Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/ORZl5_uo-mD8TA-u7oHBa6Bfcns.roa
File:                     ORZl5_uo-mD8TA-u7oHBa6Bfcns.roa (raw, json)
Hash identifier:          csa5Jc2uvlu6Y+LcuT34GI2iKAadCxcC073WyvpUpkA=
Subject key identifier:   39:16:65:E7:FB:A8:FA:60:FC:4C:0F:AE:EE:81:C1:6B:A0:5F:72:7B
Certificate issuer:       /CN=121f13882dd06d098ec49a759101329b1f201f1d
Certificate serial:       018CC56DDD0B38C19418CBBE9279EBC31D93
Authority key identifier: 12:1F:13:88:2D:D0:6D:09:8E:C4:9A:75:91:01:32:9B:1F:20:1F:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eh8TiC3QbQmOxJp1kQEymx8gHx0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/ORZl5_uo-mD8TA-u7oHBa6Bfcns.roa
Signing time:             Mon 01 Jan 2024 14:29:20 +0000
ROA not before:           Mon 01 Jan 2024 14:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2200
IP address blocks:        147.210.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/Eh8TiC3QbQmOxJp1kQEymx8gHx0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/Eh8TiC3QbQmOxJp1kQEymx8gHx0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eh8TiC3QbQmOxJp1kQEymx8gHx0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:dd:0b:38:c1:94:18:cb:be:92:79:eb:c3:1d:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=121f13882dd06d098ec49a759101329b1f201f1d
        Validity
            Not Before: Jan  1 14:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=391665e7fba8fa60fc4c0faeee81c16ba05f727b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fb:b7:61:31:f3:6e:8e:b1:72:e5:81:a1:c4:
                    de:8a:74:5f:cf:c3:14:30:be:03:30:b4:47:63:52:
                    ac:b7:5b:e9:0e:71:45:00:24:e3:09:f8:7e:d8:16:
                    26:e0:42:84:92:dd:fb:3e:e3:a2:6d:9b:76:26:67:
                    e2:d7:70:fd:df:16:a1:50:53:ac:39:f5:c5:b5:1a:
                    15:4b:21:23:e5:ab:17:b6:31:65:d3:7d:93:34:8b:
                    af:69:63:7b:81:8b:52:ef:f3:df:83:1a:57:66:55:
                    98:ad:5d:ce:52:8f:bb:c0:05:00:85:f9:69:e0:78:
                    84:05:ec:68:fb:47:0c:a6:c6:1c:ce:30:65:ff:0f:
                    ae:87:d0:23:08:bf:1c:3d:85:f4:2f:4f:e3:27:f8:
                    26:8f:bc:04:5f:15:17:9d:06:ad:f2:4f:01:f2:6b:
                    b9:cf:62:23:97:1c:1a:9c:5e:d0:f5:80:be:58:9f:
                    76:37:7f:f7:4a:b4:d9:ef:61:e2:5c:f3:0e:1a:15:
                    a1:56:12:a0:7f:7b:49:a0:d6:51:4c:06:f1:d2:da:
                    37:e6:0a:2d:d5:4d:68:53:ba:ff:2f:27:bd:54:ee:
                    df:cf:e0:59:31:48:1a:1e:cc:60:29:c7:81:8d:4f:
                    ee:48:2e:c4:60:7e:b0:3c:2f:1a:fd:57:81:a0:a6:
                    f9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:16:65:E7:FB:A8:FA:60:FC:4C:0F:AE:EE:81:C1:6B:A0:5F:72:7B
            X509v3 Authority Key Identifier:
                keyid:12:1F:13:88:2D:D0:6D:09:8E:C4:9A:75:91:01:32:9B:1F:20:1F:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eh8TiC3QbQmOxJp1kQEymx8gHx0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/ORZl5_uo-mD8TA-u7oHBa6Bfcns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/Eh8TiC3QbQmOxJp1kQEymx8gHx0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.210.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         06:16:d8:a2:ec:36:a3:a4:6b:76:cb:d0:dd:8e:fa:25:6d:4d:
         7e:19:25:bb:bc:f0:7d:2b:6b:0c:58:56:89:6f:e0:62:a6:18:
         17:85:81:82:b7:6b:28:ca:4c:b6:91:ba:86:d8:2e:22:87:5e:
         d3:79:f8:38:e3:47:30:5b:29:6a:92:7e:22:76:68:2d:19:18:
         aa:7c:32:3f:e3:4a:ce:9d:66:71:29:4f:4f:9f:03:a5:95:a7:
         82:cd:23:a4:c7:37:66:d2:43:ea:d5:fe:2a:9e:20:10:f1:92:
         38:ab:25:3e:9b:be:5e:a3:55:b9:ff:94:bb:61:73:d6:fd:7c:
         34:32:c8:e6:23:61:03:d8:43:e3:af:3e:83:99:4c:17:08:42:
         dc:c3:c5:a2:5f:73:c8:91:20:48:50:05:f5:c6:94:33:ec:3d:
         67:33:71:2e:fd:99:aa:a4:8c:24:02:08:14:1b:fc:2c:79:0b:
         28:6e:f8:24:8f:5e:09:ce:5d:d3:e3:80:6b:d1:63:f9:c1:ba:
         32:45:b5:55:ab:7b:0d:23:59:d5:3c:6f:89:51:68:1e:1c:4e:
         33:3a:6c:4d:d1:a2:e3:10:5a:49:12:63:7c:39:5e:2b:a8:92:
         91:f0:13:11:78:3f:9d:5c:29:11:79:5c:22:8f:a6:4d:b9:6d:
         ab:b8:45:12
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFbd0LOMGUGMu+knnrwx2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMWYxMzg4MmRkMDZkMDk4ZWM0OWE3NTkxMDEzMjliMWYy
MDFmMWQwHhcNMjQwMTAxMTQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTE2NjVlN2ZiYThmYTYwZmM0YzBmYWVlZTgxYzE2YmEwNWY3MjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvu3YTHzbo6xcuWBocTeinRfz8MU
ML4DMLRHY1Kst1vpDnFFACTjCfh+2BYm4EKEkt37PuOibZt2Jmfi13D93xahUFOs
OfXFtRoVSyEj5asXtjFl032TNIuvaWN7gYtS7/PfgxpXZlWYrV3OUo+7wAUAhflp
4HiEBexo+0cMpsYczjBl/w+uh9AjCL8cPYX0L0/jJ/gmj7wEXxUXnQat8k8B8mu5
z2IjlxwanF7Q9YC+WJ92N3/3SrTZ72HiXPMOGhWhVhKgf3tJoNZRTAbx0to35got
1U1oU7r/Lye9VO7fz+BZMUgaHsxgKceBjU/uSC7EYH6wPC8a/VeBoKb5kwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDkWZef7qPpg/EwPru6BwWugX3J7MB8GA1UdIwQY
MBaAFBIfE4gt0G0JjsSadZEBMpsfIB8dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWg4VGlDM1FiUW1PeEpwMWtRRXlteDhnSHgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8zNWRmMGEtOGFmNi00ZmYwLWIzNDUt
MGQyNzc2NzM3NGVjLzEvT1JabDVfdW8tbUQ4VEEtdTdvSEJhNkJmY25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8zNWRmMGEtOGFmNi00ZmYwLWIzNDUtMGQyNzc2NzM3NGVj
LzEvRWg4VGlDM1FiUW1PeEpwMWtRRXlteDhnSHgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk9IwDQYJ
KoZIhvcNAQELBQADggEBAAYW2KLsNqOka3bL0N2O+iVtTX4ZJbu88H0rawxYVolv
4GKmGBeFgYK3ayjKTLaRuobYLiKHXtN5+DjjRzBbKWqSfiJ2aC0ZGKp8Mj/jSs6d
ZnEpT0+fA6WVp4LNI6THN2bSQ+rV/iqeIBDxkjirJT6bvl6jVbn/lLthc9b9fDQy
yOYjYQPYQ+OvPoOZTBcIQtzDxaJfc8iRIEhQBfXGlDPsPWczcS79maqkjCQCCBQb
/Cx5Cyhu+CSPXgnOXdPjgGvRY/nBujJFtVWrew0jWdU8b4lRaB4cTjM6bE3RouMQ
WkkSY3w5XiuokpHwExF4P51cKRF5XCKPpk25bau4RRI=
-----END CERTIFICATE-----