Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/8ffa79-7528-4fca-9cdf-69bb282cf5ae/1/RpPxeZG4Dy0eYZVwHGuGB8sv8Tg.roa
File:                     RpPxeZG4Dy0eYZVwHGuGB8sv8Tg.roa (raw, json)
Hash identifier:          ByBHY1bFaTqHPUOwIEH4nS+Hxo/UOGXt+572yeCSbNs=
Subject key identifier:   46:93:F1:79:91:B8:0F:2D:1E:61:95:70:1C:6B:86:07:CB:2F:F1:38
Certificate issuer:       /CN=48113c916a59da4d43b8efa7739ad1167ace59fd
Certificate serial:       018CC56DF5451FE6C22803DF1D1C8E16DEB0
Authority key identifier: 48:11:3C:91:6A:59:DA:4D:43:B8:EF:A7:73:9A:D1:16:7A:CE:59:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SBE8kWpZ2k1DuO-nc5rRFnrOWf0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/8ffa79-7528-4fca-9cdf-69bb282cf5ae/1/RpPxeZG4Dy0eYZVwHGuGB8sv8Tg.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42487
IP address blocks:        212.102.121.0/24 maxlen: 24
                          2a0f:c540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/8ffa79-7528-4fca-9cdf-69bb282cf5ae/1/SBE8kWpZ2k1DuO-nc5rRFnrOWf0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/8ffa79-7528-4fca-9cdf-69bb282cf5ae/1/SBE8kWpZ2k1DuO-nc5rRFnrOWf0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SBE8kWpZ2k1DuO-nc5rRFnrOWf0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f5:45:1f:e6:c2:28:03:df:1d:1c:8e:16:de:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48113c916a59da4d43b8efa7739ad1167ace59fd
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4693f17991b80f2d1e6195701c6b8607cb2ff138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:22:03:42:67:35:98:a3:fa:24:91:62:7d:78:
                    b0:ab:e7:ed:8e:1b:6f:e8:f6:e6:fa:6d:31:0e:02:
                    e8:0e:01:6d:89:4d:c7:9a:09:6f:38:f7:08:dc:87:
                    f9:78:28:34:c0:47:87:00:ca:4f:81:cb:80:55:dc:
                    3c:03:dc:d5:28:cd:18:8f:78:de:43:b0:4a:11:e3:
                    db:60:2f:b9:61:db:65:96:81:a7:30:6e:74:3d:05:
                    6d:c0:a1:8d:ec:bf:0a:07:e1:c5:ca:8c:3c:6a:6a:
                    ec:fc:bd:1d:1c:7d:f8:50:19:ca:2c:c7:8a:00:32:
                    06:e7:16:9c:e6:af:26:57:9e:b3:ca:32:c4:0b:c0:
                    39:0e:5a:77:a8:f6:0c:90:70:1a:e7:4c:1a:0f:4a:
                    68:58:2d:c7:41:bc:dc:3b:77:99:1c:58:9f:d2:9d:
                    4e:6c:34:a8:65:58:40:80:80:af:77:02:48:a1:6c:
                    b3:9c:6d:55:4a:4d:e7:ca:56:f3:9e:ce:d2:5b:e3:
                    3f:fb:22:68:9c:00:9c:f7:b5:74:24:3b:4c:66:fe:
                    f6:89:4f:39:c8:bc:9b:da:1c:7d:71:74:96:8f:49:
                    91:a1:e0:02:ea:72:f6:43:4d:31:e1:59:b3:b2:51:
                    91:33:7e:db:b2:0e:ec:ff:ce:7f:dc:fc:d9:c8:e7:
                    73:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:93:F1:79:91:B8:0F:2D:1E:61:95:70:1C:6B:86:07:CB:2F:F1:38
            X509v3 Authority Key Identifier:
                keyid:48:11:3C:91:6A:59:DA:4D:43:B8:EF:A7:73:9A:D1:16:7A:CE:59:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SBE8kWpZ2k1DuO-nc5rRFnrOWf0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/8ffa79-7528-4fca-9cdf-69bb282cf5ae/1/RpPxeZG4Dy0eYZVwHGuGB8sv8Tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/8ffa79-7528-4fca-9cdf-69bb282cf5ae/1/SBE8kWpZ2k1DuO-nc5rRFnrOWf0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.121.0/24
                IPv6:
                  2a0f:c540::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:f4:f3:c9:d7:42:12:2a:b2:db:1c:20:ac:59:a7:1c:b6:a4:
         6f:f3:a1:b2:46:79:68:a1:97:4f:60:dd:da:1b:a7:f1:11:78:
         0d:46:6c:0a:d1:a6:79:dd:3e:84:ca:05:a1:64:da:52:1d:dd:
         fb:8b:0c:e7:42:b6:81:38:78:4c:d4:06:51:ec:db:25:72:4b:
         d4:c2:05:df:7a:70:fe:d7:72:ec:c8:9b:b0:ef:04:bd:43:8b:
         70:e3:8e:27:0b:77:bc:86:26:23:1d:c3:93:e2:56:60:80:2b:
         33:34:32:2c:88:e3:6a:d6:ed:18:d5:80:83:d5:ab:64:4d:e9:
         1c:9c:f0:db:b3:40:54:b5:e8:3b:93:3e:41:58:0a:cc:14:16:
         4e:06:67:5f:e4:9e:ff:2d:57:44:af:76:f6:1d:62:84:d4:2d:
         6e:55:72:a8:5c:63:34:b1:ff:a9:3b:c4:13:e7:73:36:54:6d:
         2a:ed:13:85:e1:f1:75:7c:be:75:02:54:dc:7e:ba:25:c3:f0:
         18:00:0a:10:86:bc:9c:e9:5f:ef:15:1e:48:86:a7:95:7f:ae:
         df:13:f1:d0:c0:b9:8f:02:69:41:f5:26:33:23:38:0c:57:96:
         1e:e4:8a:96:0a:8b:4d:c2:8a:f5:61:44:1e:d8:2c:21:4c:bd:
         64:21:89:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbfVFH+bCKAPfHRyOFt6wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MTEzYzkxNmE1OWRhNGQ0M2I4ZWZhNzczOWFkMTE2N2Fj
ZTU5ZmQwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjkzZjE3OTkxYjgwZjJkMWU2MTk1NzAxYzZiODYwN2NiMmZmMTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCIDQmc1mKP6JJFifXiwq+ftjhtv
6Pbm+m0xDgLoDgFtiU3HmglvOPcI3If5eCg0wEeHAMpPgcuAVdw8A9zVKM0Yj3je
Q7BKEePbYC+5YdtlloGnMG50PQVtwKGN7L8KB+HFyow8amrs/L0dHH34UBnKLMeK
ADIG5xac5q8mV56zyjLEC8A5Dlp3qPYMkHAa50waD0poWC3HQbzcO3eZHFif0p1O
bDSoZVhAgICvdwJIoWyznG1VSk3nylbzns7SW+M/+yJonACc97V0JDtMZv72iU85
yLyb2hx9cXSWj0mRoeAC6nL2Q00x4VmzslGRM37bsg7s/85/3PzZyOdzRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEaT8XmRuA8tHmGVcBxrhgfLL/E4MB8GA1UdIwQY
MBaAFEgRPJFqWdpNQ7jvp3Oa0RZ6zln9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0JFOGtXcFoyazFEdU8tbmM1clJGbnJPV2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi84ZmZhNzktNzUyOC00ZmNhLTljZGYt
NjliYjI4MmNmNWFlLzEvUnBQeGVaRzREeTBlWVpWd0hHdUdCOHN2OFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi84ZmZhNzktNzUyOC00ZmNhLTljZGYtNjliYjI4MmNmNWFl
LzEvU0JFOGtXcFoyazFEdU8tbmM1clJGbnJPV2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1GZ5MA0E
AgACMAcDBQMqD8VAMA0GCSqGSIb3DQEBCwUAA4IBAQAl9PPJ10ISKrLbHCCsWacc
tqRv86GyRnlooZdPYN3aG6fxEXgNRmwK0aZ53T6EygWhZNpSHd37iwznQraBOHhM
1AZR7NslckvUwgXfenD+13LsyJuw7wS9Q4tw444nC3e8hiYjHcOT4lZggCszNDIs
iONq1u0Y1YCD1atkTekcnPDbs0BUteg7kz5BWArMFBZOBmdf5J7/LVdEr3b2HWKE
1C1uVXKoXGM0sf+pO8QT53M2VG0q7ROF4fF1fL51AlTcfrolw/AYAAoQhryc6V/v
FR5IhqeVf67fE/HQwLmPAmlB9SYzIzgMV5Ye5IqWCotNwor1YUQe2CwhTL1kIYmL
-----END CERTIFICATE-----