Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/kDO5E3nKCcXWjuz24aZxcaDYXtQ.roa
File:                     kDO5E3nKCcXWjuz24aZxcaDYXtQ.roa (raw, json)
Hash identifier:          yTWoZlP0pGuDrnHnxbcn7osYDNv7VUKKZXxBPRAbYbw=
Subject key identifier:   90:33:B9:13:79:CA:09:C5:D6:8E:EC:F6:E1:A6:71:71:A0:D8:5E:D4
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       018CC5DCEDD065DBE58B214AC26F4B953E9B
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/kDO5E3nKCcXWjuz24aZxcaDYXtQ.roa
Signing time:             Mon 01 Jan 2024 16:30:39 +0000
ROA not before:           Mon 01 Jan 2024 16:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60123
IP address blocks:        213.240.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:ed:d0:65:db:e5:8b:21:4a:c2:6f:4b:95:3e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jan  1 16:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9033b91379ca09c5d68eecf6e1a67171a0d85ed4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:41:35:0e:bd:f8:38:39:df:0b:c9:88:19:b0:
                    4f:5b:c5:33:d3:70:8b:42:1a:f3:29:14:2e:a7:3e:
                    a7:42:ab:a0:da:36:92:06:c1:6c:56:11:df:82:d1:
                    64:04:4a:b1:83:0a:6c:98:38:ba:e1:35:ca:9a:79:
                    b1:43:a1:d1:33:59:1b:d2:bb:15:24:4d:6c:ad:74:
                    36:c6:66:ae:82:6a:fb:77:09:4d:cc:88:0c:35:0e:
                    c6:cf:15:fe:24:b9:3d:13:61:ee:5a:63:78:ce:e2:
                    72:52:03:62:c4:a1:10:21:6d:ae:09:9e:64:79:d5:
                    66:a6:5f:da:95:fb:f4:6b:7d:2a:62:ff:92:8e:a1:
                    e2:10:85:ce:05:d4:ad:01:d2:7e:8e:14:48:96:2a:
                    d9:b5:ee:aa:b2:a2:11:ac:82:2d:16:ed:c7:6b:f4:
                    2e:c5:97:c8:1e:03:bc:7b:83:ec:38:dd:81:c8:ed:
                    1d:43:43:af:9a:31:69:80:07:ec:63:a6:72:8d:c9:
                    12:c6:57:a0:0b:ef:8b:47:2c:be:8f:88:62:60:f8:
                    a4:48:e4:89:19:16:f6:eb:a7:02:ee:08:3d:16:36:
                    9f:6b:68:23:51:e3:e0:2f:53:16:56:fc:c2:1b:d8:
                    50:a3:f0:22:c3:eb:22:57:91:38:2c:6d:a4:fa:c2:
                    e4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:33:B9:13:79:CA:09:C5:D6:8E:EC:F6:E1:A6:71:71:A0:D8:5E:D4
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/kDO5E3nKCcXWjuz24aZxcaDYXtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.240.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:f8:5d:ed:25:15:41:f6:91:53:54:12:f9:fc:e9:f7:67:70:
         4c:fc:8c:e2:9a:7b:b6:51:49:88:57:12:c7:0a:9c:e8:dc:4f:
         56:3a:e7:a1:02:10:00:c2:8f:ef:4b:36:17:f1:a2:f9:95:01:
         ad:f7:f3:26:e8:c0:69:ab:77:1f:f2:ed:42:ee:c8:cd:19:f1:
         38:fa:53:bf:5b:97:dd:3a:7c:46:80:d4:8c:2f:67:77:e4:48:
         48:0b:70:48:cb:90:02:f2:56:c0:04:28:2d:65:89:57:c8:78:
         b6:95:11:18:1c:a0:e2:da:76:b6:51:4c:68:4b:f6:46:5b:42:
         db:0d:45:e3:e6:84:2a:06:2c:8e:12:6d:94:43:c2:c6:9b:2e:
         76:97:4a:a7:0f:98:78:f8:0e:e6:6d:22:45:21:ff:52:1a:2a:
         1d:a4:26:c7:b7:ce:ee:3e:8f:9a:de:1c:9d:51:c6:c1:af:5c:
         50:4d:b5:45:b3:d1:41:82:78:f5:ac:0a:91:e5:96:20:9f:47:
         2f:4e:41:31:de:75:a9:59:a2:33:e8:e1:0f:7c:4a:46:dd:d5:
         5f:d5:5a:f0:12:d2:ae:a9:ce:8d:52:b2:1a:bb:dc:92:7b:39:
         0d:df:65:52:26:d8:3e:b2:9a:99:37:0f:92:99:99:0a:49:a5:
         0e:f7:86:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3O3QZdvliyFKwm9LlT6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjQwMTAxMTYzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDMzYjkxMzc5Y2EwOWM1ZDY4ZWVjZjZlMWE2NzE3MWEwZDg1ZWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8EE1Dr34ODnfC8mIGbBPW8Uz03CL
QhrzKRQupz6nQqug2jaSBsFsVhHfgtFkBEqxgwpsmDi64TXKmnmxQ6HRM1kb0rsV
JE1srXQ2xmaugmr7dwlNzIgMNQ7GzxX+JLk9E2HuWmN4zuJyUgNixKEQIW2uCZ5k
edVmpl/alfv0a30qYv+SjqHiEIXOBdStAdJ+jhRIlirZte6qsqIRrIItFu3Ha/Qu
xZfIHgO8e4PsON2ByO0dQ0OvmjFpgAfsY6ZyjckSxlegC++LRyy+j4hiYPikSOSJ
GRb266cC7gg9Fjafa2gjUePgL1MWVvzCG9hQo/Aiw+siV5E4LG2k+sLksQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAzuRN5ygnF1o7s9uGmcXGg2F7UMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEva0RPNUUzbktDY1hXanV6MjRhWnhjYURZWHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1fCUMA0G
CSqGSIb3DQEBCwUAA4IBAQCM+F3tJRVB9pFTVBL5/On3Z3BM/Izimnu2UUmIVxLH
Cpzo3E9WOuehAhAAwo/vSzYX8aL5lQGt9/Mm6MBpq3cf8u1C7sjNGfE4+lO/W5fd
OnxGgNSML2d35EhIC3BIy5AC8lbABCgtZYlXyHi2lREYHKDi2na2UUxoS/ZGW0Lb
DUXj5oQqBiyOEm2UQ8LGmy52l0qnD5h4+A7mbSJFIf9SGiodpCbHt87uPo+a3hyd
UcbBr1xQTbVFs9FBgnj1rAqR5ZYgn0cvTkEx3nWpWaIz6OEPfEpG3dVf1VrwEtKu
qc6NUrIau9ySezkN32VSJtg+spqZNw+SmZkKSaUO94YO
-----END CERTIFICATE-----