Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/oqpWw_mZjk5fiCpkZij-1D0YMQE.roa
File:                     oqpWw_mZjk5fiCpkZij-1D0YMQE.roa (raw, json)
Hash identifier:          429e4zAJJ1J+50RGLu8zEDOQKaZpOz8t1k/xXb9/Yok=
Subject key identifier:   A2:AA:56:C3:F9:99:8E:4E:5F:88:2A:64:66:28:FE:D4:3D:18:31:01
Certificate issuer:       /CN=6ab4379e119e71001ccdfeebf4f2af2cf5f07a0a
Certificate serial:       018FBF55CDC76F7B424AEE45E4A732C02065
Authority key identifier: 6A:B4:37:9E:11:9E:71:00:1C:CD:FE:EB:F4:F2:AF:2C:F5:F0:7A:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/arQ3nhGecQAczf7r9PKvLPXwego.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/oqpWw_mZjk5fiCpkZij-1D0YMQE.roa
Signing time:             Tue 28 May 2024 13:13:42 +0000
ROA not before:           Tue 28 May 2024 13:13:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        160.20.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/arQ3nhGecQAczf7r9PKvLPXwego.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/arQ3nhGecQAczf7r9PKvLPXwego.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/arQ3nhGecQAczf7r9PKvLPXwego.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 22:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:55:cd:c7:6f:7b:42:4a:ee:45:e4:a7:32:c0:20:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ab4379e119e71001ccdfeebf4f2af2cf5f07a0a
        Validity
            Not Before: May 28 13:13:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2aa56c3f9998e4e5f882a646628fed43d183101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:84:21:6e:33:8c:88:ff:ce:f8:5e:13:7d:d4:
                    d8:31:72:81:e0:a5:29:55:8c:f7:6e:4c:93:02:b6:
                    fb:12:58:e3:73:a2:60:be:9b:b0:a0:22:8c:cf:8d:
                    b7:42:aa:04:7d:a4:22:35:68:cc:46:ab:d0:76:9f:
                    a5:47:de:b2:73:da:b3:ab:35:cd:d0:51:fe:63:6a:
                    a4:5f:9b:27:9d:03:44:d2:37:9a:cc:38:76:1f:17:
                    63:20:86:ae:1c:fc:2e:71:3c:de:ce:ed:fc:f0:b7:
                    04:9c:91:58:69:61:31:d3:44:58:87:7a:34:f1:22:
                    73:1d:4e:37:37:1e:db:07:3b:ec:c9:7d:28:92:bb:
                    57:bb:3d:41:0d:99:2c:c6:ec:8e:b6:dc:8d:e8:4a:
                    d9:28:06:f9:9d:1e:c4:e3:78:ee:e0:25:65:d8:37:
                    4d:2d:bf:37:b8:0d:74:de:23:26:96:60:9f:13:33:
                    43:d1:54:e9:c0:09:0f:dc:78:68:41:6e:b4:b8:61:
                    6f:c0:c2:73:9b:d1:32:29:fd:15:28:91:a3:cb:00:
                    c2:45:6d:5b:7d:14:19:5c:4d:5b:b0:39:7f:d2:d7:
                    d7:7f:ef:a4:a7:ff:8b:5e:71:77:cb:8f:12:a6:b1:
                    e3:07:ff:00:cc:10:78:34:0b:53:32:75:94:9b:28:
                    e9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:AA:56:C3:F9:99:8E:4E:5F:88:2A:64:66:28:FE:D4:3D:18:31:01
            X509v3 Authority Key Identifier:
                keyid:6A:B4:37:9E:11:9E:71:00:1C:CD:FE:EB:F4:F2:AF:2C:F5:F0:7A:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/arQ3nhGecQAczf7r9PKvLPXwego.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/oqpWw_mZjk5fiCpkZij-1D0YMQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/arQ3nhGecQAczf7r9PKvLPXwego.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:4d:ff:a8:2b:37:a0:3a:3e:68:7f:21:ef:f8:a5:e3:79:de:
         ad:b8:22:cf:e8:23:56:95:2e:26:79:8b:1e:21:a9:f7:a0:6e:
         f2:11:f5:76:27:e8:32:89:02:37:6b:17:c1:5b:a3:66:6d:0c:
         a2:d5:0e:1e:65:20:32:a7:ad:fc:fd:a8:aa:32:7d:42:0e:41:
         e1:48:0e:a9:f3:6e:82:b3:74:54:c2:2c:01:ee:2f:cd:d9:3a:
         bc:4f:ed:ee:10:e2:ba:22:ee:c3:10:cf:42:fe:00:18:76:f6:
         a4:6a:ca:43:5a:02:ac:df:75:a3:73:ff:8a:5b:5e:9a:43:da:
         2b:ac:47:a0:3e:eb:a3:39:22:eb:b2:e2:7c:a0:e9:cd:b8:a0:
         f4:5f:3a:86:5f:b3:fe:10:64:d3:c5:0c:38:10:66:92:65:da:
         07:32:ef:9c:09:cc:9b:51:7a:bf:5b:c9:4a:79:af:0e:26:bb:
         78:a6:66:f0:dd:94:ab:46:49:73:7c:19:e1:1c:1e:9f:d9:dc:
         ac:a8:5d:43:5f:8f:46:36:49:5b:b3:77:54:cb:75:c4:c7:e3:
         5a:77:8b:cb:ad:42:94:41:6e:14:bd:02:d8:0b:30:62:32:b9:
         69:59:04:44:55:be:f7:1d:04:01:ae:09:30:81:6b:78:46:b7:
         f3:7f:56:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+/Vc3Hb3tCSu5F5KcywCBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYjQzNzllMTE5ZTcxMDAxY2NkZmVlYmY0ZjJhZjJjZjVm
MDdhMGEwHhcNMjQwNTI4MTMxMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmFhNTZjM2Y5OTk4ZTRlNWY4ODJhNjQ2NjI4ZmVkNDNkMTgzMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4QhbjOMiP/O+F4TfdTYMXKB4KUp
VYz3bkyTArb7Eljjc6JgvpuwoCKMz423QqoEfaQiNWjMRqvQdp+lR96yc9qzqzXN
0FH+Y2qkX5snnQNE0jeazDh2HxdjIIauHPwucTzezu388LcEnJFYaWEx00RYh3o0
8SJzHU43Nx7bBzvsyX0okrtXuz1BDZksxuyOttyN6ErZKAb5nR7E43ju4CVl2DdN
Lb83uA103iMmlmCfEzND0VTpwAkP3HhoQW60uGFvwMJzm9EyKf0VKJGjywDCRW1b
fRQZXE1bsDl/0tfXf++kp/+LXnF3y48SprHjB/8AzBB4NAtTMnWUmyjpKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKqVsP5mY5OX4gqZGYo/tQ9GDEBMB8GA1UdIwQY
MBaAFGq0N54RnnEAHM3+6/Tyryz18HoKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXJRM25oR2VjUUFjemY3cjlQS3ZMUFh3ZWdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC84OWE0YmYtMzI1YS00Njc1LWJiMDAt
MGE0MzM4Y2RmOTdiLzEvb3FwV3dfbVpqazVmaUNwa1ppai0xRDBZTVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC84OWE0YmYtMzI1YS00Njc1LWJiMDAtMGE0MzM4Y2RmOTdi
LzEvYXJRM25oR2VjUUFjemY3cjlQS3ZMUFh3ZWdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCoBSUMA0G
CSqGSIb3DQEBCwUAA4IBAQBxTf+oKzegOj5ofyHv+KXjed6tuCLP6CNWlS4meYse
Ian3oG7yEfV2J+gyiQI3axfBW6NmbQyi1Q4eZSAyp638/aiqMn1CDkHhSA6p826C
s3RUwiwB7i/N2Tq8T+3uEOK6Iu7DEM9C/gAYdvakaspDWgKs33Wjc/+KW16aQ9or
rEegPuujOSLrsuJ8oOnNuKD0XzqGX7P+EGTTxQw4EGaSZdoHMu+cCcybUXq/W8lK
ea8OJrt4pmbw3ZSrRklzfBnhHB6f2dysqF1DX49GNklbs3dUy3XEx+Nad4vLrUKU
QW4UvQLYCzBiMrlpWQREVb73HQQBrgkwgWt4Rrfzf1aQ
-----END CERTIFICATE-----