Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/oj7C1T-u1go-Hv3MPEkjlUcYEaQ.roa
File:                     oj7C1T-u1go-Hv3MPEkjlUcYEaQ.roa (raw, json)
Hash identifier:          2NEbJ5BzHcpptQeJfpGk4uQoycyfWVmBkNVJhCBKl94=
Subject key identifier:   A2:3E:C2:D5:3F:AE:D6:0A:3E:1E:FD:CC:3C:49:23:95:47:18:11:A4
Certificate issuer:       /CN=ef678469574acc03d782e63281ff44faaab3f847
Certificate serial:       018CCA29148929C8D1980C19BE48BA4F16A1
Authority key identifier: EF:67:84:69:57:4A:CC:03:D7:82:E6:32:81:FF:44:FA:AA:B3:F8:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/oj7C1T-u1go-Hv3MPEkjlUcYEaQ.roa
Signing time:             Tue 02 Jan 2024 12:32:19 +0000
ROA not before:           Tue 02 Jan 2024 12:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209231
IP address blocks:        185.161.236.0/22 maxlen: 24
                          2.56.140.0/22 maxlen: 24
                          2a09:c540::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:14:89:29:c8:d1:98:0c:19:be:48:ba:4f:16:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef678469574acc03d782e63281ff44faaab3f847
        Validity
            Not Before: Jan  2 12:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a23ec2d53faed60a3e1efdcc3c492395471811a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:58:c2:dd:4a:2a:1b:62:02:73:70:91:af:de:
                    c2:80:2f:a3:7e:e4:8d:10:34:9f:57:9b:89:51:fc:
                    74:92:85:5f:e4:78:85:1f:4c:9a:42:42:06:76:38:
                    09:5a:d5:df:40:a4:43:d2:66:d6:67:d1:0d:9a:88:
                    c5:95:fc:ef:fb:b1:2e:e3:7e:6e:d6:e4:16:4c:f5:
                    7c:52:aa:1d:00:34:8a:72:e2:f5:0f:4f:e6:b0:a3:
                    91:15:ea:d9:aa:34:86:69:c8:7b:98:85:86:5a:b1:
                    c1:2b:a5:64:04:0f:1e:bd:02:43:25:44:26:27:71:
                    ae:02:54:42:ec:b4:8f:30:90:a9:98:2f:c7:c0:37:
                    34:19:a1:26:ea:d2:da:bf:77:e9:ca:8a:cf:58:64:
                    81:44:ea:f9:5b:97:0f:04:8c:f1:72:d5:cc:2a:18:
                    71:c2:8f:28:4c:a2:11:fc:3b:f8:55:f8:c4:be:3a:
                    66:82:5b:28:08:db:36:43:98:8e:bd:9b:e4:a2:0d:
                    9b:4a:2c:16:9f:a0:1f:4e:c6:eb:bf:b7:6c:13:ef:
                    e7:76:94:ae:a4:23:a9:de:ec:b7:c0:d9:e7:93:8b:
                    97:ef:64:66:ab:58:b2:7a:ac:4e:f6:2e:b1:03:72:
                    56:58:e7:e3:38:07:a8:90:ad:cd:60:3f:61:4f:d4:
                    8e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:3E:C2:D5:3F:AE:D6:0A:3E:1E:FD:CC:3C:49:23:95:47:18:11:A4
            X509v3 Authority Key Identifier:
                keyid:EF:67:84:69:57:4A:CC:03:D7:82:E6:32:81:FF:44:FA:AA:B3:F8:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/oj7C1T-u1go-Hv3MPEkjlUcYEaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.140.0/22
                  185.161.236.0/22
                IPv6:
                  2a09:c540::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:f4:59:0d:1b:2f:1c:e5:a9:d6:4e:66:bf:25:3d:2e:4e:be:
         2a:68:ed:3c:74:9f:1f:73:b2:62:68:bc:98:ed:cf:09:86:79:
         06:70:ab:5e:11:fa:58:78:a7:2b:04:cc:4a:cb:9a:f3:d2:b1:
         11:0c:37:a4:c8:bf:53:50:12:11:97:1f:2b:cb:99:9b:f3:79:
         a3:24:44:61:af:fb:3f:cb:ab:48:0f:a4:47:1b:91:3c:2e:1c:
         f4:19:48:e5:3a:5b:4f:12:c4:a0:da:ee:f3:1e:9f:c4:43:61:
         e8:83:77:d6:14:fa:fd:ff:d0:54:c7:26:04:1b:70:2c:56:7e:
         f3:b4:cd:48:14:e1:33:7f:da:2f:cf:bb:48:d4:6b:66:e4:fc:
         a1:eb:8c:87:1f:6c:9f:07:6d:96:e4:c2:0b:a1:6b:2d:44:65:
         00:ef:58:8a:97:fd:a6:61:56:da:8d:ac:6b:a8:a7:12:29:1f:
         e2:13:c0:90:14:d7:67:cf:9a:cb:2f:33:e7:d9:fc:7b:90:be:
         e5:f6:8b:81:f5:4f:8d:29:4f:9a:75:7d:24:d5:ef:93:2d:f8:
         a0:e1:c7:3e:8a:01:42:26:18:13:a0:24:66:20:25:4b:b3:b6:
         a9:b7:eb:f7:db:e8:64:af:93:26:0d:6b:6f:b0:ab:41:6d:c4:
         3e:bc:5d:cd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKRSJKcjRmAwZvki6TxahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNjc4NDY5NTc0YWNjMDNkNzgyZTYzMjgxZmY0NGZhYWFi
M2Y4NDcwHhcNMjQwMTAyMTIzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjNlYzJkNTNmYWVkNjBhM2UxZWZkY2MzYzQ5MjM5NTQ3MTgxMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1jC3UoqG2ICc3CRr97CgC+jfuSN
EDSfV5uJUfx0koVf5HiFH0yaQkIGdjgJWtXfQKRD0mbWZ9ENmojFlfzv+7Eu435u
1uQWTPV8UqodADSKcuL1D0/msKORFerZqjSGach7mIWGWrHBK6VkBA8evQJDJUQm
J3GuAlRC7LSPMJCpmC/HwDc0GaEm6tLav3fpyorPWGSBROr5W5cPBIzxctXMKhhx
wo8oTKIR/Dv4VfjEvjpmglsoCNs2Q5iOvZvkog2bSiwWn6AfTsbrv7dsE+/ndpSu
pCOp3uy3wNnnk4uX72Rmq1iyeqxO9i6xA3JWWOfjOAeokK3NYD9hT9SO5QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKI+wtU/rtYKPh79zDxJI5VHGBGkMB8GA1UdIwQY
MBaAFO9nhGlXSswD14LmMoH/RPqqs/hHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzJlRWFWZEt6QVBYZ3VZeWdmOUUtcXF6LUVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iNDY3M2ItMjEwYi00ZTVhLTg3NmEt
ZGMwNTllNjliMWQwLzEvb2o3QzFULXUxZ28tSHYzTVBFa2psVWNZRWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iNDY3M2ItMjEwYi00ZTVhLTg3NmEtZGMwNTllNjliMWQw
LzEvNzJlRWFWZEt6QVBYZ3VZeWdmOUUtcXF6LUVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCAjiMAwQC
uaHsMA0EAgACMAcDBQAqCcVAMA0GCSqGSIb3DQEBCwUAA4IBAQCl9FkNGy8c5anW
Tma/JT0uTr4qaO08dJ8fc7JiaLyY7c8JhnkGcKteEfpYeKcrBMxKy5rz0rERDDek
yL9TUBIRlx8ry5mb83mjJERhr/s/y6tID6RHG5E8Lhz0GUjlOltPEsSg2u7zHp/E
Q2Hog3fWFPr9/9BUxyYEG3AsVn7ztM1IFOEzf9ovz7tI1Gtm5Pyh64yHH2yfB22W
5MILoWstRGUA71iKl/2mYVbajaxrqKcSKR/iE8CQFNdnz5rLLzPn2fx7kL7l9ouB
9U+NKU+adX0k1e+TLfig4cc+igFCJhgToCRmICVLs7apt+v32+hkr5MmDWtvsKtB
bcQ+vF3N
-----END CERTIFICATE-----