Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/OFjBQrJpk90I2E8Q3RRhMklrmzE.roa
File:                     OFjBQrJpk90I2E8Q3RRhMklrmzE.roa (raw, json)
Hash identifier:          fziZMHb6Qh652KdTcRYsWWFRT7+DH+gseBgIUknVKmw=
Subject key identifier:   38:58:C1:42:B2:69:93:DD:08:D8:4F:10:DD:14:61:32:49:6B:9B:31
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       0191EB00E1258CA4F81E688A7A28B818CCE7
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/OFjBQrJpk90I2E8Q3RRhMklrmzE.roa
Signing time:             Fri 13 Sep 2024 10:49:48 +0000
ROA not before:           Fri 13 Sep 2024 10:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51321
IP address blocks:        84.17.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:eb:00:e1:25:8c:a4:f8:1e:68:8a:7a:28:b8:18:cc:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Sep 13 10:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3858c142b26993dd08d84f10dd146132496b9b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:da:fd:88:ad:fb:80:c0:13:33:93:7a:08:87:
                    a7:27:3b:ac:60:46:04:05:75:5d:4b:83:66:06:e8:
                    97:45:e7:1a:f4:f5:84:7a:16:e8:59:63:4b:d4:78:
                    9b:a0:c1:90:24:13:5d:ee:a8:4c:d0:82:1a:73:78:
                    e1:e5:3c:4e:cf:00:27:ba:20:18:69:4f:5b:9b:50:
                    2c:95:c3:18:ca:56:37:c0:bf:e4:3b:87:15:a0:bd:
                    10:96:ce:9e:e4:24:db:0d:30:b2:ea:88:fc:4d:1a:
                    64:d7:90:6a:71:07:de:ae:d4:8c:2e:9a:bc:ca:0c:
                    70:fd:eb:fb:99:3a:27:5e:20:d2:69:27:63:7e:d3:
                    c6:ae:65:1e:45:aa:e5:01:43:2f:c1:42:ba:0a:c4:
                    b1:51:3d:75:3c:51:a5:6b:f7:98:5e:06:68:67:5e:
                    f5:a7:e1:9b:41:f7:f4:be:6f:bb:e5:6e:8a:50:4b:
                    59:bc:2f:ea:b8:44:72:e9:bb:c4:c9:cf:a6:88:da:
                    15:18:8a:5d:2b:59:ac:5b:da:6a:0e:76:4f:0c:69:
                    23:6b:dd:56:4c:db:f1:f7:1e:34:53:ef:35:99:5f:
                    f5:51:16:5f:06:c1:34:4e:99:34:40:c1:b4:4b:81:
                    06:13:03:16:51:f5:7b:26:54:fe:bc:02:3c:07:0e:
                    f5:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:58:C1:42:B2:69:93:DD:08:D8:4F:10:DD:14:61:32:49:6B:9B:31
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/OFjBQrJpk90I2E8Q3RRhMklrmzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:6d:d9:24:21:f5:b4:b7:89:57:d3:15:d2:67:4e:d8:0d:f2:
         e7:ba:62:0d:78:c7:d9:12:16:67:88:62:52:70:43:d8:f0:12:
         7b:a8:7c:2d:5d:2f:38:95:a4:02:a3:60:5d:c9:59:23:b9:ed:
         0f:54:d4:0c:79:e8:29:51:ed:33:48:56:6f:fd:3d:de:92:ef:
         9d:ea:e8:54:17:c4:82:62:a3:32:ee:77:45:57:e5:7e:9c:28:
         8b:90:40:9d:c3:4e:d3:c5:15:c2:ab:e1:c9:34:70:d0:a1:e6:
         7c:62:43:0f:3e:ce:65:31:42:87:b3:3a:0e:c9:16:b2:76:a9:
         cb:6e:5b:be:25:6c:29:a0:9e:c3:6f:5e:33:a1:f1:07:24:b3:
         7d:2b:b9:90:19:34:bf:b9:13:c4:a4:0b:d2:04:05:e4:7d:27:
         5d:e4:85:06:55:5c:ca:de:54:20:60:03:b1:21:20:eb:68:56:
         f9:f5:0c:3e:57:be:7b:a3:02:e2:ff:25:e0:91:af:31:32:01:
         2e:f0:0e:f8:31:ed:a0:10:f0:e3:53:58:0c:2f:61:9c:15:c0:
         d6:2c:5c:18:33:55:10:b4:64:c8:a2:34:84:24:0d:57:35:63:
         b3:68:20:23:fd:f8:4d:39:dc:91:4e:9f:03:a0:2e:64:c0:e8:
         3a:1c:3a:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHrAOEljKT4HmiKeii4GMznMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjQwOTEzMTA0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU4YzE0MmIyNjk5M2RkMDhkODRmMTBkZDE0NjEzMjQ5NmI5YjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNr9iK37gMATM5N6CIenJzusYEYE
BXVdS4NmBuiXReca9PWEehboWWNL1HiboMGQJBNd7qhM0IIac3jh5TxOzwAnuiAY
aU9bm1AslcMYylY3wL/kO4cVoL0Qls6e5CTbDTCy6oj8TRpk15BqcQfertSMLpq8
ygxw/ev7mTonXiDSaSdjftPGrmUeRarlAUMvwUK6CsSxUT11PFGla/eYXgZoZ171
p+GbQff0vm+75W6KUEtZvC/quERy6bvEyc+miNoVGIpdK1msW9pqDnZPDGkja91W
TNvx9x40U+81mV/1URZfBsE0Tpk0QMG0S4EGEwMWUfV7JlT+vAI8Bw71gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhYwUKyaZPdCNhPEN0UYTJJa5sxMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvT0ZqQlFySnBrOTBJMkU4UTNSUmhNa2xybXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBFXMA0G
CSqGSIb3DQEBCwUAA4IBAQBlbdkkIfW0t4lX0xXSZ07YDfLnumINeMfZEhZniGJS
cEPY8BJ7qHwtXS84laQCo2BdyVkjue0PVNQMeegpUe0zSFZv/T3eku+d6uhUF8SC
YqMy7ndFV+V+nCiLkECdw07TxRXCq+HJNHDQoeZ8YkMPPs5lMUKHszoOyRaydqnL
blu+JWwpoJ7Db14zofEHJLN9K7mQGTS/uRPEpAvSBAXkfSdd5IUGVVzK3lQgYAOx
ISDraFb59Qw+V757owLi/yXgka8xMgEu8A74Me2gEPDjU1gML2GcFcDWLFwYM1UQ
tGTIojSEJA1XNWOzaCAj/fhNOdyRTp8DoC5kwOg6HDrE
-----END CERTIFICATE-----