Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/O3LgnyoJ62jAW5vSsIkRVNHDLEk.roa
File:                     O3LgnyoJ62jAW5vSsIkRVNHDLEk.roa (raw, json)
Hash identifier:          gAcBBXryQw7q2rs/OjPUn5Y/9UldyG0YZsHWtHsnEHY=
Subject key identifier:   3B:72:E0:9F:2A:09:EB:68:C0:5B:9B:D2:B0:89:11:54:D1:C3:2C:49
Certificate issuer:       /CN=7299ce64a0f1624d7bb2d2969e5c11adbaa5485c
Certificate serial:       018CC9BBEEC0337E6B5BAEBC2821414EA85D
Authority key identifier: 72:99:CE:64:A0:F1:62:4D:7B:B2:D2:96:9E:5C:11:AD:BA:A5:48:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cpnOZKDxYk17stKWnlwRrbqlSFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/O3LgnyoJ62jAW5vSsIkRVNHDLEk.roa
Signing time:             Tue 02 Jan 2024 10:33:05 +0000
ROA not before:           Tue 02 Jan 2024 10:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197579
IP address blocks:        185.92.232.0/22 maxlen: 22
                          91.223.113.0/24 maxlen: 24
                          2a13:6b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/cpnOZKDxYk17stKWnlwRrbqlSFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/cpnOZKDxYk17stKWnlwRrbqlSFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cpnOZKDxYk17stKWnlwRrbqlSFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ee:c0:33:7e:6b:5b:ae:bc:28:21:41:4e:a8:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7299ce64a0f1624d7bb2d2969e5c11adbaa5485c
        Validity
            Not Before: Jan  2 10:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b72e09f2a09eb68c05b9bd2b0891154d1c32c49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0e:5e:83:6b:6e:dd:89:ad:a0:50:4b:63:a2:
                    67:cd:87:d5:d9:ca:05:f9:9b:84:bc:9a:8c:c9:ef:
                    f8:44:de:b2:89:c8:ae:c8:1b:31:d3:60:db:7f:65:
                    cb:90:07:64:36:ad:23:98:84:35:91:39:28:0d:b2:
                    9c:98:84:80:3c:70:7f:d8:21:ab:7d:a9:ce:c4:64:
                    cf:cb:e8:cd:22:17:91:51:ad:88:90:53:bc:22:f3:
                    33:93:fa:80:1a:ac:9f:3e:f5:c5:63:31:1c:39:61:
                    c8:46:9b:7c:4a:a0:63:c8:8f:c2:53:af:e7:c7:7e:
                    31:6b:b8:50:cb:60:9e:3c:0e:72:21:78:1b:e3:2b:
                    64:59:b7:c4:50:52:f7:20:af:bf:6b:2d:e0:8d:92:
                    d6:58:5f:ac:18:b2:85:46:2b:ec:68:70:32:df:01:
                    34:5a:12:18:14:b4:91:83:85:a9:ec:14:be:45:e7:
                    55:03:3d:a2:49:05:aa:a4:b1:b7:17:e5:84:7d:e6:
                    a8:a1:b2:5e:5f:85:6f:96:60:7a:95:d4:dc:8c:9d:
                    1f:79:a1:22:2d:c4:5e:45:fa:9f:45:5d:42:bd:85:
                    4b:cb:fb:8f:50:c8:fc:80:4c:e4:d5:e1:c5:cd:92:
                    3e:06:9b:35:14:4d:fc:2a:6c:a0:9f:32:1f:1a:dd:
                    7e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:72:E0:9F:2A:09:EB:68:C0:5B:9B:D2:B0:89:11:54:D1:C3:2C:49
            X509v3 Authority Key Identifier:
                keyid:72:99:CE:64:A0:F1:62:4D:7B:B2:D2:96:9E:5C:11:AD:BA:A5:48:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cpnOZKDxYk17stKWnlwRrbqlSFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/O3LgnyoJ62jAW5vSsIkRVNHDLEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/cpnOZKDxYk17stKWnlwRrbqlSFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.113.0/24
                  185.92.232.0/22
                IPv6:
                  2a13:6b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:79:f3:01:52:8c:04:df:a1:96:75:5c:1e:ff:cc:8c:4e:06:
         ff:7c:d9:d6:8e:41:34:15:55:d0:ef:3c:25:74:35:48:68:bc:
         5a:be:97:cf:4a:ff:bd:8d:5c:3c:fe:4e:7f:e6:1d:1d:1b:14:
         9c:75:d7:80:4d:e8:ad:10:29:40:e5:00:9b:03:eb:26:55:df:
         87:d8:6c:1e:19:2b:ea:06:01:e6:22:42:7e:39:62:72:9c:0f:
         29:61:88:5a:75:49:3c:19:6c:66:ce:48:8d:bd:dd:f0:e1:b6:
         4c:09:35:64:64:c2:25:a5:d3:b0:67:47:2c:71:5f:44:04:26:
         27:e7:17:38:bb:3f:a8:da:90:28:ea:7a:4c:83:fe:73:e7:a9:
         49:e2:0e:59:d5:4c:64:fb:fb:f7:43:3a:d1:33:41:71:e7:69:
         8f:e2:2e:75:15:9e:6c:15:b2:9e:de:6f:27:c4:d2:78:d7:3b:
         01:17:9f:92:6e:e0:94:50:1e:25:8d:64:bd:70:54:70:eb:66:
         4c:86:38:19:35:13:fb:ec:b9:fd:9e:ed:aa:a2:97:35:52:16:
         64:23:19:2a:52:6f:9c:b4:9e:a4:dd:55:c4:d5:8d:1a:ea:1c:
         6b:6b:f9:2f:c3:bc:5c:7d:67:4c:ff:89:b6:30:2a:57:b7:2e:
         17:1f:5d:c1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJu+7AM35rW668KCFBTqhdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOTljZTY0YTBmMTYyNGQ3YmIyZDI5NjllNWMxMWFkYmFh
NTQ4NWMwHhcNMjQwMTAyMTAzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjcyZTA5ZjJhMDllYjY4YzA1YjliZDJiMDg5MTE1NGQxYzMyYzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQ5eg2tu3YmtoFBLY6JnzYfV2coF
+ZuEvJqMye/4RN6yiciuyBsx02Dbf2XLkAdkNq0jmIQ1kTkoDbKcmISAPHB/2CGr
fanOxGTPy+jNIheRUa2IkFO8IvMzk/qAGqyfPvXFYzEcOWHIRpt8SqBjyI/CU6/n
x34xa7hQy2CePA5yIXgb4ytkWbfEUFL3IK+/ay3gjZLWWF+sGLKFRivsaHAy3wE0
WhIYFLSRg4Wp7BS+RedVAz2iSQWqpLG3F+WEfeaoobJeX4VvlmB6ldTcjJ0feaEi
LcReRfqfRV1CvYVLy/uPUMj8gEzk1eHFzZI+Bps1FE38KmygnzIfGt1+EwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDty4J8qCetowFub0rCJEVTRwyxJMB8GA1UdIwQY
MBaAFHKZzmSg8WJNe7LSlp5cEa26pUhcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3BuT1pLRHhZazE3c3RLV25sd1JyYnFsU0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9jMjBmYmEtNWI2Ny00MzhjLWFiMDAt
YzdlYjM0ZTJkY2E2LzEvTzNMZ255b0o2MmpBVzV2U3NJa1JWTkhETEVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9jMjBmYmEtNWI2Ny00MzhjLWFiMDAtYzdlYjM0ZTJkY2E2
LzEvY3BuT1pLRHhZazE3c3RLV25sd1JyYnFsU0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW99xAwQC
uVzoMA0EAgACMAcDBQMqE2tAMA0GCSqGSIb3DQEBCwUAA4IBAQBZefMBUowE36GW
dVwe/8yMTgb/fNnWjkE0FVXQ7zwldDVIaLxavpfPSv+9jVw8/k5/5h0dGxScddeA
TeitEClA5QCbA+smVd+H2GweGSvqBgHmIkJ+OWJynA8pYYhadUk8GWxmzkiNvd3w
4bZMCTVkZMIlpdOwZ0cscV9EBCYn5xc4uz+o2pAo6npMg/5z56lJ4g5Z1Uxk+/v3
QzrRM0Fx52mP4i51FZ5sFbKe3m8nxNJ41zsBF5+SbuCUUB4ljWS9cFRw62ZMhjgZ
NRP77Ln9nu2qopc1UhZkIxkqUm+ctJ6k3VXE1Y0a6hxra/kvw7xcfWdM/4m2MCpX
ty4XH13B
-----END CERTIFICATE-----