Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/47e909-7744-4db3-b691-a7b9c7115c1e/1/3OFqB22SQbu8hbA6h_SbN-8VdE4.roa
File:                     3OFqB22SQbu8hbA6h_SbN-8VdE4.roa (raw, json)
Hash identifier:          wa7d1uX4axouVCqI1Vy2jrvGNKka8gXWrFvK5JxPSYs=
Subject key identifier:   DC:E1:6A:07:6D:92:41:BB:BC:85:B0:3A:87:F4:9B:37:EF:15:74:4E
Certificate issuer:       /CN=00ccfa2c166f86c3cd01c6ebae193745e1eb0f29
Certificate serial:       018DD147D5839B54D522126A58A7178BAD6B
Authority key identifier: 00:CC:FA:2C:16:6F:86:C3:CD:01:C6:EB:AE:19:37:45:E1:EB:0F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AMz6LBZvhsPNAcbrrhk3ReHrDyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/47e909-7744-4db3-b691-a7b9c7115c1e/1/3OFqB22SQbu8hbA6h_SbN-8VdE4.roa
Signing time:             Thu 22 Feb 2024 14:46:02 +0000
ROA not before:           Thu 22 Feb 2024 14:46:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60458
IP address blocks:        195.60.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/47e909-7744-4db3-b691-a7b9c7115c1e/1/AMz6LBZvhsPNAcbrrhk3ReHrDyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/47e909-7744-4db3-b691-a7b9c7115c1e/1/AMz6LBZvhsPNAcbrrhk3ReHrDyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AMz6LBZvhsPNAcbrrhk3ReHrDyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:47:d5:83:9b:54:d5:22:12:6a:58:a7:17:8b:ad:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00ccfa2c166f86c3cd01c6ebae193745e1eb0f29
        Validity
            Not Before: Feb 22 14:46:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dce16a076d9241bbbc85b03a87f49b37ef15744e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c5:52:21:72:6c:dd:9e:a6:77:4a:40:22:95:
                    c5:fb:9c:05:6f:56:65:f5:2a:2d:82:03:5d:3f:36:
                    4c:a0:d3:44:54:d0:4b:f8:b1:35:16:63:3a:b5:ff:
                    a0:29:f6:0e:c3:0d:69:bd:bd:24:c4:ef:e1:7b:12:
                    ae:0b:13:f1:76:7d:72:a4:59:40:c6:8d:ab:17:49:
                    4f:bd:07:11:7f:70:64:6d:ce:0f:e1:34:0b:3a:37:
                    74:59:b7:8c:a9:f1:2b:44:1c:76:1e:0d:57:c4:44:
                    e1:94:12:90:7b:44:c6:65:7a:b7:17:fe:1f:a0:a8:
                    32:06:85:94:8a:e2:21:bd:28:50:12:39:a1:5c:d1:
                    fa:e2:0d:39:90:d9:55:d5:f3:b3:e9:ad:65:23:b9:
                    15:0c:b1:15:bb:8b:c3:73:70:f8:12:54:f4:28:45:
                    06:d4:e3:ba:e9:2a:7c:93:5e:02:86:7e:db:94:df:
                    61:31:d3:25:a2:86:e6:e2:44:6a:27:6e:b0:fb:db:
                    a0:6a:e6:d1:e8:bf:0d:93:27:8e:78:25:21:0b:a3:
                    3f:a6:3e:e3:4b:22:b6:1e:72:60:a2:0d:ce:2a:89:
                    f8:86:d5:58:a3:f5:25:50:42:14:8c:cf:39:64:74:
                    cc:c7:41:77:ed:2b:57:b9:e5:d6:2c:3e:5d:62:b8:
                    b2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E1:6A:07:6D:92:41:BB:BC:85:B0:3A:87:F4:9B:37:EF:15:74:4E
            X509v3 Authority Key Identifier:
                keyid:00:CC:FA:2C:16:6F:86:C3:CD:01:C6:EB:AE:19:37:45:E1:EB:0F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AMz6LBZvhsPNAcbrrhk3ReHrDyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/47e909-7744-4db3-b691-a7b9c7115c1e/1/3OFqB22SQbu8hbA6h_SbN-8VdE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/47e909-7744-4db3-b691-a7b9c7115c1e/1/AMz6LBZvhsPNAcbrrhk3ReHrDyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:d1:c4:34:78:87:ec:94:f6:74:2f:e3:07:d0:69:fa:9a:b2:
         d0:68:41:40:3a:a9:1c:26:c0:07:e7:48:8f:06:0c:2d:b2:4f:
         e3:9a:17:e8:aa:db:40:98:4d:da:04:a2:99:9c:74:df:2c:f7:
         ba:94:5c:6e:09:ed:0b:ce:08:c3:f8:33:bd:f0:62:77:c1:7f:
         aa:55:33:48:88:cb:14:56:a9:ca:87:24:1a:26:13:a0:ce:dd:
         9c:96:23:3a:14:01:0d:27:27:4f:24:a9:cb:e3:c7:f4:b8:21:
         9d:6a:bc:c9:f5:95:24:69:c7:c7:d2:37:63:d3:a5:2a:ed:b7:
         e3:1e:ae:05:1e:15:87:d4:3b:fe:ad:88:67:e4:fd:a4:10:6f:
         d6:a5:cd:31:0d:5d:0d:fc:9c:bc:2c:91:df:95:42:22:0c:bb:
         54:29:73:13:72:9c:fb:a2:41:42:9b:19:64:e8:6a:56:28:fb:
         e5:a2:ea:31:fb:92:87:d6:66:e6:d5:99:18:a4:f8:01:ed:63:
         67:87:8b:09:2a:b2:ec:86:82:79:8b:9c:27:38:e8:d7:de:b3:
         05:e1:b5:87:a1:a8:a0:60:d4:a1:9c:c1:7e:2c:fb:69:a1:24:
         4a:05:77:83:a6:51:19:1d:e8:2e:b6:24:c2:1e:dc:a3:d9:2b:
         fb:34:59:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3RR9WDm1TVIhJqWKcXi61rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwY2NmYTJjMTY2Zjg2YzNjZDAxYzZlYmFlMTkzNzQ1ZTFl
YjBmMjkwHhcNMjQwMjIyMTQ0NjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2UxNmEwNzZkOTI0MWJiYmM4NWIwM2E4N2Y0OWIzN2VmMTU3NDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8VSIXJs3Z6md0pAIpXF+5wFb1Zl
9SotggNdPzZMoNNEVNBL+LE1FmM6tf+gKfYOww1pvb0kxO/hexKuCxPxdn1ypFlA
xo2rF0lPvQcRf3Bkbc4P4TQLOjd0WbeMqfErRBx2Hg1XxEThlBKQe0TGZXq3F/4f
oKgyBoWUiuIhvShQEjmhXNH64g05kNlV1fOz6a1lI7kVDLEVu4vDc3D4ElT0KEUG
1OO66Sp8k14Chn7blN9hMdMloobm4kRqJ26w+9ugaubR6L8NkyeOeCUhC6M/pj7j
SyK2HnJgog3OKon4htVYo/UlUEIUjM85ZHTMx0F37StXueXWLD5dYriyRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzhagdtkkG7vIWwOof0mzfvFXROMB8GA1UdIwQY
MBaAFADM+iwWb4bDzQHG664ZN0Xh6w8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU16NkxCWnZoc1BOQWNicnJoazNSZUhyRHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi80N2U5MDktNzc0NC00ZGIzLWI2OTEt
YTdiOWM3MTE1YzFlLzEvM09GcUIyMlNRYnU4aGJBNmhfU2JOLThWZEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi80N2U5MDktNzc0NC00ZGIzLWI2OTEtYTdiOWM3MTE1YzFl
LzEvQU16NkxCWnZoc1BOQWNicnJoazNSZUhyRHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzzvMA0G
CSqGSIb3DQEBCwUAA4IBAQCt0cQ0eIfslPZ0L+MH0Gn6mrLQaEFAOqkcJsAH50iP
Bgwtsk/jmhfoqttAmE3aBKKZnHTfLPe6lFxuCe0LzgjD+DO98GJ3wX+qVTNIiMsU
VqnKhyQaJhOgzt2cliM6FAENJydPJKnL48f0uCGdarzJ9ZUkacfH0jdj06Uq7bfj
Hq4FHhWH1Dv+rYhn5P2kEG/Wpc0xDV0N/Jy8LJHflUIiDLtUKXMTcpz7okFCmxlk
6GpWKPvlouox+5KH1mbm1ZkYpPgB7WNnh4sJKrLshoJ5i5wnOOjX3rMF4bWHoaig
YNShnMF+LPtpoSRKBXeDplEZHegutiTCHtyj2Sv7NFki
-----END CERTIFICATE-----