Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/okOYZ7kMGRyz0hARkkB8Wh_AtIs.roa
File:                     okOYZ7kMGRyz0hARkkB8Wh_AtIs.roa (raw, json)
Hash identifier:          3QNe+8iOy8RKS7HGnD26YfOfLVkCDpD+RQCqCzlBKxw=
Subject key identifier:   A2:43:98:67:B9:0C:19:1C:B3:D2:10:11:92:40:7C:5A:1F:C0:B4:8B
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1C71B4F107D9E04F047E9EFFAE61
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/okOYZ7kMGRyz0hARkkB8Wh_AtIs.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41921
IP address blocks:        213.33.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1c:71:b4:f1:07:d9:e0:4f:04:7e:9e:ff:ae:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2439867b90c191cb3d2101192407c5a1fc0b48b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ea:17:64:b4:2c:d7:b8:25:15:6a:12:cc:bb:
                    87:68:8f:f8:30:54:6a:eb:08:67:7a:d8:34:69:4b:
                    2c:3c:76:79:8f:94:da:af:8e:22:5d:45:d5:c2:8d:
                    9f:1b:10:59:1e:10:af:d0:93:82:dd:b6:1f:4e:f2:
                    70:96:ad:d5:5c:d9:79:31:06:7c:27:4e:30:21:ab:
                    d7:63:0b:17:a6:b0:ac:54:7a:27:e0:11:61:c0:1d:
                    ca:7c:bd:3a:cf:be:dc:f3:c5:f6:93:6c:6c:cd:a8:
                    7e:a2:03:a6:35:15:e4:70:1b:2e:e2:34:62:03:46:
                    71:e3:5f:e9:79:b7:30:9d:49:cf:cf:03:e6:19:37:
                    3b:5d:21:54:36:9b:d1:d5:71:ac:60:2c:bf:0d:49:
                    53:2e:b5:fb:13:a2:88:aa:50:45:cd:d8:cb:b0:b3:
                    40:c1:74:49:61:1d:da:d4:67:cd:1c:9c:31:eb:54:
                    b2:a5:0c:b6:a6:c5:73:37:ba:40:ee:4f:c4:d9:0c:
                    c1:df:6d:81:39:53:ec:2f:45:8c:90:c6:ca:6a:97:
                    81:02:71:c7:ac:c6:e2:c5:aa:ad:af:bb:34:0b:52:
                    73:cc:e2:a4:d1:e0:01:e2:c5:78:11:ef:19:66:63:
                    1b:d1:f6:e2:76:0b:99:51:33:7c:50:c5:5c:ad:8d:
                    11:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:43:98:67:B9:0C:19:1C:B3:D2:10:11:92:40:7C:5A:1F:C0:B4:8B
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/okOYZ7kMGRyz0hARkkB8Wh_AtIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:9b:ad:25:42:7b:3e:ae:92:d6:ae:21:02:72:e3:90:75:44:
         48:55:44:10:c0:24:8a:f4:95:d0:65:e4:4e:af:96:07:8c:7c:
         ae:27:e6:42:80:10:e3:ea:2b:ec:eb:c5:05:e0:48:3a:90:06:
         f4:4c:85:67:0b:3c:26:98:d6:34:cb:29:a4:28:c8:df:0e:ca:
         55:0e:c7:3e:4f:3d:97:59:a7:fc:97:0e:90:83:6c:a7:fc:b2:
         0d:78:cf:57:4e:fa:33:7a:03:3f:ef:1d:c6:0e:36:e6:9b:61:
         d2:51:bb:be:c4:e3:0f:70:87:1f:dd:63:d3:e3:9b:5f:99:7c:
         9b:a0:00:69:fc:d4:0a:4d:22:c2:15:0b:89:20:36:28:de:9a:
         47:ca:96:64:94:50:44:40:ab:7f:0f:5d:2e:ae:4e:6d:20:d5:
         fe:0b:16:69:a6:83:e7:06:99:d7:d3:f8:db:f3:fc:09:f3:1a:
         f3:e9:84:03:50:5a:ad:50:35:10:cb:9b:4d:32:70:4b:8f:1c:
         86:b3:b9:93:9c:ca:4a:1c:3e:e1:59:ad:47:49:22:e1:c7:38:
         61:74:15:2d:f6:e5:de:4c:24:02:d9:65:ea:cc:60:05:58:ce:
         4d:96:29:f5:7f:92:9b:25:55:07:87:13:66:8c:74:60:29:39:
         f6:53:60:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BxxtPEH2eBPBH6e/65hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQzOTg2N2I5MGMxOTFjYjNkMjEwMTE5MjQwN2M1YTFmYzBiNDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+oXZLQs17glFWoSzLuHaI/4MFRq
6whnetg0aUssPHZ5j5Tar44iXUXVwo2fGxBZHhCv0JOC3bYfTvJwlq3VXNl5MQZ8
J04wIavXYwsXprCsVHon4BFhwB3KfL06z77c88X2k2xszah+ogOmNRXkcBsu4jRi
A0Zx41/pebcwnUnPzwPmGTc7XSFUNpvR1XGsYCy/DUlTLrX7E6KIqlBFzdjLsLNA
wXRJYR3a1GfNHJwx61SypQy2psVzN7pA7k/E2QzB322BOVPsL0WMkMbKapeBAnHH
rMbixaqtr7s0C1JzzOKk0eAB4sV4Ee8ZZmMb0fbidguZUTN8UMVcrY0RUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJDmGe5DBkcs9IQEZJAfFofwLSLMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvb2tPWVo3a01HUnl6MGhBUmtrQjhXaF9BdElzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SF0MA0G
CSqGSIb3DQEBCwUAA4IBAQDLm60lQns+rpLWriECcuOQdURIVUQQwCSK9JXQZeRO
r5YHjHyuJ+ZCgBDj6ivs68UF4Eg6kAb0TIVnCzwmmNY0yymkKMjfDspVDsc+Tz2X
Waf8lw6Qg2yn/LINeM9XTvozegM/7x3GDjbmm2HSUbu+xOMPcIcf3WPT45tfmXyb
oABp/NQKTSLCFQuJIDYo3ppHypZklFBEQKt/D10urk5tINX+CxZppoPnBpnX0/jb
8/wJ8xrz6YQDUFqtUDUQy5tNMnBLjxyGs7mTnMpKHD7hWa1HSSLhxzhhdBUt9uXe
TCQC2WXqzGAFWM5Nlin1f5KbJVUHhxNmjHRgKTn2U2BC
-----END CERTIFICATE-----