Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/n_o6ou9dHpjxF8cnOqu-W-2CNzw.roa
File:                     n_o6ou9dHpjxF8cnOqu-W-2CNzw.roa (raw, json)
Hash identifier:          sUBZwjWMANE7893KzWipgePpBgG1deSYuwsO7wRJBjc=
Subject key identifier:   9F:FA:3A:A2:EF:5D:1E:98:F1:17:C7:27:3A:AB:BE:5B:ED:82:37:3C
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       018CC79363B40F87807F3CD57277029CCE70
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/n_o6ou9dHpjxF8cnOqu-W-2CNzw.roa
Signing time:             Tue 02 Jan 2024 00:29:34 +0000
ROA not before:           Tue 02 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        85.28.61.0/24 maxlen: 24
                          85.28.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 06:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:63:b4:0f:87:80:7f:3c:d5:72:77:02:9c:ce:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Jan  2 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ffa3aa2ef5d1e98f117c7273aabbe5bed82373c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6d:fd:a0:3c:50:2c:6c:d9:52:30:c0:54:75:
                    06:85:c9:18:c7:45:7e:1f:46:06:60:ba:c5:79:47:
                    bf:91:21:e9:3c:ce:a2:3d:88:82:e2:ea:ad:a3:54:
                    6c:73:ea:33:6a:ec:73:84:cb:82:24:cc:b9:59:30:
                    a9:fb:4d:e0:2e:ae:52:32:6d:5b:1d:c1:8b:42:72:
                    32:b6:fb:84:b8:c5:a8:22:d1:a0:9d:52:27:3c:9c:
                    4b:29:df:96:d8:9f:b0:2a:1a:e4:77:e8:a9:9d:90:
                    b1:62:ad:0b:7d:75:52:49:17:00:9a:56:e8:6f:7d:
                    ce:72:97:d5:c8:a8:ea:82:23:da:da:68:99:cd:2e:
                    7c:02:2f:c0:6b:a7:32:c4:1c:dc:2b:69:fd:49:8f:
                    31:10:5f:30:b1:85:e0:1a:04:9f:23:67:de:96:72:
                    a5:25:0c:c0:91:e0:14:b5:8a:f2:72:7d:b6:84:72:
                    a6:7e:4b:ad:b7:67:6d:98:1a:ab:f8:19:73:28:c6:
                    36:40:75:ce:b5:f1:b8:65:c8:7b:39:36:f5:73:63:
                    f5:80:92:95:49:ff:66:56:6c:8a:74:4c:0e:73:f9:
                    3d:15:bb:57:76:5a:4c:61:7b:24:db:cc:87:f3:ab:
                    d4:86:2a:68:fe:ad:5d:b7:7a:c3:e4:57:29:85:8e:
                    aa:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:FA:3A:A2:EF:5D:1E:98:F1:17:C7:27:3A:AB:BE:5B:ED:82:37:3C
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/n_o6ou9dHpjxF8cnOqu-W-2CNzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.61.0/24
                  85.28.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:21:38:2b:3d:72:6e:e2:08:92:4f:31:1d:06:3a:20:0f:9b:
         1f:f3:ef:f3:23:61:fc:1f:49:e3:e2:36:15:37:d8:5f:07:a6:
         67:34:3b:e6:7a:f7:80:92:cb:75:19:11:7b:5f:fd:26:9b:c5:
         16:70:8c:77:e4:de:fa:a1:73:3a:81:81:55:4b:1f:36:24:25:
         19:ed:bf:e0:08:92:b0:5b:30:d3:4e:de:f4:64:bb:38:49:60:
         d2:ee:70:96:e9:cf:44:3a:93:1b:91:f8:06:01:35:20:58:78:
         b9:3e:1a:d8:7a:24:fe:5b:c1:26:61:a6:28:48:d4:7b:9c:d3:
         30:95:8f:d5:16:d4:79:fe:18:a2:63:fb:cf:9b:90:28:14:70:
         6a:07:37:47:06:ff:41:21:a6:a7:0a:fa:45:a0:e9:87:39:46:
         3b:72:08:2f:57:28:7c:ab:bd:6d:1f:8f:6e:0f:b2:83:e0:1d:
         98:8b:fd:25:a1:c4:ed:92:c1:b9:6c:83:84:b5:e4:44:0f:fa:
         76:58:37:f7:2e:23:aa:a4:74:82:69:fb:e0:8e:63:18:2b:6b:
         41:76:a0:d5:22:85:f8:54:1a:5b:20:ba:4a:b5:25:cb:b4:72:
         ae:27:02:c5:1b:88:f7:61:39:e1:03:e4:dc:95:1c:79:15:f8:
         27:84:35:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk2O0D4eAfzzVcncCnM5wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjQwMTAyMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmZhM2FhMmVmNWQxZTk4ZjExN2M3MjczYWFiYmU1YmVkODIzNzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm39oDxQLGzZUjDAVHUGhckYx0V+
H0YGYLrFeUe/kSHpPM6iPYiC4uqto1Rsc+ozauxzhMuCJMy5WTCp+03gLq5SMm1b
HcGLQnIytvuEuMWoItGgnVInPJxLKd+W2J+wKhrkd+ipnZCxYq0LfXVSSRcAmlbo
b33OcpfVyKjqgiPa2miZzS58Ai/Aa6cyxBzcK2n9SY8xEF8wsYXgGgSfI2felnKl
JQzAkeAUtYrycn22hHKmfkutt2dtmBqr+BlzKMY2QHXOtfG4Zch7OTb1c2P1gJKV
Sf9mVmyKdEwOc/k9FbtXdlpMYXsk28yH86vUhipo/q1dt3rD5FcphY6qSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ/6OqLvXR6Y8RfHJzqrvlvtgjc8MB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvbl9vNm91OWRIcGp4Rjhjbk9xdS1XLTJDTnp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVRw9AwQA
VRw/MA0GCSqGSIb3DQEBCwUAA4IBAQBpITgrPXJu4giSTzEdBjogD5sf8+/zI2H8
H0nj4jYVN9hfB6ZnNDvmeveAkst1GRF7X/0mm8UWcIx35N76oXM6gYFVSx82JCUZ
7b/gCJKwWzDTTt70ZLs4SWDS7nCW6c9EOpMbkfgGATUgWHi5PhrYeiT+W8EmYaYo
SNR7nNMwlY/VFtR5/hiiY/vPm5AoFHBqBzdHBv9BIaanCvpFoOmHOUY7cggvVyh8
q71tH49uD7KD4B2Yi/0locTtksG5bIOEteRED/p2WDf3LiOqpHSCafvgjmMYK2tB
dqDVIoX4VBpbILpKtSXLtHKuJwLFG4j3YTnhA+TclRx5FfgnhDXm
-----END CERTIFICATE-----