Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/CjHCo1NFd_AH2pjrnS1rmZWvnRk.roa
File:                     CjHCo1NFd_AH2pjrnS1rmZWvnRk.roa (raw, json)
Hash identifier:          g05KUNYFZJib+zVLvVl9BBUvxp+csGGt3MAol9cxACc=
Subject key identifier:   0A:31:C2:A3:53:45:77:F0:07:DA:98:EB:9D:2D:6B:99:95:AF:9D:19
Certificate issuer:       /CN=edbd2b2871c06e5e21dfcd01603075816bd14489
Certificate serial:       018F3453E28299E9FECA9485837C3C14005A
Authority key identifier: ED:BD:2B:28:71:C0:6E:5E:21:DF:CD:01:60:30:75:81:6B:D1:44:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7b0rKHHAbl4h380BYDB1gWvRRIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/CjHCo1NFd_AH2pjrnS1rmZWvnRk.roa
Signing time:             Wed 01 May 2024 13:24:23 +0000
ROA not before:           Wed 01 May 2024 13:24:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4913
IP address blocks:        212.39.160.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/7b0rKHHAbl4h380BYDB1gWvRRIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/7b0rKHHAbl4h380BYDB1gWvRRIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7b0rKHHAbl4h380BYDB1gWvRRIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:34:53:e2:82:99:e9:fe:ca:94:85:83:7c:3c:14:00:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edbd2b2871c06e5e21dfcd01603075816bd14489
        Validity
            Not Before: May  1 13:24:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a31c2a3534577f007da98eb9d2d6b9995af9d19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fd:87:d6:b2:7f:82:23:94:77:8e:13:02:cf:
                    04:a0:24:2e:3b:b5:81:17:a7:4c:b4:c2:62:1a:c8:
                    cf:78:53:d1:bd:65:f2:3d:09:6a:06:0b:68:fd:46:
                    ea:75:86:96:b3:66:54:39:00:69:39:21:39:04:a9:
                    57:3e:25:20:33:a4:fb:5f:30:24:3b:a4:f4:2e:6d:
                    f0:5c:e1:40:6d:83:8d:e6:58:5c:90:57:ed:89:bc:
                    ed:32:f9:be:6b:fd:70:cb:65:0f:95:2f:78:4f:f2:
                    91:56:96:11:fd:7a:18:0f:2e:d9:aa:16:d1:b8:81:
                    34:9d:1f:76:8a:28:51:73:96:d6:67:f2:96:7f:17:
                    5f:9d:90:6c:c0:44:3b:46:34:fa:f2:6f:e2:cc:43:
                    19:36:74:41:07:26:45:0b:1d:3e:8a:fc:35:f5:90:
                    a4:b2:7d:34:f8:23:4f:2f:94:d2:e9:37:70:3d:5a:
                    2c:02:79:3a:cf:f4:91:e0:bd:5f:d0:9c:b4:2d:11:
                    a0:79:51:59:93:28:55:57:a0:36:57:5a:cf:8a:72:
                    11:c5:33:c6:b6:26:2d:3f:91:0d:f7:3a:21:91:c2:
                    58:ca:66:86:5d:6c:01:17:9b:b8:0f:a9:01:2d:a1:
                    55:55:0e:b0:00:a1:4c:b3:08:3f:50:57:01:a5:d9:
                    88:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:31:C2:A3:53:45:77:F0:07:DA:98:EB:9D:2D:6B:99:95:AF:9D:19
            X509v3 Authority Key Identifier:
                keyid:ED:BD:2B:28:71:C0:6E:5E:21:DF:CD:01:60:30:75:81:6B:D1:44:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b0rKHHAbl4h380BYDB1gWvRRIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/CjHCo1NFd_AH2pjrnS1rmZWvnRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/7b0rKHHAbl4h380BYDB1gWvRRIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.39.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         04:29:30:71:81:bd:2c:28:a8:60:7b:bb:ed:fb:9a:11:67:41:
         21:6b:37:74:8a:df:7f:32:b5:f1:c5:94:55:29:91:dc:2e:ec:
         75:c6:53:4a:c8:b5:43:73:fe:71:13:ae:e5:a2:e4:49:4b:59:
         7d:f3:e4:c9:3f:55:9e:79:33:b6:95:71:87:ca:ab:b9:2b:3d:
         99:86:ea:a6:b2:a1:74:ad:48:69:cb:93:42:81:51:88:e5:29:
         a9:26:3d:c8:0c:3f:9b:69:b8:19:1a:06:93:6b:db:ac:49:10:
         ac:c2:ee:14:ff:1a:4e:64:29:28:44:ff:8f:ea:1f:ee:39:e6:
         af:09:88:83:52:e0:7c:33:3f:69:80:2a:c8:ca:a1:7e:d6:bc:
         79:47:18:d6:97:88:d4:80:39:83:93:3f:1c:cd:88:af:f2:46:
         73:c7:91:29:67:d8:75:7d:1c:fa:af:db:75:4a:f9:d3:90:52:
         e4:c6:c3:02:6d:a4:2f:80:eb:ed:f3:44:50:f8:5a:5c:cc:65:
         8c:c6:26:16:32:24:de:08:79:cd:09:ef:bd:1b:d1:6e:06:e2:
         43:c3:95:57:d8:00:af:a2:51:22:b8:a3:71:86:3e:3b:ac:c9:
         5a:cb:f4:b8:18:73:8e:d8:76:04:a2:46:7f:e7:ac:fa:d1:9d:
         75:3f:c9:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY80U+KCmen+ypSFg3w8FABaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYmQyYjI4NzFjMDZlNWUyMWRmY2QwMTYwMzA3NTgxNmJk
MTQ0ODkwHhcNMjQwNTAxMTMyNDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTMxYzJhMzUzNDU3N2YwMDdkYTk4ZWI5ZDJkNmI5OTk1YWY5ZDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAov2H1rJ/giOUd44TAs8EoCQuO7WB
F6dMtMJiGsjPeFPRvWXyPQlqBgto/UbqdYaWs2ZUOQBpOSE5BKlXPiUgM6T7XzAk
O6T0Lm3wXOFAbYON5lhckFftibztMvm+a/1wy2UPlS94T/KRVpYR/XoYDy7ZqhbR
uIE0nR92iihRc5bWZ/KWfxdfnZBswEQ7RjT68m/izEMZNnRBByZFCx0+ivw19ZCk
sn00+CNPL5TS6TdwPVosAnk6z/SR4L1f0Jy0LRGgeVFZkyhVV6A2V1rPinIRxTPG
tiYtP5EN9zohkcJYymaGXWwBF5u4D6kBLaFVVQ6wAKFMswg/UFcBpdmI4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoxwqNTRXfwB9qY650ta5mVr50ZMB8GA1UdIwQY
MBaAFO29KyhxwG5eId/NAWAwdYFr0USJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2IwcktISEFibDRoMzgwQllEQjFnV3ZSUklrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wZTRkZDMtOWRlNy00MzZlLWFiYTkt
ZGU2YTljMDE3ZjdiLzEvQ2pIQ28xTkZkX0FIMnBqcm5TMXJtWld2blJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wZTRkZDMtOWRlNy00MzZlLWFiYTktZGU2YTljMDE3Zjdi
LzEvN2IwcktISEFibDRoMzgwQllEQjFnV3ZSUklrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1CegMA0G
CSqGSIb3DQEBCwUAA4IBAQAEKTBxgb0sKKhge7vt+5oRZ0Ehazd0it9/MrXxxZRV
KZHcLux1xlNKyLVDc/5xE67louRJS1l98+TJP1WeeTO2lXGHyqu5Kz2ZhuqmsqF0
rUhpy5NCgVGI5SmpJj3IDD+babgZGgaTa9usSRCswu4U/xpOZCkoRP+P6h/uOeav
CYiDUuB8Mz9pgCrIyqF+1rx5RxjWl4jUgDmDkz8czYiv8kZzx5EpZ9h1fRz6r9t1
SvnTkFLkxsMCbaQvgOvt80RQ+FpczGWMxiYWMiTeCHnNCe+9G9FuBuJDw5VX2ACv
olEiuKNxhj47rMlay/S4GHOO2HYEokZ/56z60Z11P8nc
-----END CERTIFICATE-----