Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/OC4Uwb6Q5kJno2ZoIyHvySKw6nE.roa
File:                     OC4Uwb6Q5kJno2ZoIyHvySKw6nE.roa (raw, json)
Hash identifier:          Fhzek0bV1WEoR+uZe5kkOvhCOnecsM7zDF1ScprjRNs=
Subject key identifier:   38:2E:14:C1:BE:90:E6:42:67:A3:66:68:23:21:EF:C9:22:B0:EA:71
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018EC96BC4A5183B66140CB3F42F5E52254B
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/OC4Uwb6Q5kJno2ZoIyHvySKw6nE.roa
Signing time:             Wed 10 Apr 2024 19:11:06 +0000
ROA not before:           Wed 10 Apr 2024 19:11:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        87.236.165.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c9:6b:c4:a5:18:3b:66:14:0c:b3:f4:2f:5e:52:25:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Apr 10 19:11:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=382e14c1be90e64267a366682321efc922b0ea71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:61:d9:19:c3:3b:ae:50:42:a3:3d:06:a0:f3:
                    16:39:66:28:2a:13:e1:94:04:cd:bd:fa:bb:32:de:
                    a2:94:cd:69:76:6f:3d:54:ab:80:c9:6d:c9:5d:77:
                    76:48:fe:15:92:b1:1c:05:9e:1a:1c:0e:3d:81:72:
                    72:1f:c9:1d:9b:65:ec:8a:55:52:01:45:9b:cf:7f:
                    f7:a0:eb:c9:ff:f4:4f:d1:df:89:d2:b6:41:1b:a9:
                    bb:8e:26:76:3b:ba:b2:fc:b0:c3:f6:c3:15:d3:44:
                    b7:70:63:2c:3f:68:1a:21:a3:99:1e:4f:64:fe:20:
                    98:a4:b8:fe:5d:24:28:62:ed:20:48:b5:ad:0e:2b:
                    51:44:2a:5c:7a:e4:27:77:c8:68:90:4d:c4:8d:8a:
                    1a:98:61:82:c8:5a:70:11:e1:9b:da:12:c2:0c:49:
                    4a:67:43:ea:cf:50:36:18:94:e5:49:4d:81:9c:06:
                    1e:31:d6:96:9b:cd:79:08:30:d7:29:b9:58:f9:04:
                    a5:0d:b1:ce:c0:40:58:e3:90:a8:02:73:8b:92:ff:
                    ac:46:ce:52:4c:b9:8b:c0:16:cf:ea:d2:8a:a5:fd:
                    b0:33:af:5a:1d:36:a9:01:b8:58:e4:4f:a8:aa:ae:
                    c7:cd:c3:d9:39:80:04:8b:ae:58:72:e0:e8:c4:ac:
                    82:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:2E:14:C1:BE:90:E6:42:67:A3:66:68:23:21:EF:C9:22:B0:EA:71
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/OC4Uwb6Q5kJno2ZoIyHvySKw6nE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:39:db:11:64:e4:59:08:05:88:5f:49:61:9e:6f:9a:f6:42:
         29:e5:2a:95:39:18:af:49:54:19:d5:88:1e:e5:b6:d6:9a:8f:
         9f:b6:20:a2:88:7d:6c:9c:8f:ed:7a:02:68:b8:00:1d:f8:78:
         82:86:26:d1:6e:31:05:4c:3d:ba:8f:8e:5b:ba:0d:51:b1:75:
         86:aa:77:c7:67:32:3d:cc:df:72:d0:71:6e:60:d9:a7:0f:29:
         aa:49:cf:9e:b2:20:ea:20:d6:df:d8:d8:7e:3e:d8:93:de:44:
         18:f1:24:2a:4e:c0:5b:58:ad:67:71:a7:54:d6:bc:b5:ad:0a:
         73:ca:dc:f6:2a:0b:87:6b:09:64:06:bc:80:8a:66:0e:a9:cf:
         8c:6f:72:08:e6:dd:b9:80:f8:82:fd:e2:d6:0d:40:9c:ca:f3:
         31:7a:80:a1:7c:64:49:bd:3c:5d:9e:04:81:74:70:21:92:63:
         6a:6e:65:3a:d3:63:22:3a:b4:7b:51:7b:e9:ed:dc:d0:26:75:
         ad:16:b4:b3:50:aa:8a:79:ba:ee:73:e3:7f:5d:0d:65:b3:bd:
         79:82:1a:3c:38:97:fb:a3:95:8a:61:66:a1:dc:bf:9d:7d:1f:
         29:89:5a:04:9f:ea:76:10:91:70:4f:50:80:85:57:91:4f:f7:
         bd:5b:e1:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Ja8SlGDtmFAyz9C9eUiVLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwNDEwMTkxMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODJlMTRjMWJlOTBlNjQyNjdhMzY2NjgyMzIxZWZjOTIyYjBlYTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmHZGcM7rlBCoz0GoPMWOWYoKhPh
lATNvfq7Mt6ilM1pdm89VKuAyW3JXXd2SP4VkrEcBZ4aHA49gXJyH8kdm2XsilVS
AUWbz3/3oOvJ//RP0d+J0rZBG6m7jiZ2O7qy/LDD9sMV00S3cGMsP2gaIaOZHk9k
/iCYpLj+XSQoYu0gSLWtDitRRCpceuQnd8hokE3EjYoamGGCyFpwEeGb2hLCDElK
Z0Pqz1A2GJTlSU2BnAYeMdaWm815CDDXKblY+QSlDbHOwEBY45CoAnOLkv+sRs5S
TLmLwBbP6tKKpf2wM69aHTapAbhY5E+oqq7HzcPZOYAEi65YcuDoxKyCCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDguFMG+kOZCZ6NmaCMh78kisOpxMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvT0M0VXdiNlE1a0pubzJab0l5SHZ5U0t3Nm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+ylMA0G
CSqGSIb3DQEBCwUAA4IBAQCIOdsRZORZCAWIX0lhnm+a9kIp5SqVORivSVQZ1Yge
5bbWmo+ftiCiiH1snI/tegJouAAd+HiChibRbjEFTD26j45bug1RsXWGqnfHZzI9
zN9y0HFuYNmnDymqSc+esiDqINbf2Nh+PtiT3kQY8SQqTsBbWK1ncadU1ry1rQpz
ytz2KguHawlkBryAimYOqc+Mb3II5t25gPiC/eLWDUCcyvMxeoChfGRJvTxdngSB
dHAhkmNqbmU602MiOrR7UXvp7dzQJnWtFrSzUKqKebruc+N/XQ1ls715gho8OJf7
o5WKYWah3L+dfR8piVoEn+p2EJFwT1CAhVeRT/e9W+Ev
-----END CERTIFICATE-----