Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/bea3d0-d33e-44bc-8296-94e4c9fd718a/1/Ox1wIAMaN_OXwH6rTid10222kZY.roa
File:                     Ox1wIAMaN_OXwH6rTid10222kZY.roa (raw, json)
Hash identifier:          M07ikvRsyHNJNNRIKTUa/LMiwQ2cnWzJxDfVg6SspNU=
Subject key identifier:   3B:1D:70:20:03:1A:37:F3:97:C0:7E:AB:4E:27:75:D3:6D:B6:91:96
Certificate issuer:       /CN=e760b00fb0cc595fe542d6226e3f0a3e5165f1cc
Certificate serial:       018D880CC80762502AC3B34A77B54B85202D
Authority key identifier: E7:60:B0:0F:B0:CC:59:5F:E5:42:D6:22:6E:3F:0A:3E:51:65:F1:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52CwD7DMWV_lQtYibj8KPlFl8cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/bea3d0-d33e-44bc-8296-94e4c9fd718a/1/Ox1wIAMaN_OXwH6rTid10222kZY.roa
Signing time:             Thu 08 Feb 2024 09:29:15 +0000
ROA not before:           Thu 08 Feb 2024 09:29:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41098
IP address blocks:        178.212.8.0/21 maxlen: 21
                          195.114.2.0/23 maxlen: 23
                          195.114.2.0/24 maxlen: 24
                          195.114.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/bea3d0-d33e-44bc-8296-94e4c9fd718a/1/52CwD7DMWV_lQtYibj8KPlFl8cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/bea3d0-d33e-44bc-8296-94e4c9fd718a/1/52CwD7DMWV_lQtYibj8KPlFl8cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52CwD7DMWV_lQtYibj8KPlFl8cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:0c:c8:07:62:50:2a:c3:b3:4a:77:b5:4b:85:20:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760b00fb0cc595fe542d6226e3f0a3e5165f1cc
        Validity
            Not Before: Feb  8 09:29:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b1d7020031a37f397c07eab4e2775d36db69196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:09:c4:36:5d:54:2f:a9:6d:c3:e1:7e:72:c3:
                    23:45:6f:ac:6c:44:a6:a7:50:15:aa:3e:a4:67:b0:
                    b5:72:83:d6:a4:30:ac:8d:b7:3a:4c:1e:8c:a2:ac:
                    2e:1e:ce:18:b7:d4:26:5f:49:28:a5:78:2c:a3:74:
                    81:8d:d1:02:8c:e0:5b:ae:f9:18:2a:2d:a7:2d:f3:
                    b8:39:48:89:44:7e:ff:3e:28:50:22:70:7a:da:76:
                    72:f2:29:4d:12:92:20:6c:86:c9:8e:0e:7f:c9:85:
                    91:25:39:43:f8:27:63:0f:33:24:c2:e5:f1:24:8c:
                    68:1d:c9:05:5a:49:52:3c:28:d6:28:56:cf:9a:b7:
                    a7:33:25:5b:05:59:43:86:d6:08:0f:5d:db:c7:14:
                    ec:f8:4b:25:16:33:4e:44:7a:a6:da:e8:2c:c7:99:
                    18:5d:42:a0:f6:3f:45:8a:3b:ea:48:07:70:e0:1d:
                    22:7b:21:b2:ec:53:15:0b:7c:eb:4b:c1:f7:d1:31:
                    c4:44:d8:f4:dc:59:ed:ad:0d:75:e0:b0:55:81:ff:
                    b1:f6:d6:32:25:93:e0:cd:96:32:12:cb:84:5b:fc:
                    44:62:37:37:0b:12:9f:c7:23:ff:a7:36:f8:0a:03:
                    f7:e3:5e:57:17:d8:19:51:3f:11:ca:a6:97:80:b0:
                    45:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:1D:70:20:03:1A:37:F3:97:C0:7E:AB:4E:27:75:D3:6D:B6:91:96
            X509v3 Authority Key Identifier:
                keyid:E7:60:B0:0F:B0:CC:59:5F:E5:42:D6:22:6E:3F:0A:3E:51:65:F1:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52CwD7DMWV_lQtYibj8KPlFl8cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/bea3d0-d33e-44bc-8296-94e4c9fd718a/1/Ox1wIAMaN_OXwH6rTid10222kZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/bea3d0-d33e-44bc-8296-94e4c9fd718a/1/52CwD7DMWV_lQtYibj8KPlFl8cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.8.0/21
                  195.114.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:7e:2a:c8:bc:4f:d0:a9:fc:d9:d2:7b:3a:ce:28:c0:d6:f7:
         97:74:c8:3c:81:f6:a2:8d:15:f3:a7:d6:24:f6:d4:10:06:65:
         19:e3:84:fe:7b:90:ee:95:57:72:b8:22:c0:9d:81:22:87:eb:
         61:bb:87:b7:5c:dc:52:a2:d8:01:c4:b3:6b:25:7c:74:5d:62:
         01:6b:a3:08:4d:78:e2:2d:93:d9:9e:fe:bf:9a:cc:8b:91:ad:
         0a:07:49:a7:a9:94:d4:09:61:b2:76:90:ca:ff:69:7e:9e:59:
         f7:5f:7a:a5:56:ba:bb:23:af:87:cb:e0:e2:92:d4:41:36:f0:
         33:61:a6:fa:c8:9f:9a:75:1e:a7:89:18:41:26:7e:56:9b:ea:
         5a:39:76:78:60:63:b2:c1:0d:65:ff:b3:43:68:db:f3:1c:96:
         4b:09:f0:d4:d6:6e:bd:64:63:55:3d:d0:ec:3f:5c:87:2e:95:
         ff:64:6d:61:fc:63:52:6c:1c:9a:b0:f3:97:8c:83:46:56:d7:
         36:0e:10:a5:48:3b:26:98:12:4a:c3:fe:7a:b8:c0:68:d0:a0:
         8b:bb:c3:3a:d0:74:50:f4:f0:9b:be:6b:ae:34:53:c3:62:81:
         47:96:db:95:61:ad:60:17:47:73:0e:58:4e:d5:20:52:78:8f:
         b7:34:ad:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2IDMgHYlAqw7NKd7VLhSAtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjBiMDBmYjBjYzU5NWZlNTQyZDYyMjZlM2YwYTNlNTE2
NWYxY2MwHhcNMjQwMjA4MDkyOTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjFkNzAyMDAzMWEzN2YzOTdjMDdlYWI0ZTI3NzVkMzZkYjY5MTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQnENl1UL6ltw+F+csMjRW+sbESm
p1AVqj6kZ7C1coPWpDCsjbc6TB6MoqwuHs4Yt9QmX0kopXgso3SBjdECjOBbrvkY
Ki2nLfO4OUiJRH7/PihQInB62nZy8ilNEpIgbIbJjg5/yYWRJTlD+CdjDzMkwuXx
JIxoHckFWklSPCjWKFbPmrenMyVbBVlDhtYID13bxxTs+EslFjNORHqm2ugsx5kY
XUKg9j9FijvqSAdw4B0ieyGy7FMVC3zrS8H30THERNj03FntrQ114LBVgf+x9tYy
JZPgzZYyEsuEW/xEYjc3CxKfxyP/pzb4CgP3415XF9gZUT8RyqaXgLBFsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDsdcCADGjfzl8B+q04nddNttpGWMB8GA1UdIwQY
MBaAFOdgsA+wzFlf5ULWIm4/Cj5RZfHMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJDd0Q3RE1XVl9sUXRZaWJqOEtQbEZsOGN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iZWEzZDAtZDMzZS00NGJjLTgyOTYt
OTRlNGM5ZmQ3MThhLzEvT3gxd0lBTWFOX09Yd0g2clRpZDEwMjIya1pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iZWEzZDAtZDMzZS00NGJjLTgyOTYtOTRlNGM5ZmQ3MThh
LzEvNTJDd0Q3RE1XVl9sUXRZaWJqOEtQbEZsOGN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDstQIAwQB
w3ICMA0GCSqGSIb3DQEBCwUAA4IBAQAJfirIvE/QqfzZ0ns6zijA1veXdMg8gfai
jRXzp9Yk9tQQBmUZ44T+e5DulVdyuCLAnYEih+thu4e3XNxSotgBxLNrJXx0XWIB
a6MITXjiLZPZnv6/msyLka0KB0mnqZTUCWGydpDK/2l+nln3X3qlVrq7I6+Hy+Di
ktRBNvAzYab6yJ+adR6niRhBJn5Wm+paOXZ4YGOywQ1l/7NDaNvzHJZLCfDU1m69
ZGNVPdDsP1yHLpX/ZG1h/GNSbByasPOXjINGVtc2DhClSDsmmBJKw/56uMBo0KCL
u8M60HRQ9PCbvmuuNFPDYoFHltuVYa1gF0dzDlhO1SBSeI+3NK31
-----END CERTIFICATE-----