Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/wSogJhTCI_ZkX-MFthkm3zoBmiw.roa
File:                     wSogJhTCI_ZkX-MFthkm3zoBmiw.roa (raw, json)
Hash identifier:          kU/yR9XP9C7Mw8uO2RFpHEcMsleeArRLo37lpPTvwq4=
Subject key identifier:   C1:2A:20:26:14:C2:23:F6:64:5F:E3:05:B6:19:26:DF:3A:01:9A:2C
Certificate issuer:       /CN=b872da0f9c6c5686a3db9ee124a99042b0a882d1
Certificate serial:       018CC64B5A4C908235546516BEC962FECB43
Authority key identifier: B8:72:DA:0F:9C:6C:56:86:A3:DB:9E:E1:24:A9:90:42:B0:A8:82:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uHLaD5xsVoaj257hJKmQQrCogtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/wSogJhTCI_ZkX-MFthkm3zoBmiw.roa
Signing time:             Mon 01 Jan 2024 18:31:16 +0000
ROA not before:           Mon 01 Jan 2024 18:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41960
IP address blocks:        213.156.16.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/uHLaD5xsVoaj257hJKmQQrCogtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/uHLaD5xsVoaj257hJKmQQrCogtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uHLaD5xsVoaj257hJKmQQrCogtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:5a:4c:90:82:35:54:65:16:be:c9:62:fe:cb:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b872da0f9c6c5686a3db9ee124a99042b0a882d1
        Validity
            Not Before: Jan  1 18:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c12a202614c223f6645fe305b61926df3a019a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8b:03:a3:15:08:52:ca:c3:95:db:1d:18:da:
                    82:99:56:1c:b7:f8:02:7f:70:1b:13:57:f0:63:69:
                    cf:42:35:b7:73:cd:60:8b:d0:8c:25:1f:f5:ef:c2:
                    2d:91:85:11:b9:20:5c:24:d6:19:7e:3d:f9:7f:5a:
                    4c:eb:0f:1f:a7:1c:98:d8:d1:42:3e:30:5d:da:bf:
                    92:d6:67:4e:d8:10:0b:b3:69:d0:37:90:2c:c2:d6:
                    20:a2:08:3e:0b:d1:8b:f4:91:e2:62:4d:7f:19:49:
                    ea:d6:85:b2:24:d8:4d:f9:27:6a:46:2f:5d:66:62:
                    da:b7:63:5e:8e:df:fc:00:d8:12:08:8b:86:9a:c3:
                    a5:32:f9:bd:26:3f:d8:54:bb:ad:c4:7f:b9:2a:4c:
                    76:c4:1a:5c:1d:a7:67:cf:0b:a2:84:b0:6b:10:21:
                    18:7a:67:9e:ab:b1:6b:8c:14:74:85:98:ab:a9:e8:
                    ea:37:ad:51:47:fb:1f:d8:69:08:9a:0d:c9:93:60:
                    db:6b:1e:4d:e7:6f:09:70:88:81:78:08:11:02:b6:
                    6d:b2:69:ed:a2:64:11:64:2b:bc:01:f2:61:d3:5e:
                    4c:d2:61:7f:d3:9b:e7:22:d6:af:be:7b:32:9f:86:
                    ca:96:ac:1f:a5:91:e9:25:64:2f:2d:9a:e3:5a:5a:
                    f8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:2A:20:26:14:C2:23:F6:64:5F:E3:05:B6:19:26:DF:3A:01:9A:2C
            X509v3 Authority Key Identifier:
                keyid:B8:72:DA:0F:9C:6C:56:86:A3:DB:9E:E1:24:A9:90:42:B0:A8:82:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uHLaD5xsVoaj257hJKmQQrCogtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/wSogJhTCI_ZkX-MFthkm3zoBmiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/uHLaD5xsVoaj257hJKmQQrCogtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.156.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2c:f1:33:6f:0a:c0:c2:de:cf:34:7c:0b:5f:a9:cd:bb:12:64:
         0a:ba:30:8b:2b:3b:13:cf:5f:b2:d7:d3:e6:d4:e5:6a:c3:f7:
         84:3b:67:10:6f:3d:ac:ad:50:3f:a3:04:61:ec:c7:53:68:d5:
         fd:86:46:d2:9a:21:72:ca:fe:d8:dd:2c:a4:bf:94:19:66:f4:
         f8:70:f6:64:4e:d4:eb:a8:30:98:37:2d:3e:22:1e:4a:76:b9:
         e8:0c:10:4a:a9:1e:fc:12:12:50:5d:ee:89:64:f0:83:db:46:
         f3:25:63:74:2e:38:8e:59:3f:be:5b:c3:92:22:be:31:c6:97:
         68:95:d0:aa:62:24:c5:4b:cc:0e:8e:c9:16:e3:f0:3f:48:90:
         8f:08:61:43:1e:7b:ff:45:f7:f8:69:f7:cf:06:31:3e:14:0a:
         eb:7b:a7:fc:09:77:7d:a9:a8:1a:d5:57:36:13:ad:a8:f5:d7:
         5d:e3:9f:15:48:a0:83:e6:aa:23:d3:00:3b:5b:2e:88:87:71:
         66:22:00:6f:06:85:84:20:2c:95:66:c8:a2:89:5c:be:6b:85:
         b6:30:b7:6d:d3:fd:15:6e:06:b7:af:8e:a9:90:b8:7a:14:ed:
         6c:05:88:90:38:db:0d:6f:ee:50:a4:55:b2:e9:b3:de:8f:44:
         02:81:db:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1pMkII1VGUWvsli/stDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NzJkYTBmOWM2YzU2ODZhM2RiOWVlMTI0YTk5MDQyYjBh
ODgyZDEwHhcNMjQwMTAxMTgzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTJhMjAyNjE0YzIyM2Y2NjQ1ZmUzMDViNjE5MjZkZjNhMDE5YTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4sDoxUIUsrDldsdGNqCmVYct/gC
f3AbE1fwY2nPQjW3c81gi9CMJR/178ItkYURuSBcJNYZfj35f1pM6w8fpxyY2NFC
PjBd2r+S1mdO2BALs2nQN5AswtYgogg+C9GL9JHiYk1/GUnq1oWyJNhN+SdqRi9d
ZmLat2Nejt/8ANgSCIuGmsOlMvm9Jj/YVLutxH+5Kkx2xBpcHadnzwuihLBrECEY
emeeq7FrjBR0hZirqejqN61RR/sf2GkImg3Jk2Dbax5N528JcIiBeAgRArZtsmnt
omQRZCu8AfJh015M0mF/05vnItavvnsyn4bKlqwfpZHpJWQvLZrjWlr4+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEqICYUwiP2ZF/jBbYZJt86AZosMB8GA1UdIwQY
MBaAFLhy2g+cbFaGo9ue4SSpkEKwqILRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUhMYUQ1eHNWb2FqMjU3aEpLbVFRckNvZ3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yNzE2ZWMtNTY1Ny00ZjU2LThmNDMt
ZTIzMTAzYTg4MDUyLzEvd1NvZ0poVENJX1prWC1NRnRoa20zem9CbWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yNzE2ZWMtNTY1Ny00ZjU2LThmNDMtZTIzMTAzYTg4MDUy
LzEvdUhMYUQ1eHNWb2FqMjU3aEpLbVFRckNvZ3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1ZwQMA0G
CSqGSIb3DQEBCwUAA4IBAQAs8TNvCsDC3s80fAtfqc27EmQKujCLKzsTz1+y19Pm
1OVqw/eEO2cQbz2srVA/owRh7MdTaNX9hkbSmiFyyv7Y3Sykv5QZZvT4cPZkTtTr
qDCYNy0+Ih5KdrnoDBBKqR78EhJQXe6JZPCD20bzJWN0LjiOWT++W8OSIr4xxpdo
ldCqYiTFS8wOjskW4/A/SJCPCGFDHnv/Rff4affPBjE+FArre6f8CXd9qaga1Vc2
E62o9ddd458VSKCD5qoj0wA7Wy6Ih3FmIgBvBoWEICyVZsiiiVy+a4W2MLdt0/0V
bga3r46pkLh6FO1sBYiQONsNb+5QpFWy6bPej0QCgduT
-----END CERTIFICATE-----