Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OPOmC5ry7uVnRA59aPYHo1bDtdc.roa
File:                     OPOmC5ry7uVnRA59aPYHo1bDtdc.roa (raw, json)
Hash identifier:          N7f/QlXRmDBXRyqrViHH4lhBDFKyaKfJgtkwatOrR5s=
Subject key identifier:   38:F3:A6:0B:9A:F2:EE:E5:67:44:0E:7D:68:F6:07:A3:56:C3:B5:D7
Certificate issuer:       /CN=38083044fb6c43bffad5fd54b07d2cc7c00d1bd3
Certificate serial:       019036656A8032009E579B84E5B98610313C
Authority key identifier: 38:08:30:44:FB:6C:43:BF:FA:D5:FD:54:B0:7D:2C:C7:C0:0D:1B:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OPOmC5ry7uVnRA59aPYHo1bDtdc.roa
Signing time:             Thu 20 Jun 2024 16:05:34 +0000
ROA not before:           Thu 20 Jun 2024 16:05:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20853
IP address blocks:        94.101.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:36:65:6a:80:32:00:9e:57:9b:84:e5:b9:86:10:31:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38083044fb6c43bffad5fd54b07d2cc7c00d1bd3
        Validity
            Not Before: Jun 20 16:05:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38f3a60b9af2eee567440e7d68f607a356c3b5d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:55:a6:9c:39:44:db:c2:f0:49:b9:bc:18:42:
                    64:c1:b0:51:ba:ee:ed:68:b6:59:36:82:d6:97:16:
                    f0:ea:7d:86:4e:33:71:c1:29:3a:62:0c:3e:67:85:
                    f0:b4:38:46:a6:41:2e:92:36:4c:01:61:44:5b:71:
                    3b:48:23:12:1a:df:b0:74:29:d5:92:a0:a2:65:cb:
                    b3:7e:f9:ea:76:40:72:4b:1b:6a:39:c4:2e:a1:f3:
                    93:af:20:cb:fd:53:63:20:11:65:bc:a0:a7:6b:82:
                    fa:f1:29:aa:01:26:38:16:64:6e:56:aa:2e:70:ca:
                    c5:3e:c9:cf:50:85:fa:77:90:43:9c:15:cf:97:8b:
                    f9:5f:da:fa:4c:90:59:6d:4f:ac:bd:77:6d:70:e3:
                    93:4f:7f:21:1e:79:d3:1f:14:6e:26:8a:3d:9e:8c:
                    d2:49:42:02:37:89:9e:b3:d7:04:53:57:87:ff:68:
                    1c:dc:23:b0:1c:e7:98:55:39:c0:d7:79:f7:a2:4e:
                    eb:9d:31:68:9c:8c:de:9c:f2:48:fc:af:6d:54:f1:
                    11:51:31:b8:49:3a:c4:66:33:fe:ae:36:96:84:35:
                    49:0a:2d:12:eb:7d:50:ad:0b:05:c2:b1:4a:b9:38:
                    69:a9:d7:bd:58:11:5d:fe:d7:0e:20:44:1d:cc:e9:
                    b7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F3:A6:0B:9A:F2:EE:E5:67:44:0E:7D:68:F6:07:A3:56:C3:B5:D7
            X509v3 Authority Key Identifier:
                keyid:38:08:30:44:FB:6C:43:BF:FA:D5:FD:54:B0:7D:2C:C7:C0:0D:1B:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OPOmC5ry7uVnRA59aPYHo1bDtdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:f4:68:2e:03:f1:82:7d:fa:7f:11:03:50:80:f2:34:f6:b1:
         af:84:8e:e3:b5:c8:73:a1:b6:b0:f9:ea:d6:ef:29:5a:20:03:
         24:04:70:48:ea:cf:3b:f6:1c:58:64:a3:59:59:74:9f:41:51:
         ae:24:9d:79:6c:b4:b5:7b:90:29:36:d9:a2:b9:55:cb:2b:7c:
         92:99:4b:24:b4:eb:1f:4c:03:63:49:6b:d5:02:99:8c:5f:30:
         bf:b7:32:bd:d3:e2:8b:d2:33:35:50:16:4c:c6:4a:34:7d:9c:
         b5:4a:52:c1:06:d5:72:70:ed:8b:91:67:fe:c2:e9:04:f3:45:
         eb:dd:4c:65:96:a4:ce:10:2d:ed:5d:a6:42:b6:ce:5a:0e:0b:
         5a:78:65:ae:60:ef:1e:88:38:b4:a0:60:cd:ac:27:da:34:04:
         b4:70:7f:da:96:2d:b8:62:f2:1b:08:3b:8d:c1:cf:a0:d1:77:
         9d:3a:b8:c9:15:2c:e7:06:32:f2:12:df:37:1c:26:f1:9f:8a:
         11:1a:f7:28:eb:cd:4d:13:21:1d:39:5c:fb:d9:73:4e:77:bc:
         98:f7:0f:8b:1c:c1:c4:78:19:55:7d:a9:89:d5:b5:d0:9c:18:
         ff:21:ba:8d:4b:b4:22:ed:cb:61:23:5d:38:c1:df:13:06:82:
         3d:1c:0d:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA2ZWqAMgCeV5uE5bmGEDE8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MDgzMDQ0ZmI2YzQzYmZmYWQ1ZmQ1NGIwN2QyY2M3YzAw
ZDFiZDMwHhcNMjQwNjIwMTYwNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGYzYTYwYjlhZjJlZWU1Njc0NDBlN2Q2OGY2MDdhMzU2YzNiNWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lWmnDlE28LwSbm8GEJkwbBRuu7t
aLZZNoLWlxbw6n2GTjNxwSk6Ygw+Z4XwtDhGpkEukjZMAWFEW3E7SCMSGt+wdCnV
kqCiZcuzfvnqdkBySxtqOcQuofOTryDL/VNjIBFlvKCna4L68SmqASY4FmRuVqou
cMrFPsnPUIX6d5BDnBXPl4v5X9r6TJBZbU+svXdtcOOTT38hHnnTHxRuJoo9nozS
SUICN4mes9cEU1eH/2gc3COwHOeYVTnA13n3ok7rnTFonIzenPJI/K9tVPERUTG4
STrEZjP+rjaWhDVJCi0S631QrQsFwrFKuThpqde9WBFd/tcOIEQdzOm3vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjzpgua8u7lZ0QOfWj2B6NWw7XXMB8GA1UdIwQY
MBaAFDgIMET7bEO/+tX9VLB9LMfADRvTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fnd1JQdHNRN182MWYxVXNIMHN4OEFORzlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NGE2YjgtMzlkMy00Zjc5LWFlMjUt
YTk1NTExYmE0ZDQ2LzEvT1BPbUM1cnk3dVZuUkE1OWFQWUhvMWJEdGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NGE2YjgtMzlkMy00Zjc5LWFlMjUtYTk1NTExYmE0ZDQ2
LzEvT0Fnd1JQdHNRN182MWYxVXNIMHN4OEFORzlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmVjMA0G
CSqGSIb3DQEBCwUAA4IBAQAE9GguA/GCffp/EQNQgPI09rGvhI7jtchzobaw+erW
7ylaIAMkBHBI6s879hxYZKNZWXSfQVGuJJ15bLS1e5ApNtmiuVXLK3ySmUsktOsf
TANjSWvVApmMXzC/tzK90+KL0jM1UBZMxko0fZy1SlLBBtVycO2LkWf+wukE80Xr
3UxllqTOEC3tXaZCts5aDgtaeGWuYO8eiDi0oGDNrCfaNAS0cH/ali24YvIbCDuN
wc+g0XedOrjJFSznBjLyEt83HCbxn4oRGvco681NEyEdOVz72XNOd7yY9w+LHMHE
eBlVfamJ1bXQnBj/IbqNS7Qi7cthI104wd8TBoI9HA3w
-----END CERTIFICATE-----