Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/OTWJHMQxpwTvya6wRHCbM_Q435M.roa
File:                     OTWJHMQxpwTvya6wRHCbM_Q435M.roa (raw, json)
Hash identifier:          +bfzRu+1zDSJImWu9nw5nIYD88jME8+faCXrannDJBc=
Subject key identifier:   39:35:89:1C:C4:31:A7:04:EF:C9:AE:B0:44:70:9B:33:F4:38:DF:93
Certificate issuer:       /CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
Certificate serial:       018CC348D1A0DEDE3830213B391524356863
Authority key identifier: 0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/OTWJHMQxpwTvya6wRHCbM_Q435M.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61079
IP address blocks:        93.113.40.0/22 maxlen: 24
                          46.102.64.0/19 maxlen: 24
                          89.46.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d1:a0:de:de:38:30:21:3b:39:15:24:35:68:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3935891cc431a704efc9aeb044709b33f438df93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4b:1e:86:9b:40:f7:c6:8d:b5:da:3d:04:b2:
                    31:92:e5:b0:a7:e4:97:f7:41:3d:b2:f1:50:ca:46:
                    1e:b5:fe:dd:90:48:4f:52:4e:fa:58:b2:a2:c3:e5:
                    c5:3f:59:35:fc:c3:32:b4:d9:4c:4a:83:6b:47:4a:
                    1b:f5:77:4a:66:04:bb:e5:a9:5c:b6:0a:12:01:42:
                    2f:97:d3:30:55:d2:7f:38:a9:17:ad:4d:f5:33:b9:
                    e1:e4:eb:fd:af:0a:83:70:b6:e4:ec:c3:ad:17:5d:
                    ae:47:8f:3f:97:46:aa:43:6b:eb:7b:d7:48:b8:41:
                    3d:fb:87:7a:30:c3:a9:3a:ef:99:a8:c6:3f:bf:ab:
                    71:b0:f4:59:29:b4:1d:82:b9:e0:5e:89:35:4c:52:
                    1f:e6:82:4f:68:21:23:19:c6:41:0b:ec:49:0d:7d:
                    9d:b0:16:3c:9e:bb:02:89:d3:ac:6b:07:af:e2:37:
                    75:5d:5f:14:a3:e1:6d:20:45:5e:9b:e0:fe:21:6e:
                    30:a3:b8:9c:63:8a:07:11:68:55:c7:f0:9c:bf:81:
                    74:cd:3f:de:bd:e5:cf:6b:20:25:92:25:5a:33:50:
                    c0:79:72:c5:08:ac:0b:6f:d8:2d:c1:36:7f:5c:f7:
                    2b:ad:d5:8b:c5:bf:8f:b4:bd:c2:07:c9:22:3c:ec:
                    7c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:35:89:1C:C4:31:A7:04:EF:C9:AE:B0:44:70:9B:33:F4:38:DF:93
            X509v3 Authority Key Identifier:
                keyid:0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/OTWJHMQxpwTvya6wRHCbM_Q435M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.64.0/19
                  89.46.12.0/22
                  93.113.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:26:f3:cb:9f:74:f7:29:fd:ad:42:62:9a:bb:2d:92:00:6e:
         2d:6e:01:b5:26:57:36:fa:2b:11:d4:9d:ae:45:d1:61:11:68:
         a7:de:d9:99:26:3d:58:a9:ce:90:39:6e:70:dc:5a:b5:3f:b2:
         a5:40:e6:21:67:72:73:20:3f:2c:c4:e0:37:6d:de:11:d6:d1:
         cd:46:70:93:3d:cc:93:ac:4c:c6:84:09:91:d8:ca:4f:de:87:
         ae:36:d5:74:6f:70:ba:60:72:64:ad:ba:ac:49:57:48:f6:19:
         11:1d:c3:da:de:31:22:da:65:ba:03:c5:d9:93:ce:60:21:7c:
         c6:57:73:c9:3a:ff:b9:dc:f6:6e:91:57:72:22:e2:d2:ac:c0:
         d6:44:02:f2:af:30:a1:4b:bd:32:89:fa:d6:b0:d2:5e:9b:5e:
         ab:45:b1:26:36:a1:b1:a8:53:e3:7f:19:0c:20:6e:cf:0b:2a:
         66:e9:24:1d:1d:aa:56:40:b5:df:e8:16:22:b1:f4:62:d2:3c:
         2c:76:38:d6:8a:a9:b0:12:b7:88:d2:fd:75:06:d3:37:44:75:
         9f:1c:d8:15:88:5f:da:0f:d3:4d:25:28:da:df:c8:5f:af:b2:
         0b:fc:ed:46:c5:31:e4:cb:c1:d9:74:50:85:fd:52:32:f8:6c:
         4a:b5:f4:21
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSNGg3t44MCE7ORUkNWhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNTU2YWNiNWYzYjk2MWI1Y2MyNGEyOTk1ZjM0ZWU5MWY3
OWRjMTYwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTM1ODkxY2M0MzFhNzA0ZWZjOWFlYjA0NDcwOWIzM2Y0MzhkZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEsehptA98aNtdo9BLIxkuWwp+SX
90E9svFQykYetf7dkEhPUk76WLKiw+XFP1k1/MMytNlMSoNrR0ob9XdKZgS75alc
tgoSAUIvl9MwVdJ/OKkXrU31M7nh5Ov9rwqDcLbk7MOtF12uR48/l0aqQ2vre9dI
uEE9+4d6MMOpOu+ZqMY/v6txsPRZKbQdgrngXok1TFIf5oJPaCEjGcZBC+xJDX2d
sBY8nrsCidOsawev4jd1XV8Uo+FtIEVem+D+IW4wo7icY4oHEWhVx/Ccv4F0zT/e
veXPayAlkiVaM1DAeXLFCKwLb9gtwTZ/XPcrrdWLxb+PtL3CB8kiPOx8zQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDk1iRzEMacE78musERwmzP0ON+TMB8GA1UdIwQY
MBaAFAtVastfO5YbXMJKKZXzTukfedwWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEt
ZDJiYmYzN2RhYmI0LzEvT1RXSkhNUXhwd1R2eWE2d1JIQ2JNX1E0MzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEtZDJiYmYzN2RhYmI0
LzEvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFLmZAAwQC
WS4MAwQCXXEoMA0GCSqGSIb3DQEBCwUAA4IBAQBeJvPLn3T3Kf2tQmKauy2SAG4t
bgG1Jlc2+isR1J2uRdFhEWin3tmZJj1Yqc6QOW5w3Fq1P7KlQOYhZ3JzID8sxOA3
bd4R1tHNRnCTPcyTrEzGhAmR2MpP3oeuNtV0b3C6YHJkrbqsSVdI9hkRHcPa3jEi
2mW6A8XZk85gIXzGV3PJOv+53PZukVdyIuLSrMDWRALyrzChS70yifrWsNJem16r
RbEmNqGxqFPjfxkMIG7PCypm6SQdHapWQLXf6BYisfRi0jwsdjjWiqmwEreI0v11
BtM3RHWfHNgViF/aD9NNJSja38hfr7IL/O1GxTHky8HZdFCF/VIy+GxKtfQh
-----END CERTIFICATE-----