Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/_3wPtC_StjLM9iyOjz3MiQvA3Tw.roa
File:                     _3wPtC_StjLM9iyOjz3MiQvA3Tw.roa (raw, json)
Hash identifier:          Cs6VWv4VvG1KjtaKIuXuR7VhPzdVbT9h2YFUbZWwnzg=
Subject key identifier:   FF:7C:0F:B4:2F:D2:B6:32:CC:F6:2C:8E:8F:3D:CC:89:0B:C0:DD:3C
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D6EFD93C82AC39B92ED2F7F659AE
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/_3wPtC_StjLM9iyOjz3MiQvA3Tw.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205661
IP address blocks:        62.96.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:03:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d6:ef:d9:3c:82:ac:39:b9:2e:d2:f7:f6:59:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff7c0fb42fd2b632ccf62c8e8f3dcc890bc0dd3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:99:83:84:0f:02:1a:da:b0:c4:fa:ad:cb:b9:
                    b5:d9:ec:0d:10:41:fd:46:78:36:ce:e2:ff:a0:80:
                    6f:2c:73:02:81:e7:16:dd:9a:e3:2b:46:31:4f:1d:
                    fd:f4:06:bb:8d:e0:47:b5:ac:48:6e:06:0a:5d:52:
                    f3:17:e8:e5:65:08:9f:3b:47:53:b0:73:d6:b2:a8:
                    45:6c:ba:ec:3d:7f:1b:35:40:e2:e3:c0:79:7a:57:
                    82:b1:9e:dd:63:e6:db:70:1d:0b:cf:9f:d6:99:29:
                    48:5d:36:f2:16:ed:d1:63:03:1f:a9:cb:ba:f8:f0:
                    a1:ae:ae:49:c1:2d:fe:61:1a:c7:a3:2d:34:9e:df:
                    5e:76:a1:65:48:72:1c:2e:81:95:ea:80:59:08:bd:
                    a7:9e:61:ec:a8:db:31:a5:69:d8:ac:e8:99:ff:ec:
                    57:21:50:47:eb:6a:13:dc:6b:ff:c3:3a:e4:43:b5:
                    74:f0:ac:85:88:e7:7f:df:73:a7:18:9e:5f:d8:1d:
                    73:63:0c:b2:4e:8a:e9:4c:19:ac:2a:bc:01:8d:a3:
                    4e:6e:f0:45:d6:77:ac:cd:6d:3f:f5:4f:ca:43:7f:
                    62:30:f8:8e:43:31:ce:8c:a8:76:52:34:b6:d2:8a:
                    f5:04:da:f1:a2:ca:dd:1f:26:ba:b2:6d:eb:ae:6a:
                    66:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:7C:0F:B4:2F:D2:B6:32:CC:F6:2C:8E:8F:3D:CC:89:0B:C0:DD:3C
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/_3wPtC_StjLM9iyOjz3MiQvA3Tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.96.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:86:18:07:4e:a2:30:19:0d:47:a2:2c:1a:d5:78:37:14:65:
         35:38:70:df:4e:f0:5a:a9:8f:21:03:e2:71:b9:2b:48:f8:b0:
         2e:2a:05:16:c9:e3:8d:da:28:93:bb:4f:d0:60:76:8a:e7:23:
         b0:64:18:3f:c5:bb:1c:2b:d1:b1:1a:1a:57:69:a6:3f:7a:3a:
         4a:05:8a:db:7c:1c:18:55:aa:69:fa:75:72:80:f1:6b:47:73:
         73:a9:b7:8a:56:b3:22:ca:d7:b3:ab:c2:a5:94:e2:79:b6:57:
         0a:70:7f:69:c7:20:3a:4b:f2:82:d5:f8:2d:fa:bb:b6:1a:b6:
         e4:b8:82:07:d6:79:38:92:ca:4a:ed:0f:d8:ed:20:48:a2:35:
         83:9a:64:98:31:40:e0:e0:bf:a6:72:63:d5:b0:6a:48:4e:a8:
         8e:f0:8a:74:00:8d:34:cf:12:a0:d6:2e:93:49:6e:d9:3b:dd:
         a4:84:81:be:0a:a6:e3:12:19:15:7a:15:28:b8:f9:86:8a:00:
         f0:27:81:d2:79:9f:ee:d8:d7:27:56:a5:b7:5d:be:ca:aa:c5:
         e6:97:93:69:04:a0:8e:39:7e:dc:9e:a3:d1:2d:c0:e3:b3:c9:
         a4:bb:d2:fa:f4:7b:c3:e1:a0:f6:f7:6b:23:c9:87:12:c8:e1:
         3a:be:27:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttbv2TyCrDm5LtL39lmuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjdjMGZiNDJmZDJiNjMyY2NmNjJjOGU4ZjNkY2M4OTBiYzBkZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5mDhA8CGtqwxPqty7m12ewNEEH9
Rng2zuL/oIBvLHMCgecW3ZrjK0YxTx399Aa7jeBHtaxIbgYKXVLzF+jlZQifO0dT
sHPWsqhFbLrsPX8bNUDi48B5eleCsZ7dY+bbcB0Lz5/WmSlIXTbyFu3RYwMfqcu6
+PChrq5JwS3+YRrHoy00nt9edqFlSHIcLoGV6oBZCL2nnmHsqNsxpWnYrOiZ/+xX
IVBH62oT3Gv/wzrkQ7V08KyFiOd/33OnGJ5f2B1zYwyyTorpTBmsKrwBjaNObvBF
1neszW0/9U/KQ39iMPiOQzHOjKh2UjS20or1BNrxosrdHya6sm3rrmpmEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP98D7Qv0rYyzPYsjo89zIkLwN08MB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvXzN3UHRDX1N0akxNOWl5T2p6M01pUXZBM1R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPmAXMA0G
CSqGSIb3DQEBCwUAA4IBAQAQhhgHTqIwGQ1Hoiwa1Xg3FGU1OHDfTvBaqY8hA+Jx
uStI+LAuKgUWyeON2iiTu0/QYHaK5yOwZBg/xbscK9GxGhpXaaY/ejpKBYrbfBwY
Vapp+nVygPFrR3NzqbeKVrMiytezq8KllOJ5tlcKcH9pxyA6S/KC1fgt+ru2Grbk
uIIH1nk4kspK7Q/Y7SBIojWDmmSYMUDg4L+mcmPVsGpITqiO8Ip0AI00zxKg1i6T
SW7ZO92khIG+CqbjEhkVehUouPmGigDwJ4HSeZ/u2NcnVqW3Xb7KqsXml5NpBKCO
OX7cnqPRLcDjs8mku9L69HvD4aD292sjyYcSyOE6vie1
-----END CERTIFICATE-----