Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/a587e1-4187-4b1b-b605-7acb83199967/1/cpLSd6188Ka3T8fFLt_H-1a7kP8.roa
File:                     cpLSd6188Ka3T8fFLt_H-1a7kP8.roa (raw, json)
Hash identifier:          tNYmCYxqBJK08gwUDQkQyN/gKBIRIAio9QBU31PacN4=
Subject key identifier:   72:92:D2:77:AD:7C:F0:A6:B7:4F:C7:C5:2E:DF:C7:FB:56:BB:90:FF
Certificate issuer:       /CN=7e862a8ca5acbd6c5dfc24126c33aa0a94e0e1f2
Certificate serial:       018CCA2B454D58A8ECF97683D7AEAA93048E
Authority key identifier: 7E:86:2A:8C:A5:AC:BD:6C:5D:FC:24:12:6C:33:AA:0A:94:E0:E1:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/foYqjKWsvWxd_CQSbDOqCpTg4fI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/a587e1-4187-4b1b-b605-7acb83199967/1/cpLSd6188Ka3T8fFLt_H-1a7kP8.roa
Signing time:             Tue 02 Jan 2024 12:34:42 +0000
ROA not before:           Tue 02 Jan 2024 12:34:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15474
IP address blocks:        160.210.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/a587e1-4187-4b1b-b605-7acb83199967/1/foYqjKWsvWxd_CQSbDOqCpTg4fI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/a587e1-4187-4b1b-b605-7acb83199967/1/foYqjKWsvWxd_CQSbDOqCpTg4fI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/foYqjKWsvWxd_CQSbDOqCpTg4fI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:45:4d:58:a8:ec:f9:76:83:d7:ae:aa:93:04:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e862a8ca5acbd6c5dfc24126c33aa0a94e0e1f2
        Validity
            Not Before: Jan  2 12:34:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7292d277ad7cf0a6b74fc7c52edfc7fb56bb90ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d1:e6:6e:db:9a:ae:a6:4a:2d:9a:48:fc:2b:
                    65:7a:bb:c3:4d:29:b5:42:13:ec:bd:16:8a:ae:b6:
                    71:d8:43:42:39:0e:6b:dd:1d:6a:81:4f:ea:1f:f6:
                    62:d8:19:97:08:6c:57:d1:a7:5e:96:4f:58:cd:97:
                    af:11:13:ee:00:42:25:e8:c7:73:3c:3c:49:2d:fa:
                    b7:ae:97:ed:c5:46:5e:c9:f9:af:b7:8c:1f:4d:e7:
                    f6:3a:8a:73:9d:85:8c:0f:2f:85:0e:f3:c0:e1:9b:
                    b6:0c:62:48:fc:6f:b2:d9:4a:1e:ef:50:38:03:90:
                    6a:ca:fe:15:bc:d0:12:3f:ab:48:a1:fc:b2:ed:a7:
                    08:23:2d:85:f0:91:f8:fd:86:a0:4e:3f:14:3e:b5:
                    35:29:e7:d3:03:79:5d:f0:74:79:cb:a4:db:30:e4:
                    f0:4c:e9:bd:2a:ca:39:c0:ee:2c:41:70:55:d8:bf:
                    54:e6:87:09:d7:7e:56:8a:ae:01:d1:e0:ee:5a:69:
                    ab:5b:81:15:68:39:81:07:76:d8:5a:70:ef:b3:44:
                    7a:c2:f2:3d:5b:31:12:78:44:e5:1a:7e:f2:38:91:
                    58:fa:b3:7f:62:57:40:87:28:c5:bd:fe:85:b6:d9:
                    22:64:86:1e:91:a3:1f:32:23:df:c4:2c:f1:91:36:
                    d1:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:92:D2:77:AD:7C:F0:A6:B7:4F:C7:C5:2E:DF:C7:FB:56:BB:90:FF
            X509v3 Authority Key Identifier:
                keyid:7E:86:2A:8C:A5:AC:BD:6C:5D:FC:24:12:6C:33:AA:0A:94:E0:E1:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/foYqjKWsvWxd_CQSbDOqCpTg4fI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a587e1-4187-4b1b-b605-7acb83199967/1/cpLSd6188Ka3T8fFLt_H-1a7kP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a587e1-4187-4b1b-b605-7acb83199967/1/foYqjKWsvWxd_CQSbDOqCpTg4fI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.210.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:4d:59:6a:a4:19:61:13:40:c5:1b:05:16:76:b3:0e:ea:e5:
         6b:72:b2:14:7b:8e:a9:2f:16:d2:6d:9f:e9:e3:66:cf:02:a4:
         c0:35:63:2f:32:26:05:75:45:7b:c6:c4:49:de:de:6e:65:b7:
         3d:73:c6:c5:0c:ae:42:a4:19:63:70:25:4d:25:61:fa:93:02:
         12:66:2c:bd:15:72:4c:ef:b2:71:ec:d0:cd:ca:4c:36:5d:f4:
         b0:66:4f:c4:ed:09:29:a9:b2:80:a1:19:77:37:5a:4c:3d:3f:
         94:fb:f7:e7:7c:6f:2d:f5:af:51:00:0c:76:58:a9:7a:fd:e4:
         b7:88:f0:ea:84:e4:3e:54:72:56:33:31:5a:ef:b5:36:48:e1:
         b2:66:54:44:25:f7:70:de:1d:5a:14:5c:0d:09:20:3e:30:40:
         91:e1:4d:ff:a6:04:8c:4a:c2:01:79:0d:d2:b8:92:e2:cd:d5:
         3a:a7:9a:eb:f6:80:4e:e6:80:3b:f9:1a:c5:74:2d:8b:84:7e:
         1e:3c:f0:8a:be:18:07:73:6b:3e:c0:70:2c:82:97:b2:c7:22:
         cb:ef:cc:bd:7e:7c:6e:6f:4d:e6:c4:0a:f4:8a:8a:82:79:6a:
         91:e6:2e:d2:7a:a5:53:32:d0:bc:32:26:fa:36:ea:83:ce:d4:
         5b:8a:ab:d8
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzKK0VNWKjs+XaD166qkwSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlODYyYThjYTVhY2JkNmM1ZGZjMjQxMjZjMzNhYTBhOTRl
MGUxZjIwHhcNMjQwMTAyMTIzNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjkyZDI3N2FkN2NmMGE2Yjc0ZmM3YzUyZWRmYzdmYjU2YmI5MGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNHmbtuarqZKLZpI/CtlervDTSm1
QhPsvRaKrrZx2ENCOQ5r3R1qgU/qH/Zi2BmXCGxX0adelk9YzZevERPuAEIl6Mdz
PDxJLfq3rpftxUZeyfmvt4wfTef2OopznYWMDy+FDvPA4Zu2DGJI/G+y2Uoe71A4
A5Bqyv4VvNASP6tIofyy7acIIy2F8JH4/YagTj8UPrU1KefTA3ld8HR5y6TbMOTw
TOm9Kso5wO4sQXBV2L9U5ocJ135Wiq4B0eDuWmmrW4EVaDmBB3bYWnDvs0R6wvI9
WzESeETlGn7yOJFY+rN/YldAhyjFvf6FttkiZIYekaMfMiPfxCzxkTbRUwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHKS0netfPCmt0/HxS7fx/tWu5D/MB8GA1UdIwQY
MBaAFH6GKoylrL1sXfwkEmwzqgqU4OHyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm9ZcWpLV3N2V3hkX0NRU2JET3FDcFRnNGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9hNTg3ZTEtNDE4Ny00YjFiLWI2MDUt
N2FjYjgzMTk5OTY3LzEvY3BMU2Q2MTg4S2EzVDhmRkx0X0gtMWE3a1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9hNTg3ZTEtNDE4Ny00YjFiLWI2MDUtN2FjYjgzMTk5OTY3
LzEvZm9ZcWpLV3N2V3hkX0NRU2JET3FDcFRnNGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoNIwDQYJ
KoZIhvcNAQELBQADggEBAJhNWWqkGWETQMUbBRZ2sw7q5WtyshR7jqkvFtJtn+nj
Zs8CpMA1Yy8yJgV1RXvGxEne3m5ltz1zxsUMrkKkGWNwJU0lYfqTAhJmLL0Vckzv
snHs0M3KTDZd9LBmT8TtCSmpsoChGXc3Wkw9P5T79+d8by31r1EADHZYqXr95LeI
8OqE5D5UclYzMVrvtTZI4bJmVEQl93DeHVoUXA0JID4wQJHhTf+mBIxKwgF5DdK4
kuLN1Tqnmuv2gE7mgDv5GsV0LYuEfh488Iq+GAdzaz7AcCyCl7LHIsvvzL1+fG5v
TebECvSKioJ5apHmLtJ6pVMy0LwyJvo26oPO1FuKq9g=
-----END CERTIFICATE-----