Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/10fa00-ad6b-4b76-863e-4b35ad70cc1a/1/CAJMzt9NWUTyXyst3EXzMV-OMAs.roa
File:                     CAJMzt9NWUTyXyst3EXzMV-OMAs.roa (raw, json)
Hash identifier:          nxCaxwIEMWdszvvKccj/Mw1U+sEMKWmz/S6dwFguWgk=
Subject key identifier:   08:02:4C:CE:DF:4D:59:44:F2:5F:2B:2D:DC:45:F3:31:5F:8E:30:0B
Certificate issuer:       /CN=674c507a0cdb531374437ebf46dd59a6bd07486c
Certificate serial:       018E1326E9893DE6CCA1491AB891CC8B43E8
Authority key identifier: 67:4C:50:7A:0C:DB:53:13:74:43:7E:BF:46:DD:59:A6:BD:07:48:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0xQegzbUxN0Q36_Rt1Zpr0HSGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/10fa00-ad6b-4b76-863e-4b35ad70cc1a/1/CAJMzt9NWUTyXyst3EXzMV-OMAs.roa
Signing time:             Wed 06 Mar 2024 09:45:01 +0000
ROA not before:           Wed 06 Mar 2024 09:45:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211389
IP address blocks:        159.253.123.0/24 maxlen: 24
                          2a13:38c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/10fa00-ad6b-4b76-863e-4b35ad70cc1a/1/Z0xQegzbUxN0Q36_Rt1Zpr0HSGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/10fa00-ad6b-4b76-863e-4b35ad70cc1a/1/Z0xQegzbUxN0Q36_Rt1Zpr0HSGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0xQegzbUxN0Q36_Rt1Zpr0HSGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:13:26:e9:89:3d:e6:cc:a1:49:1a:b8:91:cc:8b:43:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=674c507a0cdb531374437ebf46dd59a6bd07486c
        Validity
            Not Before: Mar  6 09:45:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08024ccedf4d5944f25f2b2ddc45f3315f8e300b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:eb:0d:3f:c2:21:41:cc:84:56:c0:a4:ad:a6:
                    d7:0e:1f:cb:db:71:43:ea:c8:e3:87:a9:94:57:ba:
                    29:cf:4a:da:af:a5:66:df:60:5f:ca:94:ec:cd:2a:
                    22:2b:a5:29:e4:7a:5e:37:b8:bb:e4:1e:32:2d:2d:
                    c0:0d:f0:fb:44:cd:33:ec:58:41:ac:76:23:55:69:
                    39:1d:25:94:12:1b:cc:6d:75:d8:aa:04:64:24:f1:
                    4b:b3:41:5a:32:a4:97:51:c7:81:01:74:39:81:65:
                    24:5c:8e:70:20:81:7f:e9:5c:1c:49:a0:b7:b2:7b:
                    82:bb:ce:3a:95:46:20:17:c4:d0:b4:aa:76:9b:94:
                    81:71:21:23:24:53:cc:c6:5b:e3:7e:53:64:49:30:
                    2c:9c:e1:e9:88:c0:34:d2:70:d1:b9:ec:86:a9:81:
                    d8:67:3a:31:b4:db:f1:c5:b3:e5:4b:fe:72:3a:a7:
                    68:e1:8b:35:01:19:54:63:f3:0c:3d:18:5a:26:2a:
                    ab:54:53:33:2f:40:e9:95:09:0e:c1:74:81:15:4a:
                    41:e0:d1:dc:f7:45:ca:a6:00:19:45:28:42:bb:10:
                    d5:44:af:80:51:1e:be:d3:99:52:11:4a:a2:ec:9e:
                    78:01:20:d9:61:5c:4d:95:dd:8e:2b:19:9a:5e:6a:
                    23:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:02:4C:CE:DF:4D:59:44:F2:5F:2B:2D:DC:45:F3:31:5F:8E:30:0B
            X509v3 Authority Key Identifier:
                keyid:67:4C:50:7A:0C:DB:53:13:74:43:7E:BF:46:DD:59:A6:BD:07:48:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0xQegzbUxN0Q36_Rt1Zpr0HSGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/10fa00-ad6b-4b76-863e-4b35ad70cc1a/1/CAJMzt9NWUTyXyst3EXzMV-OMAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/10fa00-ad6b-4b76-863e-4b35ad70cc1a/1/Z0xQegzbUxN0Q36_Rt1Zpr0HSGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.123.0/24
                IPv6:
                  2a13:38c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:94:38:a5:c4:fc:e6:eb:b7:37:bf:20:d5:fa:bb:c1:fb:35:
         dc:9f:5b:d7:36:10:6b:ca:f2:27:aa:99:a3:1a:db:29:df:70:
         ce:cf:f9:97:5d:06:1d:5e:53:f6:d3:24:0e:66:b1:7a:5d:48:
         71:3d:6c:08:89:8b:a5:0e:d6:5f:40:32:2c:e4:6c:2f:04:25:
         7f:4e:89:52:fc:36:1f:51:25:4c:a4:fd:1a:22:c4:ce:0e:99:
         35:f9:84:ed:72:eb:d8:17:8b:2d:7d:36:5f:d2:d0:50:27:08:
         95:2d:ab:9f:e7:db:0a:75:43:9c:f2:55:27:2d:48:4c:07:99:
         b8:b3:28:c1:f2:5e:9d:65:14:07:2d:1a:61:9f:09:5a:e7:7c:
         65:a1:bb:e4:87:d7:c8:22:0b:35:6b:de:38:0f:b8:79:25:c1:
         73:47:21:7e:a8:17:1f:2a:dd:9e:58:66:ff:c6:73:cc:0c:bd:
         62:cb:e0:a0:6d:2b:0f:f3:f4:07:42:68:1f:ff:29:74:c2:98:
         cd:a5:6b:0a:5a:f3:ed:7d:19:2c:05:72:02:72:0c:96:05:f0:
         3e:b5:94:07:3d:bd:ed:15:25:3a:d2:a8:7e:db:80:bf:92:0a:
         13:6c:62:2f:fa:bf:c5:77:5b:68:39:26:4c:b2:8f:b4:9b:9e:
         0b:5d:51:3c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4TJumJPebMoUkauJHMi0PoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NGM1MDdhMGNkYjUzMTM3NDQzN2ViZjQ2ZGQ1OWE2YmQw
NzQ4NmMwHhcNMjQwMzA2MDk0NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODAyNGNjZWRmNGQ1OTQ0ZjI1ZjJiMmRkYzQ1ZjMzMTVmOGUzMDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OsNP8IhQcyEVsCkrabXDh/L23FD
6sjjh6mUV7opz0rar6Vm32BfypTszSoiK6Up5HpeN7i75B4yLS3ADfD7RM0z7FhB
rHYjVWk5HSWUEhvMbXXYqgRkJPFLs0FaMqSXUceBAXQ5gWUkXI5wIIF/6VwcSaC3
snuCu846lUYgF8TQtKp2m5SBcSEjJFPMxlvjflNkSTAsnOHpiMA00nDRueyGqYHY
ZzoxtNvxxbPlS/5yOqdo4Ys1ARlUY/MMPRhaJiqrVFMzL0DplQkOwXSBFUpB4NHc
90XKpgAZRShCuxDVRK+AUR6+05lSEUqi7J54ASDZYVxNld2OKxmaXmojAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAgCTM7fTVlE8l8rLdxF8zFfjjALMB8GA1UdIwQY
MBaAFGdMUHoM21MTdEN+v0bdWaa9B0hsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjB4UWVnemJVeE4wUTM2X1J0MVpwcjBIU0d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8xMGZhMDAtYWQ2Yi00Yjc2LTg2M2Ut
NGIzNWFkNzBjYzFhLzEvQ0FKTXp0OU5XVVR5WHlzdDNFWHpNVi1PTUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8xMGZhMDAtYWQ2Yi00Yjc2LTg2M2UtNGIzNWFkNzBjYzFh
LzEvWjB4UWVnemJVeE4wUTM2X1J0MVpwcjBIU0d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAn/17MA0E
AgACMAcDBQMqEzjAMA0GCSqGSIb3DQEBCwUAA4IBAQB2lDilxPzm67c3vyDV+rvB
+zXcn1vXNhBryvInqpmjGtsp33DOz/mXXQYdXlP20yQOZrF6XUhxPWwIiYulDtZf
QDIs5GwvBCV/TolS/DYfUSVMpP0aIsTODpk1+YTtcuvYF4stfTZf0tBQJwiVLauf
59sKdUOc8lUnLUhMB5m4syjB8l6dZRQHLRphnwla53xlobvkh9fIIgs1a944D7h5
JcFzRyF+qBcfKt2eWGb/xnPMDL1iy+CgbSsP8/QHQmgf/yl0wpjNpWsKWvPtfRks
BXICcgyWBfA+tZQHPb3tFSU60qh+24C/kgoTbGIv+r/Fd1toOSZMso+0m54LXVE8
-----END CERTIFICATE-----