0Cv2XcNJxWOOuBVPjbHR43AEU//Lgo
iEbacXs7mMczJgo2jBL1zSJx8JmDq2wnux8CZKclfxY2CKIfQF1B9cRHSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhXwKOMHfnZKU4U71oEPTB9TD59MB8GA1UdIwQY
MBaAFEwricPFej4paqQGHpYoQL566PAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEN1Snc4VjZQaWxxcEFZZWxpaEF2bnJvOEJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni83MjE1NWEtZDEwOS00YzJkLWI5NzQt
MTEyOGU1Y2U2YTViLzEvT0ZmQW80d2QtZGtwVGhUdldnUTlNSDFNUG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni83MjE1NWEtZDEwOS00YzJkLWI5NzQtMTEyOGU1Y2U2YTVi
LzEvVEN1Snc4VjZQaWxxcEFZZWxpaEF2bnJvOEJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVepsMA0G
CSqGSIb3DQEBCwUAA4IBAQB4hBTWQyrkKwCe0gsv9IfMRN6KmoQSGUj+JfIb6RIf
cMEH9GAzLl0wndIxn2C2aw3D60kLV1WguG8jc9Z6TSYV8JE+fY8EiojE0foooMGY
8SY2VcNmawvoMk8x4MmAKq3IdQkaoSI90KTQ3EHgkwjoPnfM2dL5IKqLktU1HuFI
7eSV8kwY4P95IPGT7CKsq4+geqsXon1r0hS/Qymy10JF2jeLiWP1qfoJUo5Qh+39
sbqxmSxRrV+/CzH9AtddtYWO/U/AS7pBAQ/g4sUud5G2/mHf2ZZ3+qW4QAyKDl/0
p/LKKM37Gj+BNuxFjHc/aLzRTxfy8Ch0/DqBj1cBcGRY
-----END CERTIFICATE-----