Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/OuOBCYSSPCNK-LIQuu7JFI-SmCk.roa
File:                     OuOBCYSSPCNK-LIQuu7JFI-SmCk.roa (raw, json)
Hash identifier:          XB3AHKUGzdVmmgT5L2Wt836t/O/Cg7ZNzb1JZKMzzxY=
Subject key identifier:   3A:E3:81:09:84:92:3C:23:4A:F8:B2:10:BA:EE:C9:14:8F:92:98:29
Certificate issuer:       /CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
Certificate serial:       018CC3B6D289359BDA55749DCCBD768EEE09
Authority key identifier: B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/OuOBCYSSPCNK-LIQuu7JFI-SmCk.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12390
IP address blocks:        185.199.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d2:89:35:9b:da:55:74:9d:cc:bd:76:8e:ee:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ae3810984923c234af8b210baeec9148f929829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c0:9f:02:d1:11:ac:eb:4a:ac:c4:56:68:59:
                    c6:ed:ae:7d:0a:4d:d2:92:0e:1a:f9:70:6a:0d:e0:
                    86:e2:39:61:fd:35:ac:ad:5c:72:df:1e:05:69:bf:
                    96:07:5c:f2:c4:0f:7e:d1:6a:84:6f:8b:6f:c1:94:
                    4a:d7:89:fd:ab:99:94:4e:ec:9e:89:62:b1:cf:50:
                    05:51:a4:65:30:dd:4f:29:ac:85:b4:44:5f:a0:a4:
                    c6:13:f8:a4:c6:86:1b:5a:8a:dc:6d:c3:99:c7:d5:
                    0a:fa:6b:65:ad:e1:c9:fa:ff:3c:1a:b4:e3:a9:c3:
                    80:cb:b9:51:13:5b:61:8e:92:6f:29:c1:df:88:a2:
                    82:dc:48:1f:85:b8:ce:d9:e3:a9:0b:75:8a:a9:f2:
                    a6:d5:a2:a3:aa:dc:aa:b5:e1:92:84:7d:a9:46:c9:
                    c2:94:79:cc:1e:46:33:29:80:f2:66:21:88:99:cd:
                    ec:9f:e7:97:77:64:d7:38:21:69:49:89:e4:60:e0:
                    46:05:da:52:1a:88:8b:5c:ec:85:dd:ce:8a:2b:2e:
                    d7:fd:7e:e1:e6:36:57:ec:37:27:06:07:1e:76:fb:
                    7f:6e:a7:9c:6b:81:72:a4:a7:98:50:3a:a5:2b:b3:
                    fb:7a:b5:10:c0:a4:0a:d2:42:a8:46:8c:fd:cb:a0:
                    4b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:E3:81:09:84:92:3C:23:4A:F8:B2:10:BA:EE:C9:14:8F:92:98:29
            X509v3 Authority Key Identifier:
                keyid:B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/OuOBCYSSPCNK-LIQuu7JFI-SmCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:20:22:12:0e:64:0f:c3:66:7f:8e:57:2b:d4:7b:ad:de:a5:
         0d:e0:ba:4f:1f:a5:e7:a9:7c:6b:8d:f9:01:1f:9c:5f:23:ad:
         87:a7:7f:68:42:ce:b8:1d:c9:e9:df:69:22:36:ce:87:10:05:
         5d:76:50:af:c9:50:6d:85:6c:55:c8:e9:14:b1:da:92:c5:60:
         5c:09:48:ed:ca:17:ee:e1:58:30:b7:af:b6:cb:07:c1:53:b5:
         c8:bf:84:15:27:b7:95:d5:13:e1:16:2b:45:47:fd:15:b0:8b:
         57:d5:33:0d:d2:2d:e0:3b:55:75:9c:85:f7:c0:01:13:e5:a8:
         e2:b0:c2:3d:18:0c:50:c8:e9:97:05:3e:50:35:f6:cf:99:0b:
         fd:da:58:f4:0a:07:67:b6:84:bc:c4:a4:a6:7e:54:34:05:00:
         a0:d6:fd:11:6d:3a:d1:bc:d9:21:0e:a7:d5:5e:33:81:a4:58:
         68:69:3b:57:a3:04:f4:6b:4f:cc:a8:94:5f:7d:b0:6f:18:76:
         db:9d:7c:13:08:0f:fe:95:81:ec:80:e4:a5:dc:0c:c5:76:38:
         12:54:70:86:46:2b:89:e8:ec:c4:a3:e1:77:1f:bf:4e:25:26:
         25:c9:8e:b6:83:34:d3:15:44:ee:7e:25:ea:64:9c:81:0c:ef:
         6d:1d:ec:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttKJNZvaVXSdzL12ju4JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NWEwNTY2ZDBiNjNhMWY4NjJkODM0NThlNGYyZWE2ZmQ4
ZjdkMjEwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWUzODEwOTg0OTIzYzIzNGFmOGIyMTBiYWVlYzkxNDhmOTI5ODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMCfAtERrOtKrMRWaFnG7a59Ck3S
kg4a+XBqDeCG4jlh/TWsrVxy3x4Fab+WB1zyxA9+0WqEb4tvwZRK14n9q5mUTuye
iWKxz1AFUaRlMN1PKayFtERfoKTGE/ikxoYbWorcbcOZx9UK+mtlreHJ+v88GrTj
qcOAy7lRE1thjpJvKcHfiKKC3EgfhbjO2eOpC3WKqfKm1aKjqtyqteGShH2pRsnC
lHnMHkYzKYDyZiGImc3sn+eXd2TXOCFpSYnkYOBGBdpSGoiLXOyF3c6KKy7X/X7h
5jZX7DcnBgcedvt/bqeca4FypKeYUDqlK7P7erUQwKQK0kKoRoz9y6BLiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrjgQmEkjwjSviyELruyRSPkpgpMB8GA1UdIwQY
MBaAFLdaBWbQtjofhi2DRY5PLqb9j30hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQt
ODNmNjAxYzNmYjU5LzEvT3VPQkNZU1NQQ05LLUxJUXV1N0pGSS1TbUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQtODNmNjAxYzNmYjU5
LzEvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucc4MA0G
CSqGSIb3DQEBCwUAA4IBAQBFICISDmQPw2Z/jlcr1Hut3qUN4LpPH6XnqXxrjfkB
H5xfI62Hp39oQs64Hcnp32kiNs6HEAVddlCvyVBthWxVyOkUsdqSxWBcCUjtyhfu
4Vgwt6+2ywfBU7XIv4QVJ7eV1RPhFitFR/0VsItX1TMN0i3gO1V1nIX3wAET5aji
sMI9GAxQyOmXBT5QNfbPmQv92lj0CgdntoS8xKSmflQ0BQCg1v0RbTrRvNkhDqfV
XjOBpFhoaTtXowT0a0/MqJRffbBvGHbbnXwTCA/+lYHsgOSl3AzFdjgSVHCGRiuJ
6OzEo+F3H79OJSYlyY62gzTTFUTufiXqZJyBDO9tHexM
-----END CERTIFICATE-----