Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/OR-awUpoQ9ckq5oc92z31q3t5Nc.roa
File:                     OR-awUpoQ9ckq5oc92z31q3t5Nc.roa (raw, json)
Hash identifier:          1oh/TWPnM2RQnYa/1xloOY+vhK5/5JlyzCQhMRGz4lI=
Subject key identifier:   39:1F:9A:C1:4A:68:43:D7:24:AB:9A:1C:F7:6C:F7:D6:AD:ED:E4:D7
Certificate issuer:       /CN=e9c4cd4118ddffee56e885663795547a1de3f98a
Certificate serial:       018CC64A17C1F9D97FDBBE804F286CBE4A68
Authority key identifier: E9:C4:CD:41:18:DD:FF:EE:56:E8:85:66:37:95:54:7A:1D:E3:F9:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/OR-awUpoQ9ckq5oc92z31q3t5Nc.roa
Signing time:             Mon 01 Jan 2024 18:29:53 +0000
ROA not before:           Mon 01 Jan 2024 18:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35426
IP address blocks:        85.208.144.0/22 maxlen: 24
                          2a09:8740::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:17:c1:f9:d9:7f:db:be:80:4f:28:6c:be:4a:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9c4cd4118ddffee56e885663795547a1de3f98a
        Validity
            Not Before: Jan  1 18:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=391f9ac14a6843d724ab9a1cf76cf7d6adede4d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9d:bc:e1:26:11:fb:b3:39:55:cb:f8:1c:af:
                    95:34:bd:27:03:47:aa:ea:36:0d:c2:ff:9f:08:5c:
                    db:70:bc:39:bd:98:b2:00:af:1f:8a:c6:db:9a:16:
                    45:61:fa:40:b9:1e:6d:b7:34:7c:fa:61:6b:ab:ab:
                    b7:c8:8c:1f:6c:23:a3:11:e6:0c:34:07:e0:bb:9a:
                    c3:12:f3:e5:40:f8:40:e9:2f:cd:2a:93:78:df:39:
                    30:a0:e0:00:6f:9f:ff:df:52:e0:77:88:90:e8:af:
                    98:65:df:de:17:78:be:0c:4e:f3:90:c1:a1:81:8f:
                    98:2e:0c:00:31:c1:a0:7f:e9:c3:7f:79:dc:36:ad:
                    06:a0:e1:db:d2:d0:1e:94:bb:c6:5a:df:af:67:5b:
                    8f:af:18:dc:aa:48:05:61:7e:e2:35:f7:a0:47:35:
                    1d:2b:03:d6:c0:f6:1a:ae:c5:47:fc:10:02:2e:4a:
                    8c:c5:39:47:f2:db:58:6e:84:f6:a7:42:1d:c3:8f:
                    a4:30:76:f7:05:5e:46:3b:fa:14:40:93:7f:45:f3:
                    da:d1:a5:e2:22:1b:b8:ee:94:21:ab:ba:70:b1:d4:
                    5e:3e:3e:bb:38:5c:e1:5c:0f:2a:d6:0b:25:2c:2a:
                    59:83:7d:38:03:de:83:02:8e:74:6e:8d:76:c3:86:
                    68:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1F:9A:C1:4A:68:43:D7:24:AB:9A:1C:F7:6C:F7:D6:AD:ED:E4:D7
            X509v3 Authority Key Identifier:
                keyid:E9:C4:CD:41:18:DD:FF:EE:56:E8:85:66:37:95:54:7A:1D:E3:F9:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/OR-awUpoQ9ckq5oc92z31q3t5Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.144.0/22
                IPv6:
                  2a09:8740::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:7d:7e:a5:cd:69:0c:05:31:44:30:c9:d3:d3:95:52:f6:26:
         db:8e:f3:b8:d7:b3:5a:3d:ef:5e:06:78:07:d2:55:f9:04:3a:
         85:44:3b:d3:29:9f:83:4b:e2:0c:ff:f7:98:de:0b:36:07:5d:
         0d:c0:2b:af:48:0e:c4:a7:0f:e1:11:8e:78:fb:0f:7b:9f:5c:
         e1:d2:c1:01:6a:59:6d:22:d7:e3:a2:f8:03:73:e8:a1:c2:1c:
         f9:ab:13:1d:ad:13:ce:b1:37:5f:55:28:2a:5c:f1:9e:f1:80:
         4e:2b:cb:e4:64:68:2a:c0:a5:2c:ae:4f:38:e2:0f:a2:dc:18:
         c1:df:2f:e7:31:b7:f2:f6:54:4c:a6:2d:e4:a2:7b:82:fe:a6:
         48:fe:df:1b:52:30:87:9f:52:91:91:1b:79:17:85:e1:f0:fe:
         c0:4b:79:07:25:7c:69:0b:69:f3:de:e0:bc:c3:52:a7:4f:89:
         c5:3c:c9:d4:5e:37:c5:41:61:8f:bd:bb:61:dc:1e:4e:99:98:
         1a:3a:3a:17:8b:17:6c:86:e2:33:63:61:f3:c9:bf:cb:4d:ff:
         e5:26:3e:74:14:4d:54:c5:7b:d2:1b:2e:5f:a0:18:d7:c1:59:
         14:b5:61:9d:56:66:72:ee:1f:83:b3:7d:3a:03:4a:c0:a5:ae:
         65:e6:c2:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGShfB+dl/276ATyhsvkpoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YzRjZDQxMThkZGZmZWU1NmU4ODU2NjM3OTU1NDdhMWRl
M2Y5OGEwHhcNMjQwMTAxMTgyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTFmOWFjMTRhNjg0M2Q3MjRhYjlhMWNmNzZjZjdkNmFkZWRlNGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJ284SYR+7M5Vcv4HK+VNL0nA0eq
6jYNwv+fCFzbcLw5vZiyAK8fisbbmhZFYfpAuR5ttzR8+mFrq6u3yIwfbCOjEeYM
NAfgu5rDEvPlQPhA6S/NKpN43zkwoOAAb5//31Lgd4iQ6K+YZd/eF3i+DE7zkMGh
gY+YLgwAMcGgf+nDf3ncNq0GoOHb0tAelLvGWt+vZ1uPrxjcqkgFYX7iNfegRzUd
KwPWwPYarsVH/BACLkqMxTlH8ttYboT2p0Idw4+kMHb3BV5GO/oUQJN/RfPa0aXi
Ihu47pQhq7pwsdRePj67OFzhXA8q1gslLCpZg304A96DAo50bo12w4ZoWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDkfmsFKaEPXJKuaHPds99at7eTXMB8GA1UdIwQY
MBaAFOnEzUEY3f/uVuiFZjeVVHod4/mKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmNUTlFSamRfLTVXNklWbU41VlVlaDNqLVlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8zZjdkYTQtMzYzMS00YjAzLWJhODQt
NmNiMmQzYjQ0MzdjLzEvT1ItYXdVcG9ROWNrcTVvYzkyejMxcTN0NU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8zZjdkYTQtMzYzMS00YjAzLWJhODQtNmNiMmQzYjQ0Mzdj
LzEvNmNUTlFSamRfLTVXNklWbU41VlVlaDNqLVlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdCQMA0E
AgACMAcDBQMqCYdAMA0GCSqGSIb3DQEBCwUAA4IBAQBtfX6lzWkMBTFEMMnT05VS
9ibbjvO417NaPe9eBngH0lX5BDqFRDvTKZ+DS+IM//eY3gs2B10NwCuvSA7Epw/h
EY54+w97n1zh0sEBalltItfjovgDc+ihwhz5qxMdrRPOsTdfVSgqXPGe8YBOK8vk
ZGgqwKUsrk844g+i3BjB3y/nMbfy9lRMpi3konuC/qZI/t8bUjCHn1KRkRt5F4Xh
8P7AS3kHJXxpC2nz3uC8w1KnT4nFPMnUXjfFQWGPvbth3B5OmZgaOjoXixdshuIz
Y2Hzyb/LTf/lJj50FE1UxXvSGy5foBjXwVkUtWGdVmZy7h+Ds306A0rApa5l5sL+
-----END CERTIFICATE-----