Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/0oRCZzlNIZV896yY3LghsghJfmI.roa
File:                     0oRCZzlNIZV896yY3LghsghJfmI.roa (raw, json)
Hash identifier:          zDbkjL/iXnyj8icji8uyJ0BGr/1vOUhWzdrTP0zFdhY=
Subject key identifier:   D2:84:42:67:39:4D:21:95:7C:F7:AC:98:DC:B8:21:B2:08:49:7E:62
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       018CC801AB7E28847EF116B8C51D33EBF2B7
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/0oRCZzlNIZV896yY3LghsghJfmI.roa
Signing time:             Tue 02 Jan 2024 02:30:01 +0000
ROA not before:           Tue 02 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212260
IP address blocks:        213.135.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ab:7e:28:84:7e:f1:16:b8:c5:1d:33:eb:f2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2844267394d21957cf7ac98dcb821b208497e62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f8:e3:f8:9c:77:e6:9a:03:9a:3d:dc:47:d6:
                    99:f6:a6:e0:84:33:f1:e5:5b:de:17:c2:9a:32:75:
                    68:32:1e:b5:56:11:44:31:79:de:be:38:a4:7a:79:
                    cc:fd:b9:ca:16:7d:6c:39:a5:83:ce:4c:bf:23:a2:
                    22:a9:02:7f:5c:94:ab:32:0a:1c:71:d7:60:21:3a:
                    a2:fc:c0:a7:ac:91:1d:09:39:2b:4b:c8:7e:3a:30:
                    c4:4e:fb:76:fb:b8:13:06:5c:71:4c:2a:08:d5:5b:
                    ba:52:ab:1a:c1:8f:a1:62:42:1f:01:f7:8d:47:b7:
                    b5:08:32:73:6d:68:60:7b:47:24:01:52:32:ba:c3:
                    ba:32:ee:c2:57:82:bb:1f:39:f6:d3:6d:cc:65:1a:
                    c0:52:77:88:03:fa:bd:4b:a9:7b:81:ef:b9:65:ff:
                    b7:e6:e6:35:e4:7c:c2:48:67:e3:49:6e:2b:db:0f:
                    62:4e:d8:50:3f:b0:51:4e:be:8f:20:d2:c1:95:f4:
                    b4:91:04:70:96:db:6a:8f:a2:45:d7:e4:a7:ba:55:
                    b1:b8:d9:93:42:71:46:48:2e:72:fd:a0:e6:31:c5:
                    0f:11:1a:3c:6c:79:1f:69:01:eb:b0:cc:09:f6:6f:
                    6d:e9:2d:ed:f3:f3:33:78:80:88:a8:1b:4f:32:9f:
                    e8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:84:42:67:39:4D:21:95:7C:F7:AC:98:DC:B8:21:B2:08:49:7E:62
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/0oRCZzlNIZV896yY3LghsghJfmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.135.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:e4:4b:25:51:e9:54:96:79:fb:d6:53:c2:9f:cd:70:86:02:
         32:9d:2c:3a:6f:18:5d:a0:d8:b3:e1:54:23:fb:78:bd:16:ff:
         3c:38:ae:29:70:56:8e:59:b9:8f:4f:d2:8b:72:84:d0:02:68:
         0a:1e:5a:8d:2a:59:2d:9d:ed:11:61:07:b6:c9:a1:4f:65:4e:
         0a:d2:09:cb:2a:46:14:61:c3:36:a8:90:e8:4b:72:b8:a8:3d:
         af:ba:47:cb:c1:08:62:01:9a:77:c5:0b:7f:49:ae:de:b6:0b:
         69:65:60:9a:9b:f0:24:95:2b:01:fc:52:61:a7:cd:ab:48:ab:
         48:29:12:98:bd:20:9a:d0:16:76:14:3c:b9:cb:e5:60:d6:7e:
         d8:9d:9d:90:c3:aa:53:14:e1:89:d4:fc:a7:c5:66:98:4c:2d:
         33:92:b1:ee:39:0f:c4:de:47:0c:14:48:8d:9b:e9:fb:56:d9:
         0d:f5:04:42:01:92:ff:c7:6d:3f:15:e5:d4:cd:56:e8:69:78:
         91:43:a0:9c:d2:8a:ce:51:6d:48:2d:ec:b9:8c:27:19:8c:18:
         9d:3e:54:db:06:04:f1:43:70:e4:e3:a3:b3:7f:98:5c:29:bc:
         3d:5e:bd:4d:bc:bc:e7:99:fb:49:30:be:a7:42:0a:18:e9:eb:
         da:4a:15:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAat+KIR+8Ra4xR0z6/K3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjg0NDI2NzM5NGQyMTk1N2NmN2FjOThkY2I4MjFiMjA4NDk3ZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfjj+Jx35poDmj3cR9aZ9qbghDPx
5VveF8KaMnVoMh61VhFEMXnevjikennM/bnKFn1sOaWDzky/I6IiqQJ/XJSrMgoc
cddgITqi/MCnrJEdCTkrS8h+OjDETvt2+7gTBlxxTCoI1Vu6UqsawY+hYkIfAfeN
R7e1CDJzbWhge0ckAVIyusO6Mu7CV4K7Hzn2023MZRrAUneIA/q9S6l7ge+5Zf+3
5uY15HzCSGfjSW4r2w9iTthQP7BRTr6PINLBlfS0kQRwlttqj6JF1+SnulWxuNmT
QnFGSC5y/aDmMcUPERo8bHkfaQHrsMwJ9m9t6S3t8/MzeICIqBtPMp/oeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKEQmc5TSGVfPesmNy4IbIISX5iMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvMG9SQ1p6bE5JWlY4OTZ5WTNMZ2hzZ2hKZm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YdCMA0G
CSqGSIb3DQEBCwUAA4IBAQCd5EslUelUlnn71lPCn81whgIynSw6bxhdoNiz4VQj
+3i9Fv88OK4pcFaOWbmPT9KLcoTQAmgKHlqNKlktne0RYQe2yaFPZU4K0gnLKkYU
YcM2qJDoS3K4qD2vukfLwQhiAZp3xQt/Sa7etgtpZWCam/AklSsB/FJhp82rSKtI
KRKYvSCa0BZ2FDy5y+Vg1n7YnZ2Qw6pTFOGJ1PynxWaYTC0zkrHuOQ/E3kcMFEiN
m+n7VtkN9QRCAZL/x20/FeXUzVboaXiRQ6Cc0orOUW1ILey5jCcZjBidPlTbBgTx
Q3Dk46Ozf5hcKbw9Xr1NvLznmftJML6nQgoY6evaShWV
-----END CERTIFICATE-----