Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/0HH_EbAi-PZBQduCLr56RDFpRu8.roa
File:                     0HH_EbAi-PZBQduCLr56RDFpRu8.roa (raw, json)
Hash identifier:          Dtkq5g7TyEESRr2tLb8sw+anUS95X8d+KVIbTG4bFMI=
Subject key identifier:   D0:71:FF:11:B0:22:F8:F6:41:41:DB:82:2E:BE:7A:44:31:69:46:EF
Certificate issuer:       /CN=39732dcd0c35426144f9f026754179dfaebe8958
Certificate serial:       018CC8DF9FE2562CCDBB379F77168B9CD3D3
Authority key identifier: 39:73:2D:CD:0C:35:42:61:44:F9:F0:26:75:41:79:DF:AE:BE:89:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/0HH_EbAi-PZBQduCLr56RDFpRu8.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61075
IP address blocks:        45.90.78.0/24 maxlen: 24
                          45.90.76.0/22 maxlen: 24
                          2a0c:b5c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9f:e2:56:2c:cd:bb:37:9f:77:16:8b:9c:d3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39732dcd0c35426144f9f026754179dfaebe8958
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d071ff11b022f8f64141db822ebe7a44316946ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b9:80:3a:e0:07:b2:1f:e1:94:2f:f2:79:8f:
                    62:b3:d0:d4:29:4b:d3:9c:00:d9:cf:c0:bd:55:e0:
                    29:c5:7c:6c:b4:98:12:9a:ba:ec:09:e9:5b:bd:7b:
                    2d:15:c4:f5:2f:e0:ce:b5:3f:77:49:27:8d:c2:26:
                    6d:e9:63:8d:b4:6a:86:28:f3:6b:e8:23:8f:52:6d:
                    16:e7:c0:7b:5d:67:82:5f:37:03:85:0d:1b:00:fa:
                    84:03:e4:87:2c:57:d8:9f:5f:de:d9:4c:c2:75:fc:
                    70:c1:76:03:18:f8:bf:d6:12:a5:6e:80:62:98:6f:
                    70:ad:5c:95:ed:43:e7:0b:f2:c9:af:8a:88:f8:a3:
                    f5:3e:ec:2c:f0:eb:05:68:82:e7:ee:1a:8e:80:d5:
                    b2:2e:be:4f:20:63:24:2b:3f:0b:57:04:a7:8c:70:
                    0b:0e:ec:4f:08:e9:6e:64:3b:3f:13:a7:d8:d6:83:
                    93:c8:51:51:c6:cd:72:6e:42:d6:96:c8:be:10:23:
                    90:80:b1:2c:00:0f:2e:b3:a6:8e:40:25:83:b3:f9:
                    a5:97:d7:de:6f:f1:e4:20:af:05:9d:51:b7:ba:aa:
                    03:a4:ff:37:da:21:64:ec:7f:79:08:1a:0e:27:0f:
                    0c:1f:81:60:b0:9d:65:19:7b:56:40:8c:67:ff:6c:
                    30:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:71:FF:11:B0:22:F8:F6:41:41:DB:82:2E:BE:7A:44:31:69:46:EF
            X509v3 Authority Key Identifier:
                keyid:39:73:2D:CD:0C:35:42:61:44:F9:F0:26:75:41:79:DF:AE:BE:89:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/0HH_EbAi-PZBQduCLr56RDFpRu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.76.0/22
                IPv6:
                  2a0c:b5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:a9:2f:2d:21:3e:1a:ee:b0:6b:6e:be:9c:45:46:b2:7f:bf:
         80:ea:60:70:37:ac:42:0e:f8:c7:d3:e4:2d:2c:a1:98:70:f1:
         85:1c:2a:4d:ed:bc:c7:d3:d3:0c:f5:d0:e4:51:aa:35:47:6c:
         70:56:0c:62:c0:63:60:e8:7b:18:90:bd:1b:33:81:91:c5:20:
         bb:48:55:15:1d:63:a1:18:69:55:be:5b:aa:6d:ba:0d:c7:38:
         a9:37:ac:d0:01:ef:09:62:f6:c7:78:66:71:6c:94:66:24:53:
         70:5f:cd:58:8c:e4:ac:97:01:f9:5f:af:63:83:07:de:31:52:
         81:a9:d9:49:11:22:8f:fc:15:f5:9a:1f:92:8a:75:a0:5d:9c:
         53:f5:a0:75:d1:76:36:ea:be:9c:bd:da:9b:1b:d7:94:39:03:
         e1:06:a3:dc:95:1d:fe:5a:c9:98:0c:54:a9:e5:82:f6:b6:88:
         4b:28:bf:8c:73:12:0a:46:35:d4:a0:9a:ad:d8:1f:78:c9:17:
         0e:38:32:8f:14:04:01:bb:72:8c:1d:7c:d7:d6:f7:62:37:c9:
         13:05:fc:3f:df:a6:a5:72:c2:fb:bc:8e:0e:64:0e:f6:db:77:
         13:af:ca:7e:12:e7:21:18:75:79:c8:fc:ae:a9:fe:3a:6e:e6:
         dc:b5:c1:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI35/iVizNuzefdxaLnNPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NzMyZGNkMGMzNTQyNjE0NGY5ZjAyNjc1NDE3OWRmYWVi
ZTg5NTgwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDcxZmYxMWIwMjJmOGY2NDE0MWRiODIyZWJlN2E0NDMxNjk0NmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7mAOuAHsh/hlC/yeY9is9DUKUvT
nADZz8C9VeApxXxstJgSmrrsCelbvXstFcT1L+DOtT93SSeNwiZt6WONtGqGKPNr
6COPUm0W58B7XWeCXzcDhQ0bAPqEA+SHLFfYn1/e2UzCdfxwwXYDGPi/1hKlboBi
mG9wrVyV7UPnC/LJr4qI+KP1Puws8OsFaILn7hqOgNWyLr5PIGMkKz8LVwSnjHAL
DuxPCOluZDs/E6fY1oOTyFFRxs1ybkLWlsi+ECOQgLEsAA8us6aOQCWDs/mll9fe
b/HkIK8FnVG3uqoDpP832iFk7H95CBoOJw8MH4FgsJ1lGXtWQIxn/2ww4wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNBx/xGwIvj2QUHbgi6+ekQxaUbvMB8GA1UdIwQY
MBaAFDlzLc0MNUJhRPnwJnVBed+uvolYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1hNdHpRdzFRbUZFLWZBbWRVRjUzNjYtaVZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yMzcxMDYtZDA4ZC00YWEwLWFjODIt
ZjYwYWYyYTgyMDYwLzEvMEhIX0ViQWktUFpCUWR1Q0xyNTZSREZwUnU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yMzcxMDYtZDA4ZC00YWEwLWFjODItZjYwYWYyYTgyMDYw
LzEvT1hNdHpRdzFRbUZFLWZBbWRVRjUzNjYtaVZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVpMMA0E
AgACMAcDBQMqDLXAMA0GCSqGSIb3DQEBCwUAA4IBAQCGqS8tIT4a7rBrbr6cRUay
f7+A6mBwN6xCDvjH0+QtLKGYcPGFHCpN7bzH09MM9dDkUao1R2xwVgxiwGNg6HsY
kL0bM4GRxSC7SFUVHWOhGGlVvluqbboNxzipN6zQAe8JYvbHeGZxbJRmJFNwX81Y
jOSslwH5X69jgwfeMVKBqdlJESKP/BX1mh+SinWgXZxT9aB10XY26r6cvdqbG9eU
OQPhBqPclR3+WsmYDFSp5YL2tohLKL+McxIKRjXUoJqt2B94yRcOODKPFAQBu3KM
HXzX1vdiN8kTBfw/36alcsL7vI4OZA7223cTr8p+EuchGHV5yPyuqf46bubctcGL
-----END CERTIFICATE-----