Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/AoxcLgyQLE_zR-_SOaReq0gcaQk.roa
File:                     AoxcLgyQLE_zR-_SOaReq0gcaQk.roa (raw, json)
Hash identifier:          SgB8ZHO2zDVNn50G9zLaOQKhefiCQk0e4nY3/DeuqTs=
Subject key identifier:   02:8C:5C:2E:0C:90:2C:4F:F3:47:EF:D2:39:A4:5E:AB:48:1C:69:09
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500AF882F084E21380827A545E48BC4
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/AoxcLgyQLE_zR-_SOaReq0gcaQk.roa
Signing time:             Mon 01 Jan 2024 12:30:05 +0000
ROA not before:           Mon 01 Jan 2024 12:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        212.115.126.0/24 maxlen: 24
                          212.115.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:05:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:af:88:2f:08:4e:21:38:08:27:a5:45:e4:8b:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=028c5c2e0c902c4ff347efd239a45eab481c6909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5d:51:8c:e3:21:d9:85:96:99:02:14:20:35:
                    eb:37:13:ad:1c:26:22:f7:a0:86:3c:6f:c6:a0:1a:
                    92:4d:cb:1f:2b:9f:34:41:ee:12:30:9c:ff:ae:c3:
                    39:b3:ef:fe:8d:17:ad:69:26:3b:a1:70:89:46:ee:
                    16:c9:2f:72:97:c5:82:e5:34:0f:bf:9e:7e:37:31:
                    b7:53:28:f7:8f:39:ea:06:c6:b0:c4:88:ba:8f:e6:
                    88:01:08:c4:40:87:bf:82:21:a8:9a:19:9e:d9:33:
                    dc:71:75:ef:87:ca:7e:48:e2:7b:04:31:2a:0c:ea:
                    f3:a9:a7:5b:85:eb:e9:2f:7d:0b:7d:80:2a:99:74:
                    97:d3:38:84:8f:ad:55:d7:93:d0:11:8d:87:0b:c8:
                    e8:f0:74:d1:1b:66:1a:49:01:a4:aa:b2:04:7b:1d:
                    4a:2c:3d:cb:7f:66:76:a6:a5:bb:6c:4f:1f:d7:be:
                    fb:03:ec:fc:0e:f1:e9:43:df:18:41:f4:0b:f5:85:
                    b6:fc:cc:d4:3b:ab:f1:6b:42:b3:00:41:2f:83:22:
                    b8:6a:f5:03:5f:04:bd:65:60:1f:fc:f0:ce:9d:7a:
                    a7:cf:fe:6f:e3:7b:87:87:e3:76:90:de:7c:7d:65:
                    9f:e5:cd:48:92:4a:ca:4e:a0:e0:0e:4a:74:b0:4e:
                    6c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:8C:5C:2E:0C:90:2C:4F:F3:47:EF:D2:39:A4:5E:AB:48:1C:69:09
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/AoxcLgyQLE_zR-_SOaReq0gcaQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.115.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:09:79:fc:11:15:48:3f:21:77:c0:5d:ef:85:6d:fd:1b:dc:
         9c:1d:2e:f3:d8:24:35:72:8f:bf:b8:37:18:49:27:c3:15:af:
         cc:4a:9c:1e:25:56:93:b2:a8:2b:e9:71:eb:79:8d:7b:7c:6d:
         ca:a6:61:98:16:29:ce:db:32:ba:98:c9:51:53:a7:be:17:c3:
         b1:09:cd:7a:de:c1:f9:9a:9a:71:6c:c6:53:c9:e0:b6:cd:18:
         67:2c:c7:35:34:ff:2c:1a:a1:51:d6:c6:34:b1:90:d7:dd:fe:
         58:4b:a6:cd:55:90:28:59:04:7d:c5:a2:61:2b:f4:99:df:a2:
         b4:be:d4:38:af:a7:c3:6a:7c:60:6f:d4:d7:b4:cd:e8:1d:c1:
         b5:4b:5b:be:d9:d8:ad:bd:be:bd:ce:e0:b6:b4:e7:d8:0b:6a:
         9d:d6:15:7a:02:c1:e8:4f:70:11:a9:fb:67:5e:82:99:46:1b:
         35:06:81:35:a1:a2:46:aa:cb:4d:eb:20:92:ef:7a:43:63:40:
         a9:aa:7e:b6:b7:8c:10:54:56:81:2b:1c:b6:62:f6:de:3a:ff:
         f4:6f:de:af:46:3f:7c:0e:7b:4b:b7:67:3f:f9:76:67:1d:7f:
         01:9e:e4:94:f9:f1:d5:6f:83:3b:4a:cd:71:a8:8a:26:61:55:
         1a:58:93:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAK+ILwhOITgIJ6VF5IvEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjhjNWMyZTBjOTAyYzRmZjM0N2VmZDIzOWE0NWVhYjQ4MWM2OTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsV1RjOMh2YWWmQIUIDXrNxOtHCYi
96CGPG/GoBqSTcsfK580Qe4SMJz/rsM5s+/+jRetaSY7oXCJRu4WyS9yl8WC5TQP
v55+NzG3Uyj3jznqBsawxIi6j+aIAQjEQIe/giGomhme2TPccXXvh8p+SOJ7BDEq
DOrzqadbhevpL30LfYAqmXSX0ziEj61V15PQEY2HC8jo8HTRG2YaSQGkqrIEex1K
LD3Lf2Z2pqW7bE8f1777A+z8DvHpQ98YQfQL9YW2/MzUO6vxa0KzAEEvgyK4avUD
XwS9ZWAf/PDOnXqnz/5v43uHh+N2kN58fWWf5c1IkkrKTqDgDkp0sE5sKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKMXC4MkCxP80fv0jmkXqtIHGkJMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvQW94Y0xneVFMRV96Ui1fU09hUmVxMGdjYVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HN+MA0G
CSqGSIb3DQEBCwUAA4IBAQBKCXn8ERVIPyF3wF3vhW39G9ycHS7z2CQ1co+/uDcY
SSfDFa/MSpweJVaTsqgr6XHreY17fG3KpmGYFinO2zK6mMlRU6e+F8OxCc163sH5
mppxbMZTyeC2zRhnLMc1NP8sGqFR1sY0sZDX3f5YS6bNVZAoWQR9xaJhK/SZ36K0
vtQ4r6fDanxgb9TXtM3oHcG1S1u+2ditvb69zuC2tOfYC2qd1hV6AsHoT3ARqftn
XoKZRhs1BoE1oaJGqstN6yCS73pDY0Cpqn62t4wQVFaBKxy2YvbeOv/0b96vRj98
DntLt2c/+XZnHX8BnuSU+fHVb4M7Ss1xqIomYVUaWJP7
-----END CERTIFICATE-----