Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/19870f-866c-4420-ad08-30c9e202e995/1/0C_3G9FgStUKj8JixTnXmYLiwMY.roa
File:                     0C_3G9FgStUKj8JixTnXmYLiwMY.roa (raw, json)
Hash identifier:          GtN1iGqv5TjHK786gq4jQjFLwj1Qh89E48g9S3ne00g=
Subject key identifier:   D0:2F:F7:1B:D1:60:4A:D5:0A:8F:C2:62:C5:39:D7:99:82:E2:C0:C6
Certificate issuer:       /CN=ead799026094d60516b527d842b6166805668e9e
Certificate serial:       018CCA2BC8AF722EBDD2507105D78BD30F59
Authority key identifier: EA:D7:99:02:60:94:D6:05:16:B5:27:D8:42:B6:16:68:05:66:8E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6teZAmCU1gUWtSfYQrYWaAVmjp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/19870f-866c-4420-ad08-30c9e202e995/1/0C_3G9FgStUKj8JixTnXmYLiwMY.roa
Signing time:             Tue 02 Jan 2024 12:35:16 +0000
ROA not before:           Tue 02 Jan 2024 12:35:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43422
IP address blocks:        159.101.244.0/22 maxlen: 22
                          159.101.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/19870f-866c-4420-ad08-30c9e202e995/1/6teZAmCU1gUWtSfYQrYWaAVmjp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/19870f-866c-4420-ad08-30c9e202e995/1/6teZAmCU1gUWtSfYQrYWaAVmjp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6teZAmCU1gUWtSfYQrYWaAVmjp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c8:af:72:2e:bd:d2:50:71:05:d7:8b:d3:0f:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ead799026094d60516b527d842b6166805668e9e
        Validity
            Not Before: Jan  2 12:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d02ff71bd1604ad50a8fc262c539d79982e2c0c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:de:9c:ec:de:b6:9d:7c:14:ec:15:80:cb:b3:
                    50:21:e8:38:db:e9:6b:6e:7a:5c:c8:b7:40:3a:5f:
                    a6:1f:52:0c:e5:dd:22:f3:60:7e:7c:0e:28:c5:75:
                    ee:09:ad:10:f3:87:f0:cb:4e:52:93:84:2b:e4:4b:
                    1b:a3:0a:27:16:ad:e7:ef:18:44:3d:97:6d:9b:34:
                    af:30:87:d6:8b:f7:c5:99:8d:c7:8b:5f:b9:3b:0c:
                    de:bc:81:3f:a8:16:61:53:2d:7e:a8:f6:6c:30:2f:
                    77:fb:92:96:14:aa:51:7c:37:3f:a7:4a:64:32:98:
                    df:fd:c5:30:92:ed:48:62:1d:4b:62:a2:e7:c2:35:
                    b4:1e:4e:98:0d:87:64:9d:71:57:73:41:1f:1a:ed:
                    c3:8e:ad:99:4a:12:1c:bc:f0:47:8e:49:a7:99:d9:
                    d8:48:39:5d:fe:48:d2:45:c1:db:6c:1f:77:82:4b:
                    48:76:cf:90:5c:4e:a3:51:22:41:89:3f:49:2e:0b:
                    e4:f6:7f:5d:3f:c0:f3:c5:ae:b0:2d:26:1c:c6:4a:
                    ea:bf:2a:28:3b:0c:f0:6f:e5:70:dc:c1:92:a1:d2:
                    1b:71:c3:ab:51:a7:4a:1f:70:04:8d:40:d5:af:97:
                    2a:5b:a6:93:58:18:38:3c:2f:82:2d:e9:3e:f4:7e:
                    36:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:2F:F7:1B:D1:60:4A:D5:0A:8F:C2:62:C5:39:D7:99:82:E2:C0:C6
            X509v3 Authority Key Identifier:
                keyid:EA:D7:99:02:60:94:D6:05:16:B5:27:D8:42:B6:16:68:05:66:8E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6teZAmCU1gUWtSfYQrYWaAVmjp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/19870f-866c-4420-ad08-30c9e202e995/1/0C_3G9FgStUKj8JixTnXmYLiwMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/19870f-866c-4420-ad08-30c9e202e995/1/6teZAmCU1gUWtSfYQrYWaAVmjp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.101.244.0-159.101.251.255

    Signature Algorithm: sha256WithRSAEncryption
         23:6a:79:52:c5:45:37:c7:dd:05:5f:0c:0c:f3:f3:c5:3b:48:
         32:9d:25:ed:98:55:08:10:06:f3:b9:18:49:bd:a6:b9:4f:9a:
         41:f5:84:a1:82:69:c5:a6:a5:7f:ca:c6:45:3e:71:02:96:15:
         89:19:a5:06:a6:25:73:a4:38:83:a9:56:4a:c7:1f:b6:93:a2:
         07:f1:d5:00:f7:37:e2:6b:92:5a:74:1c:1e:9e:de:8a:a0:86:
         d5:4a:67:26:d2:fa:ac:4f:e4:d5:59:13:99:09:40:a5:2a:27:
         75:66:f1:a1:b3:f0:52:36:34:71:60:bc:80:c9:02:b3:dc:90:
         1e:34:7c:3b:a7:dd:be:c2:fc:c5:88:3d:0f:89:73:da:64:92:
         60:63:7a:c2:15:0f:72:24:36:cb:29:22:3c:cc:13:2d:eb:54:
         3b:20:8e:2e:88:c8:41:b1:0e:ed:85:d7:23:d7:11:81:32:5f:
         2c:1b:85:b0:ec:75:06:34:4f:3d:5c:7f:a1:d5:87:2e:0a:48:
         4b:d8:c1:9a:c7:84:3c:d5:b0:ea:05:a7:4e:e4:b9:b8:4a:f1:
         cc:eb:df:5d:e5:6b:74:48:33:bc:e3:a1:a2:13:7b:c0:d5:03:
         2f:c4:4c:27:5d:cc:5e:1b:21:e7:42:2d:f8:5e:2d:98:e2:9f:
         4e:d8:76:ba
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKK8ivci690lBxBdeL0w9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZDc5OTAyNjA5NGQ2MDUxNmI1MjdkODQyYjYxNjY4MDU2
NjhlOWUwHhcNMjQwMTAyMTIzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDJmZjcxYmQxNjA0YWQ1MGE4ZmMyNjJjNTM5ZDc5OTgyZTJjMGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt6c7N62nXwU7BWAy7NQIeg42+lr
bnpcyLdAOl+mH1IM5d0i82B+fA4oxXXuCa0Q84fwy05Sk4Qr5EsbowonFq3n7xhE
PZdtmzSvMIfWi/fFmY3Hi1+5OwzevIE/qBZhUy1+qPZsMC93+5KWFKpRfDc/p0pk
Mpjf/cUwku1IYh1LYqLnwjW0Hk6YDYdknXFXc0EfGu3Djq2ZShIcvPBHjkmnmdnY
SDld/kjSRcHbbB93gktIds+QXE6jUSJBiT9JLgvk9n9dP8Dzxa6wLSYcxkrqvyoo
Owzwb+Vw3MGSodIbccOrUadKH3AEjUDVr5cqW6aTWBg4PC+CLek+9H42/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNAv9xvRYErVCo/CYsU515mC4sDGMB8GA1UdIwQY
MBaAFOrXmQJglNYFFrUn2EK2FmgFZo6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnRlWkFtQ1UxZ1VXdFNmWVFyWVdhQVZtanA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xOTg3MGYtODY2Yy00NDIwLWFkMDgt
MzBjOWUyMDJlOTk1LzEvMENfM0c5RmdTdFVLajhKaXhUblhtWUxpd01ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xOTg3MGYtODY2Yy00NDIwLWFkMDgtMzBjOWUyMDJlOTk1
LzEvNnRlWkFtQ1UxZ1VXdFNmWVFyWVdhQVZtanA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKfZfQD
BAKfZfgwDQYJKoZIhvcNAQELBQADggEBACNqeVLFRTfH3QVfDAzz88U7SDKdJe2Y
VQgQBvO5GEm9prlPmkH1hKGCacWmpX/KxkU+cQKWFYkZpQamJXOkOIOpVkrHH7aT
ogfx1QD3N+Jrklp0HB6e3oqghtVKZybS+qxP5NVZE5kJQKUqJ3Vm8aGz8FI2NHFg
vIDJArPckB40fDun3b7C/MWIPQ+Jc9pkkmBjesIVD3IkNsspIjzMEy3rVDsgji6I
yEGxDu2F1yPXEYEyXywbhbDsdQY0Tz1cf6HVhy4KSEvYwZrHhDzVsOoFp07kubhK
8czr313la3RIM7zjoaITe8DVAy/ETCddzF4bIedCLfheLZjin07Ydro=
-----END CERTIFICATE-----