Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/a37f9c-1e6a-4665-a0e2-fe31100d081f/1/L24ujMjlzwh62P1HorUr0cSvZCw.roa
File:                     L24ujMjlzwh62P1HorUr0cSvZCw.roa (raw, json)
Hash identifier:          rEHUy78ob0si32eupL+l62gKyQ5EwyiZ0gV3gxgro9I=
Subject key identifier:   2F:6E:2E:8C:C8:E5:CF:08:7A:D8:FD:47:A2:B5:2B:D1:C4:AF:64:2C
Certificate issuer:       /CN=3b14629c765ce1ac4f688956e3b90f6ad8c4b582
Certificate serial:       018CC8DEFF8B0AE11204E8D05890EFD0E512
Authority key identifier: 3B:14:62:9C:76:5C:E1:AC:4F:68:89:56:E3:B9:0F:6A:D8:C4:B5:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OxRinHZc4axPaIlW47kPatjEtYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/a37f9c-1e6a-4665-a0e2-fe31100d081f/1/L24ujMjlzwh62P1HorUr0cSvZCw.roa
Signing time:             Tue 02 Jan 2024 06:31:46 +0000
ROA not before:           Tue 02 Jan 2024 06:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        160.80.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/a37f9c-1e6a-4665-a0e2-fe31100d081f/1/OxRinHZc4axPaIlW47kPatjEtYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/a37f9c-1e6a-4665-a0e2-fe31100d081f/1/OxRinHZc4axPaIlW47kPatjEtYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OxRinHZc4axPaIlW47kPatjEtYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 06:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ff:8b:0a:e1:12:04:e8:d0:58:90:ef:d0:e5:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b14629c765ce1ac4f688956e3b90f6ad8c4b582
        Validity
            Not Before: Jan  2 06:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f6e2e8cc8e5cf087ad8fd47a2b52bd1c4af642c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:63:be:22:ac:bf:61:d0:36:5f:22:f0:5c:a6:
                    5b:87:d9:4f:71:72:c4:ce:6c:cd:7d:27:29:d4:60:
                    83:69:e5:43:f5:ec:c7:ec:b3:de:e4:fd:ef:b1:11:
                    39:70:79:25:fa:ba:92:69:62:70:94:a3:f2:7d:1a:
                    31:21:6c:63:62:d1:a2:ff:b9:ed:e5:1e:a7:5e:71:
                    1d:84:fd:6d:c3:a9:84:99:9c:9a:4e:29:4d:e7:1d:
                    f7:18:49:f1:e7:47:c1:15:04:29:c5:63:ba:2e:d1:
                    ef:d5:c3:67:1a:cb:18:f0:b2:3d:11:a3:95:3a:da:
                    f4:c5:dc:fc:24:eb:9b:a7:3a:cc:d2:7a:4b:80:37:
                    ee:67:2d:41:66:4b:03:63:9a:fd:28:99:9b:a9:19:
                    65:4e:84:bf:fa:fd:54:b7:72:de:25:ed:8d:66:ba:
                    00:55:c1:cb:d1:af:47:2c:a4:cb:86:ce:aa:09:49:
                    71:8a:03:da:1d:eb:1d:b5:23:cf:86:8b:d0:89:89:
                    00:47:0a:e1:5f:74:6d:99:a9:8e:ac:9d:7f:1d:17:
                    62:1d:ae:33:7b:50:c6:e8:bb:74:9e:bc:2b:85:54:
                    ab:67:43:63:1c:d2:39:bc:1d:79:4d:b6:6e:07:15:
                    fe:e6:ae:73:d4:1a:ce:2e:dc:9d:4f:a2:36:c2:c0:
                    ef:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:6E:2E:8C:C8:E5:CF:08:7A:D8:FD:47:A2:B5:2B:D1:C4:AF:64:2C
            X509v3 Authority Key Identifier:
                keyid:3B:14:62:9C:76:5C:E1:AC:4F:68:89:56:E3:B9:0F:6A:D8:C4:B5:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OxRinHZc4axPaIlW47kPatjEtYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a37f9c-1e6a-4665-a0e2-fe31100d081f/1/L24ujMjlzwh62P1HorUr0cSvZCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a37f9c-1e6a-4665-a0e2-fe31100d081f/1/OxRinHZc4axPaIlW47kPatjEtYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.80.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3f:01:cf:23:46:c3:47:5f:02:09:80:09:bd:e3:8e:01:3b:0a:
         58:25:a2:1d:65:dd:96:8a:50:18:97:7e:39:fa:d2:f8:35:41:
         3c:22:d4:b1:25:76:17:72:4f:e1:14:3c:aa:5e:48:84:26:fc:
         8d:0f:1b:c7:d1:9e:10:18:2c:f0:8b:4b:d6:1d:2d:0e:8d:ca:
         25:81:b2:37:b8:7b:7e:0f:84:c9:fa:df:56:46:b1:ed:89:6e:
         e8:43:b1:d0:f6:16:18:2a:a4:d9:a4:6a:3a:05:c4:d9:ab:28:
         a6:38:44:df:d2:b6:d0:a2:bb:c4:c8:5e:aa:b9:be:06:b9:11:
         3b:b7:d8:5f:ed:b6:98:35:2f:1e:55:8c:9a:00:8f:d3:45:77:
         e1:b9:eb:73:54:f4:f1:3b:c6:66:2a:bb:b8:bf:2e:45:03:29:
         49:7c:3d:bb:0a:bd:2c:9d:16:ea:dd:1f:ac:ec:5c:b3:a1:90:
         87:48:5c:ce:fc:8e:5d:56:1f:29:76:a3:0a:2a:37:88:3e:80:
         15:37:ef:16:55:98:2c:72:aa:ff:7d:11:f3:2a:c7:51:12:c7:
         01:a0:8b:63:0c:61:bd:a0:47:38:77:e4:38:2c:bb:e8:33:a7:
         51:4b:3b:2d:74:06:ed:7b:12:70:19:55:13:7b:c4:2a:a1:29:
         99:b2:c4:77
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzI3v+LCuESBOjQWJDv0OUSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMTQ2MjljNzY1Y2UxYWM0ZjY4ODk1NmUzYjkwZjZhZDhj
NGI1ODIwHhcNMjQwMTAyMDYzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjZlMmU4Y2M4ZTVjZjA4N2FkOGZkNDdhMmI1MmJkMWM0YWY2NDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmO+Iqy/YdA2XyLwXKZbh9lPcXLE
zmzNfScp1GCDaeVD9ezH7LPe5P3vsRE5cHkl+rqSaWJwlKPyfRoxIWxjYtGi/7nt
5R6nXnEdhP1tw6mEmZyaTilN5x33GEnx50fBFQQpxWO6LtHv1cNnGssY8LI9EaOV
Otr0xdz8JOubpzrM0npLgDfuZy1BZksDY5r9KJmbqRllToS/+v1Ut3LeJe2NZroA
VcHL0a9HLKTLhs6qCUlxigPaHesdtSPPhovQiYkARwrhX3RtmamOrJ1/HRdiHa4z
e1DG6Lt0nrwrhVSrZ0NjHNI5vB15TbZuBxX+5q5z1BrOLtydT6I2wsDv+QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFC9uLozI5c8Ietj9R6K1K9HEr2QsMB8GA1UdIwQY
MBaAFDsUYpx2XOGsT2iJVuO5D2rYxLWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3hSaW5IWmM0YXhQYUlsVzQ3a1BhdGpFdFlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9hMzdmOWMtMWU2YS00NjY1LWEwZTIt
ZmUzMTEwMGQwODFmLzEvTDI0dWpNamx6d2g2MlAxSG9yVXIwY1N2WkN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9hMzdmOWMtMWU2YS00NjY1LWEwZTItZmUzMTEwMGQwODFm
LzEvT3hSaW5IWmM0YXhQYUlsVzQ3a1BhdGpFdFlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoFAwDQYJ
KoZIhvcNAQELBQADggEBAD8BzyNGw0dfAgmACb3jjgE7Clgloh1l3ZaKUBiXfjn6
0vg1QTwi1LEldhdyT+EUPKpeSIQm/I0PG8fRnhAYLPCLS9YdLQ6NyiWBsje4e34P
hMn631ZGse2JbuhDsdD2FhgqpNmkajoFxNmrKKY4RN/SttCiu8TIXqq5vga5ETu3
2F/ttpg1Lx5VjJoAj9NFd+G563NU9PE7xmYqu7i/LkUDKUl8PbsKvSydFurdH6zs
XLOhkIdIXM78jl1WHyl2owoqN4g+gBU37xZVmCxyqv99EfMqx1ESxwGgi2MMYb2g
Rzh35Dgsu+gzp1FLOy10Bu17EnAZVRN7xCqhKZmyxHc=
-----END CERTIFICATE-----