Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/TctpdesbX2uOObg9JVqqlpWNtOA.roa
File:                     TctpdesbX2uOObg9JVqqlpWNtOA.roa (raw, json)
Hash identifier:          cWsnzhfY96qGytqfIezcys61uAdjDuqgAAmbGQohjv8=
Subject key identifier:   4D:CB:69:75:EB:1B:5F:6B:8E:39:B8:3D:25:5A:AA:96:95:8D:B4:E0
Certificate issuer:       /CN=abbad3de831da94222c1add104caf4c3247689ac
Certificate serial:       018CC94E449A83FEE0A91B255A7044DC3148
Authority key identifier: AB:BA:D3:DE:83:1D:A9:42:22:C1:AD:D1:04:CA:F4:C3:24:76:89:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/TctpdesbX2uOObg9JVqqlpWNtOA.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12548
IP address blocks:        212.68.160.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/q7rT3oMdqUIiwa3RBMr0wyR2iaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/q7rT3oMdqUIiwa3RBMr0wyR2iaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:44:9a:83:fe:e0:a9:1b:25:5a:70:44:dc:31:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abbad3de831da94222c1add104caf4c3247689ac
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dcb6975eb1b5f6b8e39b83d255aaa96958db4e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:42:ea:cc:d7:d1:bf:bc:a8:49:03:2c:7f:61:
                    47:ee:7e:34:ce:05:e6:df:ed:64:09:10:05:21:30:
                    ff:f9:48:32:e6:b1:58:93:34:3d:d3:19:59:76:78:
                    a8:56:a5:84:d7:e6:27:a5:0e:4e:3f:c6:52:4e:09:
                    4a:85:d9:13:98:fb:0a:78:97:8f:cc:7c:e5:54:ff:
                    80:15:63:c9:15:1c:94:10:6c:00:b4:c1:a9:cf:25:
                    e8:6a:2c:12:2e:50:03:e2:5f:c3:88:dc:3b:16:58:
                    4c:f1:d1:1f:85:0c:ba:3e:1d:c1:5e:12:20:b6:ed:
                    ca:d5:ed:d2:f6:25:b9:d3:f4:02:2c:4c:af:e8:95:
                    b4:7c:ef:d9:eb:4b:06:35:7f:0f:f1:02:0e:06:d4:
                    87:cc:82:4c:69:83:29:20:8d:d4:85:0e:3c:77:1e:
                    38:75:d2:37:30:b8:d8:69:d2:cb:fd:51:70:5a:77:
                    36:aa:24:b5:94:6b:ba:b2:e0:59:de:50:ec:ef:97:
                    49:a9:38:61:a3:fd:44:67:2c:da:d6:bf:4b:b8:1a:
                    cd:aa:ab:ea:7e:6a:85:09:67:dc:0f:87:94:27:eb:
                    e7:7c:85:8a:c0:df:70:36:a0:28:97:26:d9:be:22:
                    65:27:85:f2:35:44:36:98:a7:30:ec:9d:03:b8:f2:
                    c2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:CB:69:75:EB:1B:5F:6B:8E:39:B8:3D:25:5A:AA:96:95:8D:B4:E0
            X509v3 Authority Key Identifier:
                keyid:AB:BA:D3:DE:83:1D:A9:42:22:C1:AD:D1:04:CA:F4:C3:24:76:89:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/TctpdesbX2uOObg9JVqqlpWNtOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/q7rT3oMdqUIiwa3RBMr0wyR2iaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.68.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:8b:d5:85:0c:b8:72:93:2c:7c:31:6a:79:79:0c:b3:86:e4:
         3e:bd:5e:85:e1:56:c5:48:bb:83:4b:c1:81:62:27:81:55:f9:
         94:e7:7c:32:cb:ef:8a:f6:34:38:17:f3:20:47:8d:90:d2:f4:
         a2:34:7f:5e:bc:61:a6:b4:a9:f0:ef:4a:e5:81:5b:01:86:d6:
         94:39:20:54:f9:a5:5f:52:f9:f8:47:37:12:cb:a4:10:19:40:
         68:ee:30:e7:55:d9:17:d5:c7:6d:66:57:87:a6:6b:d0:1e:57:
         5d:36:85:9e:d2:ab:68:be:68:6c:87:b3:27:8b:c2:20:80:0b:
         11:74:b2:97:b5:49:cc:6e:52:d8:9e:a1:f4:a6:ca:c2:37:e0:
         d1:20:22:97:a5:fc:a9:e4:0a:83:95:0b:15:88:b0:dc:c6:bd:
         60:43:19:3b:13:aa:d0:26:6e:85:f3:64:3a:36:a8:01:57:e0:
         1b:7c:7c:27:9c:0a:0b:1f:ec:58:92:10:d0:32:d6:ca:9d:50:
         9f:28:4c:76:63:e2:41:c1:1c:99:40:1c:20:1a:f4:1e:0a:60:
         42:d7:28:66:16:45:70:b6:dc:e3:4b:7b:95:95:da:7d:61:73:
         23:ec:2e:90:25:d2:1d:20:ea:96:f8:97:cb:7f:6a:09:ec:4a:
         48:5e:e3:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkSag/7gqRslWnBE3DFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYmFkM2RlODMxZGE5NDIyMmMxYWRkMTA0Y2FmNGMzMjQ3
Njg5YWMwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGNiNjk3NWViMWI1ZjZiOGUzOWI4M2QyNTVhYWE5Njk1OGRiNGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmULqzNfRv7yoSQMsf2FH7n40zgXm
3+1kCRAFITD/+Ugy5rFYkzQ90xlZdnioVqWE1+YnpQ5OP8ZSTglKhdkTmPsKeJeP
zHzlVP+AFWPJFRyUEGwAtMGpzyXoaiwSLlAD4l/DiNw7FlhM8dEfhQy6Ph3BXhIg
tu3K1e3S9iW50/QCLEyv6JW0fO/Z60sGNX8P8QIOBtSHzIJMaYMpII3UhQ48dx44
ddI3MLjYadLL/VFwWnc2qiS1lGu6suBZ3lDs75dJqThho/1EZyza1r9LuBrNqqvq
fmqFCWfcD4eUJ+vnfIWKwN9wNqAolybZviJlJ4XyNUQ2mKcw7J0DuPLCNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3LaXXrG19rjjm4PSVaqpaVjbTgMB8GA1UdIwQY
MBaAFKu6096DHalCIsGt0QTK9MMkdomsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTdyVDNvTWRxVUlpd2EzUkJNcjB3eVIyaWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZTgxNDktZDUzYy00OTkyLWJkMDct
NTVjNDM0ZWVjOTZjLzEvVGN0cGRlc2JYMnVPT2JnOUpWcXFscFdOdE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZTgxNDktZDUzYy00OTkyLWJkMDctNTVjNDM0ZWVjOTZj
LzEvcTdyVDNvTWRxVUlpd2EzUkJNcjB3eVIyaWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ESgMA0G
CSqGSIb3DQEBCwUAA4IBAQCfi9WFDLhykyx8MWp5eQyzhuQ+vV6F4VbFSLuDS8GB
YieBVfmU53wyy++K9jQ4F/MgR42Q0vSiNH9evGGmtKnw70rlgVsBhtaUOSBU+aVf
Uvn4RzcSy6QQGUBo7jDnVdkX1cdtZleHpmvQHlddNoWe0qtovmhsh7Mni8IggAsR
dLKXtUnMblLYnqH0psrCN+DRICKXpfyp5AqDlQsViLDcxr1gQxk7E6rQJm6F82Q6
NqgBV+AbfHwnnAoLH+xYkhDQMtbKnVCfKEx2Y+JBwRyZQBwgGvQeCmBC1yhmFkVw
ttzjS3uVldp9YXMj7C6QJdIdIOqW+JfLf2oJ7EpIXuO3
-----END CERTIFICATE-----