Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/oRPPoo_FQQshe5-05UGeODF2NTo.roa
File:                     oRPPoo_FQQshe5-05UGeODF2NTo.roa (raw, json)
Hash identifier:          lrYfaDtMuNb2xy6HnrslCk5nUq1YfOHVDx4nsc4NOyA=
Subject key identifier:   A1:13:CF:A2:8F:C5:41:0B:21:7B:9F:B4:E5:41:9E:38:31:76:35:3A
Certificate issuer:       /CN=076b0185cabb66843d67f88601bc0a79a2eebcad
Certificate serial:       018CC500644BD17594B7A6E9FF5AD3F35E3C
Authority key identifier: 07:6B:01:85:CA:BB:66:84:3D:67:F8:86:01:BC:0A:79:A2:EE:BC:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/oRPPoo_FQQshe5-05UGeODF2NTo.roa
Signing time:             Mon 01 Jan 2024 12:29:46 +0000
ROA not before:           Mon 01 Jan 2024 12:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202942
IP address blocks:        185.135.224.0/22 maxlen: 24
                          45.9.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:64:4b:d1:75:94:b7:a6:e9:ff:5a:d3:f3:5e:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=076b0185cabb66843d67f88601bc0a79a2eebcad
        Validity
            Not Before: Jan  1 12:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a113cfa28fc5410b217b9fb4e5419e383176353a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a8:81:66:a9:12:6e:50:6b:40:c3:a3:ac:c7:
                    24:3b:30:80:b6:8c:53:65:b5:d1:cc:e9:da:cd:f0:
                    d2:4e:10:64:87:70:fa:07:a4:22:6f:16:be:59:54:
                    4f:c1:8b:92:ce:0e:f0:c7:2b:e6:d3:57:1a:d7:af:
                    ae:67:6e:ff:68:a5:e0:d7:d2:26:0a:0f:0a:83:ee:
                    b0:53:49:9e:83:39:83:2f:b4:d8:ce:62:5b:ca:00:
                    a3:9c:1e:6b:a4:1f:b2:d6:a4:f1:f3:9e:59:62:27:
                    f9:39:c1:d9:ba:c3:d1:50:16:06:9d:42:b8:c9:83:
                    e9:a8:6f:ab:ca:bc:a1:f0:ea:3e:1e:8d:4a:a5:ea:
                    fc:8a:7b:4e:31:f5:79:d2:b1:94:4d:b0:cf:28:54:
                    6f:1c:cf:84:c2:cf:81:7d:3e:22:c3:76:37:74:d7:
                    8b:46:10:dd:83:61:f0:98:a9:7f:5d:05:72:2b:53:
                    d3:24:57:36:ac:2e:84:d0:93:d4:1d:de:57:52:ff:
                    22:56:5b:cf:d6:af:be:05:27:e4:fc:cb:31:ac:8c:
                    b7:e3:f9:f0:f9:2b:a3:c0:52:1b:8a:ba:6b:f8:70:
                    fe:e4:cd:d7:2b:09:43:be:eb:a0:dd:45:73:3a:6c:
                    c8:41:a4:60:ee:4d:57:15:93:11:b9:ba:2c:b7:1b:
                    f1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:13:CF:A2:8F:C5:41:0B:21:7B:9F:B4:E5:41:9E:38:31:76:35:3A
            X509v3 Authority Key Identifier:
                keyid:07:6B:01:85:CA:BB:66:84:3D:67:F8:86:01:BC:0A:79:A2:EE:BC:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/oRPPoo_FQQshe5-05UGeODF2NTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/f14bc3-1f96-4da8-a16f-7b45be0465aa/1/B2sBhcq7ZoQ9Z_iGAbwKeaLuvK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.64.0/22
                  185.135.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:a7:e3:2c:de:4f:b3:91:04:5e:84:3e:d6:21:e2:e8:53:a7:
         ae:38:34:68:82:e8:f0:32:23:42:60:14:97:ba:d3:65:2f:ab:
         6f:cc:14:01:d0:ee:ba:b6:77:59:cc:7f:2c:f6:3a:b5:b8:8c:
         54:1f:86:19:e3:20:9f:11:19:c8:5f:16:c4:12:45:c7:42:88:
         a2:88:6f:35:28:9a:d5:95:8d:97:b2:c9:8d:42:e4:00:b8:62:
         ac:7f:1e:00:d5:17:24:87:93:f3:c7:a2:0f:b4:31:b1:4a:02:
         c3:b6:7c:73:47:e1:2a:fc:16:f1:15:62:3e:a9:21:34:09:23:
         3e:9d:01:b3:71:e1:a3:43:11:1e:0b:5a:cb:6b:3d:47:79:48:
         e9:8b:67:34:6d:34:ef:66:10:40:9d:b5:30:18:50:1e:7a:81:
         e3:97:99:07:41:1e:d0:c4:76:fc:ff:58:05:b1:cf:59:b6:f1:
         e6:ce:1f:47:e4:7d:ea:a9:01:78:c4:8a:63:89:10:f8:c8:22:
         82:f3:78:a7:11:80:6c:e2:42:7d:79:a3:c2:a2:fc:2a:0d:22:
         3a:23:5d:63:9b:fb:6a:48:11:e7:e9:92:13:a2:3d:9a:36:fe:
         1c:eb:5e:9a:4b:c5:c9:1d:1d:be:ec:bc:89:80:34:51:4b:e1:
         10:48:b6:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAGRL0XWUt6bp/1rT8148MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NmIwMTg1Y2FiYjY2ODQzZDY3Zjg4NjAxYmMwYTc5YTJl
ZWJjYWQwHhcNMjQwMTAxMTIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTEzY2ZhMjhmYzU0MTBiMjE3YjlmYjRlNTQxOWUzODMxNzYzNTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKiBZqkSblBrQMOjrMckOzCAtoxT
ZbXRzOnazfDSThBkh3D6B6Qibxa+WVRPwYuSzg7wxyvm01ca16+uZ27/aKXg19Im
Cg8Kg+6wU0megzmDL7TYzmJbygCjnB5rpB+y1qTx855ZYif5OcHZusPRUBYGnUK4
yYPpqG+ryryh8Oo+Ho1Kper8intOMfV50rGUTbDPKFRvHM+Ews+BfT4iw3Y3dNeL
RhDdg2HwmKl/XQVyK1PTJFc2rC6E0JPUHd5XUv8iVlvP1q++BSfk/MsxrIy34/nw
+SujwFIbirpr+HD+5M3XKwlDvuug3UVzOmzIQaRg7k1XFZMRubostxvxpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKETz6KPxUELIXuftOVBnjgxdjU6MB8GA1UdIwQY
MBaAFAdrAYXKu2aEPWf4hgG8Cnmi7rytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjJzQmhjcTdab1E5Wl9pR0Fid0tlYUx1dkswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9mMTRiYzMtMWY5Ni00ZGE4LWExNmYt
N2I0NWJlMDQ2NWFhLzEvb1JQUG9vX0ZRUXNoZTUtMDVVR2VPREYyTlRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9mMTRiYzMtMWY5Ni00ZGE4LWExNmYtN2I0NWJlMDQ2NWFh
LzEvQjJzQmhjcTdab1E5Wl9pR0Fid0tlYUx1dkswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLQlAAwQC
uYfgMA0GCSqGSIb3DQEBCwUAA4IBAQCXp+Ms3k+zkQRehD7WIeLoU6euODRogujw
MiNCYBSXutNlL6tvzBQB0O66tndZzH8s9jq1uIxUH4YZ4yCfERnIXxbEEkXHQoii
iG81KJrVlY2XssmNQuQAuGKsfx4A1Rckh5Pzx6IPtDGxSgLDtnxzR+Eq/BbxFWI+
qSE0CSM+nQGzceGjQxEeC1rLaz1HeUjpi2c0bTTvZhBAnbUwGFAeeoHjl5kHQR7Q
xHb8/1gFsc9ZtvHmzh9H5H3qqQF4xIpjiRD4yCKC83inEYBs4kJ9eaPCovwqDSI6
I11jm/tqSBHn6ZIToj2aNv4c616aS8XJHR2+7LyJgDRRS+EQSLbP
-----END CERTIFICATE-----