Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/fdea7c-a1bc-48a9-acd3-a003c4b61a5f/1/ohuXq8V-bzSVNjcAhYl1lVxvthw.roa
File:                     ohuXq8V-bzSVNjcAhYl1lVxvthw.roa (raw, json)
Hash identifier:          4sM+tzmdZWrYKexDYCjufpHc/hooRAqxyo2PyEcf7A0=
Subject key identifier:   A2:1B:97:AB:C5:7E:6F:34:95:36:37:00:85:89:75:95:5C:6F:B6:1C
Certificate issuer:       /CN=b3aa951722a19971a44e62ca92d1c91284d12e21
Certificate serial:       018CC5001553FCF09EBE615E7E704766A840
Authority key identifier: B3:AA:95:17:22:A1:99:71:A4:4E:62:CA:92:D1:C9:12:84:D1:2E:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6qVFyKhmXGkTmLKktHJEoTRLiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/fdea7c-a1bc-48a9-acd3-a003c4b61a5f/1/ohuXq8V-bzSVNjcAhYl1lVxvthw.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.27.0.0/16 maxlen: 16
                          132.187.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/fdea7c-a1bc-48a9-acd3-a003c4b61a5f/1/s6qVFyKhmXGkTmLKktHJEoTRLiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/fdea7c-a1bc-48a9-acd3-a003c4b61a5f/1/s6qVFyKhmXGkTmLKktHJEoTRLiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6qVFyKhmXGkTmLKktHJEoTRLiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:15:53:fc:f0:9e:be:61:5e:7e:70:47:66:a8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3aa951722a19971a44e62ca92d1c91284d12e21
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a21b97abc57e6f3495363700858975955c6fb61c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8a:e5:47:67:df:31:28:80:96:f9:f9:44:27:
                    81:20:8f:09:48:77:76:63:83:f1:45:bd:de:8f:e5:
                    b0:70:b7:de:e6:c8:fe:f4:8e:9c:6d:a5:6e:09:64:
                    d3:e3:ca:2e:78:68:c7:9e:4e:63:55:7f:cb:77:56:
                    6c:af:73:b7:c2:a6:16:75:17:88:15:3c:62:98:3c:
                    33:16:1c:9a:ee:b6:e6:a1:af:54:e0:5c:9e:93:f2:
                    a3:8d:d7:74:4c:5b:16:9a:5f:1a:e1:34:aa:16:f3:
                    1b:9b:6b:af:56:03:db:ff:3a:df:18:2d:38:f1:aa:
                    59:2d:ac:a2:32:ec:66:3d:7c:09:b2:e0:3f:d2:2b:
                    42:53:cf:7a:e5:1a:e2:8f:b9:21:08:e7:4c:44:c5:
                    64:7d:89:82:1d:75:22:71:4c:85:90:f8:53:53:f6:
                    ca:15:f0:18:33:65:ed:35:fe:4a:d7:01:99:87:3a:
                    34:bb:9e:06:96:70:4e:ab:31:3f:87:bb:68:d1:1a:
                    bb:ae:12:d4:10:27:2f:6b:c1:c4:cd:58:81:4e:5a:
                    c9:06:dd:60:2e:00:86:f2:2d:94:3a:86:cf:c3:f9:
                    db:20:61:fe:9b:9e:da:90:81:50:f6:fb:4f:2c:35:
                    39:a2:c8:f9:0d:a9:11:94:e8:dc:fd:e7:8d:e2:5b:
                    79:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:1B:97:AB:C5:7E:6F:34:95:36:37:00:85:89:75:95:5C:6F:B6:1C
            X509v3 Authority Key Identifier:
                keyid:B3:AA:95:17:22:A1:99:71:A4:4E:62:CA:92:D1:C9:12:84:D1:2E:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6qVFyKhmXGkTmLKktHJEoTRLiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/fdea7c-a1bc-48a9-acd3-a003c4b61a5f/1/ohuXq8V-bzSVNjcAhYl1lVxvthw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/fdea7c-a1bc-48a9-acd3-a003c4b61a5f/1/s6qVFyKhmXGkTmLKktHJEoTRLiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.187.0.0/16
                  141.27.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6a:13:f1:f6:dd:36:4e:5d:ff:20:28:3f:57:61:a1:5f:8b:31:
         d3:e6:e0:cf:78:26:6d:ff:02:4c:dc:6a:38:11:b8:50:46:e4:
         5c:d8:1b:9b:bd:b0:38:d6:25:93:19:71:2f:2f:c9:59:98:e8:
         54:e0:c4:49:aa:16:19:36:a4:89:33:32:eb:0f:98:1e:d8:8b:
         5e:ff:1e:8c:59:0e:ba:92:93:b8:6a:64:e0:5a:ee:f7:9e:a4:
         7e:9d:00:ac:d7:49:f5:7b:48:5d:4a:c5:fd:db:b3:29:56:e4:
         87:9b:63:70:65:f6:30:78:f1:05:42:85:4d:3b:4a:c5:fb:2c:
         29:31:a0:1a:f3:be:74:35:ec:8b:a3:d5:c1:01:1b:fc:c2:11:
         6c:8d:02:00:69:21:ce:c8:7e:65:3e:09:b1:2b:d8:b5:05:e6:
         81:15:af:d3:c0:bb:9d:3a:39:fc:8a:ab:be:01:0e:aa:04:af:
         4b:5b:c7:95:6f:cc:17:59:11:06:e2:b1:8b:b5:ab:ce:7d:92:
         8f:cd:f5:17:5f:ef:a8:cb:59:4c:91:98:80:28:c9:2d:db:c3:
         ed:c4:98:9d:50:de:2e:1b:0f:a4:35:60:9c:93:56:62:19:a0:
         bd:6e:20:6a:7b:5e:61:52:d0:af:17:bd:2f:2b:9c:cb:60:af:
         11:cb:7a:25
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzFABVT/PCevmFefnBHZqhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYWE5NTE3MjJhMTk5NzFhNDRlNjJjYTkyZDFjOTEyODRk
MTJlMjEwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjFiOTdhYmM1N2U2ZjM0OTUzNjM3MDA4NTg5NzU5NTVjNmZiNjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4rlR2ffMSiAlvn5RCeBII8JSHd2
Y4PxRb3ej+WwcLfe5sj+9I6cbaVuCWTT48oueGjHnk5jVX/Ld1Zsr3O3wqYWdReI
FTximDwzFhya7rbmoa9U4Fyek/Kjjdd0TFsWml8a4TSqFvMbm2uvVgPb/zrfGC04
8apZLayiMuxmPXwJsuA/0itCU8965Rrij7khCOdMRMVkfYmCHXUicUyFkPhTU/bK
FfAYM2XtNf5K1wGZhzo0u54GlnBOqzE/h7to0Rq7rhLUECcva8HEzViBTlrJBt1g
LgCG8i2UOobPw/nbIGH+m57akIFQ9vtPLDU5osj5DakRlOjc/eeN4lt5OQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFKIbl6vFfm80lTY3AIWJdZVcb7YcMB8GA1UdIwQY
MBaAFLOqlRcioZlxpE5iypLRyRKE0S4hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZxVkZ5S2htWEdrVG1MS2t0SEpFb1RSTGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mZGVhN2MtYTFiYy00OGE5LWFjZDMt
YTAwM2M0YjYxYTVmLzEvb2h1WHE4Vi1ielNWTmpjQWhZbDFsVnh2dGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mZGVhN2MtYTFiYy00OGE5LWFjZDMtYTAwM2M0YjYxYTVm
LzEvczZxVkZ5S2htWEdrVG1MS2t0SEpFb1RSTGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAhLsDAwCN
GzANBgkqhkiG9w0BAQsFAAOCAQEAahPx9t02Tl3/ICg/V2GhX4sx0+bgz3gmbf8C
TNxqOBG4UEbkXNgbm72wONYlkxlxLy/JWZjoVODESaoWGTakiTMy6w+YHtiLXv8e
jFkOupKTuGpk4Fru956kfp0ArNdJ9XtIXUrF/duzKVbkh5tjcGX2MHjxBUKFTTtK
xfssKTGgGvO+dDXsi6PVwQEb/MIRbI0CAGkhzsh+ZT4JsSvYtQXmgRWv08C7nTo5
/IqrvgEOqgSvS1vHlW/MF1kRBuKxi7Wrzn2Sj831F1/vqMtZTJGYgCjJLdvD7cSY
nVDeLhsPpDVgnJNWYhmgvW4ganteYVLQrxe9Lyucy2CvEct6JQ==
-----END CERTIFICATE-----