Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/OZajRPusqC9UFs0UWdGB8jgqD3M.roa
File:                     OZajRPusqC9UFs0UWdGB8jgqD3M.roa (raw, json)
Hash identifier:          nNTqrfImRDoIL3s7gJW4SxxodqeqzRDeq7oK8GLgJ50=
Subject key identifier:   39:96:A3:44:FB:AC:A8:2F:54:16:CD:14:59:D1:81:F2:38:2A:0F:73
Certificate issuer:       /CN=d45bab208653d4261ebf202f6036334119846055
Certificate serial:       018CC3B67906BB45DF6A6BD44C871B53A170
Authority key identifier: D4:5B:AB:20:86:53:D4:26:1E:BF:20:2F:60:36:33:41:19:84:60:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FurIIZT1CYevyAvYDYzQRmEYFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/OZajRPusqC9UFs0UWdGB8jgqD3M.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41735
IP address blocks:        185.46.69.0/24 maxlen: 24
                          193.37.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/1FurIIZT1CYevyAvYDYzQRmEYFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/1FurIIZT1CYevyAvYDYzQRmEYFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FurIIZT1CYevyAvYDYzQRmEYFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:79:06:bb:45:df:6a:6b:d4:4c:87:1b:53:a1:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bab208653d4261ebf202f6036334119846055
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3996a344fbaca82f5416cd1459d181f2382a0f73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ee:18:a9:bc:b4:a0:73:01:f8:92:3b:5a:63:
                    bb:6b:83:ff:9b:b6:4c:98:c7:fa:f8:a7:88:59:1a:
                    73:7d:9a:ea:08:14:3b:c6:3b:59:24:68:0e:6d:8d:
                    00:02:67:88:3d:da:1d:ca:d2:39:4c:b0:49:4d:25:
                    a4:b3:aa:82:91:1b:34:4a:de:7b:3a:5e:34:7c:43:
                    d8:32:c7:cc:e9:9e:ee:6d:20:2b:72:13:d6:09:dc:
                    6f:47:5d:19:75:57:de:14:9e:d1:ee:f2:76:e5:8b:
                    e5:13:2e:7b:d0:f2:fb:9d:23:b1:94:35:2b:36:70:
                    1e:44:2b:3e:dc:6d:3e:23:92:cf:7a:db:db:f5:a7:
                    c3:8e:b9:f2:36:66:56:43:e6:82:c8:7a:2c:37:f8:
                    93:09:96:99:61:bb:e8:d0:7b:72:e9:cf:8e:52:13:
                    2a:68:b2:a7:99:fd:b8:18:12:f1:32:3d:2b:f4:5c:
                    ac:98:61:5a:13:b0:23:a8:c5:9a:84:3b:40:1c:46:
                    02:e9:87:30:94:07:60:a2:8b:92:fa:b1:33:d7:bb:
                    3a:1e:f6:b6:f2:13:76:21:43:e1:42:30:86:48:e6:
                    4e:c5:9f:be:ce:cc:a0:e3:ff:f1:85:ae:25:7b:84:
                    33:c4:02:20:b4:6b:44:c7:ed:96:cd:57:c8:4b:ae:
                    d4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:96:A3:44:FB:AC:A8:2F:54:16:CD:14:59:D1:81:F2:38:2A:0F:73
            X509v3 Authority Key Identifier:
                keyid:D4:5B:AB:20:86:53:D4:26:1E:BF:20:2F:60:36:33:41:19:84:60:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FurIIZT1CYevyAvYDYzQRmEYFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/OZajRPusqC9UFs0UWdGB8jgqD3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/1FurIIZT1CYevyAvYDYzQRmEYFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.69.0/24
                  193.37.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:14:30:ec:82:a1:08:41:76:93:18:d6:98:27:f6:f8:a2:6c:
         0d:0f:14:af:f4:bb:2d:01:9a:52:96:52:3b:68:bb:6d:0d:de:
         5b:d9:3d:a3:56:53:d9:e6:60:ed:8a:b0:56:21:c1:78:9e:48:
         e1:11:9b:d4:31:92:e0:9f:05:b5:99:56:b4:08:4a:e6:28:ab:
         d4:62:22:a3:3e:75:23:10:97:3f:0a:7d:51:ef:70:26:02:a7:
         19:c0:ab:c7:87:9b:10:f4:91:9f:e4:0b:73:e7:54:b7:b5:a8:
         c7:07:b7:7d:95:39:86:e0:83:3d:de:85:47:a6:3d:45:44:24:
         1b:8f:05:ee:9d:d1:88:fa:5b:fb:63:97:a1:63:fb:b0:51:b1:
         28:47:8f:45:2c:38:26:23:c7:f7:fc:e5:6f:59:c5:5d:de:96:
         fd:0f:77:cd:21:8f:5f:b6:1a:17:f6:ec:fc:9f:9f:31:b7:ab:
         c1:40:d1:33:7a:0c:14:1c:fd:d4:36:55:35:fa:8e:67:3b:bb:
         09:dc:09:bd:a5:b9:3a:fb:7c:39:af:5f:b3:59:03:57:c9:d2:
         5c:f7:f3:b0:c8:3e:b6:f6:01:39:b8:bd:8a:0b:c2:70:0c:86:
         5d:ca:fc:39:d9:18:30:54:af:2c:11:3d:21:73:46:71:56:40:
         b4:1d:f4:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtnkGu0XfamvUTIcbU6FwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJhYjIwODY1M2Q0MjYxZWJmMjAyZjYwMzYzMzQxMTk4
NDYwNTUwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTk2YTM0NGZiYWNhODJmNTQxNmNkMTQ1OWQxODFmMjM4MmEwZjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+4Yqby0oHMB+JI7WmO7a4P/m7ZM
mMf6+KeIWRpzfZrqCBQ7xjtZJGgObY0AAmeIPdodytI5TLBJTSWks6qCkRs0St57
Ol40fEPYMsfM6Z7ubSArchPWCdxvR10ZdVfeFJ7R7vJ25YvlEy570PL7nSOxlDUr
NnAeRCs+3G0+I5LPetvb9afDjrnyNmZWQ+aCyHosN/iTCZaZYbvo0Hty6c+OUhMq
aLKnmf24GBLxMj0r9FysmGFaE7AjqMWahDtAHEYC6YcwlAdgoouS+rEz17s6Hva2
8hN2IUPhQjCGSOZOxZ++zsyg4//xha4le4QzxAIgtGtEx+2WzVfIS67UYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDmWo0T7rKgvVBbNFFnRgfI4Kg9zMB8GA1UdIwQY
MBaAFNRbqyCGU9QmHr8gL2A2M0EZhGBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ1cklJWlQxQ1lldnlBdllEWXpRUm1FWUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wYWVjMWYtNjA2NS00ZDg4LTg0NTQt
MTI0ZDNmYjM5MDZhLzEvT1phalJQdXNxQzlVRnMwVVdkR0I4amdxRDNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wYWVjMWYtNjA2NS00ZDg4LTg0NTQtMTI0ZDNmYjM5MDZh
LzEvMUZ1cklJWlQxQ1lldnlBdllEWXpRUm1FWUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuS5FAwQA
wSWHMA0GCSqGSIb3DQEBCwUAA4IBAQBQFDDsgqEIQXaTGNaYJ/b4omwNDxSv9Lst
AZpSllI7aLttDd5b2T2jVlPZ5mDtirBWIcF4nkjhEZvUMZLgnwW1mVa0CErmKKvU
YiKjPnUjEJc/Cn1R73AmAqcZwKvHh5sQ9JGf5Atz51S3tajHB7d9lTmG4IM93oVH
pj1FRCQbjwXundGI+lv7Y5ehY/uwUbEoR49FLDgmI8f3/OVvWcVd3pb9D3fNIY9f
thoX9uz8n58xt6vBQNEzegwUHP3UNlU1+o5nO7sJ3Am9pbk6+3w5r1+zWQNXydJc
9/OwyD629gE5uL2KC8JwDIZdyvw52RgwVK8sET0hc0ZxVkC0HfQb
-----END CERTIFICATE-----