Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/OerbJzLV7tmblhvHZ6Via9WDwF4.roa
File:                     OerbJzLV7tmblhvHZ6Via9WDwF4.roa (raw, json)
Hash identifier:          SdNgQKQo9xGMokk4rj0jWEzKTFTRk9+QP/fTxngU5h8=
Subject key identifier:   39:EA:DB:27:32:D5:EE:D9:9B:96:1B:C7:67:A5:62:6B:D5:83:C0:5E
Certificate issuer:       /CN=ea93edfc2aa748e4981050ec06e3a66920265e17
Certificate serial:       018CC56DFD1DB799D102982E806C4D64A188
Authority key identifier: EA:93:ED:FC:2A:A7:48:E4:98:10:50:EC:06:E3:A6:69:20:26:5E:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/OerbJzLV7tmblhvHZ6Via9WDwF4.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        132.72.0.0/16 maxlen: 16
                          132.73.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fd:1d:b7:99:d1:02:98:2e:80:6c:4d:64:a1:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea93edfc2aa748e4981050ec06e3a66920265e17
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39eadb2732d5eed99b961bc767a5626bd583c05e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:79:4f:42:63:1f:20:8e:77:6b:73:f8:63:61:
                    ca:b4:e5:d5:29:40:0b:9f:49:a3:10:c3:fb:4f:6b:
                    6a:77:e8:60:2e:fb:5a:30:6c:24:a0:69:14:44:9c:
                    e6:7a:fb:d2:db:5a:ef:d0:84:6c:27:96:1d:5e:50:
                    86:e0:89:4d:33:10:00:9c:87:3b:69:66:47:4c:f5:
                    37:32:f7:d8:98:36:ef:c3:3e:37:d4:c1:f4:fa:e9:
                    59:56:71:c4:f9:90:5c:5e:16:ef:33:7e:1c:e5:6c:
                    13:43:30:ae:ac:19:c7:a5:57:15:03:d4:25:c2:f4:
                    19:7c:2a:7a:f2:aa:d0:4f:4c:65:71:96:d0:f5:47:
                    cf:41:e3:4c:e4:a1:6e:86:a0:ab:4c:60:0a:00:dc:
                    c6:c4:89:7c:16:5f:c8:4b:1e:fb:46:f6:64:a2:d6:
                    d0:7f:3d:df:4e:e6:e0:98:cd:68:8e:96:3c:64:fa:
                    e5:61:d1:05:7d:1d:71:4f:a4:c6:48:b8:47:b0:5c:
                    44:d7:9b:08:78:ee:42:30:d4:5b:30:56:31:99:41:
                    cb:a8:4d:2d:03:fe:75:0b:53:c7:9b:6c:76:a9:2e:
                    ff:26:68:d4:4f:c4:61:47:05:19:07:8d:d6:83:f1:
                    0a:91:97:7c:85:62:40:fb:be:77:e0:5b:f0:a9:17:
                    c1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:EA:DB:27:32:D5:EE:D9:9B:96:1B:C7:67:A5:62:6B:D5:83:C0:5E
            X509v3 Authority Key Identifier:
                keyid:EA:93:ED:FC:2A:A7:48:E4:98:10:50:EC:06:E3:A6:69:20:26:5E:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/OerbJzLV7tmblhvHZ6Via9WDwF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         39:f7:84:1c:68:61:ea:db:54:46:83:b8:3a:3f:09:63:b8:6c:
         8d:40:76:17:14:44:95:de:a1:56:e8:b1:4c:a6:03:cc:9d:09:
         3e:39:03:fa:ed:b8:34:d1:87:2f:94:94:33:78:a0:e0:30:47:
         d3:73:6a:cc:29:6d:d7:2d:3b:65:d6:78:ee:4a:a4:fc:8a:99:
         3b:50:c7:3e:5a:cf:11:bb:f4:fa:de:70:05:0f:80:bc:fe:e8:
         a1:bd:71:c9:93:d9:73:3f:89:f8:b6:93:c2:6d:0e:29:ae:3a:
         32:a5:78:d4:38:d5:97:0d:59:e2:04:81:df:39:c8:8d:1a:c2:
         c9:78:db:50:d6:78:d8:c5:be:3c:d5:3a:20:86:d7:59:47:f3:
         96:e6:7d:f9:fb:0e:ee:e3:f7:e1:ba:0e:81:01:7c:e8:3c:46:
         0b:8e:4e:6d:c1:04:56:a2:e4:e0:3d:e3:57:5b:66:16:3d:9a:
         55:b8:ae:f9:dc:49:05:42:9d:19:7f:a9:f9:7e:f7:87:13:ba:
         26:15:9b:59:f7:d4:f3:0c:e1:3a:11:13:f7:9c:da:1f:cd:36:
         ba:25:ae:ae:c9:af:bb:2a:d8:07:2f:d0:c2:e5:94:81:33:ad:
         c1:4f:ee:59:e5:4c:b0:05:f8:ce:53:ca:ac:63:92:b8:f8:e5:
         49:04:1c:70
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFbf0dt5nRApgugGxNZKGIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhOTNlZGZjMmFhNzQ4ZTQ5ODEwNTBlYzA2ZTNhNjY5MjAy
NjVlMTcwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWVhZGIyNzMyZDVlZWQ5OWI5NjFiYzc2N2E1NjI2YmQ1ODNjMDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXlPQmMfII53a3P4Y2HKtOXVKUAL
n0mjEMP7T2tqd+hgLvtaMGwkoGkURJzmevvS21rv0IRsJ5YdXlCG4IlNMxAAnIc7
aWZHTPU3MvfYmDbvwz431MH0+ulZVnHE+ZBcXhbvM34c5WwTQzCurBnHpVcVA9Ql
wvQZfCp68qrQT0xlcZbQ9UfPQeNM5KFuhqCrTGAKANzGxIl8Fl/ISx77RvZkotbQ
fz3fTubgmM1ojpY8ZPrlYdEFfR1xT6TGSLhHsFxE15sIeO5CMNRbMFYxmUHLqE0t
A/51C1PHm2x2qS7/JmjUT8RhRwUZB43Wg/EKkZd8hWJA+7534FvwqRfBVQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDnq2ycy1e7Zm5Ybx2elYmvVg8BeMB8GA1UdIwQY
MBaAFOqT7fwqp0jkmBBQ7AbjpmkgJl4XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnBQdF9DcW5TT1NZRUZEc0J1T21hU0FtWGhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wZmQ1ZjQtNTZjMC00OGJhLWIwMmIt
ZDEzOGE5YzRlNDNmLzEvT2VyYkp6TFY3dG1ibGh2SFo2VmlhOVdEd0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8wZmQ1ZjQtNTZjMC00OGJhLWIwMmItZDEzOGE5YzRlNDNm
LzEvNnBQdF9DcW5TT1NZRUZEc0J1T21hU0FtWGhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEgwDQYJ
KoZIhvcNAQELBQADggEBADn3hBxoYerbVEaDuDo/CWO4bI1AdhcURJXeoVbosUym
A8ydCT45A/rtuDTRhy+UlDN4oOAwR9NzaswpbdctO2XWeO5KpPyKmTtQxz5azxG7
9PrecAUPgLz+6KG9ccmT2XM/ifi2k8JtDimuOjKleNQ41ZcNWeIEgd85yI0awsl4
21DWeNjFvjzVOiCG11lH85bmffn7Du7j9+G6DoEBfOg8RguOTm3BBFai5OA941db
ZhY9mlW4rvncSQVCnRl/qfl+94cTuiYVm1n31PMM4ToRE/ec2h/NNrolrq7Jr7sq
2Acv0MLllIEzrcFP7lnlTLAF+M5Tyqxjkrj45UkEHHA=
-----END CERTIFICATE-----