Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/O06wmTlJ5iRdQMOMsxiShky2g8o.roa
File:                     O06wmTlJ5iRdQMOMsxiShky2g8o.roa (raw, json)
Hash identifier:          fIsSbA0eT8KYkHdYiy0IgYJWAqjeP2ChF1XHvZpWUp0=
Subject key identifier:   3B:4E:B0:99:39:49:E6:24:5D:40:C3:8C:B3:18:92:86:4C:B6:83:CA
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       018CC7942249F6673CEA322349E1C34C2E50
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/O06wmTlJ5iRdQMOMsxiShky2g8o.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39007
IP address blocks:        82.135.160.0/21 maxlen: 21
                          212.59.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:22:49:f6:67:3c:ea:32:23:49:e1:c3:4c:2e:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b4eb0993949e6245d40c38cb31892864cb683ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e7:03:ac:1c:bc:e9:2c:1e:e3:16:43:87:88:
                    8d:a7:75:b6:26:fa:ea:7b:c9:fd:ec:be:48:3b:d2:
                    c0:71:fb:20:0f:5e:1a:20:db:00:d5:27:3c:10:c8:
                    ec:05:63:10:e5:04:81:e0:34:82:cc:b1:38:27:ad:
                    05:78:f9:39:51:98:97:9f:30:89:47:e2:7c:08:46:
                    83:6f:b3:ec:a0:da:f3:f3:71:26:d0:52:62:80:4c:
                    6a:da:12:45:fe:7f:5a:dc:77:39:1f:20:3c:91:14:
                    85:db:a9:bd:30:f8:54:1f:9c:26:8a:b3:a0:73:d0:
                    57:40:9c:1e:3c:27:5b:6c:b0:e8:bd:0c:04:bc:b6:
                    98:ce:33:79:58:e2:3c:70:ad:96:eb:9c:ce:a0:4a:
                    a6:10:f2:80:13:5d:20:11:93:ac:b5:dc:57:6d:f3:
                    55:61:90:ec:b5:96:b3:20:dd:74:5c:38:c5:a7:e1:
                    0b:2c:b2:f9:0a:b8:56:33:2a:31:87:7e:98:ea:31:
                    7b:32:04:35:3d:67:d2:da:3a:7e:27:9d:af:be:34:
                    5f:95:38:47:86:27:6b:e0:39:ce:cb:18:52:35:3a:
                    4c:d6:5b:bb:c0:ab:cb:f0:d8:bd:9c:2d:70:73:f2:
                    fd:25:a9:51:97:15:7b:22:38:c8:40:1e:0c:d1:45:
                    89:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:4E:B0:99:39:49:E6:24:5D:40:C3:8C:B3:18:92:86:4C:B6:83:CA
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/O06wmTlJ5iRdQMOMsxiShky2g8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.135.160.0/21
                  212.59.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:6c:58:ed:2d:84:53:05:e2:34:7f:8f:a0:09:1c:83:42:80:
         69:cc:90:db:8c:14:e8:4c:68:90:7e:ba:9d:b4:e8:b2:82:9f:
         02:7e:9e:aa:fb:62:8a:bd:f6:2b:27:66:8c:6e:0b:fd:be:15:
         51:79:93:a8:59:35:77:26:60:75:08:bc:99:0f:9f:3d:37:27:
         d1:8d:bd:ac:7f:5a:3a:21:d6:ef:94:a8:90:a2:9d:f9:5a:4f:
         e3:54:b2:df:0b:d6:b6:69:67:8a:a7:0a:ab:da:f3:ad:b3:55:
         89:dd:e3:a5:e2:b6:b0:0a:52:b7:e5:52:e7:cb:ec:6b:70:e1:
         5f:12:a6:68:89:66:af:24:12:e5:2e:7d:9f:0f:eb:e1:f8:c5:
         8f:e4:33:43:b3:39:f2:4a:a1:a3:e2:f8:ef:de:02:79:1f:a5:
         38:9b:66:fb:a9:82:6f:c7:22:a3:60:82:1c:64:99:7e:0b:41:
         34:24:2f:c7:fc:a8:82:b2:c2:cb:48:9c:86:97:01:d7:4a:a8:
         c7:a6:4e:a1:8f:03:e9:4a:5e:28:13:e1:e0:cd:9f:39:99:34:
         0d:05:9f:02:4f:4b:b7:3d:b1:18:15:ba:87:70:f1:50:2d:6e:
         5b:ef:69:31:32:3a:8c:31:a2:5a:aa:06:01:21:85:8d:44:35:
         71:94:96:ee
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlCJJ9mc86jIjSeHDTC5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjRlYjA5OTM5NDllNjI0NWQ0MGMzOGNiMzE4OTI4NjRjYjY4M2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+cDrBy86Swe4xZDh4iNp3W2Jvrq
e8n97L5IO9LAcfsgD14aINsA1Sc8EMjsBWMQ5QSB4DSCzLE4J60FePk5UZiXnzCJ
R+J8CEaDb7PsoNrz83Em0FJigExq2hJF/n9a3Hc5HyA8kRSF26m9MPhUH5wmirOg
c9BXQJwePCdbbLDovQwEvLaYzjN5WOI8cK2W65zOoEqmEPKAE10gEZOstdxXbfNV
YZDstZazIN10XDjFp+ELLLL5CrhWMyoxh36Y6jF7MgQ1PWfS2jp+J52vvjRflThH
hidr4DnOyxhSNTpM1lu7wKvL8Ni9nC1wc/L9JalRlxV7IjjIQB4M0UWJ3wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDtOsJk5SeYkXUDDjLMYkoZMtoPKMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL08wNndtVGxKNWlSZFFNT01zeGlTaGt5Mmc4by5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBANSh6AD
BADUOxIwDQYJKoZIhvcNAQELBQADggEBADpsWO0thFMF4jR/j6AJHINCgGnMkNuM
FOhMaJB+up206LKCnwJ+nqr7Yoq99isnZoxuC/2+FVF5k6hZNXcmYHUIvJkPnz03
J9GNvax/Wjoh1u+UqJCinflaT+NUst8L1rZpZ4qnCqva862zVYnd46XitrAKUrfl
UufL7Gtw4V8SpmiJZq8kEuUufZ8P6+H4xY/kM0OzOfJKoaPi+O/eAnkfpTibZvup
gm/HIqNgghxkmX4LQTQkL8f8qIKywstInIaXAddKqMemTqGPA+lKXigT4eDNnzmZ
NA0FnwJPS7c9sRgVuodw8VAtblvvaTEyOowxolqqBgEhhY1ENXGUlu4=
-----END CERTIFICATE-----