Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/f4f0d5-7e43-46be-b092-5ba501e0b370/1/otOV2Kha4BBD0jNfnDoNUF1Q0Ww.roa
File:                     otOV2Kha4BBD0jNfnDoNUF1Q0Ww.roa (raw, json)
Hash identifier:          2vsa7yNSzL3L+wm/oGRGnr3A36z6oa1KPJJavXg30B0=
Subject key identifier:   A2:D3:95:D8:A8:5A:E0:10:43:D2:33:5F:9C:3A:0D:50:5D:50:D1:6C
Certificate issuer:       /CN=d7cef75e097a631886b33c81f64aa5ebbc0c32a0
Certificate serial:       019039B706A13C8E378121C9F94092F74ADA
Authority key identifier: D7:CE:F7:5E:09:7A:63:18:86:B3:3C:81:F6:4A:A5:EB:BC:0C:32:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1873Xgl6YxiGszyB9kql67wMMqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/f4f0d5-7e43-46be-b092-5ba501e0b370/1/otOV2Kha4BBD0jNfnDoNUF1Q0Ww.roa
Signing time:             Fri 21 Jun 2024 07:33:34 +0000
ROA not before:           Fri 21 Jun 2024 07:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8365
IP address blocks:        130.83.0.0/16 maxlen: 16
                          193.23.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/f4f0d5-7e43-46be-b092-5ba501e0b370/1/1873Xgl6YxiGszyB9kql67wMMqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/f4f0d5-7e43-46be-b092-5ba501e0b370/1/1873Xgl6YxiGszyB9kql67wMMqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1873Xgl6YxiGszyB9kql67wMMqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:39:b7:06:a1:3c:8e:37:81:21:c9:f9:40:92:f7:4a:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7cef75e097a631886b33c81f64aa5ebbc0c32a0
        Validity
            Not Before: Jun 21 07:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2d395d8a85ae01043d2335f9c3a0d505d50d16c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:48:f0:c7:2e:a0:54:37:fa:b4:2c:23:72:0c:
                    73:60:1b:bd:48:19:49:35:3f:cc:86:6e:b0:48:21:
                    7c:f8:0a:42:9d:e6:fa:31:6e:08:e8:8c:5a:9f:a0:
                    e6:77:00:de:db:ba:59:81:d8:4c:6a:38:64:50:c7:
                    c1:c0:d7:14:92:af:dc:50:f7:af:4f:9d:f1:b0:fd:
                    26:1d:08:7c:a1:25:6c:f1:95:1e:9f:d9:f2:03:8e:
                    13:0b:38:ba:5c:e2:f2:58:bf:ff:15:b9:dd:b3:38:
                    4a:1b:6d:e8:dd:e7:96:a0:72:a1:ad:a3:d7:7a:ff:
                    3a:f3:e1:df:99:f3:23:ac:a0:47:49:c6:b0:51:8c:
                    eb:50:64:23:7a:41:f2:18:52:15:ea:24:1c:80:60:
                    94:ab:55:0c:aa:94:34:75:d0:26:31:9f:52:a3:ff:
                    57:81:42:e5:f5:4b:92:39:ce:c2:f9:10:0d:c6:ec:
                    9c:d5:ae:5a:28:b4:6f:1d:25:47:d0:ad:b4:7e:8a:
                    94:ba:bf:16:1d:20:7e:3a:87:e2:a8:6e:e6:79:ff:
                    ef:de:b1:0e:ca:8b:ae:da:02:ca:be:10:7d:91:ed:
                    83:71:4b:fe:81:5e:9a:64:64:e7:44:e2:9f:47:78:
                    59:bf:93:5c:f5:92:03:5e:de:0b:4e:e3:22:00:ee:
                    91:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:D3:95:D8:A8:5A:E0:10:43:D2:33:5F:9C:3A:0D:50:5D:50:D1:6C
            X509v3 Authority Key Identifier:
                keyid:D7:CE:F7:5E:09:7A:63:18:86:B3:3C:81:F6:4A:A5:EB:BC:0C:32:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1873Xgl6YxiGszyB9kql67wMMqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/f4f0d5-7e43-46be-b092-5ba501e0b370/1/otOV2Kha4BBD0jNfnDoNUF1Q0Ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/f4f0d5-7e43-46be-b092-5ba501e0b370/1/1873Xgl6YxiGszyB9kql67wMMqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.83.0.0/16
                  193.23.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:99:26:c7:bc:25:de:6a:45:71:37:66:27:cb:e5:c4:a5:1f:
         39:f2:c5:57:1b:1a:51:b5:20:a0:b4:e7:a9:53:4f:d0:06:7e:
         06:c2:0e:36:f3:50:7c:6d:3c:da:16:67:0f:8a:b5:8d:2a:84:
         77:81:a1:65:bc:0f:32:08:ea:97:9a:25:7b:47:0b:8a:93:36:
         25:17:3d:5a:37:d1:af:ad:d2:8d:43:7f:88:74:9f:71:1e:dd:
         ad:bb:2a:4b:af:46:22:df:f7:8a:40:f3:34:29:47:bc:06:80:
         66:61:15:a6:cc:8b:69:e7:8c:a3:39:d7:69:11:b1:af:2d:4b:
         7c:8c:89:28:1a:86:bc:1a:19:33:df:b3:21:3e:3f:1e:5f:7c:
         23:e8:f6:3a:be:eb:4e:48:99:18:7e:87:3a:7f:2a:a0:a5:34:
         14:4e:6c:41:21:54:ab:9e:7b:c9:f2:10:30:fb:77:78:34:de:
         85:5c:b2:18:42:2e:bb:e5:04:ed:9b:0d:6e:48:aa:34:1e:6c:
         40:eb:0f:1d:87:5b:57:72:d5:d5:cd:1c:8e:de:02:90:a5:fe:
         92:c3:92:32:b6:38:02:31:7d:fd:82:d6:7f:de:16:76:2c:57:
         c3:41:6a:3c:5a:72:4a:2e:56:fc:7b:a3:30:84:e4:43:26:4b:
         2d:84:c5:d4
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZA5twahPI43gSHJ+UCS90raMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3Y2VmNzVlMDk3YTYzMTg4NmIzM2M4MWY2NGFhNWViYmMw
YzMyYTAwHhcNMjQwNjIxMDczMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmQzOTVkOGE4NWFlMDEwNDNkMjMzNWY5YzNhMGQ1MDVkNTBkMTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0jwxy6gVDf6tCwjcgxzYBu9SBlJ
NT/Mhm6wSCF8+ApCneb6MW4I6Ixan6DmdwDe27pZgdhMajhkUMfBwNcUkq/cUPev
T53xsP0mHQh8oSVs8ZUen9nyA44TCzi6XOLyWL//FbndszhKG23o3eeWoHKhraPX
ev868+HfmfMjrKBHScawUYzrUGQjekHyGFIV6iQcgGCUq1UMqpQ0ddAmMZ9So/9X
gULl9UuSOc7C+RANxuyc1a5aKLRvHSVH0K20foqUur8WHSB+OofiqG7mef/v3rEO
youu2gLKvhB9ke2DcUv+gV6aZGTnROKfR3hZv5Nc9ZIDXt4LTuMiAO6RkQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFKLTldioWuAQQ9IzX5w6DVBdUNFsMB8GA1UdIwQY
MBaAFNfO914JemMYhrM8gfZKpeu8DDKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTg3M1hnbDZZeGlHc3p5QjlrcWw2N3dNTXFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9mNGYwZDUtN2U0My00NmJlLWIwOTIt
NWJhNTAxZTBiMzcwLzEvb3RPVjJLaGE0QkJEMGpOZm5Eb05VRjFRMFd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9mNGYwZDUtN2U0My00NmJlLWIwOTItNWJhNTAxZTBiMzcw
LzEvMTg3M1hnbDZZeGlHc3p5QjlrcWw2N3dNTXFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAglMDBADB
F/gwDQYJKoZIhvcNAQELBQADggEBABKZJse8Jd5qRXE3ZifL5cSlHznyxVcbGlG1
IKC056lTT9AGfgbCDjbzUHxtPNoWZw+KtY0qhHeBoWW8DzII6peaJXtHC4qTNiUX
PVo30a+t0o1Df4h0n3Ee3a27KkuvRiLf94pA8zQpR7wGgGZhFabMi2nnjKM512kR
sa8tS3yMiSgahrwaGTPfsyE+Px5ffCPo9jq+605ImRh+hzp/KqClNBRObEEhVKue
e8nyEDD7d3g03oVcshhCLrvlBO2bDW5IqjQebEDrDx2HW1dy1dXNHI7eApCl/pLD
kjK2OAIxff2C1n/eFnYsV8NBajxackouVvx7ozCE5EMmSy2ExdQ=
-----END CERTIFICATE-----