Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Oxx2cFjHHWT0bQqfbIHOfUV9MoU.roa
File:                     Oxx2cFjHHWT0bQqfbIHOfUV9MoU.roa (raw, json)
Hash identifier:          72tg+vw9SMtez9fxG/qgrRkwS+ESClc3NLQzSg4u4D0=
Subject key identifier:   3B:1C:76:70:58:C7:1D:64:F4:6D:0A:9F:6C:81:CE:7D:45:7D:32:85
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018E55CF424BE4434C83E45C538C4A1E35C4
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Oxx2cFjHHWT0bQqfbIHOfUV9MoU.roa
Signing time:             Tue 19 Mar 2024 08:23:49 +0000
ROA not before:           Tue 19 Mar 2024 08:23:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        159.148.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:55:cf:42:4b:e4:43:4c:83:e4:5c:53:8c:4a:1e:35:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Mar 19 08:23:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b1c767058c71d64f46d0a9f6c81ce7d457d3285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6b:8e:62:31:02:e2:6c:4d:de:e1:e8:dc:ed:
                    ed:20:06:3c:ae:22:fb:e5:61:97:d5:52:97:58:f0:
                    c9:5f:14:a2:53:02:b0:04:7f:8a:aa:3f:74:ce:c9:
                    d9:96:a8:b0:e4:00:cc:00:5f:0e:c1:43:fe:76:d5:
                    71:35:c4:27:e5:96:3f:00:67:06:c6:2d:79:35:40:
                    b2:8d:85:a6:9e:73:d4:b8:d2:36:ba:d0:06:55:d6:
                    80:47:a4:f3:09:01:14:f9:94:af:fe:30:a7:94:25:
                    6d:4e:77:85:e7:92:1b:12:84:0a:64:b2:f8:27:4b:
                    eb:d4:98:dc:d7:45:1b:ad:36:68:87:6a:9f:0b:ea:
                    81:ed:6d:07:7f:e2:61:7c:97:07:0a:2d:dd:d0:99:
                    70:72:ba:6e:f8:d2:57:c7:1b:b7:44:44:5a:30:9f:
                    93:f0:10:f7:2a:96:84:1c:81:b1:a4:e8:d3:ba:88:
                    9e:d5:57:34:da:80:c5:96:45:d7:c5:11:0a:23:ad:
                    e0:1a:2f:8e:cc:9b:62:1a:7a:14:3b:01:ce:e1:0d:
                    37:e0:eb:21:b1:e7:90:31:41:38:d5:a6:ed:fe:97:
                    9a:32:2c:1a:c9:fe:15:6d:73:8e:51:bc:ff:bb:07:
                    11:6f:6b:62:3d:14:49:d5:6d:45:45:90:5f:a4:d2:
                    dc:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:1C:76:70:58:C7:1D:64:F4:6D:0A:9F:6C:81:CE:7D:45:7D:32:85
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Oxx2cFjHHWT0bQqfbIHOfUV9MoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:f2:e9:ec:54:87:03:48:bb:b3:52:79:5d:9c:37:74:90:83:
         4a:19:ba:88:a0:b9:2d:fd:7c:6d:80:43:31:9e:ca:09:c2:ae:
         47:02:e5:13:20:a6:28:83:b4:e3:df:6d:4a:3d:fa:12:de:c5:
         99:e5:87:bc:34:3b:15:67:0f:fe:40:fc:3b:9b:62:ce:a4:c9:
         08:4b:7a:29:82:84:1c:a3:69:6c:a1:ef:a0:82:74:a7:7f:e6:
         e3:c5:91:fe:e8:d3:60:e3:14:d4:e1:1d:47:8f:ed:f1:dc:11:
         15:11:f4:7b:c1:c0:28:fe:ad:49:fa:ba:a4:5d:9b:86:0a:2c:
         f1:48:4b:9e:12:16:02:1b:f0:42:15:7b:3a:ad:53:2a:d8:2a:
         e6:54:1b:80:b3:b2:db:c8:4d:11:bc:6c:99:ac:56:e3:8b:77:
         de:f3:e8:99:38:7e:8d:92:91:08:a6:8d:a8:16:fe:8f:ac:fc:
         99:89:30:8e:82:63:03:84:24:38:0e:45:ab:b7:36:10:f8:0a:
         b2:42:76:70:5d:25:5a:91:4f:27:d1:89:20:9b:95:f0:29:dd:
         0a:86:f3:3b:18:1c:16:8d:34:1d:2a:cf:25:74:dc:d3:e0:ba:
         2e:2f:fb:e4:7c:38:f5:5d:ef:2d:c3:dd:d4:04:c1:71:f3:23:
         bc:56:a5:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5Vz0JL5ENMg+RcU4xKHjXEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMzE5MDgyMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjFjNzY3MDU4YzcxZDY0ZjQ2ZDBhOWY2YzgxY2U3ZDQ1N2QzMjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2uOYjEC4mxN3uHo3O3tIAY8riL7
5WGX1VKXWPDJXxSiUwKwBH+Kqj90zsnZlqiw5ADMAF8OwUP+dtVxNcQn5ZY/AGcG
xi15NUCyjYWmnnPUuNI2utAGVdaAR6TzCQEU+ZSv/jCnlCVtTneF55IbEoQKZLL4
J0vr1Jjc10UbrTZoh2qfC+qB7W0Hf+JhfJcHCi3d0Jlwcrpu+NJXxxu3RERaMJ+T
8BD3KpaEHIGxpOjTuoie1Vc02oDFlkXXxREKI63gGi+OzJtiGnoUOwHO4Q034Osh
seeQMUE41abt/peaMiwayf4VbXOOUbz/uwcRb2tiPRRJ1W1FRZBfpNLcaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDscdnBYxx1k9G0Kn2yBzn1FfTKFMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvT3h4MmNGakhIV1QwYlFxZmJJSE9mVVY5TW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5Q6MA0G
CSqGSIb3DQEBCwUAA4IBAQCh8unsVIcDSLuzUnldnDd0kINKGbqIoLkt/XxtgEMx
nsoJwq5HAuUTIKYog7Tj321KPfoS3sWZ5Ye8NDsVZw/+QPw7m2LOpMkIS3opgoQc
o2lsoe+ggnSnf+bjxZH+6NNg4xTU4R1Hj+3x3BEVEfR7wcAo/q1J+rqkXZuGCizx
SEueEhYCG/BCFXs6rVMq2CrmVBuAs7LbyE0RvGyZrFbji3fe8+iZOH6NkpEIpo2o
Fv6PrPyZiTCOgmMDhCQ4DkWrtzYQ+AqyQnZwXSVakU8n0Ykgm5XwKd0KhvM7GBwW
jTQdKs8ldNzT4LouL/vkfDj1Xe8tw93UBMFx8yO8VqVH
-----END CERTIFICATE-----