Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/OhLdWV2YUIEA-MwY8QPMobtFKaU.roa
File:                     OhLdWV2YUIEA-MwY8QPMobtFKaU.roa (raw, json)
Hash identifier:          0kFsKqDgZz+B/lkUljRBofCZ3k3KslXNNtKW4Y7RObs=
Subject key identifier:   3A:12:DD:59:5D:98:50:81:00:F8:CC:18:F1:03:CC:A1:BB:45:29:A5
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       018D9C2A9F3FA246D2B793635788BC7851BE
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/OhLdWV2YUIEA-MwY8QPMobtFKaU.roa
Signing time:             Mon 12 Feb 2024 07:14:15 +0000
ROA not before:           Mon 12 Feb 2024 07:14:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63801
IP address blocks:        213.145.88.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9c:2a:9f:3f:a2:46:d2:b7:93:63:57:88:bc:78:51:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Feb 12 07:14:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a12dd595d98508100f8cc18f103cca1bb4529a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:81:55:ee:62:e0:ec:bb:a6:35:2d:83:37:1e:
                    61:2b:b2:33:e2:cb:1c:27:d5:6f:83:d0:a6:13:06:
                    97:c0:50:c8:28:53:2d:2d:78:72:e7:5b:47:68:69:
                    f3:7e:dd:b2:1a:70:c7:5c:e6:d9:27:e1:7a:c3:fa:
                    4b:6b:d5:5b:b8:2a:3e:e9:75:48:c0:7b:6c:a8:8b:
                    c1:80:42:09:6f:ca:b6:0e:75:fa:9c:8a:46:3a:f4:
                    f6:f2:6e:ee:16:32:31:69:a5:82:06:39:0a:ba:f1:
                    9a:91:65:7b:07:66:e0:11:46:09:02:03:5c:41:07:
                    42:7d:f0:7c:b6:af:7b:b2:e0:fe:bf:2e:ff:38:96:
                    76:b8:e7:ab:6f:d7:0d:34:b4:9f:ed:00:85:23:0d:
                    e5:e0:99:4e:3f:aa:cc:9b:6e:0f:a4:6c:5c:f5:de:
                    61:36:3b:00:44:08:38:9d:1b:17:89:9a:3d:66:f5:
                    6a:ee:05:37:f8:e5:e8:77:3d:ad:e2:e1:04:37:9e:
                    20:48:bf:c8:95:30:eb:97:3e:f0:ff:89:2f:7b:40:
                    29:ea:9f:42:ec:bf:f0:18:11:0e:0f:d0:61:fa:57:
                    57:77:01:17:13:7d:01:81:d1:8d:12:42:b5:0a:f4:
                    3e:b4:96:8c:0d:b4:06:9b:45:43:1d:6d:4e:82:b4:
                    71:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:12:DD:59:5D:98:50:81:00:F8:CC:18:F1:03:CC:A1:BB:45:29:A5
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/OhLdWV2YUIEA-MwY8QPMobtFKaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:8e:e4:3e:f3:f9:f6:35:dc:9f:a4:83:c5:2a:22:57:ca:7a:
         d4:29:ac:95:a5:35:e7:9c:59:6d:d9:0f:f2:bf:c6:40:87:46:
         8c:48:ae:90:8a:77:15:7b:48:19:1b:97:c7:8b:01:cc:f6:f9:
         dd:f9:2b:0a:e9:2a:51:a7:b4:34:8a:14:50:fc:87:10:9b:dd:
         18:01:a4:e4:e2:91:c1:0a:04:2c:b6:47:f8:3a:02:04:01:1e:
         e6:4d:6c:32:f3:63:e9:bb:d9:e8:06:96:db:9b:8b:f6:33:97:
         e9:69:96:b1:a8:d4:e9:19:1c:28:96:21:14:c2:57:0b:ec:bc:
         77:de:8e:5e:19:f5:de:68:c8:17:09:8d:8c:55:04:f4:78:9a:
         04:67:74:51:ab:38:ff:11:b2:9b:20:2c:09:4f:ad:ce:c3:19:
         3e:ff:10:76:e0:5e:7a:e4:58:16:c2:a0:e8:ba:a4:87:c5:b7:
         da:5a:aa:95:bc:29:98:1d:9c:26:a9:42:6f:1a:95:95:6e:32:
         75:09:35:9a:f5:d2:98:18:7e:54:15:95:6b:2a:2e:01:76:9f:
         e2:ce:29:b6:59:32:7c:34:03:5d:3e:96:a9:c1:3b:70:61:1f:
         b7:c5:14:c7:e6:30:a2:c2:3b:c5:4c:cb:bd:15:71:05:68:ef:
         e6:d1:e8:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2cKp8/okbSt5NjV4i8eFG+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQwMjEyMDcxNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTEyZGQ1OTVkOTg1MDgxMDBmOGNjMThmMTAzY2NhMWJiNDUyOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7oFV7mLg7LumNS2DNx5hK7Iz4ssc
J9Vvg9CmEwaXwFDIKFMtLXhy51tHaGnzft2yGnDHXObZJ+F6w/pLa9VbuCo+6XVI
wHtsqIvBgEIJb8q2DnX6nIpGOvT28m7uFjIxaaWCBjkKuvGakWV7B2bgEUYJAgNc
QQdCffB8tq97suD+vy7/OJZ2uOerb9cNNLSf7QCFIw3l4JlOP6rMm24PpGxc9d5h
NjsARAg4nRsXiZo9ZvVq7gU3+OXodz2t4uEEN54gSL/IlTDrlz7w/4kve0Ap6p9C
7L/wGBEOD9Bh+ldXdwEXE30BgdGNEkK1CvQ+tJaMDbQGm0VDHW1OgrRxaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoS3VldmFCBAPjMGPEDzKG7RSmlMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvT2hMZFdWMllVSUVBLU13WThRUE1vYnRGS2FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1ZFYMA0G
CSqGSIb3DQEBCwUAA4IBAQCpjuQ+8/n2NdyfpIPFKiJXynrUKayVpTXnnFlt2Q/y
v8ZAh0aMSK6QincVe0gZG5fHiwHM9vnd+SsK6SpRp7Q0ihRQ/IcQm90YAaTk4pHB
CgQstkf4OgIEAR7mTWwy82Ppu9noBpbbm4v2M5fpaZaxqNTpGRwoliEUwlcL7Lx3
3o5eGfXeaMgXCY2MVQT0eJoEZ3RRqzj/EbKbICwJT63Owxk+/xB24F565FgWwqDo
uqSHxbfaWqqVvCmYHZwmqUJvGpWVbjJ1CTWa9dKYGH5UFZVrKi4Bdp/izim2WTJ8
NANdPpapwTtwYR+3xRTH5jCiwjvFTMu9FXEFaO/m0egW
-----END CERTIFICATE-----