Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/0689ab-d8e4-4a4e-8793-481d075e62c3/1/oYPVT5oE5zpwcFnZ8YJoOYCnchI.roa
File:                     oYPVT5oE5zpwcFnZ8YJoOYCnchI.roa (raw, json)
Hash identifier:          rJ7YB/V+G66gXnvsmVLc7S7e9nKyJeNdBiMdH4tB7UA=
Subject key identifier:   A1:83:D5:4F:9A:04:E7:3A:70:70:59:D9:F1:82:68:39:80:A7:72:12
Certificate issuer:       /CN=2b7dc5ad66005aa1b6dc6093fb11f3581a795335
Certificate serial:       018CC72758060BD8E97466571852996C5F30
Authority key identifier: 2B:7D:C5:AD:66:00:5A:A1:B6:DC:60:93:FB:11:F3:58:1A:79:53:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K33FrWYAWqG23GCT-xHzWBp5UzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/0689ab-d8e4-4a4e-8793-481d075e62c3/1/oYPVT5oE5zpwcFnZ8YJoOYCnchI.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62068
IP address blocks:        185.46.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/0689ab-d8e4-4a4e-8793-481d075e62c3/1/K33FrWYAWqG23GCT-xHzWBp5UzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/0689ab-d8e4-4a4e-8793-481d075e62c3/1/K33FrWYAWqG23GCT-xHzWBp5UzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K33FrWYAWqG23GCT-xHzWBp5UzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:58:06:0b:d8:e9:74:66:57:18:52:99:6c:5f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b7dc5ad66005aa1b6dc6093fb11f3581a795335
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a183d54f9a04e73a707059d9f182683980a77212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8d:f2:c3:3d:5a:9b:47:e9:62:13:9c:94:03:
                    92:6a:22:98:e2:d6:f5:04:e7:85:94:08:f5:ef:d7:
                    86:64:26:b5:41:2b:cb:d8:6d:c7:3a:63:71:90:f3:
                    b5:d1:c3:0f:64:b9:61:28:38:2c:2d:9a:2e:2d:5c:
                    8c:ea:ab:49:c9:8c:80:c2:27:dd:29:1e:41:bf:c6:
                    b7:1e:29:40:e1:b5:fc:3d:0e:78:91:9a:4e:7d:c7:
                    00:7d:6e:6f:33:cd:18:0f:53:d7:68:69:75:c6:d5:
                    3e:4e:21:d6:0d:b9:5f:18:03:18:25:24:47:9b:51:
                    17:c0:53:88:90:17:2a:91:c1:af:8c:3e:77:19:cf:
                    08:a5:11:bc:1b:f9:c7:1e:62:f2:fd:c0:53:13:2c:
                    aa:06:64:77:c5:e9:dc:0d:a4:c3:10:33:ee:74:c5:
                    7b:c7:73:a0:f4:d4:8f:1d:fa:01:ec:01:95:12:08:
                    8a:34:80:ea:20:f2:eb:cd:bd:3c:e2:89:c2:7a:7b:
                    55:c3:4d:46:68:59:6b:74:29:e8:62:4a:a7:42:04:
                    a8:44:48:9c:3e:ba:15:49:a0:ca:db:98:3a:a6:61:
                    dc:d6:73:70:30:90:92:ed:bb:29:49:dc:55:2e:38:
                    e9:c5:2e:78:fc:44:40:06:97:16:a1:d7:a3:cc:f0:
                    6e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:83:D5:4F:9A:04:E7:3A:70:70:59:D9:F1:82:68:39:80:A7:72:12
            X509v3 Authority Key Identifier:
                keyid:2B:7D:C5:AD:66:00:5A:A1:B6:DC:60:93:FB:11:F3:58:1A:79:53:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K33FrWYAWqG23GCT-xHzWBp5UzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/0689ab-d8e4-4a4e-8793-481d075e62c3/1/oYPVT5oE5zpwcFnZ8YJoOYCnchI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/0689ab-d8e4-4a4e-8793-481d075e62c3/1/K33FrWYAWqG23GCT-xHzWBp5UzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:25:14:92:03:66:b0:d1:61:b4:6a:95:1d:54:2f:5d:02:13:
         af:72:af:86:41:60:f4:c0:46:66:37:d7:13:38:30:0d:8d:6a:
         64:37:37:49:f9:5a:35:a5:e8:a6:19:84:5a:5b:24:64:cb:b6:
         48:b5:50:e9:02:d6:83:1a:39:67:21:ed:2e:0b:9f:23:e1:b4:
         17:b0:a4:6b:4f:16:2d:e4:7d:45:b0:bf:ff:f6:9e:1e:03:98:
         35:9d:73:6b:bb:46:9a:29:04:7c:10:72:a3:3c:70:aa:2f:c4:
         b3:55:e6:9c:0f:98:de:e5:ac:33:1f:09:c5:5b:aa:98:32:9b:
         52:0f:1b:c5:bb:1d:c5:36:cf:12:59:21:4b:03:47:1c:b3:3c:
         01:2e:c3:bc:b7:20:5f:cd:ac:51:0c:92:00:dc:3f:7e:b2:e1:
         82:c1:5a:50:67:5a:64:46:ca:e2:32:b9:9d:7a:25:41:72:a4:
         ff:de:6e:64:46:33:98:f2:8d:f1:38:22:af:57:21:72:ee:50:
         e2:36:4c:9d:ad:d9:cd:e3:67:a4:40:52:e3:66:29:c7:a9:eb:
         32:51:91:7f:c4:76:d1:a4:95:92:7e:93:d8:29:02:60:e9:7e:
         a3:71:12:a6:a9:86:98:16:c1:32:7c:c5:e6:87:42:87:18:01:
         31:0d:fa:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1gGC9jpdGZXGFKZbF8wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiN2RjNWFkNjYwMDVhYTFiNmRjNjA5M2ZiMTFmMzU4MWE3
OTUzMzUwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTgzZDU0ZjlhMDRlNzNhNzA3MDU5ZDlmMTgyNjgzOTgwYTc3MjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu43ywz1am0fpYhOclAOSaiKY4tb1
BOeFlAj179eGZCa1QSvL2G3HOmNxkPO10cMPZLlhKDgsLZouLVyM6qtJyYyAwifd
KR5Bv8a3HilA4bX8PQ54kZpOfccAfW5vM80YD1PXaGl1xtU+TiHWDblfGAMYJSRH
m1EXwFOIkBcqkcGvjD53Gc8IpRG8G/nHHmLy/cBTEyyqBmR3xencDaTDEDPudMV7
x3Og9NSPHfoB7AGVEgiKNIDqIPLrzb084onCentVw01GaFlrdCnoYkqnQgSoREic
ProVSaDK25g6pmHc1nNwMJCS7bspSdxVLjjpxS54/ERABpcWodejzPBuWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGD1U+aBOc6cHBZ2fGCaDmAp3ISMB8GA1UdIwQY
MBaAFCt9xa1mAFqhttxgk/sR81gaeVM1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzMzRnJXWUFXcUcyM0dDVC14SHpXQnA1VXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8wNjg5YWItZDhlNC00YTRlLTg3OTMt
NDgxZDA3NWU2MmMzLzEvb1lQVlQ1b0U1enB3Y0ZuWjhZSm9PWUNuY2hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8wNjg5YWItZDhlNC00YTRlLTg3OTMtNDgxZDA3NWU2MmMz
LzEvSzMzRnJXWUFXcUcyM0dDVC14SHpXQnA1VXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS5GMA0G
CSqGSIb3DQEBCwUAA4IBAQCHJRSSA2aw0WG0apUdVC9dAhOvcq+GQWD0wEZmN9cT
ODANjWpkNzdJ+Vo1peimGYRaWyRky7ZItVDpAtaDGjlnIe0uC58j4bQXsKRrTxYt
5H1FsL//9p4eA5g1nXNru0aaKQR8EHKjPHCqL8SzVeacD5je5awzHwnFW6qYMptS
DxvFux3FNs8SWSFLA0ccszwBLsO8tyBfzaxRDJIA3D9+suGCwVpQZ1pkRsriMrmd
eiVBcqT/3m5kRjOY8o3xOCKvVyFy7lDiNkydrdnN42ekQFLjZinHqesyUZF/xHbR
pJWSfpPYKQJg6X6jcRKmqYaYFsEyfMXmh0KHGAExDfoZ
-----END CERTIFICATE-----