Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/Of66jo_jgqwTE9z6mloyRbKBqQU.roa
File:                     Of66jo_jgqwTE9z6mloyRbKBqQU.roa (raw, json)
Hash identifier:          F7LoBDMpG6UP2PAqQcNxrA8nFnNMoJw1gQuusL0ZiDY=
Subject key identifier:   39:FE:BA:8E:8F:E3:82:AC:13:13:DC:FA:9A:5A:32:45:B2:81:A9:05
Certificate issuer:       /CN=d34271d123c60ecd7ac5288c72e60e41b5791f9f
Certificate serial:       018CC3B68B201222D4A386B321D7DEECEBB0
Authority key identifier: D3:42:71:D1:23:C6:0E:CD:7A:C5:28:8C:72:E6:0E:41:B5:79:1F:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/00Jx0SPGDs16xSiMcuYOQbV5H58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/Of66jo_jgqwTE9z6mloyRbKBqQU.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50599
IP address blocks:        185.235.68.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/00Jx0SPGDs16xSiMcuYOQbV5H58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/00Jx0SPGDs16xSiMcuYOQbV5H58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/00Jx0SPGDs16xSiMcuYOQbV5H58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8b:20:12:22:d4:a3:86:b3:21:d7:de:ec:eb:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d34271d123c60ecd7ac5288c72e60e41b5791f9f
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39feba8e8fe382ac1313dcfa9a5a3245b281a905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:44:d3:6c:eb:1b:96:09:2b:c8:e6:c8:60:85:
                    71:2b:52:2b:97:73:a2:68:85:b6:9d:11:23:fd:e4:
                    15:2d:4e:2d:00:64:f8:a6:ff:90:cd:33:28:aa:48:
                    e9:e6:0f:6b:22:61:bf:00:8a:00:ec:d3:fd:66:b3:
                    1b:b1:39:e3:8d:5b:5b:3b:3f:53:9f:e1:dd:1b:c0:
                    f0:31:aa:7a:fe:52:95:7f:03:41:64:a5:90:1d:92:
                    a1:8e:c0:14:d8:c9:78:db:96:bc:5d:08:df:b9:cb:
                    c9:52:0b:2a:58:04:62:6f:d5:02:27:81:dc:ea:1f:
                    fa:72:83:58:0d:ad:a5:6c:c7:25:78:69:90:3a:3c:
                    36:4b:61:45:3a:85:52:a3:e4:97:d8:ca:b1:1e:00:
                    2a:00:1e:40:58:11:2b:a5:dc:a8:62:cb:92:4c:7e:
                    98:2c:e4:2a:8c:88:dc:47:ad:2f:66:51:74:b0:22:
                    65:dc:ad:ec:1b:cd:2e:e6:41:74:af:6d:02:89:22:
                    3c:ac:23:99:9e:09:74:1a:b5:6b:c0:cc:82:5e:93:
                    2a:66:0d:8a:44:3f:81:30:54:65:d2:45:33:e1:e4:
                    40:57:5e:84:26:7b:62:d1:29:40:2b:79:c0:d0:56:
                    c6:df:e6:e5:93:ce:0f:22:b7:da:cb:d0:5c:b9:8b:
                    9f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:FE:BA:8E:8F:E3:82:AC:13:13:DC:FA:9A:5A:32:45:B2:81:A9:05
            X509v3 Authority Key Identifier:
                keyid:D3:42:71:D1:23:C6:0E:CD:7A:C5:28:8C:72:E6:0E:41:B5:79:1F:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/00Jx0SPGDs16xSiMcuYOQbV5H58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/Of66jo_jgqwTE9z6mloyRbKBqQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/00Jx0SPGDs16xSiMcuYOQbV5H58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:f2:0f:ee:3a:63:f5:bb:cd:95:b9:b1:5e:7e:6a:bb:ea:49:
         46:3c:78:6b:1d:e4:70:6e:c8:c6:a3:f6:45:04:23:a4:a9:c8:
         ff:cf:b9:ac:7d:17:80:0c:35:20:08:36:2c:99:74:b0:2a:26:
         59:54:ef:5f:b6:d0:1c:bc:c0:f1:65:f4:93:59:80:29:17:1c:
         e9:86:5e:a4:ee:36:66:e1:bf:bc:dc:cf:a8:8a:b3:bc:61:46:
         58:5f:0c:fd:53:67:29:c9:63:d5:cd:66:a7:41:bb:4d:84:0a:
         05:67:03:1d:bf:8d:e4:3e:2c:ad:b3:22:12:6c:e0:43:69:9a:
         2e:98:dd:76:d3:3f:68:b5:f5:ef:5c:48:0b:62:f1:cf:56:a7:
         6d:8b:e7:6e:25:75:a0:40:7e:47:49:3a:5c:86:69:93:a1:3e:
         5a:cb:3a:89:fd:38:4c:96:7c:c0:34:ba:95:da:00:d3:14:99:
         0c:0a:a5:29:52:12:87:eb:e2:2d:62:03:ff:a9:3f:db:33:b9:
         1b:a7:6a:f6:64:9b:3b:1a:fa:25:5f:f8:c4:8e:50:24:54:92:
         08:5c:00:c5:8b:69:db:3f:dd:61:66:e1:f2:ea:98:3a:6e:f4:
         4e:6e:86:28:78:5e:b8:05:37:eb:11:97:f6:64:b0:0e:a5:f9:
         23:ea:26:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtosgEiLUo4azIdfe7OuwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNDI3MWQxMjNjNjBlY2Q3YWM1Mjg4YzcyZTYwZTQxYjU3
OTFmOWYwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWZlYmE4ZThmZTM4MmFjMTMxM2RjZmE5YTVhMzI0NWIyODFhOTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkTTbOsblgkryObIYIVxK1Irl3Oi
aIW2nREj/eQVLU4tAGT4pv+QzTMoqkjp5g9rImG/AIoA7NP9ZrMbsTnjjVtbOz9T
n+HdG8DwMap6/lKVfwNBZKWQHZKhjsAU2Ml425a8XQjfucvJUgsqWARib9UCJ4Hc
6h/6coNYDa2lbMcleGmQOjw2S2FFOoVSo+SX2MqxHgAqAB5AWBErpdyoYsuSTH6Y
LOQqjIjcR60vZlF0sCJl3K3sG80u5kF0r20CiSI8rCOZngl0GrVrwMyCXpMqZg2K
RD+BMFRl0kUz4eRAV16EJnti0SlAK3nA0FbG3+blk84PIrfay9BcuYuflwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDn+uo6P44KsExPc+ppaMkWygakFMB8GA1UdIwQY
MBaAFNNCcdEjxg7NesUojHLmDkG1eR+fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDBKeDBTUEdEczE2eFNpTWN1WU9RYlY1SDU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82ZWNmZGYtYTk0ZC00ZmYwLTg4MDAt
MTk4Yzc4NzJkZjRmLzEvT2Y2NmpvX2pncXdURTl6Nm1sb3lSYktCcVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82ZWNmZGYtYTk0ZC00ZmYwLTg4MDAtMTk4Yzc4NzJkZjRm
LzEvMDBKeDBTUEdEczE2eFNpTWN1WU9RYlY1SDU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuetEMA0G
CSqGSIb3DQEBCwUAA4IBAQCh8g/uOmP1u82VubFefmq76klGPHhrHeRwbsjGo/ZF
BCOkqcj/z7msfReADDUgCDYsmXSwKiZZVO9fttAcvMDxZfSTWYApFxzphl6k7jZm
4b+83M+oirO8YUZYXwz9U2cpyWPVzWanQbtNhAoFZwMdv43kPiytsyISbOBDaZou
mN120z9otfXvXEgLYvHPVqdti+duJXWgQH5HSTpchmmToT5ayzqJ/ThMlnzANLqV
2gDTFJkMCqUpUhKH6+ItYgP/qT/bM7kbp2r2ZJs7GvolX/jEjlAkVJIIXADFi2nb
P91hZuHy6pg6bvROboYoeF64BTfrEZf2ZLAOpfkj6iZS
-----END CERTIFICATE-----