Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/OA6xVq4kzXkN8FbHWBxn3rLXD-c.roa
File:                     OA6xVq4kzXkN8FbHWBxn3rLXD-c.roa (raw, json)
Hash identifier:          sofpySHKO1EKvP35/0oEFu7rvbk2J2x64DkHWtaDLp4=
Subject key identifier:   38:0E:B1:56:AE:24:CD:79:0D:F0:56:C7:58:1C:67:DE:B2:D7:0F:E7
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018E0E7DFB7DC670BD674D94EB7F2DB4DC5D
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/OA6xVq4kzXkN8FbHWBxn3rLXD-c.roa
Signing time:             Tue 05 Mar 2024 12:02:01 +0000
ROA not before:           Tue 05 Mar 2024 12:02:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        145.78.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:7d:fb:7d:c6:70:bd:67:4d:94:eb:7f:2d:b4:dc:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Mar  5 12:02:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=380eb156ae24cd790df056c7581c67deb2d70fe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d2:c4:e6:c5:06:08:33:79:d9:69:be:e1:9a:
                    2b:9a:d2:41:3b:5f:54:37:23:06:9a:e2:8d:67:6b:
                    ab:af:83:34:ed:b6:4d:57:23:64:90:5b:60:ba:fa:
                    e9:0c:51:8c:7e:26:a8:6e:0a:54:61:b1:4d:bb:0f:
                    ce:d4:8d:30:a2:83:19:1f:b9:5e:2e:77:43:cc:ca:
                    a2:a9:2a:c5:c3:35:65:42:86:03:75:61:70:af:26:
                    4b:23:9c:2c:2e:81:b9:ed:3e:f0:51:db:e8:36:50:
                    32:c9:fb:bd:e2:6e:71:e4:79:22:c4:51:0a:1c:04:
                    33:6e:2a:6d:c2:16:01:85:95:58:f4:42:90:4d:b7:
                    47:8a:9d:c1:6c:96:b6:49:52:5a:16:ee:ca:1b:83:
                    31:20:0c:c0:d2:26:67:51:7b:d3:53:b8:f7:29:cb:
                    36:3a:2c:f3:e4:81:97:e9:65:a0:03:7a:ae:7a:f4:
                    76:33:d9:e0:5d:1c:ad:0e:20:d0:99:5d:b9:b0:a0:
                    26:32:f7:67:b0:28:7f:3d:d3:a6:86:69:6f:57:c4:
                    32:51:0c:40:0f:d0:86:e9:86:ec:82:9c:a8:95:fe:
                    26:41:10:b9:3e:39:1f:8c:dc:88:fd:f2:2b:03:7d:
                    01:11:3b:d0:da:96:58:58:cb:94:a2:84:0d:d3:20:
                    06:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:0E:B1:56:AE:24:CD:79:0D:F0:56:C7:58:1C:67:DE:B2:D7:0F:E7
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/OA6xVq4kzXkN8FbHWBxn3rLXD-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.78.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:1a:ae:f4:8b:5b:cf:86:fb:fd:99:ec:c5:e4:d2:23:9c:a2:
         dd:f2:fe:b0:13:18:02:29:58:3b:df:08:8b:fa:51:4b:1d:dc:
         cf:16:16:43:af:5b:35:20:61:a6:7d:14:97:d7:2c:79:fb:ed:
         21:1e:f7:05:08:f7:f2:df:45:d7:a3:14:8f:21:ad:26:2d:ca:
         69:43:ff:78:1b:39:e2:4a:34:aa:ea:64:3b:04:36:f9:bb:6b:
         9e:48:82:f9:a0:d3:13:6a:0a:a6:e1:ff:36:92:ae:9e:7a:da:
         b4:6b:6f:a4:4f:02:69:bf:01:bb:e1:c2:f3:af:05:29:24:30:
         b9:da:6e:2f:50:e5:24:65:59:b4:43:02:7d:2d:7c:12:87:6a:
         2c:a0:7f:87:c6:f4:25:bd:ab:20:3e:3f:6b:e5:1b:6c:e2:27:
         ac:bd:02:b5:05:2a:7b:09:dd:3f:83:e7:55:3b:79:3b:c6:95:
         f6:eb:bd:c0:62:b8:31:83:42:61:f8:f0:31:dd:84:f6:41:6e:
         39:34:13:d4:3f:e0:bd:ef:c9:d3:a0:5c:60:8b:3e:28:25:19:
         f6:d2:de:c3:81:a0:fe:99:01:c1:d7:19:e6:89:17:01:14:1c:
         45:53:76:8e:12:05:c5:98:89:2f:54:c7:9b:0c:66:7c:ff:33:
         dd:dc:cd:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4Offt9xnC9Z02U638ttNxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMzA1MTIwMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODBlYjE1NmFlMjRjZDc5MGRmMDU2Yzc1ODFjNjdkZWIyZDcwZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtLE5sUGCDN52Wm+4ZormtJBO19U
NyMGmuKNZ2urr4M07bZNVyNkkFtguvrpDFGMfiaobgpUYbFNuw/O1I0wooMZH7le
LndDzMqiqSrFwzVlQoYDdWFwryZLI5wsLoG57T7wUdvoNlAyyfu94m5x5HkixFEK
HAQzbiptwhYBhZVY9EKQTbdHip3BbJa2SVJaFu7KG4MxIAzA0iZnUXvTU7j3Kcs2
Oizz5IGX6WWgA3quevR2M9ngXRytDiDQmV25sKAmMvdnsCh/PdOmhmlvV8QyUQxA
D9CG6Ybsgpyolf4mQRC5PjkfjNyI/fIrA30BETvQ2pZYWMuUooQN0yAG4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgOsVauJM15DfBWx1gcZ96y1w/nMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvT0E2eFZxNGt6WGtOOEZiSFdCeG4zckxYRC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkU4UMA0G
CSqGSIb3DQEBCwUAA4IBAQAqGq70i1vPhvv9mezF5NIjnKLd8v6wExgCKVg73wiL
+lFLHdzPFhZDr1s1IGGmfRSX1yx5++0hHvcFCPfy30XXoxSPIa0mLcppQ/94Gzni
SjSq6mQ7BDb5u2ueSIL5oNMTagqm4f82kq6eetq0a2+kTwJpvwG74cLzrwUpJDC5
2m4vUOUkZVm0QwJ9LXwSh2osoH+HxvQlvasgPj9r5Rts4iesvQK1BSp7Cd0/g+dV
O3k7xpX2673AYrgxg0Jh+PAx3YT2QW45NBPUP+C978nToFxgiz4oJRn20t7DgaD+
mQHB1xnmiRcBFBxFU3aOEgXFmIkvVMebDGZ8/zPd3M1Q
-----END CERTIFICATE-----