Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/cXnKX_2LUdgL0u_LJwrQ-IXwdM4.roa
File:                     cXnKX_2LUdgL0u_LJwrQ-IXwdM4.roa (raw, json)
Hash identifier:          ODttyT3/taPj4JLmSfU2ZkUYsORmzVO8/U9jbrB/DLo=
Subject key identifier:   71:79:CA:5F:FD:8B:51:D8:0B:D2:EF:CB:27:0A:D0:F8:85:F0:74:CE
Certificate issuer:       /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial:       0192052ADFB724A9C6AEB3EF7D6FFD5C60C1
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/cXnKX_2LUdgL0u_LJwrQ-IXwdM4.roa
Signing time:             Wed 18 Sep 2024 12:45:48 +0000
ROA not before:           Wed 18 Sep 2024 12:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6762
IP address blocks:        212.124.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:05:2a:df:b7:24:a9:c6:ae:b3:ef:7d:6f:fd:5c:60:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
        Validity
            Not Before: Sep 18 12:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7179ca5ffd8b51d80bd2efcb270ad0f885f074ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:34:72:9c:60:50:61:f2:05:6d:d4:5a:27:3b:
                    b1:7a:bd:97:5d:a6:71:72:4f:22:47:83:ad:36:ae:
                    27:72:05:d8:57:57:19:bb:da:07:f8:75:42:11:ce:
                    b6:5e:0f:3b:c8:d7:f1:25:88:b5:2c:94:0c:1f:8e:
                    0f:47:ee:ee:28:66:1c:59:e5:50:45:44:3d:28:c3:
                    d4:5e:61:b7:88:12:44:84:10:1b:3c:8e:70:44:d2:
                    be:f9:b4:11:ca:0d:c6:2c:e3:1b:f8:da:e2:89:ee:
                    48:4f:84:ac:5b:03:07:71:fa:06:2e:c9:44:2a:dd:
                    fe:9f:5e:62:47:34:5b:6f:75:8c:4f:90:8b:06:8e:
                    ce:7e:71:fc:e8:ee:07:1b:6f:42:43:14:5c:21:5f:
                    5d:6c:93:e3:6d:28:0c:30:fc:a5:55:73:84:51:1c:
                    7c:3a:01:3d:9a:58:90:62:c1:79:81:3a:78:4b:0a:
                    35:1f:57:3f:a4:06:5d:d8:f8:b8:b3:db:49:75:97:
                    8f:22:99:11:fd:6d:b6:fd:af:e9:fb:24:3c:75:34:
                    08:d1:f9:93:a4:20:91:a3:24:60:a2:a9:b1:37:e3:
                    87:8c:19:d7:6e:73:a6:e4:29:45:d5:8d:5c:92:3d:
                    4e:12:66:16:6f:f0:a9:51:ac:b2:89:99:e7:cb:ea:
                    ce:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:79:CA:5F:FD:8B:51:D8:0B:D2:EF:CB:27:0A:D0:F8:85:F0:74:CE
            X509v3 Authority Key Identifier:
                keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/cXnKX_2LUdgL0u_LJwrQ-IXwdM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.124.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:79:2a:26:47:4f:d8:b2:47:63:9a:3e:61:78:97:35:38:32:
         89:e4:3a:24:dc:3a:6a:82:38:a4:15:d5:08:c2:c5:20:23:d1:
         73:ba:2d:16:68:ae:84:84:97:94:8e:0f:3f:5c:bc:e7:d6:f2:
         66:40:ce:05:a8:fb:74:c1:05:2b:a4:c1:4e:b5:e7:9c:20:4c:
         56:8b:85:08:70:dd:ec:52:95:89:5f:9f:24:29:93:3b:7b:20:
         75:17:59:2e:52:76:06:e8:f0:55:6d:87:25:88:71:8e:f3:97:
         35:ec:08:51:36:89:67:16:67:f4:1b:90:7b:82:2d:28:0e:60:
         4e:b3:11:05:80:aa:88:ad:f8:18:03:33:99:67:43:72:15:7d:
         53:aa:11:73:21:7f:2f:df:c4:89:3d:bb:36:f0:44:60:1f:bf:
         42:d2:60:5b:86:a5:a3:d9:57:58:a3:dc:23:f1:b7:b1:f6:fa:
         34:20:5d:1f:97:86:cd:1e:07:90:85:73:03:2b:dd:a8:99:fd:
         91:7c:17:5e:f7:86:e2:08:7b:0d:d1:e7:2f:47:10:8a:47:48:
         05:86:85:89:42:6e:2e:0f:2e:2f:4d:09:37:87:86:57:4d:f5:
         4f:0a:08:1b:0f:09:66:35:e8:7b:fe:cc:20:20:42:c9:4a:72:
         04:24:26:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIFKt+3JKnGrrPvfW/9XGDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjQwOTE4MTI0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTc5Y2E1ZmZkOGI1MWQ4MGJkMmVmY2IyNzBhZDBmODg1ZjA3NGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijRynGBQYfIFbdRaJzuxer2XXaZx
ck8iR4OtNq4ncgXYV1cZu9oH+HVCEc62Xg87yNfxJYi1LJQMH44PR+7uKGYcWeVQ
RUQ9KMPUXmG3iBJEhBAbPI5wRNK++bQRyg3GLOMb+Nriie5IT4SsWwMHcfoGLslE
Kt3+n15iRzRbb3WMT5CLBo7OfnH86O4HG29CQxRcIV9dbJPjbSgMMPylVXOEURx8
OgE9mliQYsF5gTp4Swo1H1c/pAZd2Pi4s9tJdZePIpkR/W22/a/p+yQ8dTQI0fmT
pCCRoyRgoqmxN+OHjBnXbnOm5ClF1Y1ckj1OEmYWb/CpUayyiZnny+rO9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHF5yl/9i1HYC9LvyycK0PiF8HTOMB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvY1huS1hfMkxVZGdMMHVfTEp3clEtSVh3ZE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1HxYMA0G
CSqGSIb3DQEBCwUAA4IBAQAieSomR0/Yskdjmj5heJc1ODKJ5Dok3DpqgjikFdUI
wsUgI9Fzui0WaK6EhJeUjg8/XLzn1vJmQM4FqPt0wQUrpMFOteecIExWi4UIcN3s
UpWJX58kKZM7eyB1F1kuUnYG6PBVbYcliHGO85c17AhRNolnFmf0G5B7gi0oDmBO
sxEFgKqIrfgYAzOZZ0NyFX1TqhFzIX8v38SJPbs28ERgH79C0mBbhqWj2VdYo9wj
8bex9vo0IF0fl4bNHgeQhXMDK92omf2RfBde94biCHsN0ecvRxCKR0gFhoWJQm4u
Dy4vTQk3h4ZXTfVPCggbDwlmNeh7/swgIELJSnIEJCY2
-----END CERTIFICATE-----