Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/68772c-b11a-49c9-907f-4ed1d075b637/1/osYAsnBJMHDx9mgNvPd41-8AUiw.roa
File:                     osYAsnBJMHDx9mgNvPd41-8AUiw.roa (raw, json)
Hash identifier:          MwIxQ5hAF643EkfnNbOen3a4mF1U6rwMbymKhdaIOak=
Subject key identifier:   A2:C6:00:B2:70:49:30:70:F1:F6:68:0D:BC:F7:78:D7:EF:00:52:2C
Certificate issuer:       /CN=85db397dc7648f0fd33c631f35cc2074e4ee332e
Certificate serial:       018CC3489DDDF6EDE55BF1502796C3151BF1
Authority key identifier: 85:DB:39:7D:C7:64:8F:0F:D3:3C:63:1F:35:CC:20:74:E4:EE:33:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hds5fcdkjw_TPGMfNcwgdOTuMy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/68772c-b11a-49c9-907f-4ed1d075b637/1/osYAsnBJMHDx9mgNvPd41-8AUiw.roa
Signing time:             Mon 01 Jan 2024 04:29:25 +0000
ROA not before:           Mon 01 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59692
IP address blocks:        45.183.4.0/22 maxlen: 32
                          190.115.16.0/20 maxlen: 32
                          186.2.160.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/68772c-b11a-49c9-907f-4ed1d075b637/1/hds5fcdkjw_TPGMfNcwgdOTuMy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/68772c-b11a-49c9-907f-4ed1d075b637/1/hds5fcdkjw_TPGMfNcwgdOTuMy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hds5fcdkjw_TPGMfNcwgdOTuMy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9d:dd:f6:ed:e5:5b:f1:50:27:96:c3:15:1b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85db397dc7648f0fd33c631f35cc2074e4ee332e
        Validity
            Not Before: Jan  1 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2c600b270493070f1f6680dbcf778d7ef00522c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b8:f0:08:b3:78:9c:9d:f7:dd:7d:df:85:7b:
                    63:73:42:85:e5:ac:ce:83:86:ed:b2:4b:10:57:86:
                    38:f3:11:cc:02:b3:a7:0a:88:e3:4f:0a:25:fa:70:
                    5e:4f:b5:4e:dc:ae:35:b7:3b:0f:2c:cd:95:c6:c9:
                    f8:75:f0:5c:40:f9:c0:16:17:c0:c9:48:c6:8b:6a:
                    75:22:64:96:26:2d:e7:5e:2a:7d:ab:30:60:92:a8:
                    5d:f5:56:1b:02:aa:14:c9:b8:19:d9:c1:1d:b3:3b:
                    a9:fc:71:9c:10:f9:ac:8b:cd:fc:c9:dd:bd:84:18:
                    c8:21:28:e8:be:d7:58:65:65:6a:d3:e0:c3:e9:6a:
                    c0:88:47:b4:5e:00:63:ff:7d:da:b1:48:c1:43:9b:
                    b4:9e:4b:97:e6:9f:e7:a2:e1:29:a4:6f:74:6d:6f:
                    e4:85:6e:db:b8:20:95:ec:e2:0c:94:4c:e8:cd:19:
                    04:b6:ba:87:31:ce:f2:a3:14:cd:fb:ca:29:21:c8:
                    d7:0f:59:66:93:64:f1:07:56:35:1b:03:f1:1d:f7:
                    dd:c9:c6:55:48:6b:f9:4f:b5:0a:13:40:d7:41:d6:
                    48:28:da:33:6f:4d:1e:b9:8e:d9:33:d8:56:16:51:
                    b8:82:b4:35:b6:ce:b0:7f:1a:6e:6c:9a:ff:42:30:
                    83:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:C6:00:B2:70:49:30:70:F1:F6:68:0D:BC:F7:78:D7:EF:00:52:2C
            X509v3 Authority Key Identifier:
                keyid:85:DB:39:7D:C7:64:8F:0F:D3:3C:63:1F:35:CC:20:74:E4:EE:33:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hds5fcdkjw_TPGMfNcwgdOTuMy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/68772c-b11a-49c9-907f-4ed1d075b637/1/osYAsnBJMHDx9mgNvPd41-8AUiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/68772c-b11a-49c9-907f-4ed1d075b637/1/hds5fcdkjw_TPGMfNcwgdOTuMy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.183.4.0/22
                  186.2.160.0/20
                  190.115.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7a:81:81:a1:8c:d6:5a:f7:2e:b3:8b:b2:c8:ea:22:58:16:4d:
         29:63:cc:b1:04:a1:5e:8e:da:ab:29:7b:ca:48:88:14:79:d7:
         43:8a:b6:c7:34:67:0b:28:be:21:f0:cf:39:e0:9d:ed:19:a6:
         46:e8:1f:7a:52:39:64:60:b6:9c:ed:8f:4f:5b:78:4a:1a:32:
         24:86:2b:40:2e:3a:17:a9:b4:c4:d8:0a:27:81:b9:ab:6f:a1:
         58:d3:d1:eb:e2:6a:47:60:ac:98:1d:24:5d:48:12:e6:35:58:
         1e:97:22:d4:b4:52:62:ed:ff:39:0c:cb:13:72:bf:e2:6d:6a:
         00:70:84:4d:de:a6:74:27:3c:af:07:08:8a:5a:63:11:e4:51:
         a2:31:48:db:0d:78:3b:e6:b7:6f:75:24:09:a3:b8:8b:07:75:
         df:e6:20:2c:33:57:77:92:3b:4d:67:1d:42:87:bb:ac:9c:0f:
         5d:51:95:50:83:7e:7e:86:9f:77:b5:ea:b0:72:21:7d:f8:2d:
         ee:f1:6a:37:76:96:9c:f8:a8:8d:04:8a:8a:b7:cb:99:42:40:
         6b:0f:85:97:a1:86:ea:67:41:61:8d:33:b2:42:98:55:a8:bf:
         fd:ca:3a:8b:3e:7d:b2:8c:81:06:12:37:67:a8:b0:25:36:b9:
         89:dc:44:a0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSJ3d9u3lW/FQJ5bDFRvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZGIzOTdkYzc2NDhmMGZkMzNjNjMxZjM1Y2MyMDc0ZTRl
ZTMzMmUwHhcNMjQwMTAxMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmM2MDBiMjcwNDkzMDcwZjFmNjY4MGRiY2Y3NzhkN2VmMDA1MjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurjwCLN4nJ333X3fhXtjc0KF5azO
g4btsksQV4Y48xHMArOnCojjTwol+nBeT7VO3K41tzsPLM2Vxsn4dfBcQPnAFhfA
yUjGi2p1ImSWJi3nXip9qzBgkqhd9VYbAqoUybgZ2cEdszup/HGcEPmsi838yd29
hBjIISjovtdYZWVq0+DD6WrAiEe0XgBj/33asUjBQ5u0nkuX5p/nouEppG90bW/k
hW7buCCV7OIMlEzozRkEtrqHMc7yoxTN+8opIcjXD1lmk2TxB1Y1GwPxHffdycZV
SGv5T7UKE0DXQdZIKNozb00euY7ZM9hWFlG4grQ1ts6wfxpubJr/QjCDHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKLGALJwSTBw8fZoDbz3eNfvAFIsMB8GA1UdIwQY
MBaAFIXbOX3HZI8P0zxjHzXMIHTk7jMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGRzNWZjZGtqd19UUEdNZk5jd2dkT1R1TXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ODc3MmMtYjExYS00OWM5LTkwN2Yt
NGVkMWQwNzViNjM3LzEvb3NZQXNuQkpNSER4OW1nTnZQZDQxLThBVWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ODc3MmMtYjExYS00OWM5LTkwN2YtNGVkMWQwNzViNjM3
LzEvaGRzNWZjZGtqd19UUEdNZk5jd2dkT1R1TXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLbcEAwQE
ugKgAwQEvnMQMA0GCSqGSIb3DQEBCwUAA4IBAQB6gYGhjNZa9y6zi7LI6iJYFk0p
Y8yxBKFejtqrKXvKSIgUeddDirbHNGcLKL4h8M854J3tGaZG6B96UjlkYLac7Y9P
W3hKGjIkhitALjoXqbTE2Aongbmrb6FY09Hr4mpHYKyYHSRdSBLmNVgelyLUtFJi
7f85DMsTcr/ibWoAcIRN3qZ0JzyvBwiKWmMR5FGiMUjbDXg75rdvdSQJo7iLB3Xf
5iAsM1d3kjtNZx1Ch7usnA9dUZVQg35+hp93teqwciF9+C3u8Wo3dpac+KiNBIqK
t8uZQkBrD4WXoYbqZ0FhjTOyQphVqL/9yjqLPn2yjIEGEjdnqLAlNrmJ3ESg
-----END CERTIFICATE-----