Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/95d780-baad-4db7-beb5-454599a4d22c/1/ojr6tgjbyBgjQjpX3R2-uZ_6A6E.roa
File:                     ojr6tgjbyBgjQjpX3R2-uZ_6A6E.roa (raw, json)
Hash identifier:          M/W+4KRcV5f29qrQ6ffhOhWLIZ9fuJaOhaeYIB+DiJM=
Subject key identifier:   A2:3A:FA:B6:08:DB:C8:18:23:42:3A:57:DD:1D:BE:B9:9F:FA:03:A1
Certificate issuer:       /CN=4d8a9875d7d0d12bc47a70b7ede9a3ca64d82d32
Certificate serial:       018CC6B9367E8DF330442A4F8EECA94C2AAB
Authority key identifier: 4D:8A:98:75:D7:D0:D1:2B:C4:7A:70:B7:ED:E9:A3:CA:64:D8:2D:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYqYddfQ0SvEenC37emjymTYLTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/95d780-baad-4db7-beb5-454599a4d22c/1/ojr6tgjbyBgjQjpX3R2-uZ_6A6E.roa
Signing time:             Mon 01 Jan 2024 20:31:16 +0000
ROA not before:           Mon 01 Jan 2024 20:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35701
IP address blocks:        62.122.36.0/22 maxlen: 22
                          62.122.39.0/24 maxlen: 24
                          2a05:7300::/30 maxlen: 30
                          2a05:7300::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/95d780-baad-4db7-beb5-454599a4d22c/1/TYqYddfQ0SvEenC37emjymTYLTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/95d780-baad-4db7-beb5-454599a4d22c/1/TYqYddfQ0SvEenC37emjymTYLTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYqYddfQ0SvEenC37emjymTYLTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 19:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:36:7e:8d:f3:30:44:2a:4f:8e:ec:a9:4c:2a:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d8a9875d7d0d12bc47a70b7ede9a3ca64d82d32
        Validity
            Not Before: Jan  1 20:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a23afab608dbc81823423a57dd1dbeb99ffa03a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ca:a4:35:3b:8a:1f:70:34:4c:78:4a:c5:81:
                    80:eb:d4:f9:16:0b:24:50:04:3b:13:73:ff:19:cc:
                    bd:16:78:cd:3d:79:5c:85:24:f2:a4:6b:dc:86:00:
                    3f:f7:8e:ef:c7:1a:41:8a:f2:fc:81:c1:35:bf:8a:
                    c8:11:9a:ed:76:af:60:b0:fc:2b:8b:d6:7e:11:ae:
                    fe:5f:29:b6:f2:15:f6:d0:f0:e1:22:0b:aa:41:12:
                    13:e7:96:a1:a4:37:5d:65:7d:a4:af:ba:8a:e4:0e:
                    86:c8:5e:f4:bd:b5:c8:fc:f9:e0:98:6a:99:14:e4:
                    73:30:6e:9f:43:b9:54:02:f3:b3:3c:8b:a6:9f:30:
                    2d:81:d2:c6:17:69:ac:29:99:ca:4d:e3:a3:a1:32:
                    6b:db:e1:27:6a:ff:4d:2c:9e:e0:b5:3a:b2:3a:27:
                    bf:0e:ae:53:31:b8:4f:b5:52:02:fd:30:ab:ae:1d:
                    d9:e7:44:d0:71:bf:96:c1:16:68:87:43:cc:5d:14:
                    e5:70:f7:71:16:c1:7c:54:12:9e:3a:fb:64:0a:3c:
                    50:4c:7b:86:7b:80:d1:ba:d9:fa:fb:ad:ca:48:cc:
                    64:89:6c:38:ee:a0:72:3f:20:d0:60:4a:f6:23:b6:
                    ba:10:a9:ae:fd:61:70:85:48:a5:de:de:81:05:70:
                    32:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:3A:FA:B6:08:DB:C8:18:23:42:3A:57:DD:1D:BE:B9:9F:FA:03:A1
            X509v3 Authority Key Identifier:
                keyid:4D:8A:98:75:D7:D0:D1:2B:C4:7A:70:B7:ED:E9:A3:CA:64:D8:2D:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYqYddfQ0SvEenC37emjymTYLTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/95d780-baad-4db7-beb5-454599a4d22c/1/ojr6tgjbyBgjQjpX3R2-uZ_6A6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/95d780-baad-4db7-beb5-454599a4d22c/1/TYqYddfQ0SvEenC37emjymTYLTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.36.0/22
                IPv6:
                  2a05:7300::/30

    Signature Algorithm: sha256WithRSAEncryption
         3a:df:29:6d:cf:93:36:62:71:95:da:d3:ce:cd:c6:2c:0f:9c:
         4d:c3:8c:19:85:9c:c6:ef:79:ab:52:f0:c3:29:5b:15:ed:d5:
         f7:33:a6:24:f1:8d:e8:b7:75:15:03:3f:7f:33:0d:47:be:d8:
         50:a1:d4:d9:80:28:b4:99:9e:21:d0:37:6e:c8:97:91:a9:60:
         79:cb:e4:6b:ef:2e:94:43:b1:59:2e:6c:fc:b0:5a:db:c8:6a:
         16:13:30:08:52:ce:14:20:20:f4:8e:0b:5d:da:ca:34:01:a8:
         a7:ed:f1:9f:e7:d0:71:f6:4d:5c:a7:da:6d:5a:2c:01:67:d2:
         27:18:04:58:99:b4:85:83:6e:9d:f0:d0:dd:6f:d2:6e:5d:b2:
         f7:59:e8:ce:38:7b:2d:e6:8e:50:10:11:77:65:8d:62:06:9b:
         8b:b4:f3:a4:45:29:07:77:0e:18:af:74:2d:72:a3:3e:43:05:
         1f:ff:cb:70:ab:8b:60:87:11:ad:67:f6:76:64:ba:a0:6e:0e:
         6b:aa:c8:6e:f3:44:b3:56:d1:94:84:3e:e9:06:3b:ec:86:00:
         e8:e9:4e:01:cb:fd:07:5f:f7:69:80:b1:8c:5d:81:11:89:89:
         de:5d:2d:bf:b1:ce:90:4e:94:f4:01:bb:dd:11:8a:8e:d5:73:
         de:73:df:5e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuTZ+jfMwRCpPjuypTCqrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkOGE5ODc1ZDdkMGQxMmJjNDdhNzBiN2VkZTlhM2NhNjRk
ODJkMzIwHhcNMjQwMTAxMjAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjNhZmFiNjA4ZGJjODE4MjM0MjNhNTdkZDFkYmViOTlmZmEwM2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8qkNTuKH3A0THhKxYGA69T5Fgsk
UAQ7E3P/Gcy9FnjNPXlchSTypGvchgA/947vxxpBivL8gcE1v4rIEZrtdq9gsPwr
i9Z+Ea7+Xym28hX20PDhIguqQRIT55ahpDddZX2kr7qK5A6GyF70vbXI/PngmGqZ
FORzMG6fQ7lUAvOzPIumnzAtgdLGF2msKZnKTeOjoTJr2+Enav9NLJ7gtTqyOie/
Dq5TMbhPtVIC/TCrrh3Z50TQcb+WwRZoh0PMXRTlcPdxFsF8VBKeOvtkCjxQTHuG
e4DRutn6+63KSMxkiWw47qByPyDQYEr2I7a6EKmu/WFwhUil3t6BBXAy9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKI6+rYI28gYI0I6V90dvrmf+gOhMB8GA1UdIwQY
MBaAFE2KmHXX0NErxHpwt+3po8pk2C0yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlxWWRkZlEwU3ZFZW5DMzdlbWp5bVRZTFRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85NWQ3ODAtYmFhZC00ZGI3LWJlYjUt
NDU0NTk5YTRkMjJjLzEvb2pyNnRnamJ5QmdqUWpwWDNSMi11Wl82QTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85NWQ3ODAtYmFhZC00ZGI3LWJlYjUtNDU0NTk5YTRkMjJj
LzEvVFlxWWRkZlEwU3ZFZW5DMzdlbWp5bVRZTFRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCPnokMA0E
AgACMAcDBQIqBXMAMA0GCSqGSIb3DQEBCwUAA4IBAQA63yltz5M2YnGV2tPOzcYs
D5xNw4wZhZzG73mrUvDDKVsV7dX3M6Yk8Y3ot3UVAz9/Mw1HvthQodTZgCi0mZ4h
0DduyJeRqWB5y+Rr7y6UQ7FZLmz8sFrbyGoWEzAIUs4UICD0jgtd2so0Aain7fGf
59Bx9k1cp9ptWiwBZ9InGARYmbSFg26d8NDdb9JuXbL3WejOOHst5o5QEBF3ZY1i
BpuLtPOkRSkHdw4Yr3QtcqM+QwUf/8twq4tghxGtZ/Z2ZLqgbg5rqshu80SzVtGU
hD7pBjvshgDo6U4By/0HX/dpgLGMXYERiYneXS2/sc6QTpT0AbvdEYqO1XPec99e
-----END CERTIFICATE-----