Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/OzbuLpdXzB34nvn-Dxe7sBpVAEY.roa
File:                     OzbuLpdXzB34nvn-Dxe7sBpVAEY.roa (raw, json)
Hash identifier:          3PL9jB9l8Xdw74mRdOr+rnrXu67DgQC40qDSYvsDAzY=
Subject key identifier:   3B:36:EE:2E:97:57:CC:1D:F8:9E:F9:FE:0F:17:BB:B0:1A:55:00:46
Certificate issuer:       /CN=644f033f782eaf32ab09088775d64ac4b94b5b11
Certificate serial:       018CF88824468C4B4D4807EB93ECB3FCC8BF
Authority key identifier: 64:4F:03:3F:78:2E:AF:32:AB:09:08:87:75:D6:4A:C4:B9:4B:5B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZE8DP3gurzKrCQiHddZKxLlLWxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/OzbuLpdXzB34nvn-Dxe7sBpVAEY.roa
Signing time:             Thu 11 Jan 2024 12:38:40 +0000
ROA not before:           Thu 11 Jan 2024 12:38:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52209
IP address blocks:        213.134.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/ZE8DP3gurzKrCQiHddZKxLlLWxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/ZE8DP3gurzKrCQiHddZKxLlLWxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZE8DP3gurzKrCQiHddZKxLlLWxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f8:88:24:46:8c:4b:4d:48:07:eb:93:ec:b3:fc:c8:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644f033f782eaf32ab09088775d64ac4b94b5b11
        Validity
            Not Before: Jan 11 12:38:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b36ee2e9757cc1df89ef9fe0f17bbb01a550046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b9:b2:8c:0e:20:41:1c:64:ef:f5:df:7a:9e:
                    e2:5f:d5:22:aa:3d:82:f0:22:f2:d1:c0:36:8f:64:
                    43:21:da:55:76:ff:21:e8:88:bd:cc:02:d8:82:d3:
                    25:c6:50:9a:52:a6:dc:9e:5c:51:c3:31:32:d7:28:
                    98:07:77:f2:48:5a:c7:12:00:70:8a:6e:3d:80:3d:
                    dd:54:be:8d:e8:52:64:ca:a5:8b:f1:98:61:53:dc:
                    65:de:57:17:fa:bf:97:83:c8:7b:8c:49:2c:44:35:
                    a1:dc:3e:47:e3:25:fa:87:5c:48:98:22:70:37:a8:
                    96:81:0b:a5:a8:6c:62:88:b0:fd:93:b9:d7:c3:f3:
                    0f:94:c7:a0:8f:e5:6c:17:95:3f:d1:dd:63:76:89:
                    97:72:f4:7f:81:f1:ee:c7:58:1e:47:83:56:85:0e:
                    4a:32:ce:b6:0e:fd:92:5a:1a:01:09:4f:e4:4b:e0:
                    89:58:c3:61:5e:57:bf:88:cb:5e:6e:c2:49:b0:d3:
                    07:9c:90:b4:bc:4c:5a:c9:fc:f8:13:33:52:ff:30:
                    36:2f:fa:51:0a:95:66:fc:b2:c4:db:1e:af:ce:14:
                    e7:9b:05:2a:6f:73:05:22:40:af:82:cf:bd:fb:4f:
                    f3:f9:d1:45:42:64:9d:8d:47:6f:99:86:7a:e7:30:
                    12:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:36:EE:2E:97:57:CC:1D:F8:9E:F9:FE:0F:17:BB:B0:1A:55:00:46
            X509v3 Authority Key Identifier:
                keyid:64:4F:03:3F:78:2E:AF:32:AB:09:08:87:75:D6:4A:C4:B9:4B:5B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZE8DP3gurzKrCQiHddZKxLlLWxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/OzbuLpdXzB34nvn-Dxe7sBpVAEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/ZE8DP3gurzKrCQiHddZKxLlLWxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.134.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:79:0b:a0:83:0c:62:cc:3b:91:88:82:cc:a7:20:47:a0:75:
         94:4e:82:7f:95:26:5e:fc:81:9a:aa:6f:28:d8:3c:0e:bf:22:
         3d:c3:54:d7:26:ed:f5:b6:2a:da:a7:a4:74:31:e6:7c:4c:d3:
         36:d7:88:8b:18:8d:39:e9:92:e5:9f:89:23:f4:d5:43:f5:51:
         e4:4e:56:a8:d8:cb:10:07:1d:ab:3d:e8:c6:b4:f8:bf:0e:3d:
         6b:58:d0:b1:aa:4d:9e:89:40:3c:8a:b9:4b:a0:8e:04:55:bf:
         48:1c:e9:9e:38:f0:a0:85:67:03:98:34:9f:25:2a:0b:5f:84:
         71:a8:28:98:d1:d4:0a:46:8e:89:6d:b5:52:30:96:4e:9d:38:
         27:50:f6:3c:8b:fa:e0:bf:be:ce:0f:c9:2f:ef:bd:d0:ed:14:
         c4:09:60:45:67:7f:5d:ab:52:c4:44:7a:61:e4:2d:3a:d3:40:
         bb:8b:57:0e:ed:29:00:84:31:c9:bc:b0:cf:1c:a8:b9:08:c7:
         81:6e:02:00:a9:47:28:7d:fe:db:2c:ed:89:9d:22:44:b5:13:
         43:f3:09:42:b0:6a:74:ac:ea:94:5a:27:2f:1d:2d:d7:36:ff:
         74:c4:4f:54:95:21:46:98:d4:58:23:ce:50:f3:c6:39:c0:87:
         a5:17:eb:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz4iCRGjEtNSAfrk+yz/Mi/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGYwMzNmNzgyZWFmMzJhYjA5MDg4Nzc1ZDY0YWM0Yjk0
YjViMTEwHhcNMjQwMTExMTIzODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjM2ZWUyZTk3NTdjYzFkZjg5ZWY5ZmUwZjE3YmJiMDFhNTUwMDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbmyjA4gQRxk7/Xfep7iX9Uiqj2C
8CLy0cA2j2RDIdpVdv8h6Ii9zALYgtMlxlCaUqbcnlxRwzEy1yiYB3fySFrHEgBw
im49gD3dVL6N6FJkyqWL8ZhhU9xl3lcX+r+Xg8h7jEksRDWh3D5H4yX6h1xImCJw
N6iWgQulqGxiiLD9k7nXw/MPlMegj+VsF5U/0d1jdomXcvR/gfHux1geR4NWhQ5K
Ms62Dv2SWhoBCU/kS+CJWMNhXle/iMtebsJJsNMHnJC0vExayfz4EzNS/zA2L/pR
CpVm/LLE2x6vzhTnmwUqb3MFIkCvgs+9+0/z+dFFQmSdjUdvmYZ65zASoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDs27i6XV8wd+J75/g8Xu7AaVQBGMB8GA1UdIwQY
MBaAFGRPAz94Lq8yqwkIh3XWSsS5S1sRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkU4RFAzZ3VyektyQ1FpSGRkWkt4TGxMV3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS84N2NhOTEtNmZiOC00MDM4LTg5MGMt
NDkxNWZlN2Y5MmNlLzEvT3pidUxwZFh6QjM0bnZuLUR4ZTdzQnBWQUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS84N2NhOTEtNmZiOC00MDM4LTg5MGMtNDkxNWZlN2Y5MmNl
LzEvWkU4RFAzZ3VyektyQ1FpSGRkWkt4TGxMV3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YYRMA0G
CSqGSIb3DQEBCwUAA4IBAQBWeQuggwxizDuRiILMpyBHoHWUToJ/lSZe/IGaqm8o
2DwOvyI9w1TXJu31tirap6R0MeZ8TNM214iLGI056ZLln4kj9NVD9VHkTlao2MsQ
Bx2rPejGtPi/Dj1rWNCxqk2eiUA8irlLoI4EVb9IHOmeOPCghWcDmDSfJSoLX4Rx
qCiY0dQKRo6JbbVSMJZOnTgnUPY8i/rgv77OD8kv773Q7RTECWBFZ39dq1LERHph
5C0600C7i1cO7SkAhDHJvLDPHKi5CMeBbgIAqUcoff7bLO2JnSJEtRND8wlCsGp0
rOqUWicvHS3XNv90xE9UlSFGmNRYI85Q88Y5wIelF+st
-----END CERTIFICATE-----