Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/666e67-1546-413c-b6a1-5a78ba6091c1/1/_1-OJT6O5glpz7TYnMK7YZJVqIs.roa
File:                     _1-OJT6O5glpz7TYnMK7YZJVqIs.roa (raw, json)
Hash identifier:          OE9YEaLE3HZUNGp2ej9ZjT8C2EZMsbRGxPnoBN7zRrQ=
Subject key identifier:   FF:5F:8E:25:3E:8E:E6:09:69:CF:B4:D8:9C:C2:BB:61:92:55:A8:8B
Certificate issuer:       /CN=b3040c7f451c614d7eeba82c32a398e87de3b8c9
Certificate serial:       018CC2DAD6F45EDD5E4C435B705ED9BFA589
Authority key identifier: B3:04:0C:7F:45:1C:61:4D:7E:EB:A8:2C:32:A3:98:E8:7D:E3:B8:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/swQMf0UcYU1-66gsMqOY6H3juMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/666e67-1546-413c-b6a1-5a78ba6091c1/1/_1-OJT6O5glpz7TYnMK7YZJVqIs.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35122
IP address blocks:        45.146.140.0/22 maxlen: 22
                          85.255.160.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/666e67-1546-413c-b6a1-5a78ba6091c1/1/swQMf0UcYU1-66gsMqOY6H3juMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/666e67-1546-413c-b6a1-5a78ba6091c1/1/swQMf0UcYU1-66gsMqOY6H3juMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/swQMf0UcYU1-66gsMqOY6H3juMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d6:f4:5e:dd:5e:4c:43:5b:70:5e:d9:bf:a5:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3040c7f451c614d7eeba82c32a398e87de3b8c9
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff5f8e253e8ee60969cfb4d89cc2bb619255a88b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d4:d6:84:64:3c:e4:a2:60:32:a9:6e:7a:62:
                    00:fa:b2:0c:07:71:4b:d8:52:e9:51:a8:64:69:67:
                    2e:8c:d1:f8:e6:fe:6c:2f:79:74:2a:1b:a4:df:57:
                    93:1e:5a:08:33:ab:02:b4:30:39:0d:b4:d6:99:dd:
                    33:78:af:c4:2f:92:ff:cc:4a:37:b5:ce:61:82:d4:
                    6c:ff:2e:cc:b1:f8:d6:a1:a5:7c:b5:c4:a1:3a:01:
                    81:a2:0a:03:6a:82:59:6c:75:34:90:ae:92:72:e0:
                    c3:dd:06:e8:cf:39:7c:80:f8:61:65:2a:c2:ff:d6:
                    05:d7:6a:59:1e:5d:a9:c3:92:8c:c0:97:fd:29:fe:
                    a4:68:dd:00:74:6d:42:9e:cf:ce:24:c3:b5:72:d2:
                    9d:84:df:89:d9:8e:ed:e7:1a:a3:56:aa:a7:4c:10:
                    d3:2a:9c:85:50:db:52:4e:e0:b7:60:b1:82:88:47:
                    b4:ca:a7:83:cb:a5:20:29:db:9c:17:ec:8a:ef:22:
                    53:fd:f6:8d:1d:45:52:b7:ae:d4:db:fc:bc:d7:41:
                    f1:05:46:5f:78:51:f8:d3:82:38:53:64:98:b3:b1:
                    e3:3e:96:eb:a2:cb:97:77:a2:01:18:aa:46:b0:bd:
                    69:92:55:0a:e0:9e:d2:86:cb:7c:16:8b:58:59:95:
                    c5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:5F:8E:25:3E:8E:E6:09:69:CF:B4:D8:9C:C2:BB:61:92:55:A8:8B
            X509v3 Authority Key Identifier:
                keyid:B3:04:0C:7F:45:1C:61:4D:7E:EB:A8:2C:32:A3:98:E8:7D:E3:B8:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/swQMf0UcYU1-66gsMqOY6H3juMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/666e67-1546-413c-b6a1-5a78ba6091c1/1/_1-OJT6O5glpz7TYnMK7YZJVqIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/666e67-1546-413c-b6a1-5a78ba6091c1/1/swQMf0UcYU1-66gsMqOY6H3juMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.140.0/22
                  85.255.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7f:80:b7:f3:13:40:67:3f:74:b1:e7:5a:1a:26:e9:f1:ce:09:
         64:8d:70:a3:44:5b:32:56:cc:53:7f:d4:b0:12:18:60:ca:d4:
         22:df:f9:12:3e:06:a0:7a:45:d4:c1:1d:ad:ba:1a:6d:2f:28:
         d1:ed:a9:17:39:98:4e:14:05:2e:f2:d3:a5:34:06:a6:4f:ab:
         70:98:8e:f3:5f:03:ac:63:d7:24:53:d8:af:59:a3:5b:fa:36:
         4f:96:bd:6b:73:81:6d:25:a1:a8:7c:1f:50:5e:23:cb:6d:06:
         c6:1a:c0:35:32:5c:20:2b:bb:47:62:fa:ec:02:9a:af:b2:73:
         46:98:d0:18:d3:9e:9d:39:5f:fb:92:42:f4:c3:0a:0b:64:c3:
         57:20:74:a2:d8:c2:07:42:b3:93:1b:1f:66:f4:a8:c1:51:f7:
         c3:78:42:e7:1e:36:f6:5d:da:5c:fa:91:50:28:4e:3c:be:93:
         6e:9f:b7:23:15:98:4d:2a:ab:f2:08:42:cf:67:b1:4e:d5:74:
         0c:ce:06:19:b6:d3:91:29:66:06:4c:bd:08:ab:29:6f:94:e5:
         fc:36:72:57:be:25:d6:a8:54:ac:76:b0:bf:ec:ed:b2:39:ad:
         2c:aa:35:22:be:37:da:d4:95:c6:14:bd:16:5d:9d:5f:70:c9:
         5e:ce:35:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2tb0Xt1eTENbcF7Zv6WJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMDQwYzdmNDUxYzYxNGQ3ZWViYTgyYzMyYTM5OGU4N2Rl
M2I4YzkwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjVmOGUyNTNlOGVlNjA5NjljZmI0ZDg5Y2MyYmI2MTkyNTVhODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdTWhGQ85KJgMqluemIA+rIMB3FL
2FLpUahkaWcujNH45v5sL3l0Khuk31eTHloIM6sCtDA5DbTWmd0zeK/EL5L/zEo3
tc5hgtRs/y7MsfjWoaV8tcShOgGBogoDaoJZbHU0kK6ScuDD3Qbozzl8gPhhZSrC
/9YF12pZHl2pw5KMwJf9Kf6kaN0AdG1Cns/OJMO1ctKdhN+J2Y7t5xqjVqqnTBDT
KpyFUNtSTuC3YLGCiEe0yqeDy6UgKducF+yK7yJT/faNHUVSt67U2/y810HxBUZf
eFH404I4U2SYs7HjPpbrosuXd6IBGKpGsL1pklUK4J7Shst8FotYWZXF4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP9fjiU+juYJac+02JzCu2GSVaiLMB8GA1UdIwQY
MBaAFLMEDH9FHGFNfuuoLDKjmOh947jJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3dRTWYwVWNZVTEtNjZnc01xT1k2SDNqdU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS82NjZlNjctMTU0Ni00MTNjLWI2YTEt
NWE3OGJhNjA5MWMxLzEvXzEtT0pUNk81Z2xwejdUWW5NSzdZWkpWcUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS82NjZlNjctMTU0Ni00MTNjLWI2YTEtNWE3OGJhNjA5MWMx
LzEvc3dRTWYwVWNZVTEtNjZnc01xT1k2SDNqdU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZKMAwQE
Vf+gMA0GCSqGSIb3DQEBCwUAA4IBAQB/gLfzE0BnP3Sx51oaJunxzglkjXCjRFsy
VsxTf9SwEhhgytQi3/kSPgagekXUwR2tuhptLyjR7akXOZhOFAUu8tOlNAamT6tw
mI7zXwOsY9ckU9ivWaNb+jZPlr1rc4FtJaGofB9QXiPLbQbGGsA1MlwgK7tHYvrs
ApqvsnNGmNAY056dOV/7kkL0wwoLZMNXIHSi2MIHQrOTGx9m9KjBUffDeELnHjb2
Xdpc+pFQKE48vpNun7cjFZhNKqvyCELPZ7FO1XQMzgYZttORKWYGTL0IqylvlOX8
NnJXviXWqFSsdrC/7O2yOa0sqjUivjfa1JXGFL0WXZ1fcMlezjWL
-----END CERTIFICATE-----