Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/OROavp_f-581FMShF6NfoNxGIes.roa
File:                     OROavp_f-581FMShF6NfoNxGIes.roa (raw, json)
Hash identifier:          rmchFsjcJjFp0INtVS1E1UnEfdQY5VPf0uGayH+ifQI=
Subject key identifier:   39:13:9A:BE:9F:DF:FB:9F:35:14:C4:A1:17:A3:5F:A0:DC:46:21:EB
Certificate issuer:       /CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
Certificate serial:       018EC3DAAED1DBE7B33B616A42BF8AF6E25B
Authority key identifier: BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/OROavp_f-581FMShF6NfoNxGIes.roa
Signing time:             Tue 09 Apr 2024 17:14:32 +0000
ROA not before:           Tue 09 Apr 2024 17:14:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        212.96.150.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c3:da:ae:d1:db:e7:b3:3b:61:6a:42:bf:8a:f6:e2:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
        Validity
            Not Before: Apr  9 17:14:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39139abe9fdffb9f3514c4a117a35fa0dc4621eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:0b:1b:b5:67:00:f1:41:08:ab:ed:b9:d8:2d:
                    b8:81:41:44:f8:ef:65:e9:63:64:ff:7d:f4:fe:b8:
                    2a:fe:65:74:3e:8f:6f:1b:9c:c7:74:23:32:c0:97:
                    96:b4:6d:72:69:81:18:33:a8:50:b5:0f:0c:4c:43:
                    13:72:4e:f3:44:7c:5e:2f:2c:7d:91:73:b5:f4:9e:
                    71:00:0f:2d:9c:c9:d9:13:7e:ec:90:fe:d8:88:64:
                    9f:d4:2d:23:4a:84:fc:61:b7:2f:9d:5a:2f:68:db:
                    0f:53:46:52:a4:9f:8d:fb:b8:99:e9:c9:ee:1f:09:
                    a2:13:1e:b4:0e:db:87:45:60:99:5f:1c:38:91:cd:
                    f1:23:67:47:50:c1:f3:84:1d:c9:88:63:73:67:e7:
                    a4:8f:4c:a3:40:d9:5a:88:0a:aa:b7:4a:3d:c9:d9:
                    4d:d2:14:b9:09:f8:08:3e:2f:ad:9a:64:c6:2a:b7:
                    c2:72:05:28:e6:f3:d1:25:4b:93:26:7a:f9:98:1f:
                    40:6f:bd:6c:b1:df:d6:fb:60:24:da:b1:d4:01:24:
                    5a:cb:8f:b6:a6:94:55:7c:76:76:f1:38:cd:31:ef:
                    08:4e:21:cd:0d:06:e3:46:32:bf:52:58:ef:1a:1f:
                    5f:78:17:29:59:0c:28:25:70:e3:e5:b1:73:37:48:
                    9b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:13:9A:BE:9F:DF:FB:9F:35:14:C4:A1:17:A3:5F:A0:DC:46:21:EB
            X509v3 Authority Key Identifier:
                keyid:BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/OROavp_f-581FMShF6NfoNxGIes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.96.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:18:52:65:14:d9:60:0c:fa:8c:bd:3b:ad:be:b8:96:0d:c8:
         4e:e3:ed:4d:58:cf:ae:72:12:78:f5:e8:5f:69:6e:55:66:8d:
         65:1c:8b:39:d2:72:e0:c0:0d:f4:e2:31:d7:cf:c3:de:e9:74:
         de:94:ba:d0:74:7e:08:ab:46:6f:77:28:58:5d:ab:e3:54:6a:
         af:85:78:15:7b:5d:c6:7a:43:58:1a:14:45:74:42:5f:9f:33:
         69:6a:de:06:85:de:8a:af:5b:0f:ee:54:49:01:de:4c:a8:01:
         ee:e3:52:88:fc:db:b3:60:bd:6b:13:90:b4:f4:1d:5c:6a:2d:
         c2:09:6c:59:12:e2:65:9c:8b:f9:d9:ac:75:1f:8e:48:b7:0d:
         71:40:f9:f4:15:c5:c8:4c:71:c4:de:de:47:27:da:76:59:cd:
         95:96:f1:93:5e:b1:4c:4e:5f:ae:83:fb:8f:b9:2c:ad:9c:6c:
         37:e6:9e:ef:18:76:50:12:53:b7:24:31:59:93:8c:b6:b3:66:
         e9:5d:d3:b6:b7:e1:e7:72:c3:2a:30:f9:c1:79:ce:0b:cd:8d:
         71:6e:6a:25:e4:1f:32:e3:15:bf:02:e4:ca:e3:09:de:12:3a:
         5d:31:7c:b2:dc:70:72:76:f4:b3:70:50:72:f5:c3:e1:70:51:
         e1:cf:36:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7D2q7R2+ezO2FqQr+K9uJbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjM2EyNTJhOGZjY2EwMzYxZGEyMzRhNGYzZGRiOTU3Nzg5
ZDBlNTUwHhcNMjQwNDA5MTcxNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTEzOWFiZTlmZGZmYjlmMzUxNGM0YTExN2EzNWZhMGRjNDYyMWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwsbtWcA8UEIq+252C24gUFE+O9l
6WNk/330/rgq/mV0Po9vG5zHdCMywJeWtG1yaYEYM6hQtQ8MTEMTck7zRHxeLyx9
kXO19J5xAA8tnMnZE37skP7YiGSf1C0jSoT8YbcvnVovaNsPU0ZSpJ+N+7iZ6cnu
HwmiEx60DtuHRWCZXxw4kc3xI2dHUMHzhB3JiGNzZ+ekj0yjQNlaiAqqt0o9ydlN
0hS5CfgIPi+tmmTGKrfCcgUo5vPRJUuTJnr5mB9Ab71ssd/W+2Ak2rHUASRay4+2
ppRVfHZ28TjNMe8ITiHNDQbjRjK/UljvGh9feBcpWQwoJXDj5bFzN0ibUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkTmr6f3/ufNRTEoRejX6DcRiHrMB8GA1UdIwQY
MBaAFLw6JSqPzKA2HaI0pPPduVd4nQ5VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDkt
MGExOTUxOGY3MzU4LzEvT1JPYXZwX2YtNTgxRk1TaEY2TmZvTnhHSWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDktMGExOTUxOGY3MzU4
LzEvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1GCWMA0G
CSqGSIb3DQEBCwUAA4IBAQAPGFJlFNlgDPqMvTutvriWDchO4+1NWM+uchJ49ehf
aW5VZo1lHIs50nLgwA304jHXz8Pe6XTelLrQdH4Iq0ZvdyhYXavjVGqvhXgVe13G
ekNYGhRFdEJfnzNpat4Ghd6Kr1sP7lRJAd5MqAHu41KI/NuzYL1rE5C09B1cai3C
CWxZEuJlnIv52ax1H45Itw1xQPn0FcXITHHE3t5HJ9p2Wc2VlvGTXrFMTl+ug/uP
uSytnGw35p7vGHZQElO3JDFZk4y2s2bpXdO2t+HncsMqMPnBec4LzY1xbmol5B8y
4xW/AuTK4wneEjpdMXyy3HBydvSzcFBy9cPhcFHhzzY1
-----END CERTIFICATE-----