Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/ZOSm1QnYdKKH_MH6YJVSQjWjTMc.roa
File:                     ZOSm1QnYdKKH_MH6YJVSQjWjTMc.roa (raw, json)
Hash identifier:          aeFkzFiAj54krGPCB2F5XDacMd3BRpU18XZ5K4kMJZc=
Subject key identifier:   64:E4:A6:D5:09:D8:74:A2:87:FC:C1:FA:60:95:52:42:35:A3:4C:C7
Certificate issuer:       /CN=208de3ad18dd0ae14362d0e84dec043d379cc242
Certificate serial:       018CC492FE15A9FD70EF11A62DE45D545BDE
Authority key identifier: 20:8D:E3:AD:18:DD:0A:E1:43:62:D0:E8:4D:EC:04:3D:37:9C:C2:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/II3jrRjdCuFDYtDoTewEPTecwkI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/ZOSm1QnYdKKH_MH6YJVSQjWjTMc.roa
Signing time:             Mon 01 Jan 2024 10:30:16 +0000
ROA not before:           Mon 01 Jan 2024 10:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12729
IP address blocks:        212.127.96.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/II3jrRjdCuFDYtDoTewEPTecwkI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/II3jrRjdCuFDYtDoTewEPTecwkI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/II3jrRjdCuFDYtDoTewEPTecwkI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fe:15:a9:fd:70:ef:11:a6:2d:e4:5d:54:5b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=208de3ad18dd0ae14362d0e84dec043d379cc242
        Validity
            Not Before: Jan  1 10:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64e4a6d509d874a287fcc1fa6095524235a34cc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:58:7a:58:2d:22:c1:8b:5f:81:5f:60:f6:f8:
                    49:8e:d8:3d:5c:72:26:71:2c:78:06:f7:9e:4e:d6:
                    22:ea:f5:e0:3d:cf:3e:7c:9b:35:93:b3:f9:02:a0:
                    a4:38:b8:ab:c4:71:64:d0:74:3e:9a:9d:dd:44:dd:
                    5b:80:3e:a9:f2:9a:17:4d:0e:7f:df:b8:e8:35:bb:
                    87:6d:14:8b:bb:0f:65:c2:b7:d7:1b:1a:d4:d1:e8:
                    13:0b:a0:50:fc:6a:50:75:3a:55:b9:59:79:62:78:
                    a5:93:56:6d:11:c8:35:be:7b:27:46:65:3c:b8:f3:
                    74:38:85:a3:2f:dc:a2:0d:76:da:4b:af:6a:6d:8b:
                    b7:9e:a1:58:90:b4:aa:df:d6:31:d2:7a:42:55:26:
                    f9:bc:a9:47:55:d7:11:e0:b7:6e:79:ff:16:89:21:
                    a5:96:c7:db:ea:59:6e:43:4f:7b:e1:d4:01:62:d4:
                    ba:e3:fc:8c:30:6d:11:d6:e1:bd:3c:5f:24:a9:ea:
                    5d:e7:77:ab:dc:63:51:1c:e9:ca:65:97:65:b2:cf:
                    77:77:f1:15:43:f6:42:14:77:79:af:87:0a:7f:ca:
                    9b:6d:c0:6f:37:14:50:ae:38:9c:cb:86:6e:92:cd:
                    03:aa:7b:c2:eb:7f:0b:1a:6d:6c:0b:c6:6b:4e:83:
                    14:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:E4:A6:D5:09:D8:74:A2:87:FC:C1:FA:60:95:52:42:35:A3:4C:C7
            X509v3 Authority Key Identifier:
                keyid:20:8D:E3:AD:18:DD:0A:E1:43:62:D0:E8:4D:EC:04:3D:37:9C:C2:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/II3jrRjdCuFDYtDoTewEPTecwkI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/ZOSm1QnYdKKH_MH6YJVSQjWjTMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/II3jrRjdCuFDYtDoTewEPTecwkI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.127.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3b:38:9c:16:8a:c1:b4:d0:5a:0c:bb:ae:1d:5d:db:27:1b:00:
         5a:58:17:4a:6c:b9:e0:af:df:c6:01:85:e8:99:1d:74:26:1b:
         b4:3d:ec:f5:56:59:ab:0d:fe:17:85:bb:ce:34:da:1f:0e:cf:
         41:ad:90:e9:cc:0e:3e:7f:b3:4c:59:01:1f:2d:3b:4b:42:00:
         d4:39:4b:30:f4:4d:2c:65:8a:05:2a:b4:4b:52:3c:b9:54:9e:
         5a:51:3a:73:d5:f0:7d:d3:8a:d2:9d:f8:4e:0b:73:6b:50:64:
         44:57:32:10:48:04:fb:e7:22:46:17:4e:0a:fc:49:a1:c7:19:
         6b:ee:d8:5b:3a:29:6e:a1:b7:ea:8e:6e:89:4b:c4:8c:cf:e9:
         67:0e:56:c7:80:e6:7b:7e:d1:7e:ad:6c:55:6b:dd:53:03:45:
         5d:ab:cc:cd:c6:7b:f6:fd:80:15:8d:8f:07:ce:97:1c:02:4d:
         89:bd:7a:35:52:de:13:57:48:ea:33:22:fd:7a:93:2d:62:7e:
         f7:b1:92:b5:d5:8c:b0:e4:bc:37:fe:db:8d:a3:f1:95:ab:2f:
         ef:a0:e9:85:0b:42:02:fa:2f:8a:69:b7:e2:3d:eb:20:d3:2a:
         1e:25:8c:ad:1b:e8:b6:39:a9:d1:6e:1d:00:a8:fc:9e:6e:1d:
         5f:b9:25:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkv4Vqf1w7xGmLeRdVFveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwOGRlM2FkMThkZDBhZTE0MzYyZDBlODRkZWMwNDNkMzc5
Y2MyNDIwHhcNMjQwMTAxMTAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGU0YTZkNTA5ZDg3NGEyODdmY2MxZmE2MDk1NTI0MjM1YTM0Y2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1h6WC0iwYtfgV9g9vhJjtg9XHIm
cSx4BveeTtYi6vXgPc8+fJs1k7P5AqCkOLirxHFk0HQ+mp3dRN1bgD6p8poXTQ5/
37joNbuHbRSLuw9lwrfXGxrU0egTC6BQ/GpQdTpVuVl5Ynilk1ZtEcg1vnsnRmU8
uPN0OIWjL9yiDXbaS69qbYu3nqFYkLSq39Yx0npCVSb5vKlHVdcR4Lduef8WiSGl
lsfb6lluQ0974dQBYtS64/yMMG0R1uG9PF8kqepd53er3GNRHOnKZZdlss93d/EV
Q/ZCFHd5r4cKf8qbbcBvNxRQrjicy4Zuks0DqnvC638LGm1sC8ZrToMUlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTkptUJ2HSih/zB+mCVUkI1o0zHMB8GA1UdIwQY
MBaAFCCN460Y3QrhQ2LQ6E3sBD03nMJCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUkzanJSamRDdUZEWXREb1Rld0VQVGVjd2tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS82MTA5NGEtOTQ2OS00Mjk5LTg5ZjIt
YmRmNmU0Mjk0YzJlLzEvWk9TbTFRbllkS0tIX01INllKVlNRaldqVE1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS82MTA5NGEtOTQ2OS00Mjk5LTg5ZjItYmRmNmU0Mjk0YzJl
LzEvSUkzanJSamRDdUZEWXREb1Rld0VQVGVjd2tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1H9gMA0G
CSqGSIb3DQEBCwUAA4IBAQA7OJwWisG00FoMu64dXdsnGwBaWBdKbLngr9/GAYXo
mR10Jhu0Pez1VlmrDf4XhbvONNofDs9BrZDpzA4+f7NMWQEfLTtLQgDUOUsw9E0s
ZYoFKrRLUjy5VJ5aUTpz1fB904rSnfhOC3NrUGREVzIQSAT75yJGF04K/Emhxxlr
7thbOiluobfqjm6JS8SMz+lnDlbHgOZ7ftF+rWxVa91TA0Vdq8zNxnv2/YAVjY8H
zpccAk2JvXo1Ut4TV0jqMyL9epMtYn73sZK11Yyw5Lw3/tuNo/GVqy/voOmFC0IC
+i+KabfiPesg0yoeJYytG+i2OanRbh0AqPyebh1fuSVN
-----END CERTIFICATE-----