Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/RkN-Cptr3YHJisX16E1DVbKdi7U.roa
File:                     RkN-Cptr3YHJisX16E1DVbKdi7U.roa (raw, json)
Hash identifier:          Lbeldsj6jmiGeOyBgNj8hwIsbFowUtjZFQ4TaIwlf+s=
Subject key identifier:   46:43:7E:0A:9B:6B:DD:81:C9:8A:C5:F5:E8:4D:43:55:B2:9D:8B:B5
Certificate issuer:       /CN=0f21b78ce97b0f5fb3d88bf95cfbb08b2fbea8e5
Certificate serial:       018CC50009DDF70898334DE860C4638CA31F
Authority key identifier: 0F:21:B7:8C:E9:7B:0F:5F:B3:D8:8B:F9:5C:FB:B0:8B:2F:BE:A8:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/RkN-Cptr3YHJisX16E1DVbKdi7U.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     378
IP address blocks:        132.68.0.0/16 maxlen: 16
                          132.68.0.0/15 maxlen: 15
                          132.69.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:09:dd:f7:08:98:33:4d:e8:60:c4:63:8c:a3:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f21b78ce97b0f5fb3d88bf95cfbb08b2fbea8e5
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46437e0a9b6bdd81c98ac5f5e84d4355b29d8bb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:61:b4:9c:89:12:ef:78:59:db:ab:c6:4d:af:
                    e2:87:68:5e:81:67:77:38:0d:80:20:a5:dd:b2:8b:
                    31:d0:42:91:05:bc:90:98:8d:86:00:7b:11:cc:46:
                    18:68:94:78:bf:14:ca:72:d1:06:8f:d6:cf:0d:18:
                    b0:db:32:d3:ab:bb:67:4b:73:b1:7e:6c:53:19:b5:
                    be:b6:e9:cd:c4:7e:8b:eb:60:02:86:1c:5c:ba:54:
                    13:99:a8:a8:0a:56:0e:2c:ef:dd:ca:0b:67:d4:34:
                    c0:e9:6f:0d:eb:f7:99:2d:ed:b6:8d:1b:6d:a7:ab:
                    2b:25:ce:c9:fa:cd:ea:94:71:dc:38:71:5b:eb:df:
                    c1:a9:35:7c:c2:a3:f7:0d:c5:5d:05:32:91:46:b7:
                    59:e4:82:91:99:2a:17:e8:c0:1b:09:4d:f6:2d:47:
                    82:63:ce:5d:17:04:89:98:3c:2f:19:f7:a1:72:99:
                    87:bf:3f:03:59:2f:31:83:cb:d3:99:61:09:90:93:
                    f9:d6:5e:73:8f:7b:d6:44:be:92:63:9e:2f:26:32:
                    c0:71:2f:17:ec:a2:63:e1:bc:76:e7:9b:62:e9:8d:
                    4b:16:69:2b:5b:6c:4b:b8:ef:3b:80:2e:84:7a:c5:
                    45:1e:a8:64:3a:3b:04:48:c8:1f:ec:18:2d:6f:f2:
                    16:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:43:7E:0A:9B:6B:DD:81:C9:8A:C5:F5:E8:4D:43:55:B2:9D:8B:B5
            X509v3 Authority Key Identifier:
                keyid:0F:21:B7:8C:E9:7B:0F:5F:B3:D8:8B:F9:5C:FB:B0:8B:2F:BE:A8:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/RkN-Cptr3YHJisX16E1DVbKdi7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.68.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         67:6a:e0:15:79:f5:48:6b:d5:5c:16:e6:df:03:f2:f0:82:15:
         25:68:64:bc:71:8b:a1:40:71:f4:62:e1:5b:c0:03:52:d1:54:
         2d:af:32:67:bb:15:2b:30:16:43:75:38:f8:55:5d:7c:e8:12:
         e8:8b:00:a5:c9:d1:83:94:09:b4:f8:64:5b:04:1f:98:47:df:
         5d:b4:80:24:a8:1c:91:81:7f:31:64:2a:2f:dc:30:98:1e:56:
         d0:45:8a:3f:59:7f:86:d3:09:4a:7b:24:10:9a:01:26:a4:fc:
         3a:8e:16:0d:fc:f9:77:67:00:70:67:1b:53:3c:c7:f1:73:f3:
         bf:27:25:83:88:1c:67:06:83:b7:a3:c2:0a:6d:df:cd:ff:f0:
         6f:f1:72:b3:4d:70:fa:b4:55:d4:62:56:9f:8c:3b:de:05:f4:
         7d:e3:5c:f8:e9:7d:53:11:68:d9:4b:66:57:6f:0e:a4:ee:0a:
         67:90:32:76:b7:a9:d3:1c:a5:64:81:72:d4:a3:bd:92:2a:ff:
         f0:b2:95:9f:e1:38:61:b3:32:d3:1d:cc:36:13:fe:cc:0e:00:
         70:0f:20:c7:07:05:06:35:2f:02:36:67:1c:ad:59:9e:ce:6f:
         c4:9d:fb:8b:17:93:e7:6f:de:e9:7a:59:eb:44:ae:02:20:18:
         c9:fb:9b:ca
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFAAnd9wiYM03oYMRjjKMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMjFiNzhjZTk3YjBmNWZiM2Q4OGJmOTVjZmJiMDhiMmZi
ZWE4ZTUwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjQzN2UwYTliNmJkZDgxYzk4YWM1ZjVlODRkNDM1NWIyOWQ4YmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2G0nIkS73hZ26vGTa/ih2hegWd3
OA2AIKXdsosx0EKRBbyQmI2GAHsRzEYYaJR4vxTKctEGj9bPDRiw2zLTq7tnS3Ox
fmxTGbW+tunNxH6L62AChhxculQTmaioClYOLO/dygtn1DTA6W8N6/eZLe22jRtt
p6srJc7J+s3qlHHcOHFb69/BqTV8wqP3DcVdBTKRRrdZ5IKRmSoX6MAbCU32LUeC
Y85dFwSJmDwvGfehcpmHvz8DWS8xg8vTmWEJkJP51l5zj3vWRL6SY54vJjLAcS8X
7KJj4bx255ti6Y1LFmkrW2xLuO87gC6EesVFHqhkOjsESMgf7Bgtb/IWZwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEZDfgqba92ByYrF9ehNQ1WynYu1MB8GA1UdIwQY
MBaAFA8ht4zpew9fs9iL+Vz7sIsvvqjlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHlHM2pPbDdEMS16Mkl2NVhQdXdpeS0tcU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8wZjc1OTQtZjA0OC00NzNkLWEzOWEt
ZGRiOWU0ZGI5OGM2LzEvUmtOLUNwdHIzWUhKaXNYMTZFMURWYktkaTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8wZjc1OTQtZjA0OC00NzNkLWEzOWEtZGRiOWU0ZGI5OGM2
LzEvRHlHM2pPbDdEMS16Mkl2NVhQdXdpeS0tcU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEQwDQYJ
KoZIhvcNAQELBQADggEBAGdq4BV59Uhr1VwW5t8D8vCCFSVoZLxxi6FAcfRi4VvA
A1LRVC2vMme7FSswFkN1OPhVXXzoEuiLAKXJ0YOUCbT4ZFsEH5hH3120gCSoHJGB
fzFkKi/cMJgeVtBFij9Zf4bTCUp7JBCaASak/DqOFg38+XdnAHBnG1M8x/Fz878n
JYOIHGcGg7ejwgpt383/8G/xcrNNcPq0VdRiVp+MO94F9H3jXPjpfVMRaNlLZldv
DqTuCmeQMna3qdMcpWSBctSjvZIq//CylZ/hOGGzMtMdzDYT/swOAHAPIMcHBQY1
LwI2ZxytWZ7Ob8Sd+4sXk+dv3ul6WetErgIgGMn7m8o=
-----END CERTIFICATE-----