Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/0269c5-268c-45e9-8067-0f7a40b5f6f3/1/oBZk0yPmGMbDUIiMb3KyPAIoIDU.roa
File:                     oBZk0yPmGMbDUIiMb3KyPAIoIDU.roa (raw, json)
Hash identifier:          sa7JuXszgLaD8ETBJr7DK0bVIcmzz8aQoDvNlr8+NPw=
Subject key identifier:   A0:16:64:D3:23:E6:18:C6:C3:50:88:8C:6F:72:B2:3C:02:28:20:35
Certificate issuer:       /CN=3b63139a1f4f88c30cee221c9146a36db554ff70
Certificate serial:       018CC726D3764A5218FC25CFA249296C7481
Authority key identifier: 3B:63:13:9A:1F:4F:88:C3:0C:EE:22:1C:91:46:A3:6D:B5:54:FF:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O2MTmh9PiMMM7iIckUajbbVU_3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/0269c5-268c-45e9-8067-0f7a40b5f6f3/1/oBZk0yPmGMbDUIiMb3KyPAIoIDU.roa
Signing time:             Mon 01 Jan 2024 22:30:59 +0000
ROA not before:           Mon 01 Jan 2024 22:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210891
IP address blocks:        83.97.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/0269c5-268c-45e9-8067-0f7a40b5f6f3/1/O2MTmh9PiMMM7iIckUajbbVU_3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/0269c5-268c-45e9-8067-0f7a40b5f6f3/1/O2MTmh9PiMMM7iIckUajbbVU_3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O2MTmh9PiMMM7iIckUajbbVU_3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d3:76:4a:52:18:fc:25:cf:a2:49:29:6c:74:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b63139a1f4f88c30cee221c9146a36db554ff70
        Validity
            Not Before: Jan  1 22:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a01664d323e618c6c350888c6f72b23c02282035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:52:12:f2:28:9e:a1:ac:4f:33:23:f0:47:69:
                    eb:43:c8:4c:50:77:55:44:0b:a3:fd:28:98:28:78:
                    0b:d7:ed:17:03:c3:50:84:8e:a0:04:e7:d1:c0:17:
                    30:27:27:ac:15:f7:65:b0:73:de:81:fc:f0:82:d7:
                    55:f8:fe:5a:e6:bd:02:17:17:7a:7a:0c:86:bb:3f:
                    21:44:fd:03:a0:76:e0:f2:a6:78:03:6c:f9:e4:dd:
                    52:da:ae:7d:d0:b9:97:bc:87:0c:39:e4:d6:24:79:
                    54:1d:ae:2f:82:3f:04:63:a2:40:73:93:07:05:27:
                    92:a7:20:2d:31:70:53:a3:55:64:ad:47:d2:09:4b:
                    d2:2d:32:34:a8:e8:77:36:a7:5b:f1:25:2a:eb:fe:
                    d8:f7:01:13:ad:c9:f3:fc:b5:2a:28:3f:1e:ad:51:
                    f2:09:3e:13:eb:92:72:6d:fa:8c:e6:5e:f3:8e:c2:
                    59:a9:cf:9c:2c:13:ea:d3:65:35:2f:68:1c:43:c9:
                    8c:ba:54:7d:e9:b9:56:4d:7a:e3:93:a9:ae:3a:45:
                    13:2b:23:5d:85:0f:f3:60:bb:9c:5f:9d:ab:86:29:
                    a2:b1:23:1d:eb:05:fb:23:ed:23:63:1d:b6:11:8f:
                    f4:de:b5:cb:26:c5:46:c6:a6:8c:02:38:d9:3f:6f:
                    d8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:16:64:D3:23:E6:18:C6:C3:50:88:8C:6F:72:B2:3C:02:28:20:35
            X509v3 Authority Key Identifier:
                keyid:3B:63:13:9A:1F:4F:88:C3:0C:EE:22:1C:91:46:A3:6D:B5:54:FF:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O2MTmh9PiMMM7iIckUajbbVU_3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0269c5-268c-45e9-8067-0f7a40b5f6f3/1/oBZk0yPmGMbDUIiMb3KyPAIoIDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0269c5-268c-45e9-8067-0f7a40b5f6f3/1/O2MTmh9PiMMM7iIckUajbbVU_3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:9e:f4:18:ca:e0:08:7c:e7:12:eb:c7:d5:48:31:a7:2f:9a:
         36:2e:ba:15:61:0e:a4:f7:9b:eb:8c:8c:fa:d7:b3:65:80:e6:
         5f:02:78:00:eb:f9:d1:88:58:fd:04:6e:37:80:1e:cb:e4:3e:
         9b:4c:6e:a5:34:54:ce:3b:ed:d4:d1:65:ee:80:83:9f:6a:fd:
         0f:62:79:15:d6:8b:bd:7d:68:b5:dc:18:55:4a:87:26:57:0b:
         c1:a5:3b:cf:29:b8:94:2b:9f:80:2b:56:6f:8c:23:6d:e6:55:
         06:55:49:33:c3:5a:fd:e6:de:53:81:0a:84:d5:3f:a3:c4:be:
         84:8a:1a:31:93:4e:4b:ee:fa:48:e4:7e:c4:a6:d4:fa:d9:eb:
         08:cf:a6:d0:ec:3a:3a:36:c7:e1:f7:03:dc:03:ed:40:c9:6d:
         b3:6b:18:f4:b6:34:a4:fe:d1:bc:9e:d7:a6:bf:86:21:36:34:
         2f:9e:31:59:27:88:8c:21:7d:35:af:03:8c:97:e2:6b:da:b5:
         fa:69:72:c4:c3:1b:3d:d6:56:ec:41:ed:6e:66:ef:40:78:ad:
         40:d9:8f:96:cb:1e:4a:04:08:e0:86:3c:74:78:67:fa:07:cd:
         4a:8e:1e:72:fb:b2:ef:b6:c6:0d:bf:f1:f0:db:e3:fe:4c:52:
         03:41:7f:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJtN2SlIY/CXPokkpbHSBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNjMxMzlhMWY0Zjg4YzMwY2VlMjIxYzkxNDZhMzZkYjU1
NGZmNzAwHhcNMjQwMTAxMjIzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDE2NjRkMzIzZTYxOGM2YzM1MDg4OGM2ZjcyYjIzYzAyMjgyMDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FIS8iieoaxPMyPwR2nrQ8hMUHdV
RAuj/SiYKHgL1+0XA8NQhI6gBOfRwBcwJyesFfdlsHPegfzwgtdV+P5a5r0CFxd6
egyGuz8hRP0DoHbg8qZ4A2z55N1S2q590LmXvIcMOeTWJHlUHa4vgj8EY6JAc5MH
BSeSpyAtMXBTo1VkrUfSCUvSLTI0qOh3Nqdb8SUq6/7Y9wETrcnz/LUqKD8erVHy
CT4T65JybfqM5l7zjsJZqc+cLBPq02U1L2gcQ8mMulR96blWTXrjk6muOkUTKyNd
hQ/zYLucX52rhimisSMd6wX7I+0jYx22EY/03rXLJsVGxqaMAjjZP2/YEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAWZNMj5hjGw1CIjG9ysjwCKCA1MB8GA1UdIwQY
MBaAFDtjE5ofT4jDDO4iHJFGo221VP9wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzJNVG1oOVBpTU1NN2lJY2tVYWpiYlZVXzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMjY5YzUtMjY4Yy00NWU5LTgwNjct
MGY3YTQwYjVmNmYzLzEvb0JaazB5UG1HTWJEVUlpTWIzS3lQQUlvSURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMjY5YzUtMjY4Yy00NWU5LTgwNjctMGY3YTQwYjVmNmYz
LzEvTzJNVG1oOVBpTU1NN2lJY2tVYWpiYlZVXzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU2FLMA0G
CSqGSIb3DQEBCwUAA4IBAQC5nvQYyuAIfOcS68fVSDGnL5o2LroVYQ6k95vrjIz6
17NlgOZfAngA6/nRiFj9BG43gB7L5D6bTG6lNFTOO+3U0WXugIOfav0PYnkV1ou9
fWi13BhVSocmVwvBpTvPKbiUK5+AK1ZvjCNt5lUGVUkzw1r95t5TgQqE1T+jxL6E
ihoxk05L7vpI5H7EptT62esIz6bQ7Do6Nsfh9wPcA+1AyW2zaxj0tjSk/tG8ntem
v4YhNjQvnjFZJ4iMIX01rwOMl+Jr2rX6aXLEwxs91lbsQe1uZu9AeK1A2Y+Wyx5K
BAjghjx0eGf6B81Kjh5y+7LvtsYNv/Hw2+P+TFIDQX9S
-----END CERTIFICATE-----