Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/R0SxZzCKG1-pX1we86098LgpkvI.roa
File:                     R0SxZzCKG1-pX1we86098LgpkvI.roa (raw, json)
Hash identifier:          WAapHnCKFuVM9mgvthpV+H31epV6KytQ7huCEAdw81w=
Subject key identifier:   47:44:B1:67:30:8A:1B:5F:A9:5F:5C:1E:F3:AD:3D:F0:B8:29:92:F2
Certificate issuer:       /CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
Certificate serial:       018CC5011D21A003DD653B56B763387BE6A6
Authority key identifier: 0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/R0SxZzCKG1-pX1we86098LgpkvI.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34136
IP address blocks:        212.110.138.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1d:21:a0:03:dd:65:3b:56:b7:63:38:7b:e6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4744b167308a1b5fa95f5c1ef3ad3df0b82992f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:13:04:4a:49:df:40:a0:51:ab:48:1f:ea:ed:
                    fe:e2:8c:77:c6:18:69:94:8e:6f:85:6c:8c:e4:1b:
                    af:27:d6:26:01:4e:6e:bb:a7:0c:7c:23:e8:f2:f8:
                    ab:4c:8c:f5:4f:82:6e:c7:1b:58:f3:c5:91:80:64:
                    f4:f4:50:a9:67:de:ad:f1:83:94:5d:df:46:a7:bb:
                    40:eb:ae:5a:02:7e:34:d6:84:5b:52:8b:55:7f:44:
                    6b:32:3c:71:d8:6e:45:74:9e:b8:38:2d:51:79:8d:
                    dc:2b:28:77:b9:e7:1c:47:66:c9:d4:b7:b1:44:ca:
                    07:20:32:4f:71:ab:db:a6:a5:9e:8f:3b:f5:db:bc:
                    4b:48:cc:aa:61:bd:1e:d9:87:31:d1:0b:c1:d3:0f:
                    2f:87:e8:5c:5d:5c:fd:15:7d:30:bc:dd:80:7c:37:
                    08:24:0e:14:fe:82:7b:a0:aa:58:43:b1:a2:9d:ff:
                    c6:4f:ed:44:6a:6b:67:e7:03:5c:f9:4c:85:1b:6f:
                    c3:27:19:8f:fe:9d:4f:db:c9:55:99:c7:d5:15:6b:
                    b5:50:4e:2e:5b:6a:53:71:59:a7:54:be:17:98:50:
                    9e:f5:ab:c4:cb:8f:34:64:d1:f5:58:79:8b:b5:42:
                    97:7b:3b:69:74:a2:53:3e:56:77:c4:46:03:a7:d1:
                    42:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:44:B1:67:30:8A:1B:5F:A9:5F:5C:1E:F3:AD:3D:F0:B8:29:92:F2
            X509v3 Authority Key Identifier:
                keyid:0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/R0SxZzCKG1-pX1we86098LgpkvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.110.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:2c:d4:cd:5d:ba:d8:64:5e:46:59:f8:ea:d2:e3:92:d8:e7:
         05:e0:d2:47:93:e3:51:0c:c8:3d:22:59:0b:9f:a6:f2:68:83:
         c3:0f:48:b5:75:5c:82:e2:6c:a9:7c:30:6f:8b:54:51:a2:a4:
         4e:64:59:91:58:77:d5:15:c9:9e:98:2a:50:35:38:9e:36:20:
         95:71:db:53:43:00:ea:cd:c2:54:8f:46:c2:09:50:25:90:26:
         b0:b0:09:cc:2f:99:4b:56:42:1b:8f:a4:f5:c3:3b:00:b6:f1:
         9e:1d:7f:8e:4c:5b:5e:ec:57:4b:7c:fd:5c:12:86:0a:63:36:
         ab:6a:e6:2a:8e:b2:af:60:92:3c:a8:a5:bc:50:81:e1:80:04:
         22:ac:10:22:c9:8e:b4:d1:ef:2d:3f:0c:cb:82:f4:fe:e6:bb:
         f8:f3:e9:20:8f:ea:f7:9c:a2:25:1f:d2:58:ae:ae:71:44:e0:
         53:14:80:46:3a:34:4a:49:14:31:f6:ef:c2:a1:9e:e4:3d:f6:
         fa:a3:3a:8c:5c:cb:3c:ab:18:12:c4:b4:e5:65:51:15:eb:ba:
         04:3b:48:f7:1a:43:98:9b:8d:81:dc:07:58:3b:bc:4e:57:c9:
         29:c8:8a:95:3d:c1:1f:1c:fc:ea:27:c1:b4:a0:4c:3b:8f:94:
         50:2d:6f:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAR0hoAPdZTtWt2M4e+amMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkODcxNDJiZGMyYjNmMGQwODQ4YTBkODAwYjY5MzBiMWFi
YjM0YmMwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQ0YjE2NzMwOGExYjVmYTk1ZjVjMWVmM2FkM2RmMGI4Mjk5MmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxMESknfQKBRq0gf6u3+4ox3xhhp
lI5vhWyM5BuvJ9YmAU5uu6cMfCPo8virTIz1T4JuxxtY88WRgGT09FCpZ96t8YOU
Xd9Gp7tA665aAn401oRbUotVf0RrMjxx2G5FdJ64OC1ReY3cKyh3ueccR2bJ1Lex
RMoHIDJPcavbpqWejzv127xLSMyqYb0e2Ycx0QvB0w8vh+hcXVz9FX0wvN2AfDcI
JA4U/oJ7oKpYQ7Ginf/GT+1Eamtn5wNc+UyFG2/DJxmP/p1P28lVmcfVFWu1UE4u
W2pTcVmnVL4XmFCe9avEy480ZNH1WHmLtUKXeztpdKJTPlZ3xEYDp9FCHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdEsWcwihtfqV9cHvOtPfC4KZLyMB8GA1UdIwQY
MBaAFA2HFCvcKz8NCEig2AC2kwsauzS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQt
YTMxNzA4ZDQwMzkxLzEvUjBTeFp6Q0tHMS1wWDF3ZTg2MDk4TGdwa3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQtYTMxNzA4ZDQwMzkx
LzEvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1G6KMA0G
CSqGSIb3DQEBCwUAA4IBAQBHLNTNXbrYZF5GWfjq0uOS2OcF4NJHk+NRDMg9IlkL
n6byaIPDD0i1dVyC4mypfDBvi1RRoqROZFmRWHfVFcmemCpQNTieNiCVcdtTQwDq
zcJUj0bCCVAlkCawsAnML5lLVkIbj6T1wzsAtvGeHX+OTFte7FdLfP1cEoYKYzar
auYqjrKvYJI8qKW8UIHhgAQirBAiyY600e8tPwzLgvT+5rv48+kgj+r3nKIlH9JY
rq5xROBTFIBGOjRKSRQx9u/CoZ7kPfb6ozqMXMs8qxgSxLTlZVEV67oEO0j3GkOY
m42B3AdYO7xOV8kpyIqVPcEfHPzqJ8G0oEw7j5RQLW8B
-----END CERTIFICATE-----