Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/og91-pVKT1jpLb4FvyWzuZE8cSQ.roa
File:                     og91-pVKT1jpLb4FvyWzuZE8cSQ.roa (raw, json)
Hash identifier:          4FGQ1SXHGdRu7Q7qyPZ0jhhcOBINouiIlkxQt38MDYI=
Subject key identifier:   A2:0F:75:FA:95:4A:4F:58:E9:2D:BE:05:BF:25:B3:B9:91:3C:71:24
Certificate issuer:       /CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
Certificate serial:       018DD555D4DDD24BEDB9F66741C49432F247
Authority key identifier: E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/og91-pVKT1jpLb4FvyWzuZE8cSQ.roa
Signing time:             Fri 23 Feb 2024 09:39:48 +0000
ROA not before:           Fri 23 Feb 2024 09:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56443
IP address blocks:        185.69.120.0/22 maxlen: 22
                          185.127.176.0/22 maxlen: 22
                          185.199.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 22:57:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:55:d4:dd:d2:4b:ed:b9:f6:67:41:c4:94:32:f2:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
        Validity
            Not Before: Feb 23 09:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a20f75fa954a4f58e92dbe05bf25b3b9913c7124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f4:3d:19:b3:c7:87:c0:d4:78:ae:8d:8e:18:
                    18:f0:48:76:99:fc:e6:a2:f3:65:08:82:6b:a8:b0:
                    a3:92:3d:9d:45:e1:63:94:05:25:07:df:d1:d7:19:
                    cb:8c:a2:79:39:5c:21:2c:9e:03:da:c0:9e:a0:07:
                    04:0f:94:9c:34:c0:13:f4:55:95:26:3b:ec:e4:0c:
                    a8:a8:80:e7:23:1a:32:08:f2:d7:96:91:5e:10:d2:
                    51:ce:72:47:50:53:72:b3:be:74:c8:1e:55:d9:a9:
                    48:32:59:f2:4c:e5:86:56:d0:86:2d:56:20:cf:4f:
                    0a:41:65:44:4a:e0:97:57:5d:5c:db:96:c9:1d:dd:
                    0a:7f:d4:d6:6e:7a:b0:ec:da:16:d1:57:6d:6b:98:
                    9f:79:85:d0:ac:2b:a4:24:bd:3c:07:bf:36:d1:72:
                    8c:30:87:b3:45:df:6c:01:8d:d9:82:0f:7c:8f:c4:
                    54:ca:3e:14:37:67:26:1e:b9:2a:a0:5d:70:5f:1e:
                    56:34:20:d2:12:70:10:90:9a:60:44:a2:bb:c9:73:
                    56:1e:a2:d6:5d:48:48:99:f6:81:eb:8b:ba:f1:00:
                    eb:bd:f2:4a:53:3b:42:77:bf:c4:d6:8b:55:71:e3:
                    9d:7d:15:c3:f0:95:50:4e:35:3c:9d:12:0a:6b:f7:
                    c7:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0F:75:FA:95:4A:4F:58:E9:2D:BE:05:BF:25:B3:B9:91:3C:71:24
            X509v3 Authority Key Identifier:
                keyid:E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/og91-pVKT1jpLb4FvyWzuZE8cSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.120.0/22
                  185.127.176.0/22
                  185.199.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:f3:71:73:11:0d:7d:21:77:15:bb:b7:b3:41:16:6b:eb:a6:
         8a:0e:a9:6f:bf:79:dd:2e:54:72:05:8d:dc:b5:19:cf:03:3e:
         40:b9:18:78:5e:ee:a9:11:bb:39:e6:d1:d3:1a:f4:b2:cf:d7:
         de:48:a2:09:e0:1d:f8:3f:6f:0f:55:77:b1:0b:ce:f8:2c:86:
         65:11:84:ed:b0:45:73:6c:82:2a:96:2c:50:56:28:6e:1f:51:
         22:e2:28:68:e1:21:f4:f5:91:7f:a2:7a:36:43:f5:0d:ce:93:
         e6:57:a4:84:5d:94:6d:3d:a2:b3:3c:60:67:7c:ec:9b:d3:43:
         c6:2b:9e:e4:a3:f1:74:98:eb:d1:f3:21:ae:5d:00:65:cc:7a:
         4e:f3:32:7c:70:ee:c8:92:28:de:7a:51:ec:1e:c2:72:cc:2a:
         fa:5c:cc:2b:e3:e3:0e:01:e5:2d:93:59:33:52:7b:a9:0f:00:
         ae:a7:38:a8:57:39:bf:ff:10:eb:f7:3b:7e:01:38:18:5d:35:
         25:46:c1:65:4e:21:b7:83:fb:5c:e4:1a:1e:af:7a:9f:0c:16:
         79:51:d4:69:7e:5f:ab:cc:51:b5:88:8d:3e:d7:87:e1:b9:8c:
         d7:0b:b5:d9:18:97:ee:b9:3c:c4:2e:02:a6:1d:90:61:d1:49:
         a5:da:c2:cb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY3VVdTd0kvtufZnQcSUMvJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MWJkN2RkMWY4YWM4YjQxOTJiYTc4YTU5MjM0OGI1ZGQw
YTFhNjYwHhcNMjQwMjIzMDkzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjBmNzVmYTk1NGE0ZjU4ZTkyZGJlMDViZjI1YjNiOTkxM2M3MTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfQ9GbPHh8DUeK6NjhgY8Eh2mfzm
ovNlCIJrqLCjkj2dReFjlAUlB9/R1xnLjKJ5OVwhLJ4D2sCeoAcED5ScNMAT9FWV
Jjvs5AyoqIDnIxoyCPLXlpFeENJRznJHUFNys750yB5V2alIMlnyTOWGVtCGLVYg
z08KQWVESuCXV11c25bJHd0Kf9TWbnqw7NoW0Vdta5ifeYXQrCukJL08B7820XKM
MIezRd9sAY3Zgg98j8RUyj4UN2cmHrkqoF1wXx5WNCDSEnAQkJpgRKK7yXNWHqLW
XUhImfaB64u68QDrvfJKUztCd7/E1otVceOdfRXD8JVQTjU8nRIKa/fHRQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKIPdfqVSk9Y6S2+Bb8ls7mRPHEkMB8GA1UdIwQY
MBaAFOYb190fisi0GSunilkjSLXdChpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2Njct
ZGU5YjJmOGY3ZTI5LzEvb2c5MS1wVktUMWpwTGI0RnZ5V3p1WkU4Y1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2NjctZGU5YjJmOGY3ZTI5
LzEvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuUV4AwQC
uX+wAwQCucfEMA0GCSqGSIb3DQEBCwUAA4IBAQBd83FzEQ19IXcVu7ezQRZr66aK
Dqlvv3ndLlRyBY3ctRnPAz5AuRh4Xu6pEbs55tHTGvSyz9feSKIJ4B34P28PVXex
C874LIZlEYTtsEVzbIIqlixQVihuH1Ei4iho4SH09ZF/ono2Q/UNzpPmV6SEXZRt
PaKzPGBnfOyb00PGK57ko/F0mOvR8yGuXQBlzHpO8zJ8cO7IkijeelHsHsJyzCr6
XMwr4+MOAeUtk1kzUnupDwCupzioVzm//xDr9zt+ATgYXTUlRsFlTiG3g/tc5Boe
r3qfDBZ5UdRpfl+rzFG1iI0+14fhuYzXC7XZGJfuuTzELgKmHZBh0Uml2sLL
-----END CERTIFICATE-----