Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/XC7JKIa5bqihFA3FcV9VBchGyYU.roa
File:                     XC7JKIa5bqihFA3FcV9VBchGyYU.roa (raw, json)
Hash identifier:          iHcBwNUk8xqnkSOG74BSHdtc5ByOiJ+wkBNJj0rGZTQ=
Subject key identifier:   5C:2E:C9:28:86:B9:6E:A8:A1:14:0D:C5:71:5F:55:05:C8:46:C9:85
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       0192556890F2DC2DC28C63971E9DAA33C812
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/XC7JKIa5bqihFA3FcV9VBchGyYU.roa
Signing time:             Fri 04 Oct 2024 02:42:49 +0000
ROA not before:           Fri 04 Oct 2024 02:42:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        212.116.240.0/24 maxlen: 24
                          212.116.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:55:68:90:f2:dc:2d:c2:8c:63:97:1e:9d:aa:33:c8:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Oct  4 02:42:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c2ec92886b96ea8a1140dc5715f5505c846c985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:05:48:88:52:9a:71:9e:3c:c2:7e:63:eb:75:
                    78:0a:9a:40:76:67:0f:3e:58:34:7f:78:f8:f3:37:
                    91:f9:49:0d:c4:ad:5b:c7:b1:5f:b5:be:1b:ba:5b:
                    68:06:64:ea:cd:64:c1:3d:9a:a4:c2:12:ac:80:76:
                    d7:9f:77:bd:39:75:54:fd:59:ce:3b:1c:cd:c4:24:
                    f9:b2:a6:48:0a:5e:9b:62:20:d8:4c:1b:97:f0:b8:
                    c0:e1:f3:85:c6:6a:f3:9c:cf:8f:4a:fb:f3:d6:df:
                    9d:97:b2:b4:f3:72:30:8e:4b:c5:a1:b8:80:18:c5:
                    46:7a:ac:36:98:c8:e0:06:94:36:54:13:fc:a4:5e:
                    a3:6b:41:c6:02:26:e6:c9:24:6a:b3:82:88:24:09:
                    61:77:06:bf:10:b8:e4:59:eb:8d:2c:7b:f0:7f:d9:
                    b0:72:06:23:0a:d3:de:5e:4e:25:48:18:ee:23:45:
                    6b:74:4b:9a:2b:fc:0e:ba:1e:43:9b:fe:40:17:dd:
                    db:05:e7:fb:07:cf:8a:16:5f:6f:d9:94:38:95:ec:
                    10:c6:c4:39:e2:4c:34:29:79:b0:04:79:7d:79:74:
                    f8:5d:db:c6:6b:ca:35:dd:64:7c:9c:c3:48:15:5a:
                    6a:6a:75:9f:9f:2f:04:0b:2b:36:55:39:04:a2:80:
                    d4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:2E:C9:28:86:B9:6E:A8:A1:14:0D:C5:71:5F:55:05:C8:46:C9:85
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/XC7JKIa5bqihFA3FcV9VBchGyYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c7:85:17:e2:37:8e:3f:e8:f0:f9:88:04:b3:77:30:f7:74:1c:
         d0:98:11:9b:a1:d7:9e:87:3e:c7:4a:a4:56:17:f1:b5:00:6f:
         0b:36:05:fa:b3:66:9e:62:35:b2:72:da:f3:7f:09:ac:79:90:
         7c:aa:ff:14:c2:59:66:61:31:8f:e0:de:54:e5:70:1b:50:7a:
         c9:6b:57:10:01:51:82:47:34:2a:fc:77:b1:e3:a9:55:ca:04:
         22:17:38:b5:34:f8:0f:fb:55:7b:24:79:c4:5a:66:df:9d:4a:
         9e:70:0a:d9:42:93:9b:bb:67:27:64:7b:28:b8:41:60:fb:b5:
         24:c8:43:c3:9a:49:1f:92:2b:32:c5:97:ba:a3:33:73:dd:6e:
         3d:3f:01:d7:44:f6:bb:61:26:a9:c7:f9:07:54:71:e7:c9:18:
         99:8d:24:0b:7d:28:5f:26:5d:d4:2d:5a:32:75:0a:b7:43:b0:
         45:a3:fa:0d:ee:d8:be:8d:6c:ee:4f:7a:f0:e1:1a:6d:91:2f:
         17:8f:e6:ba:f7:20:b6:e5:6d:55:4b:11:22:76:22:b9:c0:f4:
         12:fc:fa:51:0a:86:fc:1e:03:ce:68:44:a2:ea:ae:2b:4b:61:
         0d:eb:52:8c:76:6e:ab:fa:65:7d:e5:77:26:fa:a5:6a:3d:e0:
         9a:d3:e1:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJVaJDy3C3CjGOXHp2qM8gSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjQxMDA0MDI0MjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzJlYzkyODg2Yjk2ZWE4YTExNDBkYzU3MTVmNTUwNWM4NDZjOTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QVIiFKacZ48wn5j63V4CppAdmcP
Plg0f3j48zeR+UkNxK1bx7Fftb4bultoBmTqzWTBPZqkwhKsgHbXn3e9OXVU/VnO
OxzNxCT5sqZICl6bYiDYTBuX8LjA4fOFxmrznM+PSvvz1t+dl7K083IwjkvFobiA
GMVGeqw2mMjgBpQ2VBP8pF6ja0HGAibmySRqs4KIJAlhdwa/ELjkWeuNLHvwf9mw
cgYjCtPeXk4lSBjuI0VrdEuaK/wOuh5Dm/5AF93bBef7B8+KFl9v2ZQ4lewQxsQ5
4kw0KXmwBHl9eXT4XdvGa8o13WR8nMNIFVpqanWfny8ECys2VTkEooDUVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwuySiGuW6ooRQNxXFfVQXIRsmFMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvWEM3SktJYTVicWloRkEzRmNWOVZCY2hHeVlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HTwMA0G
CSqGSIb3DQEBCwUAA4IBAQDHhRfiN44/6PD5iASzdzD3dBzQmBGbodeehz7HSqRW
F/G1AG8LNgX6s2aeYjWyctrzfwmseZB8qv8UwllmYTGP4N5U5XAbUHrJa1cQAVGC
RzQq/Hex46lVygQiFzi1NPgP+1V7JHnEWmbfnUqecArZQpObu2cnZHsouEFg+7Uk
yEPDmkkfkisyxZe6ozNz3W49PwHXRPa7YSapx/kHVHHnyRiZjSQLfShfJl3ULVoy
dQq3Q7BFo/oN7ti+jWzuT3rw4RptkS8Xj+a69yC25W1VSxEidiK5wPQS/PpRCob8
HgPOaESi6q4rS2EN61KMdm6r+mV95Xcm+qVqPeCa0+F6
-----END CERTIFICATE-----