Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/O7MS75gVS6alSNT-fKRT1TSxW7M.roa
File:                     O7MS75gVS6alSNT-fKRT1TSxW7M.roa (raw, json)
Hash identifier:          4IfGglEJxMtDdNTfZsUE32q2WYw3chVWKBpcMrvJzok=
Subject key identifier:   3B:B3:12:EF:98:15:4B:A6:A5:48:D4:FE:7C:A4:53:D5:34:B1:5B:B3
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       018D8EE0861A528C59ABACBAEDEC9FF63D15
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/O7MS75gVS6alSNT-fKRT1TSxW7M.roa
Signing time:             Fri 09 Feb 2024 17:18:15 +0000
ROA not before:           Fri 09 Feb 2024 17:18:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47600
IP address blocks:        82.138.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8e:e0:86:1a:52:8c:59:ab:ac:ba:ed:ec:9f:f6:3d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Feb  9 17:18:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bb312ef98154ba6a548d4fe7ca453d534b15bb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:c2:b7:2b:01:01:9c:04:fc:2a:7c:95:72:e8:
                    e6:a4:a2:81:da:cb:6f:b0:5c:dd:21:b0:eb:47:f1:
                    7d:3d:a3:d0:6e:57:d4:53:3f:65:4b:42:9a:dd:82:
                    c7:22:22:8a:76:56:e0:ef:23:45:bb:b8:8d:cf:36:
                    07:a7:5b:c8:38:87:c2:0c:5e:bb:67:c2:0e:cb:15:
                    6b:f8:10:d1:cc:9e:d3:67:86:75:54:05:ee:b7:e6:
                    11:bd:98:60:fe:33:c8:5a:ff:ea:b3:a5:61:5e:71:
                    cb:73:68:34:f1:16:71:74:69:7a:ab:6b:3c:02:f8:
                    db:f6:a7:f4:68:c3:37:59:e8:af:c6:db:41:02:41:
                    23:1b:4f:ed:a5:27:f1:ea:49:f7:d5:8a:4e:ac:eb:
                    d9:17:b2:ca:8b:fe:5a:3b:52:fe:4a:a9:cc:64:ea:
                    d5:76:e9:82:c4:e5:4b:4c:85:02:b0:78:51:0f:09:
                    71:bb:74:d2:01:9c:d7:9d:62:16:40:94:11:f5:35:
                    e8:0e:f8:21:a4:ff:7c:7c:a6:f3:17:fa:51:aa:54:
                    8f:8f:0d:47:ab:ae:fc:85:c1:e0:9b:1a:91:6f:fc:
                    de:8c:4f:6b:87:a1:9f:58:0f:d0:b8:bd:e7:6e:a3:
                    84:b9:73:87:7d:7d:55:17:21:f0:e2:3d:0e:eb:ff:
                    ec:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B3:12:EF:98:15:4B:A6:A5:48:D4:FE:7C:A4:53:D5:34:B1:5B:B3
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/O7MS75gVS6alSNT-fKRT1TSxW7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.138.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:d4:7a:34:35:ff:30:c8:bd:4b:7e:26:d7:20:2a:c5:08:09:
         f0:d6:de:12:52:0b:ce:17:20:02:bd:4a:5d:71:3c:39:f2:42:
         bd:d1:02:c9:a5:45:75:19:eb:88:68:e2:94:f0:89:91:51:dc:
         57:41:22:7c:45:58:d6:5b:47:48:97:b1:61:60:9c:a9:ab:b1:
         41:53:e8:2b:b7:a6:83:85:89:cc:50:ad:23:77:dd:d7:e4:2a:
         35:4e:34:f5:d4:c8:4b:f3:af:14:0c:4c:36:f6:66:f9:57:c1:
         d3:c5:25:97:f4:cf:85:ca:a2:58:bd:96:93:eb:7f:b6:25:d5:
         1a:5d:03:04:15:09:f1:f5:c1:78:dc:87:09:c5:09:e3:6b:9a:
         80:c7:49:3a:36:51:b8:0d:02:ad:26:9e:15:f7:1a:e8:c3:a9:
         fb:b6:4f:cb:82:8c:98:70:7a:21:8e:35:f8:de:1a:c8:54:0a:
         49:0d:0b:33:07:d5:39:2a:42:82:f8:22:cf:36:be:10:6f:98:
         5d:e0:9f:4e:da:41:fd:8e:01:8c:19:08:23:33:ed:4b:cc:34:
         fc:8f:8b:1b:24:63:d9:ed:0b:3c:51:10:98:92:f2:fe:70:40:
         1b:9e:98:5f:2f:10:c9:ce:82:92:07:7d:e6:52:af:90:f6:0f:
         ff:9f:84:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2O4IYaUoxZq6y67eyf9j0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjQwMjA5MTcxODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmIzMTJlZjk4MTU0YmE2YTU0OGQ0ZmU3Y2E0NTNkNTM0YjE1YmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7cK3KwEBnAT8KnyVcujmpKKB2stv
sFzdIbDrR/F9PaPQblfUUz9lS0Ka3YLHIiKKdlbg7yNFu7iNzzYHp1vIOIfCDF67
Z8IOyxVr+BDRzJ7TZ4Z1VAXut+YRvZhg/jPIWv/qs6VhXnHLc2g08RZxdGl6q2s8
Avjb9qf0aMM3WeivxttBAkEjG0/tpSfx6kn31YpOrOvZF7LKi/5aO1L+SqnMZOrV
dumCxOVLTIUCsHhRDwlxu3TSAZzXnWIWQJQR9TXoDvghpP98fKbzF/pRqlSPjw1H
q678hcHgmxqRb/zejE9rh6GfWA/QuL3nbqOEuXOHfX1VFyHw4j0O6//sLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuzEu+YFUumpUjU/nykU9U0sVuzMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvTzdNUzc1Z1ZTNmFsU05ULWZLUlQxVFN4VzdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUopWMA0G
CSqGSIb3DQEBCwUAA4IBAQB21Ho0Nf8wyL1LfibXICrFCAnw1t4SUgvOFyACvUpd
cTw58kK90QLJpUV1GeuIaOKU8ImRUdxXQSJ8RVjWW0dIl7FhYJypq7FBU+grt6aD
hYnMUK0jd93X5Co1TjT11MhL868UDEw29mb5V8HTxSWX9M+FyqJYvZaT63+2JdUa
XQMEFQnx9cF43IcJxQnja5qAx0k6NlG4DQKtJp4V9xrow6n7tk/LgoyYcHohjjX4
3hrIVApJDQszB9U5KkKC+CLPNr4Qb5hd4J9O2kH9jgGMGQgjM+1LzDT8j4sbJGPZ
7Qs8URCYkvL+cEAbnphfLxDJzoKSB33mUq+Q9g//n4Qj
-----END CERTIFICATE-----