Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/oGt99ScdGQ00G4iPYjZn7AQe0mk.roa
File:                     oGt99ScdGQ00G4iPYjZn7AQe0mk.roa (raw, json)
Hash identifier:          4xT2KtPxMTKCzL0NVsAvzrF6iXikThcLRVvsl+JFy7M=
Subject key identifier:   A0:6B:7D:F5:27:1D:19:0D:34:1B:88:8F:62:36:67:EC:04:1E:D2:69
Certificate issuer:       /CN=ca3bca8764946932ba2da8bdb7d13cd86895af69
Certificate serial:       018CC64B812B36DAC96A014C506840C1C71D
Authority key identifier: CA:3B:CA:87:64:94:69:32:BA:2D:A8:BD:B7:D1:3C:D8:68:95:AF:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjvKh2SUaTK6Lai9t9E82GiVr2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/oGt99ScdGQ00G4iPYjZn7AQe0mk.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        132.229.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/yjvKh2SUaTK6Lai9t9E82GiVr2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/yjvKh2SUaTK6Lai9t9E82GiVr2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjvKh2SUaTK6Lai9t9E82GiVr2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:81:2b:36:da:c9:6a:01:4c:50:68:40:c1:c7:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca3bca8764946932ba2da8bdb7d13cd86895af69
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a06b7df5271d190d341b888f623667ec041ed269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:91:4c:b4:7a:c0:92:22:d8:46:47:3d:67:a8:
                    1c:41:f6:dd:38:0a:85:06:c4:e3:9f:bf:08:3c:c7:
                    20:56:4f:61:01:9a:ad:c7:b9:50:de:f7:52:e8:82:
                    e2:0a:62:a2:a3:09:80:3a:d8:1a:48:48:6f:8e:67:
                    fe:32:9d:11:3c:a5:56:7d:17:d4:aa:31:ca:f7:b9:
                    a0:a7:e5:0b:7e:62:0e:dd:4c:f2:c9:9a:4d:ea:d7:
                    34:ca:59:cf:3f:f2:dd:e7:77:a9:59:4e:98:67:59:
                    4e:a5:85:04:2f:05:fd:40:16:01:ad:48:f8:d0:26:
                    ae:36:7c:c4:9d:a8:c5:29:b8:f4:ec:b6:dd:39:ad:
                    b0:d2:85:c1:11:85:4b:6f:38:47:13:75:ef:c2:ea:
                    f2:74:52:01:b2:b6:1a:45:7f:c9:28:31:f5:ec:75:
                    b9:ea:d6:8b:23:d6:6f:0f:77:55:8e:01:78:12:4f:
                    1a:64:b7:cb:91:45:d0:76:6f:9d:d3:a7:80:b0:72:
                    1a:64:2c:c3:f4:bb:de:69:bd:61:74:ed:b9:47:58:
                    75:48:a8:49:51:52:b5:1a:c5:0b:05:c2:e2:fa:13:
                    da:d5:fe:28:47:56:58:26:d5:03:9a:f4:3a:b9:e8:
                    a2:da:d7:e2:c6:8b:fa:fb:8a:01:e2:6b:34:82:bc:
                    9b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:6B:7D:F5:27:1D:19:0D:34:1B:88:8F:62:36:67:EC:04:1E:D2:69
            X509v3 Authority Key Identifier:
                keyid:CA:3B:CA:87:64:94:69:32:BA:2D:A8:BD:B7:D1:3C:D8:68:95:AF:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjvKh2SUaTK6Lai9t9E82GiVr2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/oGt99ScdGQ00G4iPYjZn7AQe0mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/yjvKh2SUaTK6Lai9t9E82GiVr2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.229.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8d:c6:a6:a6:89:51:e2:32:4b:50:47:82:10:63:f6:b2:7b:2a:
         35:9c:1c:dd:f6:e3:d4:61:0a:ec:4b:f9:f7:24:8a:51:90:c7:
         6a:47:1f:6b:48:fa:25:fc:72:a5:43:9d:60:61:ab:ea:6a:f1:
         2e:53:59:10:b5:d5:50:c6:f1:4e:68:b8:f9:50:c0:e3:4b:ca:
         4e:84:0f:8e:3c:2b:e1:ec:2a:96:65:11:4c:59:0e:cf:6d:5c:
         1a:79:a4:3c:bb:1d:1e:e3:66:a0:55:ed:c8:97:a6:6e:de:9e:
         78:0a:10:d2:b7:bf:69:c3:29:24:38:b4:6a:71:f6:87:9e:44:
         41:38:12:de:7d:65:20:35:d8:45:69:49:18:e8:f1:0b:c1:af:
         ba:79:04:e1:50:92:4d:2c:b8:4b:94:17:38:97:e4:39:5c:77:
         77:30:7b:cb:59:3e:cb:06:88:f9:5a:3a:cc:8a:4e:9b:49:6e:
         43:0e:53:0c:84:58:dd:9f:ee:ee:a8:3f:4d:f6:ab:10:2c:2d:
         af:f6:bd:74:ae:8e:e7:b7:16:62:40:ee:c3:e1:e5:e3:08:b4:
         8e:3c:d8:a8:95:98:7f:c1:6e:7e:b4:a1:e6:c4:11:d6:a9:b0:
         ba:0b:3b:80:02:2e:f9:c7:65:18:06:9d:42:00:5b:c6:b8:08:
         15:a2:13:20
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGS4ErNtrJagFMUGhAwccdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhM2JjYTg3NjQ5NDY5MzJiYTJkYThiZGI3ZDEzY2Q4Njg5
NWFmNjkwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDZiN2RmNTI3MWQxOTBkMzQxYjg4OGY2MjM2NjdlYzA0MWVkMjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpFMtHrAkiLYRkc9Z6gcQfbdOAqF
BsTjn78IPMcgVk9hAZqtx7lQ3vdS6ILiCmKiowmAOtgaSEhvjmf+Mp0RPKVWfRfU
qjHK97mgp+ULfmIO3UzyyZpN6tc0ylnPP/Ld53epWU6YZ1lOpYUELwX9QBYBrUj4
0CauNnzEnajFKbj07LbdOa2w0oXBEYVLbzhHE3XvwurydFIBsrYaRX/JKDH17HW5
6taLI9ZvD3dVjgF4Ek8aZLfLkUXQdm+d06eAsHIaZCzD9Lveab1hdO25R1h1SKhJ
UVK1GsULBcLi+hPa1f4oR1ZYJtUDmvQ6ueii2tfixov6+4oB4ms0grybpwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKBrffUnHRkNNBuIj2I2Z+wEHtJpMB8GA1UdIwQY
MBaAFMo7yodklGkyui2ovbfRPNhola9pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWp2S2gyU1VhVEs2TGFpOXQ5RTgyR2lWcjJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80ZTBmMmYtNDBiNy00NGQ5LTlmYTAt
MDEyZGRlYWRmNzVlLzEvb0d0OTlTY2RHUTAwRzRpUFlqWm43QVFlMG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80ZTBmMmYtNDBiNy00NGQ5LTlmYTAtMDEyZGRlYWRmNzVl
LzEveWp2S2gyU1VhVEs2TGFpOXQ5RTgyR2lWcjJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhOUwDQYJ
KoZIhvcNAQELBQADggEBAI3GpqaJUeIyS1BHghBj9rJ7KjWcHN3249RhCuxL+fck
ilGQx2pHH2tI+iX8cqVDnWBhq+pq8S5TWRC11VDG8U5ouPlQwONLyk6ED448K+Hs
KpZlEUxZDs9tXBp5pDy7HR7jZqBV7ciXpm7enngKENK3v2nDKSQ4tGpx9oeeREE4
Et59ZSA12EVpSRjo8QvBr7p5BOFQkk0suEuUFziX5Dlcd3cwe8tZPssGiPlaOsyK
TptJbkMOUwyEWN2f7u6oP032qxAsLa/2vXSujue3FmJA7sPh5eMItI482KiVmH/B
bn60oebEEdapsLoLO4ACLvnHZRgGnUIAW8a4CBWiEyA=
-----END CERTIFICATE-----