Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ObLTSVKb_Fq6YAnVh3mDX3OLp_Y.roa
File:                     ObLTSVKb_Fq6YAnVh3mDX3OLp_Y.roa (raw, json)
Hash identifier:          QRqmGSn5v9LxSPflhAd6IcJwKETip/VYzwfObiwl7ws=
Subject key identifier:   39:B2:D3:49:52:9B:FC:5A:BA:60:09:D5:87:79:83:5F:73:8B:A7:F6
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC96DFF627ECAF2C23A277F84823C7DF5
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ObLTSVKb_Fq6YAnVh3mDX3OLp_Y.roa
Signing time:             Tue 02 Jan 2024 09:07:58 +0000
ROA not before:           Tue 02 Jan 2024 09:07:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53107
IP address blocks:        82.118.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:6d:ff:62:7e:ca:f2:c2:3a:27:7f:84:82:3c:7d:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 09:07:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39b2d349529bfc5aba6009d58779835f738ba7f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ac:22:aa:15:20:c3:fa:bf:c6:ea:0e:1d:6f:
                    17:7a:db:0e:35:66:0b:8d:3c:67:71:18:c8:48:61:
                    81:d5:b8:1b:c1:6f:ad:4c:e7:76:c3:b9:5c:d8:bf:
                    f4:79:ac:bf:fa:20:1a:1f:37:67:a2:46:1e:56:0c:
                    f5:95:b1:e3:8b:d2:f5:0d:cb:7b:e4:fa:cd:ab:ed:
                    8c:6f:31:2c:10:80:3a:e4:d6:0b:e7:23:be:00:16:
                    dc:9d:62:dd:fb:b1:08:d1:a8:f6:ca:d9:45:14:23:
                    9d:e9:92:a2:67:3e:00:c4:0b:cd:0b:e6:1b:6c:58:
                    8a:27:a3:b6:6e:f4:38:3f:b3:fe:ed:1a:f6:cc:a1:
                    6f:09:a0:ff:93:69:87:a6:2b:40:39:b3:2f:b8:f4:
                    e5:f7:71:89:13:a6:13:48:bc:ce:ce:61:d9:12:d6:
                    9b:df:f1:3a:2d:99:d8:ca:49:1c:9e:46:33:38:9e:
                    44:1d:05:f4:c5:c6:f4:06:b4:bc:54:0d:63:8a:a8:
                    79:8d:30:85:14:b1:02:b9:75:eb:62:a6:ae:db:44:
                    9a:96:88:54:bb:23:a0:96:24:83:9f:4a:d3:b3:91:
                    86:43:fc:3d:94:3a:36:d0:c0:63:31:3e:2c:7c:a1:
                    89:03:fc:64:d7:f6:ef:b0:1c:15:3b:11:b5:9f:d1:
                    8e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B2:D3:49:52:9B:FC:5A:BA:60:09:D5:87:79:83:5F:73:8B:A7:F6
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ObLTSVKb_Fq6YAnVh3mDX3OLp_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:70:be:4f:0b:88:5d:21:d5:ae:8d:86:6c:65:fb:1d:48:db:
         4b:40:52:d4:db:6c:34:b4:71:49:26:69:fa:34:30:02:c1:a0:
         16:0a:b9:21:4e:49:17:2a:86:a4:6d:6b:d4:4e:49:bf:17:cb:
         48:4d:00:a6:01:7e:26:59:06:4b:76:fa:eb:ab:aa:2d:93:e4:
         53:41:60:c4:ae:77:b4:68:40:0a:20:00:bb:17:a9:36:a6:3f:
         b7:ac:a9:2b:51:c3:79:1a:7a:c7:b6:66:47:79:ba:84:27:37:
         6c:36:41:6d:e1:98:0b:5c:b0:01:3a:7c:6c:c8:18:28:63:22:
         d0:35:59:b3:93:b5:50:e4:bf:3d:f5:91:2a:13:d4:1a:a6:14:
         38:f1:16:69:9d:13:6b:e3:54:a2:e0:1f:2c:2e:9a:74:13:20:
         a4:2b:9c:35:c7:bb:a9:0d:c4:5c:47:8d:3a:c9:30:2c:a7:d8:
         d2:05:0c:6d:29:fa:78:cb:86:7a:96:02:93:7f:e6:72:c9:29:
         5f:9b:79:91:53:2f:68:97:59:82:5d:01:76:d7:ee:a5:f4:6e:
         f3:3c:36:fb:3a:09:70:d2:d9:fd:58:6a:46:b1:1c:11:b2:91:
         07:cb:6b:77:d0:90:fc:30:d4:22:58:52:19:52:d7:89:92:21:
         89:88:ff:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJbf9ifsrywjonf4SCPH31MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAyMDkwNzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWIyZDM0OTUyOWJmYzVhYmE2MDA5ZDU4Nzc5ODM1ZjczOGJhN2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6wiqhUgw/q/xuoOHW8XetsONWYL
jTxncRjISGGB1bgbwW+tTOd2w7lc2L/0eay/+iAaHzdnokYeVgz1lbHji9L1Dct7
5PrNq+2MbzEsEIA65NYL5yO+ABbcnWLd+7EI0aj2ytlFFCOd6ZKiZz4AxAvNC+Yb
bFiKJ6O2bvQ4P7P+7Rr2zKFvCaD/k2mHpitAObMvuPTl93GJE6YTSLzOzmHZEtab
3/E6LZnYykkcnkYzOJ5EHQX0xcb0BrS8VA1jiqh5jTCFFLECuXXrYqau20SalohU
uyOgliSDn0rTs5GGQ/w9lDo20MBjMT4sfKGJA/xk1/bvsBwVOxG1n9GOHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmy00lSm/xaumAJ1Yd5g19zi6f2MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvT2JMVFNWS2JfRnE2WUFuVmgzbURYM09McF9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnbpMA0G
CSqGSIb3DQEBCwUAA4IBAQBGcL5PC4hdIdWujYZsZfsdSNtLQFLU22w0tHFJJmn6
NDACwaAWCrkhTkkXKoakbWvUTkm/F8tITQCmAX4mWQZLdvrrq6otk+RTQWDErne0
aEAKIAC7F6k2pj+3rKkrUcN5GnrHtmZHebqEJzdsNkFt4ZgLXLABOnxsyBgoYyLQ
NVmzk7VQ5L899ZEqE9QaphQ48RZpnRNr41Si4B8sLpp0EyCkK5w1x7upDcRcR406
yTAsp9jSBQxtKfp4y4Z6lgKTf+ZyySlfm3mRUy9ol1mCXQF21+6l9G7zPDb7Oglw
0tn9WGpGsRwRspEHy2t30JD8MNQiWFIZUteJkiGJiP9q
-----END CERTIFICATE-----