Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/otpLExYyZw_mYp7HYfKU3_HUPbY.roa
File:                     otpLExYyZw_mYp7HYfKU3_HUPbY.roa (raw, json)
Hash identifier:          Qaq6Qs2UlhmjKKa40pyJlakAOzmrM+jOETAKujwJveU=
Subject key identifier:   A2:DA:4B:13:16:32:67:0F:E6:62:9E:C7:61:F2:94:DF:F1:D4:3D:B6
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       018CC7936224F581D66505EA080D349492EB
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/otpLExYyZw_mYp7HYfKU3_HUPbY.roa
Signing time:             Tue 02 Jan 2024 00:29:34 +0000
ROA not before:           Tue 02 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        85.28.52.0/23 maxlen: 23
                          194.31.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:62:24:f5:81:d6:65:05:ea:08:0d:34:94:92:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Jan  2 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2da4b131632670fe6629ec761f294dff1d43db6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:93:5a:42:cb:bb:94:92:80:ca:6f:3c:b7:45:
                    23:98:8b:98:94:5d:6e:80:82:e7:a7:a3:29:35:f3:
                    3c:57:53:f7:20:c4:68:83:33:a1:e1:e2:dc:0f:cd:
                    34:83:2d:e7:3d:2c:d6:2f:26:21:82:ab:d8:4d:21:
                    ce:60:ee:fc:e2:df:d6:b4:dd:f0:b1:45:af:83:b3:
                    7d:b7:cb:e6:e5:28:a3:e6:9c:9c:68:06:f2:f5:1e:
                    c3:c8:1f:47:98:c0:2d:47:08:eb:11:3b:2b:14:4a:
                    f1:e9:bb:f0:b6:24:9f:9f:17:f6:db:6b:d2:e2:4d:
                    51:1a:80:6d:91:69:c9:02:13:b6:55:a4:8c:97:c8:
                    55:35:08:20:2d:bf:d2:4a:81:06:d7:80:fa:af:49:
                    53:8e:54:82:73:bd:29:38:5c:63:66:a7:11:bd:26:
                    6a:0f:e1:4a:07:fd:f6:5d:af:d7:c6:ba:cf:ad:fa:
                    06:92:60:33:8b:73:40:81:3b:d3:cf:75:61:80:cb:
                    41:00:f9:87:73:2e:a0:e7:28:35:fb:7b:27:0c:61:
                    3e:a1:d6:66:34:6a:22:3d:63:39:f1:a6:bc:6d:25:
                    15:55:8d:c0:72:42:aa:0a:3b:d8:ef:10:88:a7:0e:
                    d2:0b:d8:3f:98:cf:07:7e:b6:f1:28:2a:29:7f:cc:
                    36:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:DA:4B:13:16:32:67:0F:E6:62:9E:C7:61:F2:94:DF:F1:D4:3D:B6
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/otpLExYyZw_mYp7HYfKU3_HUPbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.52.0/23
                  194.31.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:2b:c7:d1:87:f2:75:c7:71:f5:fd:4b:e3:27:70:d2:80:1f:
         f2:29:bd:44:6c:32:63:6c:be:5c:b3:db:25:ac:a4:d3:52:86:
         e6:0c:fd:17:db:b2:e2:d4:74:56:9f:06:4b:df:bf:5f:fa:ae:
         fc:94:69:10:c2:2d:67:ee:f3:fd:80:1a:71:e5:f0:eb:c2:d5:
         ed:05:3a:d6:fc:42:3e:3b:2d:9c:0c:ea:84:20:d5:41:6b:9f:
         9a:8f:c1:6e:1e:3b:b7:1c:77:5c:8d:d2:ee:b3:c1:af:3a:3c:
         dd:6a:8c:59:24:72:77:aa:18:b2:62:e6:0c:64:41:0d:3a:c4:
         73:bd:20:21:85:45:db:3e:15:5a:78:a0:7a:70:2d:f5:38:15:
         23:dd:09:fb:0f:da:bf:fa:3c:b4:98:0a:6d:31:5f:f0:c8:c7:
         90:ab:03:48:ff:ce:a8:14:36:fb:48:24:86:da:1b:9f:f7:21:
         7f:37:e4:ef:0c:86:3f:c0:f3:8c:3f:94:5a:d1:0c:93:91:eb:
         2d:ca:f8:d0:2e:0e:fe:6c:eb:f8:17:a4:31:2c:94:f6:01:85:
         99:30:ee:6f:2c:ab:81:b9:68:27:db:68:33:ec:c1:85:8a:08:
         f3:7d:8f:d4:04:32:74:51:90:08:55:08:9c:f3:63:7c:c5:06:
         3c:73:04:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk2Ik9YHWZQXqCA00lJLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjQwMTAyMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmRhNGIxMzE2MzI2NzBmZTY2MjllYzc2MWYyOTRkZmYxZDQzZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpNaQsu7lJKAym88t0UjmIuYlF1u
gILnp6MpNfM8V1P3IMRogzOh4eLcD800gy3nPSzWLyYhgqvYTSHOYO784t/WtN3w
sUWvg7N9t8vm5Sij5pycaAby9R7DyB9HmMAtRwjrETsrFErx6bvwtiSfnxf222vS
4k1RGoBtkWnJAhO2VaSMl8hVNQggLb/SSoEG14D6r0lTjlSCc70pOFxjZqcRvSZq
D+FKB/32Xa/XxrrPrfoGkmAzi3NAgTvTz3VhgMtBAPmHcy6g5yg1+3snDGE+odZm
NGoiPWM58aa8bSUVVY3AckKqCjvY7xCIpw7SC9g/mM8HfrbxKCopf8w2gwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKLaSxMWMmcP5mKex2HylN/x1D22MB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvb3RwTEV4WXlad19tWXA3SFlmS1UzX0hVUGJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVRw0AwQA
wh+dMA0GCSqGSIb3DQEBCwUAA4IBAQCfK8fRh/J1x3H1/UvjJ3DSgB/yKb1EbDJj
bL5cs9slrKTTUobmDP0X27Li1HRWnwZL379f+q78lGkQwi1n7vP9gBpx5fDrwtXt
BTrW/EI+Oy2cDOqEINVBa5+aj8FuHju3HHdcjdLus8GvOjzdaoxZJHJ3qhiyYuYM
ZEENOsRzvSAhhUXbPhVaeKB6cC31OBUj3Qn7D9q/+jy0mAptMV/wyMeQqwNI/86o
FDb7SCSG2huf9yF/N+TvDIY/wPOMP5Ra0QyTkestyvjQLg7+bOv4F6QxLJT2AYWZ
MO5vLKuBuWgn22gz7MGFigjzfY/UBDJ0UZAIVQic82N8xQY8cwSi
-----END CERTIFICATE-----