Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/jT7FIbbtERkFKLrTD349cmHKn1k.roa
File:                     jT7FIbbtERkFKLrTD349cmHKn1k.roa (raw, json)
Hash identifier:          l06coQvbeWm+7ZNdqFdPFVx3VrWZDoCRi/xUf1wew8Y=
Subject key identifier:   8D:3E:C5:21:B6:ED:11:19:05:28:BA:D3:0F:7E:3D:72:61:CA:9F:59
Certificate issuer:       /CN=ea93edfc2aa748e4981050ec06e3a66920265e17
Certificate serial:       018CC56DFC3D6D2E62FDCBD89AF07CDC4D12
Authority key identifier: EA:93:ED:FC:2A:A7:48:E4:98:10:50:EC:06:E3:A6:69:20:26:5E:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/jT7FIbbtERkFKLrTD349cmHKn1k.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     378
IP address blocks:        132.72.0.0/16 maxlen: 16
                          132.72.0.0/15 maxlen: 15
                          132.73.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fc:3d:6d:2e:62:fd:cb:d8:9a:f0:7c:dc:4d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea93edfc2aa748e4981050ec06e3a66920265e17
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d3ec521b6ed11190528bad30f7e3d7261ca9f59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:83:27:19:19:b5:a9:20:97:86:0c:45:4f:42:
                    ab:04:ff:0c:2c:1b:d9:c6:64:a7:91:11:56:a3:10:
                    ac:35:8a:36:fd:10:d9:a7:00:19:c8:dd:65:2d:8e:
                    d2:d1:00:78:96:da:0a:f7:f0:ce:2c:26:40:60:1d:
                    da:38:c6:b6:b5:3c:e3:75:fd:03:3d:84:32:bd:b4:
                    b7:f0:51:89:c9:c3:c2:fe:6d:4b:90:7e:7f:a0:f9:
                    67:df:a7:45:46:9a:6a:f2:68:84:72:e8:4d:f2:c1:
                    52:ec:9d:8c:95:e9:18:92:95:2b:58:59:51:0e:e3:
                    07:13:bd:af:11:8c:84:8c:a6:c5:19:70:a9:7e:5f:
                    42:9c:b7:24:a2:13:a2:50:68:ff:be:3a:62:df:b1:
                    c6:99:f3:dc:69:c6:50:83:35:42:4c:d8:80:bb:9a:
                    c9:c7:b8:55:dc:5c:b5:d4:2f:24:8b:ee:ee:b6:f3:
                    d7:50:49:9c:2d:ce:38:b0:17:d7:db:91:a4:ea:9e:
                    fc:0b:31:b5:6a:d3:84:7c:33:8a:cc:59:50:b1:cb:
                    c3:3b:5e:4f:95:48:54:14:cc:a4:aa:10:84:bf:19:
                    07:b9:78:9a:f8:05:ef:a4:49:40:ee:f9:c3:11:ed:
                    03:f2:88:7f:7e:87:bb:5d:36:bc:8b:4b:e3:3b:24:
                    b9:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:3E:C5:21:B6:ED:11:19:05:28:BA:D3:0F:7E:3D:72:61:CA:9F:59
            X509v3 Authority Key Identifier:
                keyid:EA:93:ED:FC:2A:A7:48:E4:98:10:50:EC:06:E3:A6:69:20:26:5E:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/jT7FIbbtERkFKLrTD349cmHKn1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         3e:2a:aa:c2:96:86:f5:47:fb:24:9c:ab:4b:65:5f:f7:22:9f:
         08:62:86:0c:17:70:ab:f1:e7:a6:24:cf:2d:83:55:54:36:b7:
         b2:21:1e:35:f5:e5:d7:e9:42:e7:dd:bf:c3:c8:af:9f:ab:51:
         38:b6:ee:be:b9:56:8f:0f:5d:7e:6c:8a:c6:4a:48:95:07:1b:
         a3:c3:c0:39:2a:e3:eb:9a:47:05:ef:dc:7f:35:e7:98:8b:87:
         da:10:c8:5b:8a:ac:6d:22:28:ca:b9:8f:1c:8b:e2:31:32:f3:
         99:74:50:f4:9c:7f:15:08:ae:42:be:09:0a:42:19:3f:f7:13:
         f1:c0:46:fa:c2:74:06:a8:67:c3:4c:c3:15:e6:34:3c:14:3d:
         c4:ed:f7:ce:d1:c0:28:5c:ba:61:f9:db:c9:93:8b:e4:21:40:
         15:80:6f:8d:65:f8:79:09:1f:38:65:54:59:a7:36:0b:77:18:
         c6:1e:08:09:f7:2c:06:a2:47:e5:32:7d:77:1d:89:8f:f3:1e:
         c1:6b:28:e4:af:01:ea:d2:7d:b5:97:77:82:f8:c9:cc:df:f6:
         de:67:cc:a4:2b:2d:ae:d2:c2:c4:2d:bc:e0:45:a3:e1:25:40:
         dc:d3:a0:60:06:51:06:34:a4:60:c5:37:bb:18:28:89:16:1c:
         e3:a4:27:07
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFbfw9bS5i/cvYmvB83E0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhOTNlZGZjMmFhNzQ4ZTQ5ODEwNTBlYzA2ZTNhNjY5MjAy
NjVlMTcwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDNlYzUyMWI2ZWQxMTE5MDUyOGJhZDMwZjdlM2Q3MjYxY2E5ZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoMnGRm1qSCXhgxFT0KrBP8MLBvZ
xmSnkRFWoxCsNYo2/RDZpwAZyN1lLY7S0QB4ltoK9/DOLCZAYB3aOMa2tTzjdf0D
PYQyvbS38FGJycPC/m1LkH5/oPln36dFRppq8miEcuhN8sFS7J2MlekYkpUrWFlR
DuMHE72vEYyEjKbFGXCpfl9CnLckohOiUGj/vjpi37HGmfPcacZQgzVCTNiAu5rJ
x7hV3Fy11C8ki+7utvPXUEmcLc44sBfX25Gk6p78CzG1atOEfDOKzFlQscvDO15P
lUhUFMykqhCEvxkHuXia+AXvpElA7vnDEe0D8oh/foe7XTa8i0vjOyS5GQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFI0+xSG27REZBSi60w9+PXJhyp9ZMB8GA1UdIwQY
MBaAFOqT7fwqp0jkmBBQ7AbjpmkgJl4XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnBQdF9DcW5TT1NZRUZEc0J1T21hU0FtWGhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wZmQ1ZjQtNTZjMC00OGJhLWIwMmIt
ZDEzOGE5YzRlNDNmLzEvalQ3RkliYnRFUmtGS0xyVEQzNDljbUhLbjFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8wZmQ1ZjQtNTZjMC00OGJhLWIwMmItZDEzOGE5YzRlNDNm
LzEvNnBQdF9DcW5TT1NZRUZEc0J1T21hU0FtWGhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEgwDQYJ
KoZIhvcNAQELBQADggEBAD4qqsKWhvVH+yScq0tlX/cinwhihgwXcKvx56Ykzy2D
VVQ2t7IhHjX15dfpQufdv8PIr5+rUTi27r65Vo8PXX5sisZKSJUHG6PDwDkq4+ua
RwXv3H8155iLh9oQyFuKrG0iKMq5jxyL4jEy85l0UPScfxUIrkK+CQpCGT/3E/HA
RvrCdAaoZ8NMwxXmNDwUPcTt987RwChcumH528mTi+QhQBWAb41l+HkJHzhlVFmn
Ngt3GMYeCAn3LAaiR+UyfXcdiY/zHsFrKOSvAerSfbWXd4L4yczf9t5nzKQrLa7S
wsQtvOBFo+ElQNzToGAGUQY0pGDFN7sYKIkWHOOkJwc=
-----END CERTIFICATE-----