Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/0-E1wNLzY1pbmxWaOBQxHToLmUI.roa
File:                     0-E1wNLzY1pbmxWaOBQxHToLmUI.roa (raw, json)
Hash identifier:          pqqSIO2MmtbFZEmJr7X0Y0UqDjcONNzzLhJCkFJT1/c=
Subject key identifier:   D3:E1:35:C0:D2:F3:63:5A:5B:9B:15:9A:38:14:31:1D:3A:0B:99:42
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018DCC34010575BCC7054ABCCBBC6C32F376
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/0-E1wNLzY1pbmxWaOBQxHToLmUI.roa
Signing time:             Wed 21 Feb 2024 15:06:16 +0000
ROA not before:           Wed 21 Feb 2024 15:06:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212667
IP address blocks:        212.115.48.0/24 maxlen: 24
                          212.115.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cc:34:01:05:75:bc:c7:05:4a:bc:cb:bc:6c:32:f3:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Feb 21 15:06:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3e135c0d2f3635a5b9b159a3814311d3a0b9942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:36:f5:76:69:88:1f:0e:3e:d9:22:72:88:9b:
                    14:72:96:37:8b:8d:aa:81:7d:4d:0e:6c:f7:26:87:
                    c4:7b:30:90:fe:1a:22:0a:30:f1:0b:c5:3e:51:a0:
                    fb:07:73:87:de:78:fe:64:62:da:62:b0:ff:8f:1d:
                    db:14:2e:fa:bc:b0:1a:dc:d8:ee:c7:08:3d:f5:cd:
                    dc:b4:fb:0f:e1:4c:64:8c:3d:48:4a:02:22:7f:06:
                    fe:2d:b1:8e:7f:8b:a9:75:46:21:95:0a:96:30:8f:
                    92:18:3e:22:34:f2:5a:c6:1e:5a:e1:26:c1:39:f6:
                    7e:38:20:f2:99:cf:f7:ec:23:5f:58:2d:41:00:3c:
                    38:f1:65:3b:91:e9:f1:e8:56:b1:4f:30:3e:89:5f:
                    4c:f0:75:bf:4e:17:c6:b8:8f:e6:61:37:2f:03:c1:
                    53:ea:07:8b:01:5a:bf:90:ac:f7:fa:dd:f9:13:c2:
                    98:bb:34:eb:6c:b5:62:17:e9:7b:ad:c0:b5:86:c8:
                    0e:b3:5c:d3:78:3e:14:77:81:a1:f8:33:ee:26:f8:
                    26:23:0f:61:19:9e:cc:68:e8:05:7d:f3:df:e5:08:
                    b7:fd:5b:25:3d:c3:fd:f2:fb:b5:58:aa:b6:81:34:
                    82:24:a7:cc:7e:bf:89:5f:48:dd:47:39:c6:8e:4a:
                    1c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:E1:35:C0:D2:F3:63:5A:5B:9B:15:9A:38:14:31:1D:3A:0B:99:42
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/0-E1wNLzY1pbmxWaOBQxHToLmUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.115.48.0/24
                  212.115.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:bb:49:48:4c:9b:6e:d3:c9:87:40:f9:a8:89:e6:f5:58:00:
         19:ef:55:a2:91:50:4f:57:10:f1:30:15:79:88:1d:ab:2e:7e:
         27:2e:cb:34:aa:3f:4a:d1:0f:4c:09:55:ca:2e:5c:c8:12:19:
         81:a3:d5:24:5a:8d:f5:40:be:bd:37:31:b3:a9:78:9a:74:78:
         3a:6b:1d:1e:96:10:62:e3:71:48:1d:55:59:a7:c0:07:7b:61:
         19:72:70:12:84:11:07:f2:fb:86:96:b4:f0:11:60:ec:0b:ba:
         a4:dc:f7:e4:a0:39:3b:9a:b8:ad:12:ff:1b:63:c4:04:9d:df:
         ee:92:69:f2:b6:67:97:f6:9d:43:b4:30:49:8a:05:16:3c:df:
         af:a1:82:68:fc:fc:3c:fd:5d:20:64:4f:b9:9d:7e:cd:1d:1d:
         d0:be:26:8a:ce:8c:03:a3:91:53:7a:93:95:87:b0:22:f2:be:
         d5:c2:ad:1f:cd:fe:92:a2:7b:90:ac:9d:67:01:db:0f:fd:f0:
         fc:ae:cc:ae:33:94:d9:ed:fa:03:a2:b3:e3:91:5f:5e:b0:6c:
         83:66:71:f1:71:7a:81:f9:43:0d:68:5d:38:50:b3:ed:c9:16:
         e9:53:14:1e:8b:01:4b:f1:c2:35:f9:a3:3f:af:33:cb:65:33:
         2c:28:b4:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3MNAEFdbzHBUq8y7xsMvN2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwMjIxMTUwNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2UxMzVjMGQyZjM2MzVhNWI5YjE1OWEzODE0MzExZDNhMGI5OTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTb1dmmIHw4+2SJyiJsUcpY3i42q
gX1NDmz3JofEezCQ/hoiCjDxC8U+UaD7B3OH3nj+ZGLaYrD/jx3bFC76vLAa3Nju
xwg99c3ctPsP4UxkjD1ISgIifwb+LbGOf4updUYhlQqWMI+SGD4iNPJaxh5a4SbB
OfZ+OCDymc/37CNfWC1BADw48WU7kenx6FaxTzA+iV9M8HW/ThfGuI/mYTcvA8FT
6geLAVq/kKz3+t35E8KYuzTrbLViF+l7rcC1hsgOs1zTeD4Ud4Gh+DPuJvgmIw9h
GZ7MaOgFffPf5Qi3/VslPcP98vu1WKq2gTSCJKfMfr+JX0jdRznGjkocNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNPhNcDS82NaW5sVmjgUMR06C5lCMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvMC1FMXdOTHpZMXBibXhXYU9CUXhIVG9MbVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1HMwAwQA
1HMyMA0GCSqGSIb3DQEBCwUAA4IBAQBqu0lITJtu08mHQPmoieb1WAAZ71WikVBP
VxDxMBV5iB2rLn4nLss0qj9K0Q9MCVXKLlzIEhmBo9UkWo31QL69NzGzqXiadHg6
ax0elhBi43FIHVVZp8AHe2EZcnAShBEH8vuGlrTwEWDsC7qk3PfkoDk7mritEv8b
Y8QEnd/ukmnytmeX9p1DtDBJigUWPN+voYJo/Pw8/V0gZE+5nX7NHR3QviaKzowD
o5FTepOVh7Ai8r7Vwq0fzf6SonuQrJ1nAdsP/fD8rsyuM5TZ7foDorPjkV9esGyD
ZnHxcXqB+UMNaF04ULPtyRbpUxQeiwFL8cI1+aM/rzPLZTMsKLRJ
-----END CERTIFICATE-----