Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/OtqqhpwOm0_gUoATqovwWr-2FYc.roa
File:                     OtqqhpwOm0_gUoATqovwWr-2FYc.roa (raw, json)
Hash identifier:          gRcL2QHwhcXIVQA7WDmr99h/PRypP47hd3z7QYcrjQk=
Subject key identifier:   3A:DA:AA:86:9C:0E:9B:4F:E0:52:80:13:AA:8B:F0:5A:BF:B6:15:87
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018EFA94A25283E2646991AC7F87EC96B98C
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/OtqqhpwOm0_gUoATqovwWr-2FYc.roa
Signing time:             Sat 20 Apr 2024 08:17:08 +0000
ROA not before:           Sat 20 Apr 2024 08:17:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149440
IP address blocks:        45.134.36.0/24 maxlen: 24
                          185.132.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:fa:94:a2:52:83:e2:64:69:91:ac:7f:87:ec:96:b9:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Apr 20 08:17:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3adaaa869c0e9b4fe0528013aa8bf05abfb61587
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a6:2c:53:ea:eb:e0:f2:1d:54:3c:f6:21:0e:
                    8a:ab:0e:a2:ab:dc:ad:5d:35:d2:cf:50:a0:df:fc:
                    1c:58:2b:94:f7:b5:68:53:d0:d9:63:17:5c:11:6d:
                    fd:ca:c9:03:bb:63:59:66:00:a3:cf:59:79:8a:28:
                    23:53:6d:d8:e5:d2:e8:ce:26:cd:43:7f:8b:5d:99:
                    47:46:7c:c1:77:58:81:24:1e:15:7d:12:9c:f8:e1:
                    8e:ed:54:12:39:bc:97:92:fe:67:cf:99:ad:f6:ad:
                    9e:df:df:5f:3b:97:fe:ce:43:63:1d:ce:d7:b9:1e:
                    d2:04:fe:19:cd:fe:1b:24:31:bb:76:fe:2b:72:30:
                    fd:71:60:8a:fe:0a:5c:0b:26:ce:e7:92:c1:58:ee:
                    9b:19:31:b1:b4:7b:35:d3:4b:a1:38:ba:91:14:ef:
                    89:d9:f4:86:27:f1:c1:46:33:fc:f9:1f:0f:b1:f3:
                    61:d6:d0:5e:55:00:13:0f:34:53:bf:7f:03:db:de:
                    49:6d:00:7d:2d:b2:11:44:1b:db:d6:64:35:9c:f7:
                    ab:75:63:ac:39:d8:7f:ab:47:8a:ac:7c:7c:a9:27:
                    40:10:6f:7c:11:08:07:40:bb:a6:0f:38:5b:83:ff:
                    08:f3:01:16:05:2b:fa:88:b9:dc:5c:ae:c6:1d:25:
                    97:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:DA:AA:86:9C:0E:9B:4F:E0:52:80:13:AA:8B:F0:5A:BF:B6:15:87
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/OtqqhpwOm0_gUoATqovwWr-2FYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.36.0/24
                  185.132.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:53:08:15:bb:68:01:ff:59:c3:90:14:01:2b:a2:60:4b:9b:
         0c:36:74:47:cd:f8:92:65:d9:9d:7c:7f:16:75:a3:78:07:c9:
         63:40:4e:2e:91:23:9c:c7:15:1d:f1:d6:c1:c3:5f:81:71:4a:
         a9:47:6f:ef:38:24:1f:5f:55:28:db:c1:84:52:8f:9c:b3:04:
         59:12:2d:ff:74:7a:f6:33:2c:93:ef:55:66:cb:23:11:e6:56:
         e8:de:2a:fc:36:03:f3:9d:9b:07:42:5c:88:84:93:5c:64:25:
         79:16:1e:92:95:4c:de:2c:b7:16:3f:b4:87:c2:73:49:85:5e:
         e2:38:97:4b:d8:9f:30:d3:a0:12:bf:af:77:45:86:e9:02:da:
         4b:6e:41:4b:76:ba:07:32:82:f8:c8:f4:fc:62:e7:2f:29:1d:
         1a:9f:6f:38:1e:5f:d7:60:0a:44:a0:a8:7d:97:9c:97:0a:13:
         a9:35:d0:a8:7f:54:6e:b9:c3:e6:56:15:b0:11:1e:ad:7b:cd:
         83:22:a1:30:9b:b6:f4:73:f2:da:87:48:72:3c:53:c6:36:7f:
         c8:df:bd:74:49:28:4b:4a:b3:3a:96:93:fe:78:5e:95:4d:a2:
         dc:c2:74:8b:95:db:dc:84:d9:44:68:25:78:5d:05:b1:98:69:
         5b:06:ca:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY76lKJSg+JkaZGsf4fslrmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwNDIwMDgxNzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWRhYWE4NjljMGU5YjRmZTA1MjgwMTNhYThiZjA1YWJmYjYxNTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6YsU+rr4PIdVDz2IQ6Kqw6iq9yt
XTXSz1Cg3/wcWCuU97VoU9DZYxdcEW39yskDu2NZZgCjz1l5iigjU23Y5dLozibN
Q3+LXZlHRnzBd1iBJB4VfRKc+OGO7VQSObyXkv5nz5mt9q2e399fO5f+zkNjHc7X
uR7SBP4Zzf4bJDG7dv4rcjD9cWCK/gpcCybO55LBWO6bGTGxtHs100uhOLqRFO+J
2fSGJ/HBRjP8+R8PsfNh1tBeVQATDzRTv38D295JbQB9LbIRRBvb1mQ1nPerdWOs
Odh/q0eKrHx8qSdAEG98EQgHQLumDzhbg/8I8wEWBSv6iLncXK7GHSWXAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDraqoacDptP4FKAE6qL8Fq/thWHMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvT3RxcWhwd09tMF9nVW9BVHFvdndXci0yRlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYYkAwQA
uYQ2MA0GCSqGSIb3DQEBCwUAA4IBAQBbUwgVu2gB/1nDkBQBK6JgS5sMNnRHzfiS
ZdmdfH8WdaN4B8ljQE4ukSOcxxUd8dbBw1+BcUqpR2/vOCQfX1Uo28GEUo+cswRZ
Ei3/dHr2MyyT71VmyyMR5lbo3ir8NgPznZsHQlyIhJNcZCV5Fh6SlUzeLLcWP7SH
wnNJhV7iOJdL2J8w06ASv693RYbpAtpLbkFLdroHMoL4yPT8YucvKR0an284Hl/X
YApEoKh9l5yXChOpNdCof1RuucPmVhWwER6te82DIqEwm7b0c/Lah0hyPFPGNn/I
3710SShLSrM6lpP+eF6VTaLcwnSLldvchNlEaCV4XQWxmGlbBsq2
-----END CERTIFICATE-----