Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/os6omhF7wDkTWOupob3yUnpLEF4.roa
File:                     os6omhF7wDkTWOupob3yUnpLEF4.roa (raw, json)
Hash identifier:          jtU8hwX9GIzQ0cHgAIDOlQTrldOIK7L6EP6mEe+XhXQ=
Subject key identifier:   A2:CE:A8:9A:11:7B:C0:39:13:58:EB:A9:A1:BD:F2:52:7A:4B:10:5E
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DCDEFE0BFE3279EF3728B33C96FD
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/os6omhF7wDkTWOupob3yUnpLEF4.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60190
IP address blocks:        212.243.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:dc:de:fe:0b:fe:32:79:ef:37:28:b3:3c:96:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2cea89a117bc0391358eba9a1bdf2527a4b105e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:10:11:b9:a6:83:87:57:95:91:be:fa:82:92:
                    0b:66:48:5c:ce:59:61:1f:96:06:59:c2:e7:55:d1:
                    d7:a6:f5:e1:95:8e:0c:8e:d4:12:53:7d:15:07:2d:
                    f0:b2:4e:67:b5:bc:de:db:cc:8b:1d:64:bf:b7:db:
                    94:64:a1:93:2b:51:a2:50:00:45:f1:ab:6b:f9:8e:
                    b1:fa:55:a7:dc:a7:9d:6d:b9:68:5e:4d:7b:6b:b2:
                    98:27:8c:ea:6f:09:53:12:63:00:df:27:7c:b8:f2:
                    ab:21:9b:d7:57:b8:1b:3e:60:03:fa:07:96:a1:97:
                    ed:0a:77:fc:fe:46:fc:24:a0:72:9b:3a:b1:75:99:
                    27:13:24:17:ff:68:b5:81:94:52:65:62:4c:2d:38:
                    87:60:9e:a8:57:27:38:a6:71:75:f9:10:fa:ff:58:
                    ee:ce:99:a4:2b:ae:b2:67:87:c9:9d:f7:7e:00:89:
                    e6:39:2f:57:1d:4f:4b:16:04:d2:32:a4:b2:47:1c:
                    29:ee:ad:89:c2:9d:f0:44:8c:1c:5e:43:a7:f0:fa:
                    a2:99:6c:7b:33:c9:bd:aa:32:05:aa:61:08:63:a9:
                    df:00:08:71:81:f1:f0:d6:42:28:b5:cb:e4:3a:bd:
                    cd:df:99:a6:50:ac:c3:eb:ce:62:42:c5:c5:03:b9:
                    e4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:CE:A8:9A:11:7B:C0:39:13:58:EB:A9:A1:BD:F2:52:7A:4B:10:5E
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/os6omhF7wDkTWOupob3yUnpLEF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.243.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:05:bb:83:4e:36:b0:22:fe:2e:09:a7:a5:8a:f4:73:ba:c1:
         de:a1:71:85:b3:a7:8b:80:ae:b1:9e:86:3d:2c:47:c6:2a:c9:
         6a:70:42:9a:9a:b7:4c:a5:c3:a6:64:f6:ec:63:80:cf:b3:55:
         21:41:3d:06:8e:a5:d7:8d:07:be:51:04:f7:66:b1:ba:be:75:
         73:b1:32:ba:da:e6:a1:03:52:7d:10:a8:f3:4a:8c:e3:e4:76:
         53:e3:ea:28:ab:e6:e0:07:13:dc:41:1f:7b:6c:cb:8d:b2:06:
         7b:17:21:99:6c:e6:f9:82:dc:1d:4b:2a:90:f7:49:85:e7:17:
         1e:43:0f:8f:b0:9e:6c:dc:e1:b5:59:5e:f7:3b:74:16:ac:a6:
         9a:f5:a4:fe:b0:27:d0:8c:63:79:18:9f:32:20:66:4a:17:45:
         94:aa:c2:b0:d0:7e:c6:a7:43:a1:c1:2d:4b:ee:b1:d6:6a:ea:
         a9:c0:df:eb:37:8d:95:43:ff:b3:f3:b1:60:70:ae:33:8f:9f:
         36:e8:dc:37:49:cb:24:bd:d8:5a:bc:ff:e4:70:e4:87:45:5c:
         3c:1a:84:28:8f:c8:e3:0a:3e:79:e6:56:77:cb:41:ba:33:82:
         8b:81:f2:a3:92:50:4d:1a:c9:2a:ac:b4:c1:ef:40:7c:25:2d:
         4c:a5:27:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNze/gv+MnnvNyizPJb9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmNlYTg5YTExN2JjMDM5MTM1OGViYTlhMWJkZjI1MjdhNGIxMDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBARuaaDh1eVkb76gpILZkhczllh
H5YGWcLnVdHXpvXhlY4MjtQSU30VBy3wsk5ntbze28yLHWS/t9uUZKGTK1GiUABF
8atr+Y6x+lWn3KedbbloXk17a7KYJ4zqbwlTEmMA3yd8uPKrIZvXV7gbPmAD+geW
oZftCnf8/kb8JKBymzqxdZknEyQX/2i1gZRSZWJMLTiHYJ6oVyc4pnF1+RD6/1ju
zpmkK66yZ4fJnfd+AInmOS9XHU9LFgTSMqSyRxwp7q2Jwp3wRIwcXkOn8PqimWx7
M8m9qjIFqmEIY6nfAAhxgfHw1kIotcvkOr3N35mmUKzD685iQsXFA7nkJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLOqJoRe8A5E1jrqaG98lJ6SxBeMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvb3M2b21oRjd3RGtUV091cG9iM3lVbnBMRUY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1PN4MA0G
CSqGSIb3DQEBCwUAA4IBAQCqBbuDTjawIv4uCaelivRzusHeoXGFs6eLgK6xnoY9
LEfGKslqcEKamrdMpcOmZPbsY4DPs1UhQT0GjqXXjQe+UQT3ZrG6vnVzsTK62uah
A1J9EKjzSozj5HZT4+ooq+bgBxPcQR97bMuNsgZ7FyGZbOb5gtwdSyqQ90mF5xce
Qw+PsJ5s3OG1WV73O3QWrKaa9aT+sCfQjGN5GJ8yIGZKF0WUqsKw0H7Gp0OhwS1L
7rHWauqpwN/rN42VQ/+z87FgcK4zj5826Nw3ScskvdhavP/kcOSHRVw8GoQoj8jj
Cj555lZ3y0G6M4KLgfKjklBNGskqrLTB70B8JS1MpSd+
-----END CERTIFICATE-----