Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8fd6df-3012-4e46-bbd8-d7c36e15cf0e/1/O1xTiJXJ9RaPXcM3TxZg263QSpk.roa
File:                     O1xTiJXJ9RaPXcM3TxZg263QSpk.roa (raw, json)
Hash identifier:          CDxqgS9xIrcHYQQmsrHXKviaOf7QW0SeBJFT0aZjltg=
Subject key identifier:   3B:5C:53:88:95:C9:F5:16:8F:5D:C3:37:4F:16:60:DB:AD:D0:4A:99
Certificate issuer:       /CN=745901b402d482f3d6dd2928ea8ced2eeb6ce412
Certificate serial:       018CC64AC6975829FFF4D88FDAC7BBA47211
Authority key identifier: 74:59:01:B4:02:D4:82:F3:D6:DD:29:28:EA:8C:ED:2E:EB:6C:E4:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dFkBtALUgvPW3Sko6oztLuts5BI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8fd6df-3012-4e46-bbd8-d7c36e15cf0e/1/O1xTiJXJ9RaPXcM3TxZg263QSpk.roa
Signing time:             Mon 01 Jan 2024 18:30:38 +0000
ROA not before:           Mon 01 Jan 2024 18:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41706
IP address blocks:        91.142.135.0/24 maxlen: 24
                          193.30.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8fd6df-3012-4e46-bbd8-d7c36e15cf0e/1/dFkBtALUgvPW3Sko6oztLuts5BI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8fd6df-3012-4e46-bbd8-d7c36e15cf0e/1/dFkBtALUgvPW3Sko6oztLuts5BI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dFkBtALUgvPW3Sko6oztLuts5BI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c6:97:58:29:ff:f4:d8:8f:da:c7:bb:a4:72:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=745901b402d482f3d6dd2928ea8ced2eeb6ce412
        Validity
            Not Before: Jan  1 18:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b5c538895c9f5168f5dc3374f1660dbadd04a99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5e:fc:7b:3a:ed:a5:af:80:1d:bf:e2:50:96:
                    ec:07:9b:31:d4:31:d5:74:2d:a2:b6:ef:1f:c9:7a:
                    b4:8c:3b:fc:44:dd:71:a9:fd:64:83:f9:04:be:96:
                    c9:a0:97:1b:1d:9e:48:69:2d:16:3b:b8:94:fa:7a:
                    e6:d6:a9:20:b3:46:91:ab:0c:02:90:86:30:77:6e:
                    29:c2:5f:c1:da:29:1a:3f:ce:48:21:db:82:1d:78:
                    c4:90:72:6f:98:a8:4b:bc:4f:d8:39:c9:73:e8:9d:
                    16:57:fe:15:e8:44:ec:19:89:d2:8b:bd:c4:fc:a3:
                    6d:a1:5a:20:a9:10:00:b2:eb:22:5e:98:57:01:38:
                    ce:0d:8c:92:05:67:33:d0:11:ae:eb:9f:94:0c:06:
                    b8:29:39:0c:5c:45:b9:f9:d7:a9:3b:c9:bb:4f:87:
                    ef:76:43:0e:25:e9:e2:2d:f0:1b:40:66:df:62:92:
                    bf:50:81:e9:57:89:6e:57:c6:52:24:52:fd:84:6d:
                    19:40:a0:52:c5:22:d4:25:14:43:1d:6f:30:d8:e5:
                    9f:c7:f7:bd:f5:a2:6c:66:a8:6a:59:3a:d2:00:b9:
                    ab:6f:ed:10:87:70:52:42:fb:9c:54:84:f3:fd:1d:
                    b9:10:7d:19:ea:11:c0:f1:98:4b:41:f4:b0:38:9d:
                    1f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:5C:53:88:95:C9:F5:16:8F:5D:C3:37:4F:16:60:DB:AD:D0:4A:99
            X509v3 Authority Key Identifier:
                keyid:74:59:01:B4:02:D4:82:F3:D6:DD:29:28:EA:8C:ED:2E:EB:6C:E4:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dFkBtALUgvPW3Sko6oztLuts5BI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8fd6df-3012-4e46-bbd8-d7c36e15cf0e/1/O1xTiJXJ9RaPXcM3TxZg263QSpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8fd6df-3012-4e46-bbd8-d7c36e15cf0e/1/dFkBtALUgvPW3Sko6oztLuts5BI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.142.135.0/24
                  193.30.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:95:d9:dc:9c:af:cf:f4:84:8b:7d:a8:39:ac:7d:b5:2b:00:
         40:38:f4:53:5d:63:d4:59:93:7e:f6:19:de:97:f6:48:94:78:
         c2:32:c7:94:95:d7:be:ff:80:d0:d9:4b:c8:cd:15:e8:49:0a:
         69:69:8e:a5:f0:59:cc:c3:b7:65:b3:7f:3f:ab:c2:8b:3d:38:
         f5:9c:30:2e:c6:d7:ea:49:75:47:b0:df:a0:ff:f5:c8:f6:51:
         fa:dd:32:be:f3:21:ec:9c:3b:80:9f:b2:75:56:eb:2e:1d:b2:
         07:e4:a3:13:db:00:ad:cf:ec:65:f5:9a:41:b7:cb:e7:c3:65:
         53:db:9f:21:1e:6d:da:04:d1:78:39:02:73:af:54:bb:e2:02:
         fa:ed:3b:94:16:62:72:0b:f3:2a:f7:91:6a:6a:08:09:c2:d8:
         0c:f7:6d:2e:90:15:61:1b:54:21:58:06:d9:87:63:c0:aa:d6:
         94:7f:c9:6d:cf:5c:38:fa:66:a5:af:08:8f:fc:cb:f9:64:85:
         4f:47:9e:11:ea:1d:26:4d:2d:8c:d5:f6:b3:34:5a:46:bf:7a:
         be:9f:20:2b:d7:e7:45:62:b6:27:38:5f:c0:82:82:77:b6:db:
         32:b2:7a:5f:25:9b:b2:df:38:b1:db:b3:31:0d:60:d4:5d:5f:
         b6:c4:d0:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSsaXWCn/9NiP2se7pHIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NTkwMWI0MDJkNDgyZjNkNmRkMjkyOGVhOGNlZDJlZWI2
Y2U0MTIwHhcNMjQwMTAxMTgzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjVjNTM4ODk1YzlmNTE2OGY1ZGMzMzc0ZjE2NjBkYmFkZDA0YTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj178ezrtpa+AHb/iUJbsB5sx1DHV
dC2itu8fyXq0jDv8RN1xqf1kg/kEvpbJoJcbHZ5IaS0WO7iU+nrm1qkgs0aRqwwC
kIYwd24pwl/B2ikaP85IIduCHXjEkHJvmKhLvE/YOclz6J0WV/4V6ETsGYnSi73E
/KNtoVogqRAAsusiXphXATjODYySBWcz0BGu65+UDAa4KTkMXEW5+depO8m7T4fv
dkMOJeniLfAbQGbfYpK/UIHpV4luV8ZSJFL9hG0ZQKBSxSLUJRRDHW8w2OWfx/e9
9aJsZqhqWTrSALmrb+0Qh3BSQvucVITz/R25EH0Z6hHA8ZhLQfSwOJ0fMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDtcU4iVyfUWj13DN08WYNut0EqZMB8GA1UdIwQY
MBaAFHRZAbQC1ILz1t0pKOqM7S7rbOQSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEZrQnRBTFVndlBXM1NrbzZvenRMdXRzNUJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84ZmQ2ZGYtMzAxMi00ZTQ2LWJiZDgt
ZDdjMzZlMTVjZjBlLzEvTzF4VGlKWEo5UmFQWGNNM1R4WmcyNjNRU3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84ZmQ2ZGYtMzAxMi00ZTQ2LWJiZDgtZDdjMzZlMTVjZjBl
LzEvZEZrQnRBTFVndlBXM1NrbzZvenRMdXRzNUJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW46HAwQC
wR7sMA0GCSqGSIb3DQEBCwUAA4IBAQAqldncnK/P9ISLfag5rH21KwBAOPRTXWPU
WZN+9hnel/ZIlHjCMseUlde+/4DQ2UvIzRXoSQppaY6l8FnMw7dls38/q8KLPTj1
nDAuxtfqSXVHsN+g//XI9lH63TK+8yHsnDuAn7J1VusuHbIH5KMT2wCtz+xl9ZpB
t8vnw2VT258hHm3aBNF4OQJzr1S74gL67TuUFmJyC/Mq95FqaggJwtgM920ukBVh
G1QhWAbZh2PAqtaUf8ltz1w4+malrwiP/Mv5ZIVPR54R6h0mTS2M1fazNFpGv3q+
nyAr1+dFYrYnOF/AgoJ3ttsysnpfJZuy3zix27MxDWDUXV+2xNA4
-----END CERTIFICATE-----