Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/O2TZ5bse0Gey-UyEFjsalpiIe5o.roa
File:                     O2TZ5bse0Gey-UyEFjsalpiIe5o.roa (raw, json)
Hash identifier:          t9dZwRDtI4dvQIhI+TXecPtTzU7JTy+Z+BGJg9U9r0w=
Subject key identifier:   3B:64:D9:E5:BB:1E:D0:67:B2:F9:4C:84:16:3B:1A:96:98:88:7B:9A
Certificate issuer:       /CN=d594e95fa59b52b599dba406d7b76f383ca90fa8
Certificate serial:       018CC86F0B3B4294036E915C1B18B2E7A6E1
Authority key identifier: D5:94:E9:5F:A5:9B:52:B5:99:DB:A4:06:D7:B7:6F:38:3C:A9:0F:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1ZTpX6WbUrWZ26QG17dvODypD6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/O2TZ5bse0Gey-UyEFjsalpiIe5o.roa
Signing time:             Tue 02 Jan 2024 04:29:29 +0000
ROA not before:           Tue 02 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208446
IP address blocks:        185.137.99.0/24 maxlen: 24
                          2a12:7c40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/1ZTpX6WbUrWZ26QG17dvODypD6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/1ZTpX6WbUrWZ26QG17dvODypD6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1ZTpX6WbUrWZ26QG17dvODypD6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0b:3b:42:94:03:6e:91:5c:1b:18:b2:e7:a6:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d594e95fa59b52b599dba406d7b76f383ca90fa8
        Validity
            Not Before: Jan  2 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b64d9e5bb1ed067b2f94c84163b1a9698887b9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cd:bd:ce:3c:4c:a0:42:d1:59:6a:f7:dc:0d:
                    4e:c4:01:51:a3:9a:8c:41:90:e8:a5:fb:ed:4a:54:
                    27:f3:a9:06:a3:23:2c:dc:4c:50:13:48:ca:9b:30:
                    29:2d:29:ec:14:ea:a4:78:a6:82:1e:9a:93:b0:78:
                    c6:c3:81:3c:b8:77:26:70:a7:ea:d6:7f:bc:95:3d:
                    87:36:b9:ef:ff:33:c1:f8:30:c0:57:e1:d5:0a:e0:
                    5a:0a:bd:8e:6a:9a:a4:eb:c1:00:f1:0b:26:66:c9:
                    05:62:60:fc:0b:b0:e6:cb:37:c9:55:5f:97:17:03:
                    3e:86:56:96:ad:2a:7f:1d:05:25:f7:c6:94:4c:bb:
                    f7:a5:73:d0:ef:39:1d:72:e0:e1:f4:22:c0:de:64:
                    18:80:7a:18:24:d5:31:dd:bc:91:fe:9d:b6:fc:f5:
                    e0:91:4a:bf:9f:22:c5:fc:3d:4c:08:59:ff:74:8b:
                    c0:bb:35:b3:ce:6d:29:d6:82:87:42:c7:30:ac:9b:
                    71:4c:98:ea:f6:a9:67:06:b3:22:39:8f:88:c8:0e:
                    45:5c:b9:6e:a6:0f:8e:3c:a9:7c:72:d4:79:0b:25:
                    8e:66:34:dd:10:82:2f:97:37:f3:fb:1a:de:8d:08:
                    64:0f:2d:1f:15:cd:88:75:32:65:d2:cf:64:dd:77:
                    1a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:64:D9:E5:BB:1E:D0:67:B2:F9:4C:84:16:3B:1A:96:98:88:7B:9A
            X509v3 Authority Key Identifier:
                keyid:D5:94:E9:5F:A5:9B:52:B5:99:DB:A4:06:D7:B7:6F:38:3C:A9:0F:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1ZTpX6WbUrWZ26QG17dvODypD6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/O2TZ5bse0Gey-UyEFjsalpiIe5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/1ZTpX6WbUrWZ26QG17dvODypD6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.99.0/24
                IPv6:
                  2a12:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:a5:d0:30:55:ef:d3:24:64:f1:ac:f4:64:3e:5b:11:1a:8b:
         5a:e0:b7:1d:44:29:b4:5f:38:f8:fa:93:38:3c:04:31:2d:81:
         b0:d9:98:ec:88:73:88:74:0a:36:35:48:f3:9c:d4:af:36:22:
         15:1c:ea:b1:b5:cd:94:5c:e4:dc:94:68:a0:fc:35:43:46:b0:
         48:14:3a:ea:5d:56:59:0f:d9:ae:f7:e0:6f:f8:76:c6:0b:9a:
         e2:95:59:ff:2a:5a:96:ca:8e:9c:a6:a9:77:db:a5:d7:1a:c6:
         a9:fa:08:93:ef:76:8c:2f:f1:80:77:88:5b:23:3f:27:19:dd:
         1a:c3:5f:92:b3:4c:f5:53:d8:80:3e:e7:33:d3:8b:0c:06:aa:
         8d:09:e0:e0:a8:11:bf:e9:db:f8:91:99:b0:88:c5:c9:00:60:
         e2:37:9f:8d:de:da:a7:aa:a1:32:b4:46:7d:b2:8b:7a:e5:a6:
         02:03:09:a7:1a:ce:95:d1:d4:11:7d:93:18:32:b5:5f:11:37:
         82:72:85:4b:3e:5a:f5:53:fb:7b:b2:d6:5c:a8:d5:11:36:70:
         67:3e:1a:fa:60:be:6f:3e:11:7c:0d:c2:8c:a9:6c:df:87:b2:
         0d:1b:0b:17:8f:4c:43:b0:33:c8:4b:e1:03:54:51:60:9b:8a:
         6b:00:79:eb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbws7QpQDbpFcGxiy56bhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1OTRlOTVmYTU5YjUyYjU5OWRiYTQwNmQ3Yjc2ZjM4M2Nh
OTBmYTgwHhcNMjQwMTAyMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjY0ZDllNWJiMWVkMDY3YjJmOTRjODQxNjNiMWE5Njk4ODg3YjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsM29zjxMoELRWWr33A1OxAFRo5qM
QZDopfvtSlQn86kGoyMs3ExQE0jKmzApLSnsFOqkeKaCHpqTsHjGw4E8uHcmcKfq
1n+8lT2HNrnv/zPB+DDAV+HVCuBaCr2Oapqk68EA8QsmZskFYmD8C7DmyzfJVV+X
FwM+hlaWrSp/HQUl98aUTLv3pXPQ7zkdcuDh9CLA3mQYgHoYJNUx3byR/p22/PXg
kUq/nyLF/D1MCFn/dIvAuzWzzm0p1oKHQscwrJtxTJjq9qlnBrMiOY+IyA5FXLlu
pg+OPKl8ctR5CyWOZjTdEIIvlzfz+xrejQhkDy0fFc2IdTJl0s9k3XcatwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDtk2eW7HtBnsvlMhBY7GpaYiHuaMB8GA1UdIwQY
MBaAFNWU6V+lm1K1mdukBte3bzg8qQ+oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVpUcFg2V2JVcldaMjZRRzE3ZHZPRHlwRDZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9lZWRiY2QtYWIxOC00YWIzLWI1ZGQt
ZTNiMGI0MWUyNWM1LzEvTzJUWjVic2UwR2V5LVV5RUZqc2FscGlJZTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9lZWRiY2QtYWIxOC00YWIzLWI1ZGQtZTNiMGI0MWUyNWM1
LzEvMVpUcFg2V2JVcldaMjZRRzE3ZHZPRHlwRDZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYljMA0E
AgACMAcDBQMqEnxAMA0GCSqGSIb3DQEBCwUAA4IBAQBPpdAwVe/TJGTxrPRkPlsR
Gota4LcdRCm0Xzj4+pM4PAQxLYGw2ZjsiHOIdAo2NUjznNSvNiIVHOqxtc2UXOTc
lGig/DVDRrBIFDrqXVZZD9mu9+Bv+HbGC5rilVn/KlqWyo6cpql326XXGsap+giT
73aML/GAd4hbIz8nGd0aw1+Ss0z1U9iAPucz04sMBqqNCeDgqBG/6dv4kZmwiMXJ
AGDiN5+N3tqnqqEytEZ9sot65aYCAwmnGs6V0dQRfZMYMrVfETeCcoVLPlr1U/t7
stZcqNURNnBnPhr6YL5vPhF8DcKMqWzfh7INGwsXj0xDsDPIS+EDVFFgm4prAHnr
-----END CERTIFICATE-----