Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/3OTTV74v7zK6wv8gewZrtPfRyjA.roa
File:                     3OTTV74v7zK6wv8gewZrtPfRyjA.roa (raw, json)
Hash identifier:          3+j1cmZmXcXTG6FjhxUoaUNzrXJw30tvNlp1PJXuKo0=
Subject key identifier:   DC:E4:D3:57:BE:2F:EF:32:BA:C2:FF:20:7B:06:6B:B4:F7:D1:CA:30
Certificate issuer:       /CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
Certificate serial:       018F1917127226D1A4670C0715FFCD06FD6F
Authority key identifier: 9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/3OTTV74v7zK6wv8gewZrtPfRyjA.roa
Signing time:             Fri 26 Apr 2024 06:28:13 +0000
ROA not before:           Fri 26 Apr 2024 06:28:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22168
IP address blocks:        185.91.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:19:17:12:72:26:d1:a4:67:0c:07:15:ff:cd:06:fd:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
        Validity
            Not Before: Apr 26 06:28:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dce4d357be2fef32bac2ff207b066bb4f7d1ca30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3e:a5:dc:34:1b:b7:54:8a:24:e4:dc:08:78:
                    ea:ca:0f:0b:0f:5b:85:09:07:8c:e9:a7:fc:f7:14:
                    73:09:d1:36:05:70:e0:e7:1f:09:59:2b:07:80:a6:
                    fb:aa:82:0d:b2:c8:cd:2b:c6:92:91:96:5b:d7:8e:
                    a5:73:57:e6:34:f7:57:0e:13:eb:8b:d1:30:8d:e6:
                    28:b8:56:42:0b:af:16:e6:29:56:14:b8:8d:da:30:
                    50:61:b9:82:06:47:9a:e5:b7:13:5d:4d:96:87:a8:
                    64:65:63:2e:91:63:6f:63:94:8d:90:6c:41:a1:bf:
                    62:6b:8d:d4:09:b2:da:93:96:cf:4a:d1:f6:2a:65:
                    85:03:e5:43:41:c9:48:40:98:88:50:70:31:5e:de:
                    a0:62:1a:69:5b:bd:79:7d:47:5a:34:4a:0e:85:bf:
                    d1:79:6c:61:c3:11:b8:5b:c2:60:58:a3:4d:97:1a:
                    74:0d:2a:2f:24:17:d0:e1:f9:bf:de:09:25:75:c9:
                    cb:9b:34:fa:84:6b:6c:f5:c7:26:b5:ae:a5:bd:be:
                    67:da:b9:70:71:94:8c:72:3b:18:f3:8e:1e:cd:af:
                    b8:da:0b:53:1e:2f:2d:8c:86:fd:f6:19:40:55:df:
                    31:5b:24:1c:72:cf:d9:f0:98:4a:dc:d7:55:43:bf:
                    b5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E4:D3:57:BE:2F:EF:32:BA:C2:FF:20:7B:06:6B:B4:F7:D1:CA:30
            X509v3 Authority Key Identifier:
                keyid:9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/3OTTV74v7zK6wv8gewZrtPfRyjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:22:62:36:67:18:3e:56:8a:10:70:55:3b:15:ca:33:c4:0a:
         2a:ec:34:b1:ae:e4:2d:c3:16:92:91:a8:9b:b0:25:64:44:bc:
         da:0e:b2:b7:fb:a0:59:40:03:08:fa:d3:b9:b7:08:b4:8c:58:
         ed:0f:a5:18:98:59:2d:1e:e1:27:32:00:f8:27:a2:50:52:75:
         f9:15:d7:a4:a7:1c:51:da:37:9c:96:5c:12:a8:b4:ea:65:cd:
         b3:b2:ad:04:af:af:67:4b:b6:86:00:af:2a:80:0b:d2:5c:d9:
         03:44:cf:db:41:e7:26:8d:33:b5:c2:51:13:5a:96:35:24:86:
         1e:7e:13:f0:f8:9f:19:93:a2:b2:22:15:9b:1b:0b:04:71:cd:
         60:1a:36:96:f7:45:04:34:30:7c:34:04:7d:a3:8f:fd:f6:6a:
         9a:8d:17:7a:fd:48:ad:6d:d7:7e:1d:c2:50:d5:fc:2f:77:fe:
         69:5a:62:dc:79:68:35:76:f1:4a:25:b0:28:5e:52:bc:94:62:
         c3:7b:84:83:18:36:bb:fc:05:c8:9e:b7:5f:4c:b3:f2:9a:27:
         a9:03:51:06:45:c3:9f:4c:d8:46:38:6d:e3:1a:b5:90:c7:c4:
         d5:15:fe:0b:8d:03:ac:6b:01:ac:17:ec:18:84:a0:2a:71:fd:
         a3:55:ec:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8ZFxJyJtGkZwwHFf/NBv1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYWYwYmY5M2ZjNDM4MWZmZjdlN2FhODZiNDA3NmMwMzMy
NDJmZmEwHhcNMjQwNDI2MDYyODEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2U0ZDM1N2JlMmZlZjMyYmFjMmZmMjA3YjA2NmJiNGY3ZDFjYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAij6l3DQbt1SKJOTcCHjqyg8LD1uF
CQeM6af89xRzCdE2BXDg5x8JWSsHgKb7qoINssjNK8aSkZZb146lc1fmNPdXDhPr
i9EwjeYouFZCC68W5ilWFLiN2jBQYbmCBkea5bcTXU2Wh6hkZWMukWNvY5SNkGxB
ob9ia43UCbLak5bPStH2KmWFA+VDQclIQJiIUHAxXt6gYhppW715fUdaNEoOhb/R
eWxhwxG4W8JgWKNNlxp0DSovJBfQ4fm/3gkldcnLmzT6hGts9ccmta6lvb5n2rlw
cZSMcjsY844eza+42gtTHi8tjIb99hlAVd8xWyQccs/Z8JhK3NdVQ7+1FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzk01e+L+8yusL/IHsGa7T30cowMB8GA1UdIwQY
MBaAFJ+vC/k/xDgf/356qGtAdsAzJC/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgt
ZjUyMGE3ZDcxZWY1LzEvM09UVFY3NHY3eks2d3Y4Z2V3WnJ0UGZSeWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgtZjUyMGE3ZDcxZWY1
LzEvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVvMMA0G
CSqGSIb3DQEBCwUAA4IBAQDMImI2Zxg+VooQcFU7FcozxAoq7DSxruQtwxaSkaib
sCVkRLzaDrK3+6BZQAMI+tO5twi0jFjtD6UYmFktHuEnMgD4J6JQUnX5FdekpxxR
2jecllwSqLTqZc2zsq0Er69nS7aGAK8qgAvSXNkDRM/bQecmjTO1wlETWpY1JIYe
fhPw+J8Zk6KyIhWbGwsEcc1gGjaW90UENDB8NAR9o4/99mqajRd6/Uitbdd+HcJQ
1fwvd/5pWmLceWg1dvFKJbAoXlK8lGLDe4SDGDa7/AXInrdfTLPymiepA1EGRcOf
TNhGOG3jGrWQx8TVFf4LjQOsawGsF+wYhKAqcf2jVexU
-----END CERTIFICATE-----