Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/reBe1eU7AW7AVG8SI0p7GLvLBxY.roa
File:                     reBe1eU7AW7AVG8SI0p7GLvLBxY.roa (raw, json)
Hash identifier:          EaZjECT8h7FDY6UK5MerEIZ5rJ5QcLxKsc5aJA5KkIU=
Subject key identifier:   AD:E0:5E:D5:E5:3B:01:6E:C0:54:6F:12:23:4A:7B:18:BB:CB:07:16
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       018CC26CFB1B4B8EA3BF157B8BD62986CFD1
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/reBe1eU7AW7AVG8SI0p7GLvLBxY.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207412
IP address blocks:        212.102.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fb:1b:4b:8e:a3:bf:15:7b:8b:d6:29:86:cf:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ade05ed5e53b016ec0546f12234a7b18bbcb0716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:3e:87:f4:f7:42:31:93:40:35:a7:19:20:2e:
                    42:25:a6:63:ea:ee:fa:09:63:96:4d:c3:65:3a:a7:
                    7c:6b:bc:c5:7f:7b:04:cb:1a:17:6e:25:01:76:2d:
                    27:d8:30:86:c5:ac:c5:66:8b:ea:b0:83:c2:75:0f:
                    5e:e2:64:04:38:6f:d5:43:9f:d5:25:55:ba:c1:ea:
                    5d:79:ad:39:ff:a7:8f:78:f9:3f:b9:6b:f5:99:91:
                    8b:76:da:a4:31:c1:b7:6b:24:33:47:b9:3a:97:99:
                    42:6d:d7:36:fb:58:b5:eb:68:75:d6:7e:7d:83:3d:
                    24:1d:3c:6c:d5:9f:c4:96:95:d5:77:1f:48:80:0b:
                    39:7b:5b:bb:20:c2:75:8c:40:a6:15:df:e7:40:5d:
                    dc:f1:17:54:7d:7c:a1:24:03:34:d4:49:b3:49:56:
                    0d:ba:fc:f8:84:d1:0a:b0:af:a7:4e:38:15:1c:9d:
                    94:8c:54:53:78:04:d8:3a:2a:fa:5c:56:46:77:04:
                    22:bd:71:81:9c:ce:65:e5:16:78:2b:a0:a3:d6:14:
                    9a:d3:ed:7f:72:af:0d:2a:85:87:fa:f6:e6:5e:e4:
                    4e:9d:d3:d4:9a:07:5e:f2:cb:d6:96:49:e6:70:e3:
                    a5:54:5d:d1:40:f2:c5:ee:d6:0b:8f:e5:eb:67:3c:
                    c1:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E0:5E:D5:E5:3B:01:6E:C0:54:6F:12:23:4A:7B:18:BB:CB:07:16
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/reBe1eU7AW7AVG8SI0p7GLvLBxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:7e:bd:85:43:8d:94:2d:ef:bf:b3:d8:ad:ea:dc:b9:49:dd:
         81:b6:7a:ad:c0:2f:9c:93:14:3d:24:df:5d:d2:42:60:57:9f:
         d9:92:1e:f9:40:ad:f8:a3:c3:db:01:6a:9b:61:97:91:c0:15:
         b4:e6:7e:54:9a:41:52:46:3d:e5:f1:6f:10:17:73:5f:92:0f:
         ea:a6:f4:e0:a7:26:cb:40:15:9c:87:1b:16:36:12:e6:3c:23:
         83:e7:1e:8d:e4:63:4c:10:63:d3:d3:7f:15:ef:64:93:11:60:
         2d:d0:5d:12:2c:45:2e:8b:f7:64:ab:c9:5f:e5:58:b2:fc:2a:
         ff:41:b1:b9:d7:0b:0e:f4:cb:86:1b:ee:20:13:d6:63:21:70:
         59:34:05:79:e0:e5:fa:0c:e7:b5:54:43:3a:8d:f1:74:c3:36:
         a4:bc:a7:ca:29:a7:f4:ad:4c:19:db:cc:32:d1:1a:41:74:a4:
         63:d8:93:67:0e:4d:9e:a7:cf:14:40:1b:d6:37:b0:1b:f6:fa:
         b0:bf:24:3f:ea:05:dd:da:78:dc:cf:9d:ff:8b:5b:64:8f:2a:
         52:7b:66:b4:1d:55:b9:3f:64:22:32:dd:dc:7d:be:72:fd:d2:
         26:ef:49:0a:7e:76:8f:8c:1d:1a:96:e3:f9:52:7c:c4:4a:3b:
         2e:8d:e7:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPsbS46jvxV7i9Yphs/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGUwNWVkNWU1M2IwMTZlYzA1NDZmMTIyMzRhN2IxOGJiY2IwNzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiT6H9PdCMZNANacZIC5CJaZj6u76
CWOWTcNlOqd8a7zFf3sEyxoXbiUBdi0n2DCGxazFZovqsIPCdQ9e4mQEOG/VQ5/V
JVW6wepdea05/6ePePk/uWv1mZGLdtqkMcG3ayQzR7k6l5lCbdc2+1i162h11n59
gz0kHTxs1Z/ElpXVdx9IgAs5e1u7IMJ1jECmFd/nQF3c8RdUfXyhJAM01EmzSVYN
uvz4hNEKsK+nTjgVHJ2UjFRTeATYOir6XFZGdwQivXGBnM5l5RZ4K6Cj1hSa0+1/
cq8NKoWH+vbmXuROndPUmgde8svWlknmcOOlVF3RQPLF7tYLj+XrZzzBJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3gXtXlOwFuwFRvEiNKexi7ywcWMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvcmVCZTFlVTdBVzdBVkc4U0kwcDdHTHZMQnhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GZvMA0G
CSqGSIb3DQEBCwUAA4IBAQA4fr2FQ42ULe+/s9it6ty5Sd2BtnqtwC+ckxQ9JN9d
0kJgV5/Zkh75QK34o8PbAWqbYZeRwBW05n5UmkFSRj3l8W8QF3Nfkg/qpvTgpybL
QBWchxsWNhLmPCOD5x6N5GNMEGPT038V72STEWAt0F0SLEUui/dkq8lf5Viy/Cr/
QbG51wsO9MuGG+4gE9ZjIXBZNAV54OX6DOe1VEM6jfF0wzakvKfKKaf0rUwZ28wy
0RpBdKRj2JNnDk2ep88UQBvWN7Ab9vqwvyQ/6gXd2njcz53/i1tkjypSe2a0HVW5
P2QiMt3cfb5y/dIm70kKfnaPjB0aluP5UnzESjsujeeH
-----END CERTIFICATE-----