Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/ba3adf-f655-455c-9e83-cc0fe473c37d/1/OFhqx2U1-As8lobqUdxruEA4-vM.roa
File:                     OFhqx2U1-As8lobqUdxruEA4-vM.roa (raw, json)
Hash identifier:          Ma6kISwO4fBnEI/4poWlpAoYaQnnAyvVvACXMohca+U=
Subject key identifier:   38:58:6A:C7:65:35:F8:0B:3C:96:86:EA:51:DC:6B:B8:40:38:FA:F3
Certificate issuer:       /CN=d83c5c31a2d9bfc4e010214a652dbd657d93b243
Certificate serial:       018CCA2BDDF54786D29F131EF3D82CA3FCDE
Authority key identifier: D8:3C:5C:31:A2:D9:BF:C4:E0:10:21:4A:65:2D:BD:65:7D:93:B2:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2DxcMaLZv8TgECFKZS29ZX2TskM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/ba3adf-f655-455c-9e83-cc0fe473c37d/1/OFhqx2U1-As8lobqUdxruEA4-vM.roa
Signing time:             Tue 02 Jan 2024 12:35:21 +0000
ROA not before:           Tue 02 Jan 2024 12:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211165
IP address blocks:        185.22.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/ba3adf-f655-455c-9e83-cc0fe473c37d/1/2DxcMaLZv8TgECFKZS29ZX2TskM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/ba3adf-f655-455c-9e83-cc0fe473c37d/1/2DxcMaLZv8TgECFKZS29ZX2TskM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2DxcMaLZv8TgECFKZS29ZX2TskM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:dd:f5:47:86:d2:9f:13:1e:f3:d8:2c:a3:fc:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d83c5c31a2d9bfc4e010214a652dbd657d93b243
        Validity
            Not Before: Jan  2 12:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38586ac76535f80b3c9686ea51dc6bb84038faf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:50:06:67:e8:b7:8e:05:41:df:94:65:53:20:
                    3f:13:1f:1e:ec:79:f0:87:5e:c5:3f:02:93:67:0c:
                    ec:02:ca:9b:91:98:b5:c0:bb:08:f5:a7:2b:8e:1c:
                    58:7c:2f:73:19:3d:9a:31:f2:02:91:78:64:bf:b2:
                    23:1b:ba:32:e6:e7:6f:d1:cf:39:68:7e:44:0a:7f:
                    bd:5a:7e:53:94:43:82:8d:56:b9:c9:82:f7:6d:3c:
                    37:12:77:92:68:60:ce:b5:1c:fa:ad:54:51:9b:16:
                    5d:16:e5:ad:e5:ca:a3:7a:41:79:a3:13:a7:f8:d5:
                    df:a8:05:5d:b7:73:1d:ff:4e:99:9f:89:6f:87:cd:
                    9b:f3:1b:ea:55:96:6e:41:03:84:ec:7c:d0:59:5c:
                    52:30:fd:a1:17:cc:d6:1e:d2:05:33:42:ec:58:65:
                    cb:00:43:82:b0:77:d0:9c:b6:e5:a6:8f:14:f1:5e:
                    20:b5:0c:ac:4b:57:89:0b:a8:c1:45:df:b9:6e:c2:
                    b2:b5:c1:d8:ca:d1:46:75:90:e5:9a:08:58:4a:4d:
                    07:d7:2f:14:40:af:24:20:e3:4e:53:5c:ae:53:54:
                    7e:ce:ab:9a:55:8e:cb:fc:5e:06:21:8b:f8:31:70:
                    ae:cf:02:8d:88:c2:25:a8:3a:05:a7:60:72:29:3c:
                    69:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:58:6A:C7:65:35:F8:0B:3C:96:86:EA:51:DC:6B:B8:40:38:FA:F3
            X509v3 Authority Key Identifier:
                keyid:D8:3C:5C:31:A2:D9:BF:C4:E0:10:21:4A:65:2D:BD:65:7D:93:B2:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2DxcMaLZv8TgECFKZS29ZX2TskM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ba3adf-f655-455c-9e83-cc0fe473c37d/1/OFhqx2U1-As8lobqUdxruEA4-vM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ba3adf-f655-455c-9e83-cc0fe473c37d/1/2DxcMaLZv8TgECFKZS29ZX2TskM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:ee:f3:8d:db:ad:e6:d5:16:21:ed:31:6e:d7:64:95:76:de:
         e3:29:de:c7:69:5e:67:36:b6:d3:01:fd:67:63:0c:49:a2:9e:
         27:c5:2e:2d:c7:96:aa:71:71:f4:42:39:a7:e8:15:03:ad:0e:
         07:8d:1f:57:b7:d5:03:e0:55:cd:b2:20:d7:db:04:19:47:22:
         38:96:14:69:8f:a2:96:53:e9:4e:f2:4d:ca:0d:69:41:81:cc:
         bc:3e:85:5b:15:53:c7:dd:43:e2:81:f7:58:7d:33:8c:cc:cc:
         dd:f2:ce:a3:d7:a2:b7:ca:e8:c2:c5:8c:3b:fc:41:57:9c:f8:
         d3:d3:b1:9e:09:32:08:8c:ca:7c:e6:44:7a:c9:8c:0c:31:5b:
         65:bc:84:c9:49:83:30:23:ed:88:14:64:68:16:1d:dd:6c:16:
         1e:24:dd:27:1a:3a:d5:a1:44:a0:0d:16:b9:f8:0e:41:9d:bc:
         43:21:1b:e2:06:f5:c1:9e:b1:12:e1:70:ae:78:ac:b1:15:35:
         0c:14:82:8d:86:91:77:61:5c:1f:d8:c0:33:b4:32:c4:e0:0c:
         eb:80:33:10:24:95:0b:60:c5:70:10:03:6b:45:7e:8b:d8:7d:
         6d:2f:88:99:21:82:a9:1a:66:36:b0:ac:a9:66:d5:fe:4e:38:
         bb:70:ae:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK931R4bSnxMe89gso/zeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4M2M1YzMxYTJkOWJmYzRlMDEwMjE0YTY1MmRiZDY1N2Q5
M2IyNDMwHhcNMjQwMTAyMTIzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU4NmFjNzY1MzVmODBiM2M5Njg2ZWE1MWRjNmJiODQwMzhmYWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlAGZ+i3jgVB35RlUyA/Ex8e7Hnw
h17FPwKTZwzsAsqbkZi1wLsI9acrjhxYfC9zGT2aMfICkXhkv7IjG7oy5udv0c85
aH5ECn+9Wn5TlEOCjVa5yYL3bTw3EneSaGDOtRz6rVRRmxZdFuWt5cqjekF5oxOn
+NXfqAVdt3Md/06Zn4lvh82b8xvqVZZuQQOE7HzQWVxSMP2hF8zWHtIFM0LsWGXL
AEOCsHfQnLblpo8U8V4gtQysS1eJC6jBRd+5bsKytcHYytFGdZDlmghYSk0H1y8U
QK8kIONOU1yuU1R+zquaVY7L/F4GIYv4MXCuzwKNiMIlqDoFp2ByKTxpLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhYasdlNfgLPJaG6lHca7hAOPrzMB8GA1UdIwQY
MBaAFNg8XDGi2b/E4BAhSmUtvWV9k7JDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkR4Y01hTFp2OFRnRUNGS1pTMjlaWDJUc2tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9iYTNhZGYtZjY1NS00NTVjLTllODMt
Y2MwZmU0NzNjMzdkLzEvT0ZocXgyVTEtQXM4bG9icVVkeHJ1RUE0LXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9iYTNhZGYtZjY1NS00NTVjLTllODMtY2MwZmU0NzNjMzdk
LzEvMkR4Y01hTFp2OFRnRUNGS1pTMjlaWDJUc2tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRblMA0G
CSqGSIb3DQEBCwUAA4IBAQCd7vON263m1RYh7TFu12SVdt7jKd7HaV5nNrbTAf1n
YwxJop4nxS4tx5aqcXH0Qjmn6BUDrQ4HjR9Xt9UD4FXNsiDX2wQZRyI4lhRpj6KW
U+lO8k3KDWlBgcy8PoVbFVPH3UPigfdYfTOMzMzd8s6j16K3yujCxYw7/EFXnPjT
07GeCTIIjMp85kR6yYwMMVtlvITJSYMwI+2IFGRoFh3dbBYeJN0nGjrVoUSgDRa5
+A5BnbxDIRviBvXBnrES4XCueKyxFTUMFIKNhpF3YVwf2MAztDLE4AzrgDMQJJUL
YMVwEANrRX6L2H1tL4iZIYKpGmY2sKypZtX+Tji7cK7j
-----END CERTIFICATE-----