Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ot3Y4WUV4u-P_HzBvjvO80lMqJ4.roa
File:                     ot3Y4WUV4u-P_HzBvjvO80lMqJ4.roa (raw, json)
Hash identifier:          nZy/k7oAU7bueEGDY3unTpU3xp/jE5QNAK2beggKwP4=
Subject key identifier:   A2:DD:D8:E1:65:15:E2:EF:8F:FC:7C:C1:BE:3B:CE:F3:49:4C:A8:9E
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018CCA2A33EF7168098F695D3EC1076DFC89
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ot3Y4WUV4u-P_HzBvjvO80lMqJ4.roa
Signing time:             Tue 02 Jan 2024 12:33:32 +0000
ROA not before:           Tue 02 Jan 2024 12:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22781
IP address blocks:        109.111.56.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 04:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:33:ef:71:68:09:8f:69:5d:3e:c1:07:6d:fc:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  2 12:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2ddd8e16515e2ef8ffc7cc1be3bcef3494ca89e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:32:96:f7:89:25:b2:8f:bb:b6:66:9d:ff:c0:
                    29:fe:12:a7:a5:07:4c:22:1c:bc:f9:50:61:7f:c6:
                    07:1a:cd:0d:5b:73:3b:28:cd:62:30:89:ad:53:2c:
                    af:3b:31:99:71:16:d1:bb:f9:3c:bc:25:55:32:f3:
                    3c:3a:0d:6e:95:e7:9f:38:81:8e:e8:00:05:9c:fb:
                    c8:fa:01:75:e0:f5:4b:1b:1d:7e:13:85:6b:54:bc:
                    78:c6:b8:54:98:15:37:2d:fc:38:61:7f:ae:cc:74:
                    cd:09:57:8e:5b:1c:ae:29:21:d6:ad:39:81:6e:e7:
                    da:ad:52:75:3e:4d:c8:20:0b:af:1e:bf:e9:5c:06:
                    76:e9:ff:12:4c:99:f0:b8:b0:14:62:66:80:88:e0:
                    2f:2c:91:19:25:1e:b5:5e:8f:ba:06:ac:e4:0a:ba:
                    a0:73:16:ac:23:3e:b6:8d:8d:c9:d5:13:f0:b3:73:
                    b9:b8:24:f3:85:7c:f8:03:ee:37:bb:85:a2:a7:97:
                    ce:f9:a6:80:e7:c6:5f:dc:f4:a5:a4:3c:23:ca:b3:
                    e5:fe:65:79:22:45:85:86:2a:bb:00:87:a7:d8:26:
                    1f:da:e4:60:b5:1b:c8:57:4f:c0:56:01:19:5c:05:
                    0d:ea:4d:06:b1:82:6e:6b:73:c4:f9:ca:b7:ef:bc:
                    79:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:DD:D8:E1:65:15:E2:EF:8F:FC:7C:C1:BE:3B:CE:F3:49:4C:A8:9E
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ot3Y4WUV4u-P_HzBvjvO80lMqJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:98:47:49:4c:01:9a:eb:ab:ad:ed:b8:b0:97:1d:dd:d5:2b:
         76:16:6c:28:56:25:f2:2b:aa:89:9a:19:dc:05:90:0c:89:42:
         28:29:6f:cd:d5:90:b6:2d:ce:3e:84:7b:e2:72:10:89:9c:27:
         4b:a0:60:ce:eb:a7:b2:55:35:ca:2e:f2:e2:0b:db:0c:78:f7:
         f4:8c:fc:0a:0b:bb:d7:82:78:7b:4f:79:1d:8e:34:9c:70:18:
         de:b4:e2:0d:10:26:d4:e9:bf:ee:09:e7:0c:31:27:6f:c6:ac:
         7d:40:e7:91:5e:7a:38:b4:fc:4e:f4:ae:32:96:a7:4d:06:73:
         98:6d:e5:37:a7:b9:98:b2:a6:20:39:9e:c2:f1:24:36:25:80:
         4a:0f:dd:06:13:c7:46:fd:7c:d4:30:e7:f4:1a:b0:75:04:f4:
         c1:51:dd:b0:6c:a8:26:bf:c8:b1:2a:5a:3d:fe:41:2a:e4:90:
         c3:5f:df:69:51:01:43:41:41:c7:5c:85:69:ef:75:f3:a3:a2:
         8a:6e:0a:8a:b7:99:b0:2d:71:de:28:fb:ec:ab:6c:c8:07:09:
         69:39:e1:b7:f4:6e:d9:1c:3b:fb:cd:75:9a:cf:5c:26:88:c9:
         6a:c6:8d:a9:d9:0a:9d:bb:e2:d4:ea:a5:43:fc:15:53:4b:ad:
         90:c1:df:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjPvcWgJj2ldPsEHbfyJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMTAyMTIzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmRkZDhlMTY1MTVlMmVmOGZmYzdjYzFiZTNiY2VmMzQ5NGNhODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDKW94klso+7tmad/8Ap/hKnpQdM
Ihy8+VBhf8YHGs0NW3M7KM1iMImtUyyvOzGZcRbRu/k8vCVVMvM8Og1uleefOIGO
6AAFnPvI+gF14PVLGx1+E4VrVLx4xrhUmBU3Lfw4YX+uzHTNCVeOWxyuKSHWrTmB
bufarVJ1Pk3IIAuvHr/pXAZ26f8STJnwuLAUYmaAiOAvLJEZJR61Xo+6BqzkCrqg
cxasIz62jY3J1RPws3O5uCTzhXz4A+43u4Wip5fO+aaA58Zf3PSlpDwjyrPl/mV5
IkWFhiq7AIen2CYf2uRgtRvIV0/AVgEZXAUN6k0GsYJua3PE+cq377x56QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLd2OFlFeLvj/x8wb47zvNJTKieMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvb3QzWTRXVVY0dS1QX0h6QnZqdk84MGxNcUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbW84MA0G
CSqGSIb3DQEBCwUAA4IBAQAPmEdJTAGa66ut7biwlx3d1St2FmwoViXyK6qJmhnc
BZAMiUIoKW/N1ZC2Lc4+hHvichCJnCdLoGDO66eyVTXKLvLiC9sMePf0jPwKC7vX
gnh7T3kdjjSccBjetOINECbU6b/uCecMMSdvxqx9QOeRXno4tPxO9K4ylqdNBnOY
beU3p7mYsqYgOZ7C8SQ2JYBKD90GE8dG/XzUMOf0GrB1BPTBUd2wbKgmv8ixKlo9
/kEq5JDDX99pUQFDQUHHXIVp73Xzo6KKbgqKt5mwLXHeKPvsq2zIBwlpOeG39G7Z
HDv7zXWaz1wmiMlqxo2p2Qqdu+LU6qVD/BVTS62Qwd+8
-----END CERTIFICATE-----