Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Oruqp_-VsbDULCBBfh1Cdk4Jzqk.roa
File:                     Oruqp_-VsbDULCBBfh1Cdk4Jzqk.roa (raw, json)
Hash identifier:          N2WQbrEgXU2YLaDACSQSK+21Zf3fN6esOf+ry1j01+I=
Subject key identifier:   3A:BB:AA:A7:FF:95:B1:B0:D4:2C:20:41:7E:1D:42:76:4E:09:CE:A9
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D6B3B3A2210C578CD577E2733515
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Oruqp_-VsbDULCBBfh1Cdk4Jzqk.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200682
IP address blocks:        212.161.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 22:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d6:b3:b3:a2:21:0c:57:8c:d5:77:e2:73:35:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3abbaaa7ff95b1b0d42c20417e1d42764e09cea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:36:3a:75:87:fb:1c:43:79:c6:04:3d:e9:dc:
                    d8:4b:da:4c:b5:be:41:47:df:b8:f2:85:41:75:9c:
                    af:1c:bc:a6:ab:6a:99:72:35:1e:50:ec:12:e5:9a:
                    0b:cb:55:11:c8:a7:cd:28:e8:a4:c0:29:7c:e6:16:
                    0b:b3:f8:0a:c0:89:8d:f7:a8:ce:5a:2f:a4:b8:b0:
                    8c:29:4a:d7:a7:84:07:e8:2b:71:45:24:47:87:02:
                    a6:0c:30:8b:fc:0b:0e:2a:7b:66:67:7a:0d:e3:b9:
                    e2:af:36:03:b8:0f:09:3f:b6:b2:31:10:c9:e9:f5:
                    74:83:fc:7b:11:a6:6a:e8:32:bc:8d:31:a8:6a:69:
                    e0:8e:1a:4e:aa:e3:f3:9d:71:6d:be:43:fc:93:85:
                    2d:ba:9f:8d:2b:2f:df:42:2e:3a:30:85:2e:5b:4c:
                    f3:5a:ca:5f:6d:69:5f:1c:4d:88:28:ca:1a:e0:f7:
                    d2:f6:e6:6e:55:6d:8c:e5:9d:5f:c8:73:b2:46:e9:
                    82:95:97:cf:dd:59:11:91:19:6e:1c:25:b4:cd:69:
                    ee:c1:47:b9:2d:fb:8a:a4:f2:53:61:82:61:17:1c:
                    a0:6d:56:93:1c:7b:f7:2c:75:24:d8:42:3f:ee:f9:
                    08:06:95:41:2c:00:bc:fd:c3:6d:18:f1:e4:bb:b4:
                    8d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:BB:AA:A7:FF:95:B1:B0:D4:2C:20:41:7E:1D:42:76:4E:09:CE:A9
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Oruqp_-VsbDULCBBfh1Cdk4Jzqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.161.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b5:c1:f4:d7:f1:ea:6c:ba:61:f3:cd:a3:94:f7:26:15:3b:
         bf:df:4d:d0:bc:80:20:30:08:f0:d0:41:3a:eb:5e:d4:dd:19:
         31:bd:0f:8e:aa:0e:12:a5:68:00:7d:75:25:bf:8f:1c:0a:6e:
         ef:da:a5:5f:04:bd:74:c0:bd:52:d5:cb:5f:f9:1f:9b:ad:d0:
         93:6b:99:35:80:55:38:b7:cc:65:a2:79:6c:da:97:f1:2d:cd:
         c6:52:c8:79:7a:c7:99:14:bc:05:5e:d1:e7:2c:aa:d2:18:85:
         a4:58:71:5d:ed:ef:c4:f4:bd:fd:ea:d5:68:07:a9:b7:3d:bf:
         c9:11:9c:14:57:4c:3f:e4:5b:b7:33:c9:32:bb:d2:96:2f:11:
         4a:cb:39:56:1e:b8:21:77:45:92:f5:af:cc:57:e9:f2:02:56:
         1b:df:ff:56:90:18:d3:00:92:f2:28:91:35:04:0a:0b:d0:40:
         64:b7:d7:17:c4:48:7e:bb:58:13:c6:5f:00:e1:85:d4:05:21:
         ae:d5:35:4b:ff:9f:e4:fc:5d:8e:d7:ed:43:8b:40:df:a6:96:
         5a:f5:86:64:e3:0f:5c:29:65:94:0a:81:19:97:b5:ad:4a:52:
         c8:26:8b:2c:df:8a:75:58:0f:b0:f0:da:c2:85:8e:62:1f:e4:
         54:45:64:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttazs6IhDFeM1XficzUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWJiYWFhN2ZmOTViMWIwZDQyYzIwNDE3ZTFkNDI3NjRlMDljZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjY6dYf7HEN5xgQ96dzYS9pMtb5B
R9+48oVBdZyvHLymq2qZcjUeUOwS5ZoLy1URyKfNKOikwCl85hYLs/gKwImN96jO
Wi+kuLCMKUrXp4QH6CtxRSRHhwKmDDCL/AsOKntmZ3oN47nirzYDuA8JP7ayMRDJ
6fV0g/x7EaZq6DK8jTGoamngjhpOquPznXFtvkP8k4Utup+NKy/fQi46MIUuW0zz
WspfbWlfHE2IKMoa4PfS9uZuVW2M5Z1fyHOyRumClZfP3VkRkRluHCW0zWnuwUe5
LfuKpPJTYYJhFxygbVaTHHv3LHUk2EI/7vkIBpVBLAC8/cNtGPHku7SNAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDq7qqf/lbGw1CwgQX4dQnZOCc6pMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvT3J1cXBfLVZzYkRVTENCQmZoMUNkazRKenFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1KE7MA0G
CSqGSIb3DQEBCwUAA4IBAQAztcH01/HqbLph882jlPcmFTu/303QvIAgMAjw0EE6
617U3RkxvQ+Oqg4SpWgAfXUlv48cCm7v2qVfBL10wL1S1ctf+R+brdCTa5k1gFU4
t8xlonls2pfxLc3GUsh5eseZFLwFXtHnLKrSGIWkWHFd7e/E9L396tVoB6m3Pb/J
EZwUV0w/5Fu3M8kyu9KWLxFKyzlWHrghd0WS9a/MV+nyAlYb3/9WkBjTAJLyKJE1
BAoL0EBkt9cXxEh+u1gTxl8A4YXUBSGu1TVL/5/k/F2O1+1Di0DfppZa9YZk4w9c
KWWUCoEZl7WtSlLIJoss34p1WA+w8NrChY5iH+RURWQU
-----END CERTIFICATE-----