Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/C-07o9zYj3864GUGzezFOaqaNPU.roa
File:                     C-07o9zYj3864GUGzezFOaqaNPU.roa (raw, json)
Hash identifier:          W7Ah1n8RLvSuGN6rGn9l+B0Oi0aU42ed1baMU9y2l0w=
Subject key identifier:   0B:ED:3B:A3:DC:D8:8F:7F:3A:E0:65:06:CD:EC:C5:39:AA:9A:34:F5
Certificate issuer:       /CN=5f99fde0d63b11b5c2dd816c0f93c2ea58350336
Certificate serial:       018CC3491AC46944812CBD0F5D979C80AA6A
Authority key identifier: 5F:99:FD:E0:D6:3B:11:B5:C2:DD:81:6C:0F:93:C2:EA:58:35:03:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/C-07o9zYj3864GUGzezFOaqaNPU.roa
Signing time:             Mon 01 Jan 2024 04:29:57 +0000
ROA not before:           Mon 01 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8542
IP address blocks:        185.81.12.0/22 maxlen: 22
                          2a00:ce60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1a:c4:69:44:81:2c:bd:0f:5d:97:9c:80:aa:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f99fde0d63b11b5c2dd816c0f93c2ea58350336
        Validity
            Not Before: Jan  1 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bed3ba3dcd88f7f3ae06506cdecc539aa9a34f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:db:89:9f:d4:73:1e:13:74:9e:19:82:aa:04:
                    8a:e5:76:7f:73:15:17:9e:95:f2:ec:42:a2:e0:2b:
                    89:e2:e4:aa:18:77:ba:51:f4:a9:5c:5f:b2:93:01:
                    6c:bb:71:77:e7:3a:f4:da:11:23:5e:c8:51:99:99:
                    d5:d3:df:f9:90:58:17:eb:7b:ec:47:78:70:bc:6e:
                    d8:7d:54:d6:52:f6:3d:bf:d5:56:0d:b2:ca:9d:ab:
                    d9:41:ee:6f:eb:ac:93:a4:b9:91:86:80:ff:e9:c7:
                    e3:3f:12:06:ca:a8:e1:b2:27:8f:ef:35:6c:a8:09:
                    37:4d:89:e6:da:d2:44:47:9a:77:78:c8:bb:1e:94:
                    a6:fc:8d:bb:de:cc:1b:d7:47:e8:02:f9:8f:44:5e:
                    05:96:b2:48:9d:0d:b6:64:ff:21:a5:86:33:59:6a:
                    34:71:be:33:1c:1e:65:da:50:6d:69:b1:aa:3d:3a:
                    48:e2:ec:bb:58:f3:c2:c7:e9:45:81:4e:4d:cb:2f:
                    34:4e:c4:d1:99:21:42:bf:50:2a:15:e1:d0:62:82:
                    af:e2:28:be:3b:11:ea:56:53:58:8f:ab:ae:13:32:
                    d3:8e:bc:3a:37:7d:b5:bf:a4:96:a9:ac:7b:f8:ca:
                    64:da:06:0a:42:05:8a:fb:91:d0:6c:be:bd:b8:09:
                    76:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:ED:3B:A3:DC:D8:8F:7F:3A:E0:65:06:CD:EC:C5:39:AA:9A:34:F5
            X509v3 Authority Key Identifier:
                keyid:5F:99:FD:E0:D6:3B:11:B5:C2:DD:81:6C:0F:93:C2:EA:58:35:03:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/C-07o9zYj3864GUGzezFOaqaNPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.12.0/22
                IPv6:
                  2a00:ce60::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:3f:59:97:aa:00:71:38:9d:a5:22:0d:22:eb:c8:57:7b:f0:
         39:f8:25:bf:76:db:80:74:31:17:60:b4:13:99:b8:d4:3d:75:
         42:15:e4:82:07:55:71:c0:5c:3b:37:dc:ea:74:98:e2:e7:4d:
         dd:03:c5:02:fc:f9:2f:21:3b:fb:cc:a3:e2:fe:5b:cf:b7:eb:
         0b:66:e5:04:70:85:92:c8:3d:be:03:c8:96:22:76:e2:88:08:
         dc:0f:15:da:44:05:70:e7:8f:58:c2:96:58:b8:e9:02:c8:4a:
         a0:5d:8e:9f:d9:e0:2d:4b:76:ad:d8:b3:7e:0f:06:cd:44:45:
         3e:ba:fd:fb:f7:2c:15:23:4a:bf:aa:68:3f:40:3d:d5:0e:e7:
         b8:d9:74:d1:8c:cd:59:ba:39:51:95:a7:7a:f8:b5:dc:16:70:
         80:31:c2:50:52:33:fd:bb:3d:1b:15:df:b7:04:96:f5:7d:83:
         27:7e:20:36:09:b9:91:e1:25:b2:4f:5b:c0:d0:77:af:2e:0c:
         ad:db:e6:6c:69:3b:01:76:0e:03:bf:6e:6b:0d:5e:5b:e9:38:
         6f:17:bd:7b:19:48:7a:b7:d6:09:61:3e:62:16:6e:33:80:8b:
         a7:49:cb:25:76:c8:45:99:17:a3:5a:0c:a4:85:f4:31:11:8d:
         7b:d7:e3:de
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSRrEaUSBLL0PXZecgKpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTlmZGUwZDYzYjExYjVjMmRkODE2YzBmOTNjMmVhNTgz
NTAzMzYwHhcNMjQwMTAxMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmVkM2JhM2RjZDg4ZjdmM2FlMDY1MDZjZGVjYzUzOWFhOWEzNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAituJn9RzHhN0nhmCqgSK5XZ/cxUX
npXy7EKi4CuJ4uSqGHe6UfSpXF+ykwFsu3F35zr02hEjXshRmZnV09/5kFgX63vs
R3hwvG7YfVTWUvY9v9VWDbLKnavZQe5v66yTpLmRhoD/6cfjPxIGyqjhsieP7zVs
qAk3TYnm2tJER5p3eMi7HpSm/I273swb10foAvmPRF4FlrJInQ22ZP8hpYYzWWo0
cb4zHB5l2lBtabGqPTpI4uy7WPPCx+lFgU5Nyy80TsTRmSFCv1AqFeHQYoKv4ii+
OxHqVlNYj6uuEzLTjrw6N321v6SWqax7+Mpk2gYKQgWK+5HQbL69uAl2RQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAvtO6Pc2I9/OuBlBs3sxTmqmjT1MB8GA1UdIwQY
MBaAFF+Z/eDWOxG1wt2BbA+TwupYNQM2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVuOTROWTdFYlhDM1lGc0Q1UEM2bGcxQXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9mMTE2ZDctODUxOS00OTI0LThkMWQt
NGM3N2Q2MDVhZmVjLzEvQy0wN285ellqMzg2NEdVR3plekZPYXFhTlBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9mMTE2ZDctODUxOS00OTI0LThkMWQtNGM3N2Q2MDVhZmVj
LzEvWDVuOTROWTdFYlhDM1lGc0Q1UEM2bGcxQXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVEMMA0E
AgACMAcDBQAqAM5gMA0GCSqGSIb3DQEBCwUAA4IBAQBiP1mXqgBxOJ2lIg0i68hX
e/A5+CW/dtuAdDEXYLQTmbjUPXVCFeSCB1VxwFw7N9zqdJji503dA8UC/PkvITv7
zKPi/lvPt+sLZuUEcIWSyD2+A8iWInbiiAjcDxXaRAVw549YwpZYuOkCyEqgXY6f
2eAtS3at2LN+DwbNREU+uv379ywVI0q/qmg/QD3VDue42XTRjM1ZujlRlad6+LXc
FnCAMcJQUjP9uz0bFd+3BJb1fYMnfiA2CbmR4SWyT1vA0HevLgyt2+ZsaTsBdg4D
v25rDV5b6ThvF717GUh6t9YJYT5iFm4zgIunScsldshFmRejWgykhfQxEY171+Pe
-----END CERTIFICATE-----