Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/C3Dfqv5x1EqFnfYkHssFZU5w6cU.roa
File:                     C3Dfqv5x1EqFnfYkHssFZU5w6cU.roa (raw, json)
Hash identifier:          xmkyP1KaJTsBlorf7CK/kkRqBmnGjs7/B2+8U/fidio=
Subject key identifier:   0B:70:DF:AA:FE:71:D4:4A:85:9D:F6:24:1E:CB:05:65:4E:70:E9:C5
Certificate issuer:       /CN=2bbc002a2b359b1aa8879e1c4d70455b3192efac
Certificate serial:       018CC5DC2393AF8D9D7B75ED3990FE2EF83D
Authority key identifier: 2B:BC:00:2A:2B:35:9B:1A:A8:87:9E:1C:4D:70:45:5B:31:92:EF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K7wAKis1mxqoh54cTXBFWzGS76w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/C3Dfqv5x1EqFnfYkHssFZU5w6cU.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1257
IP address blocks:        159.72.192.0/18 maxlen: 18
                          159.72.0.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/K7wAKis1mxqoh54cTXBFWzGS76w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/K7wAKis1mxqoh54cTXBFWzGS76w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K7wAKis1mxqoh54cTXBFWzGS76w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:23:93:af:8d:9d:7b:75:ed:39:90:fe:2e:f8:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bbc002a2b359b1aa8879e1c4d70455b3192efac
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b70dfaafe71d44a859df6241ecb05654e70e9c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:de:b7:77:2b:4e:80:52:68:23:45:e6:06:54:
                    52:59:c7:fe:d0:c5:99:67:2e:95:c6:18:99:f0:6e:
                    17:d0:b9:28:6f:f7:6c:cf:fb:40:6f:ed:0a:32:e5:
                    8a:0a:9b:5f:18:54:bf:b7:ac:54:65:ad:3e:3d:a3:
                    c5:61:f0:3f:54:c0:20:12:70:44:0a:96:d5:09:22:
                    9a:8d:2f:63:d2:53:c6:e7:fe:e5:6c:4f:12:ba:21:
                    a5:e4:cd:6a:b6:59:49:37:2c:6e:50:5e:6d:38:a7:
                    ec:dd:4b:e2:21:a7:3b:31:a6:51:ce:02:3e:ab:52:
                    c0:fa:53:53:09:a8:27:0d:d7:a5:a8:06:8c:8e:6e:
                    c6:11:14:ac:11:eb:e7:ba:3c:ca:f1:dd:f1:23:17:
                    04:b5:56:17:35:d5:f0:23:4b:b5:82:84:3a:ed:91:
                    e5:73:6a:c1:47:de:96:4b:75:6b:61:14:99:9c:dc:
                    e3:13:a7:de:83:5a:02:fe:c0:68:d3:50:ea:6b:83:
                    9f:81:2c:d4:d1:51:b2:f7:3f:0b:9e:f2:5f:9c:4a:
                    64:f5:de:72:a7:7f:58:ad:51:78:b9:a8:90:39:d2:
                    22:ef:20:5c:c3:7d:3d:43:4f:84:36:49:d6:1e:13:
                    a5:fc:c0:6e:08:44:76:d8:31:40:05:29:d8:1e:c1:
                    20:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:70:DF:AA:FE:71:D4:4A:85:9D:F6:24:1E:CB:05:65:4E:70:E9:C5
            X509v3 Authority Key Identifier:
                keyid:2B:BC:00:2A:2B:35:9B:1A:A8:87:9E:1C:4D:70:45:5B:31:92:EF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K7wAKis1mxqoh54cTXBFWzGS76w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/C3Dfqv5x1EqFnfYkHssFZU5w6cU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/K7wAKis1mxqoh54cTXBFWzGS76w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.72.0.0/17
                  159.72.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         50:2b:de:ba:41:f1:34:4d:13:fa:91:b1:ca:fc:c7:55:c5:08:
         23:0d:54:72:29:19:5b:1b:9c:c3:c3:ef:37:43:e3:45:0c:f3:
         16:3b:da:0e:99:1c:03:61:55:ab:8e:ef:80:42:22:0f:c0:7a:
         3c:3a:cb:6c:23:ff:8f:0c:a5:73:4e:59:d9:01:d9:f5:6f:2a:
         51:60:bd:2b:34:6d:3e:50:7f:ed:c6:5b:47:8c:fb:a2:94:d0:
         31:0a:6f:8b:dc:16:9c:9a:67:8d:7f:b3:a7:9b:07:0b:41:ac:
         73:c1:18:77:a4:be:bc:47:2f:21:4d:d3:57:4a:90:ef:fe:32:
         9c:70:16:43:ae:d6:78:38:b8:fe:ca:54:62:3c:39:60:eb:b9:
         5f:d0:c0:9a:7f:f6:fd:d2:10:a4:79:59:a0:28:22:da:68:de:
         ca:5e:3e:60:5b:f5:a5:51:92:0f:2d:d5:d0:a0:e3:1d:0e:47:
         21:19:11:91:f8:32:9b:71:e6:8b:79:4c:a9:98:be:4c:eb:e1:
         17:dd:df:44:66:ba:44:b3:9f:5e:62:dc:73:a5:cf:50:76:2f:
         08:d3:40:62:8c:00:7b:f4:6e:a4:e7:e4:ed:84:b1:83:a9:ee:
         68:a2:52:c5:b7:08:99:b3:5c:69:c9:0f:2d:c5:87:48:0d:ee:
         4a:b7:ee:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3COTr42de3XtOZD+Lvg9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYmMwMDJhMmIzNTliMWFhODg3OWUxYzRkNzA0NTViMzE5
MmVmYWMwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjcwZGZhYWZlNzFkNDRhODU5ZGY2MjQxZWNiMDU2NTRlNzBlOWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm963dytOgFJoI0XmBlRSWcf+0MWZ
Zy6VxhiZ8G4X0Lkob/dsz/tAb+0KMuWKCptfGFS/t6xUZa0+PaPFYfA/VMAgEnBE
CpbVCSKajS9j0lPG5/7lbE8SuiGl5M1qtllJNyxuUF5tOKfs3UviIac7MaZRzgI+
q1LA+lNTCagnDdelqAaMjm7GERSsEevnujzK8d3xIxcEtVYXNdXwI0u1goQ67ZHl
c2rBR96WS3VrYRSZnNzjE6feg1oC/sBo01Dqa4OfgSzU0VGy9z8LnvJfnEpk9d5y
p39YrVF4uaiQOdIi7yBcw309Q0+ENknWHhOl/MBuCER22DFABSnYHsEgNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAtw36r+cdRKhZ32JB7LBWVOcOnFMB8GA1UdIwQY
MBaAFCu8ACorNZsaqIeeHE1wRVsxku+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzd3QUtpczFteHFvaDU0Y1RYQkZXekdTNzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83YzM3MjYtMmRiZS00MTc0LWIxNjQt
YTg5ODg5Y2U1Zjg0LzEvQzNEZnF2NXgxRXFGbmZZa0hzc0ZaVTV3NmNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83YzM3MjYtMmRiZS00MTc0LWIxNjQtYTg5ODg5Y2U1Zjg0
LzEvSzd3QUtpczFteHFvaDU0Y1RYQkZXekdTNzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQHn0gAAwQG
n0jAMA0GCSqGSIb3DQEBCwUAA4IBAQBQK966QfE0TRP6kbHK/MdVxQgjDVRyKRlb
G5zDw+83Q+NFDPMWO9oOmRwDYVWrju+AQiIPwHo8OstsI/+PDKVzTlnZAdn1bypR
YL0rNG0+UH/txltHjPuilNAxCm+L3BacmmeNf7OnmwcLQaxzwRh3pL68Ry8hTdNX
SpDv/jKccBZDrtZ4OLj+ylRiPDlg67lf0MCaf/b90hCkeVmgKCLaaN7KXj5gW/Wl
UZIPLdXQoOMdDkchGRGR+DKbceaLeUypmL5M6+EX3d9EZrpEs59eYtxzpc9Qdi8I
00BijAB79G6k5+TthLGDqe5oolLFtwiZs1xpyQ8txYdIDe5Kt+46
-----END CERTIFICATE-----