Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/oKegfjSQYVAAwzijVJTioyn78cQ.roa
File:                     oKegfjSQYVAAwzijVJTioyn78cQ.roa (raw, json)
Hash identifier:          BqwzoGlA6R5gAwM59BpT7V7IMuzUckinXaIESywt2hU=
Subject key identifier:   A0:A7:A0:7E:34:90:61:50:00:C3:38:A3:54:94:E2:A3:29:FB:F1:C4
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D5202339D4E06DE3442586E81E1F
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/oKegfjSQYVAAwzijVJTioyn78cQ.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60845
IP address blocks:        212.121.139.0/24 maxlen: 24
                          62.96.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d5:20:23:39:d4:e0:6d:e3:44:25:86:e8:1e:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0a7a07e3490615000c338a35494e2a329fbf1c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:17:ca:59:6d:ac:f7:d1:e7:2c:90:54:a8:76:
                    9f:c6:32:ea:c9:4c:90:e8:15:3f:97:91:0b:84:18:
                    2a:22:37:a9:49:fe:e3:3e:11:9c:4f:59:a8:c1:6c:
                    66:30:7c:60:d0:08:db:62:27:69:6e:62:29:f1:46:
                    86:2d:55:84:a7:42:ea:da:d8:d3:56:c9:1e:2e:fb:
                    25:56:76:9b:d2:44:e1:d1:ef:d7:93:01:aa:62:b9:
                    8c:fa:20:6e:39:43:d6:fa:d6:40:22:b5:fe:8a:40:
                    36:34:5f:f4:d6:83:9f:dd:77:55:86:74:44:4f:39:
                    53:56:99:e4:83:2c:3a:e5:b2:85:c0:96:18:9f:2f:
                    33:90:15:98:6f:74:e6:09:92:b9:46:a2:e3:03:1f:
                    13:6a:64:55:e2:64:7a:79:13:bf:63:a6:6d:71:c2:
                    d5:df:27:0a:3b:c9:31:d4:32:b6:97:bf:aa:a7:ff:
                    9d:d8:27:b4:f9:95:da:fc:95:d4:c5:1e:3f:84:29:
                    04:68:36:11:bb:eb:41:34:e9:18:89:50:fd:9f:64:
                    77:b3:9a:20:11:ff:61:d8:55:17:1a:7b:5f:44:e1:
                    b0:9d:40:b5:06:bf:ab:c8:47:af:eb:e7:8b:bf:10:
                    57:f5:6c:66:94:20:2e:7b:3f:3b:dc:f1:c1:f7:19:
                    56:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A7:A0:7E:34:90:61:50:00:C3:38:A3:54:94:E2:A3:29:FB:F1:C4
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/oKegfjSQYVAAwzijVJTioyn78cQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.96.212.0/24
                  212.121.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:5b:0d:4a:06:b7:42:b7:f2:8a:71:8b:4a:a6:b6:62:69:bb:
         0f:71:4b:a7:82:1c:70:5d:7f:7e:92:8c:2c:7b:57:f6:3d:fe:
         ac:7a:0f:1c:79:f2:a8:8f:52:a0:dd:fd:01:5f:44:af:52:35:
         17:fb:7b:1b:7d:98:a2:e1:f4:8c:e7:39:82:71:ae:16:f8:3d:
         66:9d:47:d3:28:2d:4a:d8:7a:4e:8f:bb:bb:4e:c9:c9:75:f4:
         1c:63:0e:72:f2:f4:ce:af:77:15:67:a8:1d:7c:d7:5f:54:dd:
         47:09:e9:ba:9f:e3:af:31:11:f4:70:f5:c7:a4:a7:81:93:eb:
         e0:81:ff:bb:96:da:31:f6:fb:7f:ec:4c:a8:30:4b:24:16:de:
         b2:fd:2a:2e:0c:65:b5:7b:05:94:45:0f:6b:5d:18:63:65:6c:
         77:fc:79:97:9f:0c:83:93:d3:75:86:ec:20:bf:c5:63:11:86:
         8c:7e:99:be:e1:93:36:53:1a:fa:f1:9a:ed:37:52:be:5f:ab:
         f2:7a:b4:d9:d6:e4:c9:80:37:eb:a4:32:fe:3f:d6:69:6f:00:
         26:98:ed:f1:4d:d7:cc:cd:68:0b:d2:16:62:83:4d:eb:02:28:
         27:7c:d6:8e:be:62:9c:b6:47:b9:d2:3d:57:f2:f3:46:c7:52:
         b4:9f:47:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDttUgIznU4G3jRCWG6B4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGE3YTA3ZTM0OTA2MTUwMDBjMzM4YTM1NDk0ZTJhMzI5ZmJmMWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxfKWW2s99HnLJBUqHafxjLqyUyQ
6BU/l5ELhBgqIjepSf7jPhGcT1mowWxmMHxg0AjbYidpbmIp8UaGLVWEp0Lq2tjT
VskeLvslVnab0kTh0e/XkwGqYrmM+iBuOUPW+tZAIrX+ikA2NF/01oOf3XdVhnRE
TzlTVpnkgyw65bKFwJYYny8zkBWYb3TmCZK5RqLjAx8TamRV4mR6eRO/Y6ZtccLV
3ycKO8kx1DK2l7+qp/+d2Ce0+ZXa/JXUxR4/hCkEaDYRu+tBNOkYiVD9n2R3s5og
Ef9h2FUXGntfROGwnUC1Br+ryEev6+eLvxBX9WxmlCAuez873PHB9xlWuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKCnoH40kGFQAMM4o1SU4qMp+/HEMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvb0tlZ2ZqU1FZVkFBd3ppalZKVGlveW43OGNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPmDUAwQA
1HmLMA0GCSqGSIb3DQEBCwUAA4IBAQBYWw1KBrdCt/KKcYtKprZiabsPcUunghxw
XX9+kowse1f2Pf6seg8cefKoj1Kg3f0BX0SvUjUX+3sbfZii4fSM5zmCca4W+D1m
nUfTKC1K2HpOj7u7TsnJdfQcYw5y8vTOr3cVZ6gdfNdfVN1HCem6n+OvMRH0cPXH
pKeBk+vggf+7ltox9vt/7EyoMEskFt6y/SouDGW1ewWURQ9rXRhjZWx3/HmXnwyD
k9N1huwgv8VjEYaMfpm+4ZM2Uxr68ZrtN1K+X6vyerTZ1uTJgDfrpDL+P9ZpbwAm
mO3xTdfMzWgL0hZig03rAignfNaOvmKctke50j1X8vNGx1K0n0eC
-----END CERTIFICATE-----