Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/OxogmYXvSNnmWM5YD1Zto52n55o.roa
File:                     OxogmYXvSNnmWM5YD1Zto52n55o.roa (raw, json)
Hash identifier:          YMK+notRhKC9uI2opqK5onyFP5bQ++q5XGZ8a7uj5Yw=
Subject key identifier:   3B:1A:20:99:85:EF:48:D9:E6:58:CE:58:0F:56:6D:A3:9D:A7:E7:9A
Certificate issuer:       /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial:       018CC86F88F1848A26905042944652199350
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/OxogmYXvSNnmWM5YD1Zto52n55o.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208027
IP address blocks:        213.192.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:88:f1:84:8a:26:90:50:42:94:46:52:19:93:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b1a209985ef48d9e658ce580f566da39da7e79a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:85:fa:c6:b8:73:f4:d5:88:af:bd:a6:4a:95:
                    8e:2a:1a:e5:cf:e1:fc:22:8c:9b:00:d7:8c:f6:90:
                    b6:91:df:fe:6e:bb:2b:96:d3:df:f0:09:dd:04:b8:
                    ec:a5:23:27:67:c7:ca:66:34:c6:0c:00:6b:58:b9:
                    c9:3d:14:e0:c8:6c:44:62:41:27:4e:d5:3a:4a:82:
                    fc:9a:46:57:78:b0:c5:0c:f6:9c:95:93:c7:00:9b:
                    b6:1b:c6:d1:bc:17:d4:67:9c:e1:93:ec:90:ba:9d:
                    a0:ae:0c:49:bb:da:5f:84:75:5e:7c:d1:6f:14:c2:
                    f9:e8:5d:22:7c:f4:51:e8:ef:7c:fa:ca:8f:fc:eb:
                    48:ae:94:05:90:b3:8f:ce:d2:9c:36:40:b5:e2:fe:
                    a0:8f:09:f2:23:7a:ed:f0:90:6c:b0:fc:5f:20:cd:
                    f4:3b:df:f8:29:3f:aa:3a:3c:63:88:88:89:10:6a:
                    50:37:b2:72:be:6e:0d:20:5d:b6:d1:2b:35:b2:7f:
                    71:26:54:1a:f2:b7:92:38:ad:0f:74:eb:50:d0:31:
                    e0:97:e3:ed:1e:21:bb:fc:a1:01:4c:77:7d:93:dd:
                    58:a7:bc:51:78:74:5f:03:b9:03:1b:e1:12:df:6b:
                    f9:d9:53:1a:42:1d:41:62:6d:8d:be:80:85:f6:1f:
                    d3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:1A:20:99:85:EF:48:D9:E6:58:CE:58:0F:56:6D:A3:9D:A7:E7:9A
            X509v3 Authority Key Identifier:
                keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/OxogmYXvSNnmWM5YD1Zto52n55o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.192.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:68:a8:cf:f1:d4:2f:fc:7d:34:0a:b1:9f:2d:bc:1e:8b:8e:
         26:ea:ef:d8:6a:76:3e:90:60:c9:49:9e:24:a6:57:c5:3d:6e:
         99:63:12:9e:e5:f4:37:2a:30:ef:58:2f:ef:1d:2e:c8:fb:f3:
         c9:d6:cd:d1:82:19:1e:3a:ea:b1:55:81:cf:52:75:0d:8a:58:
         2f:94:5e:51:db:32:19:22:c7:75:5b:b6:de:93:93:6a:a9:95:
         25:54:d0:71:29:7b:40:b3:50:35:e6:40:13:72:94:67:8d:6a:
         ab:2c:b8:d5:d4:b3:7e:71:a2:77:6f:f8:5a:b5:b3:7a:4d:43:
         c7:00:35:12:20:12:5e:ae:8d:1e:b0:1c:89:80:bf:99:6f:cb:
         d7:66:29:ec:a9:f6:0d:48:f7:1a:b1:a4:49:01:67:0d:c0:e0:
         dd:7c:ab:25:d8:e0:ff:6c:fa:2c:cf:e1:75:16:82:00:07:38:
         ec:66:0b:99:da:53:04:3b:1e:4c:7a:28:49:56:d9:0c:96:2a:
         ea:a0:8f:4e:99:83:a4:32:83:c8:0b:b1:75:fb:23:fa:c8:f3:
         e8:71:4e:44:a7:e1:df:91:f5:51:3b:bd:51:69:df:80:f4:24:
         a7:d4:fb:94:dc:17:5b:9a:0e:3d:8b:ed:1b:32:1e:c6:bb:7c:
         6f:0c:56:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4jxhIomkFBClEZSGZNQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjFhMjA5OTg1ZWY0OGQ5ZTY1OGNlNTgwZjU2NmRhMzlkYTdlNzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIX6xrhz9NWIr72mSpWOKhrlz+H8
IoybANeM9pC2kd/+brsrltPf8AndBLjspSMnZ8fKZjTGDABrWLnJPRTgyGxEYkEn
TtU6SoL8mkZXeLDFDPaclZPHAJu2G8bRvBfUZ5zhk+yQup2grgxJu9pfhHVefNFv
FML56F0ifPRR6O98+sqP/OtIrpQFkLOPztKcNkC14v6gjwnyI3rt8JBssPxfIM30
O9/4KT+qOjxjiIiJEGpQN7Jyvm4NIF220Ss1sn9xJlQa8reSOK0PdOtQ0DHgl+Pt
HiG7/KEBTHd9k91Yp7xReHRfA7kDG+ES32v52VMaQh1BYm2NvoCF9h/TAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsaIJmF70jZ5ljOWA9WbaOdp+eaMB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvT3hvZ21ZWHZTTm5tV001WUQxWnRvNTJuNTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cDWMA0G
CSqGSIb3DQEBCwUAA4IBAQCJaKjP8dQv/H00CrGfLbwei44m6u/YanY+kGDJSZ4k
plfFPW6ZYxKe5fQ3KjDvWC/vHS7I+/PJ1s3RghkeOuqxVYHPUnUNilgvlF5R2zIZ
Isd1W7bek5NqqZUlVNBxKXtAs1A15kATcpRnjWqrLLjV1LN+caJ3b/hatbN6TUPH
ADUSIBJero0esByJgL+Zb8vXZinsqfYNSPcasaRJAWcNwODdfKsl2OD/bPosz+F1
FoIABzjsZguZ2lMEOx5MeihJVtkMlirqoI9OmYOkMoPIC7F1+yP6yPPocU5Ep+Hf
kfVRO71Rad+A9CSn1PuU3Bdbmg49i+0bMh7Gu3xvDFZj
-----END CERTIFICATE-----