Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/tm_SCgsNJmh-AXzEbCrn2y7a680.roa
File:                     tm_SCgsNJmh-AXzEbCrn2y7a680.roa (raw, json)
Hash identifier:          Yhicv8DH/EBqjllTuyT8u7QugkvnRLWR1gpgqoj3d08=
Subject key identifier:   B6:6F:D2:0A:0B:0D:26:68:7E:01:7C:C4:6C:2A:E7:DB:2E:DA:EB:CD
Certificate issuer:       /CN=0f21b78ce97b0f5fb3d88bf95cfbb08b2fbea8e5
Certificate serial:       018CC5000A1C7143C6F25F220AB77EB02E21
Authority key identifier: 0F:21:B7:8C:E9:7B:0F:5F:B3:D8:8B:F9:5C:FB:B0:8B:2F:BE:A8:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/tm_SCgsNJmh-AXzEbCrn2y7a680.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35280
IP address blocks:        132.68.0.0/16 maxlen: 16
                          132.69.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0a:1c:71:43:c6:f2:5f:22:0a:b7:7e:b0:2e:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f21b78ce97b0f5fb3d88bf95cfbb08b2fbea8e5
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b66fd20a0b0d26687e017cc46c2ae7db2edaebcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:20:d7:f2:b3:fb:4f:c8:3f:60:46:45:49:5c:
                    16:c4:19:d3:2b:27:07:d3:d3:10:31:6a:be:42:76:
                    4b:53:1a:36:c4:40:2b:01:c2:5d:78:b9:f1:a7:96:
                    fc:70:ba:36:e5:b5:55:94:93:bc:b4:e5:cb:0f:31:
                    34:cd:94:66:0b:77:da:2a:c5:a9:ab:cc:3b:74:8e:
                    89:1f:2c:c2:5e:af:4b:77:43:ed:a6:98:9c:f5:c8:
                    f7:75:01:d4:06:49:ea:15:d0:f3:0a:60:c7:6f:d2:
                    ad:e5:c9:0c:4c:4d:44:eb:e7:cb:9c:7c:5e:6c:8f:
                    e8:42:a6:43:22:07:60:aa:2d:2d:c1:4e:61:28:58:
                    11:07:cf:55:aa:79:ff:8f:e1:fe:ab:34:f7:9f:27:
                    0b:36:00:66:ff:d3:ab:69:90:f3:12:b1:2a:c9:cc:
                    d5:0e:f9:9c:7d:e3:63:c9:bc:06:e3:4c:5f:bc:60:
                    47:d1:e0:fc:6f:44:c5:56:92:be:0d:32:96:3d:e8:
                    ce:ce:99:86:34:45:27:d1:9c:de:5c:08:c3:f9:25:
                    c1:61:c0:62:f8:66:39:34:9e:dc:f7:4d:ba:c0:cf:
                    0c:4a:19:7d:81:13:bf:8f:21:6e:06:be:3e:99:b5:
                    d1:89:7b:ba:b7:63:eb:9f:42:11:b3:aa:03:4c:59:
                    45:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:6F:D2:0A:0B:0D:26:68:7E:01:7C:C4:6C:2A:E7:DB:2E:DA:EB:CD
            X509v3 Authority Key Identifier:
                keyid:0F:21:B7:8C:E9:7B:0F:5F:B3:D8:8B:F9:5C:FB:B0:8B:2F:BE:A8:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/tm_SCgsNJmh-AXzEbCrn2y7a680.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.68.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         78:7a:2a:57:4b:59:cd:04:ad:66:0b:f6:30:c0:f4:28:a7:b8:
         0d:fb:33:dd:e9:e8:75:87:a3:01:06:70:3f:3d:53:e8:f4:d6:
         11:02:7c:ab:7f:3d:f4:68:09:5b:f5:12:cc:db:3d:eb:7f:08:
         0c:e9:7d:7f:e8:a5:80:49:9b:dc:b3:aa:40:24:dc:b6:78:4c:
         b2:26:9e:25:66:23:12:f6:23:d1:ca:01:c2:f6:07:c1:eb:b9:
         7f:66:a0:6f:94:b4:1f:d2:a6:b3:75:a4:33:b0:60:20:cb:a7:
         8b:8c:67:ea:f8:03:0d:2f:a6:79:a0:2d:2c:dd:6a:76:08:b3:
         1a:35:56:85:37:89:1a:a2:61:d2:bb:b2:62:cf:15:43:f9:a9:
         9c:cb:f7:54:22:90:df:03:54:52:45:aa:0b:b3:f7:01:95:15:
         4a:06:a8:d3:b5:05:f8:a1:93:43:55:70:1b:31:0f:a2:59:51:
         70:b5:40:5b:4b:a9:31:21:86:51:dd:4a:d5:a0:c7:9a:11:c6:
         b3:a5:07:4c:14:6c:72:81:07:ab:fa:b6:55:56:98:d0:cb:f8:
         9d:4b:11:93:b8:fd:04:24:9a:45:6d:f1:dc:b4:7a:7b:06:4c:
         db:1f:ca:c3:3d:f8:7c:05:8a:e2:90:61:c3:e9:45:fe:10:68:
         d1:2f:f7:14
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFAAoccUPG8l8iCrd+sC4hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMjFiNzhjZTk3YjBmNWZiM2Q4OGJmOTVjZmJiMDhiMmZi
ZWE4ZTUwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjZmZDIwYTBiMGQyNjY4N2UwMTdjYzQ2YzJhZTdkYjJlZGFlYmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6SDX8rP7T8g/YEZFSVwWxBnTKycH
09MQMWq+QnZLUxo2xEArAcJdeLnxp5b8cLo25bVVlJO8tOXLDzE0zZRmC3faKsWp
q8w7dI6JHyzCXq9Ld0Ptppic9cj3dQHUBknqFdDzCmDHb9Kt5ckMTE1E6+fLnHxe
bI/oQqZDIgdgqi0twU5hKFgRB89Vqnn/j+H+qzT3nycLNgBm/9OraZDzErEqyczV
DvmcfeNjybwG40xfvGBH0eD8b0TFVpK+DTKWPejOzpmGNEUn0ZzeXAjD+SXBYcBi
+GY5NJ7c9026wM8MShl9gRO/jyFuBr4+mbXRiXu6t2Prn0IRs6oDTFlFaQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLZv0goLDSZofgF8xGwq59su2uvNMB8GA1UdIwQY
MBaAFA8ht4zpew9fs9iL+Vz7sIsvvqjlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHlHM2pPbDdEMS16Mkl2NVhQdXdpeS0tcU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8wZjc1OTQtZjA0OC00NzNkLWEzOWEt
ZGRiOWU0ZGI5OGM2LzEvdG1fU0Nnc05KbWgtQVh6RWJDcm4yeTdhNjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8wZjc1OTQtZjA0OC00NzNkLWEzOWEtZGRiOWU0ZGI5OGM2
LzEvRHlHM2pPbDdEMS16Mkl2NVhQdXdpeS0tcU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEQwDQYJ
KoZIhvcNAQELBQADggEBAHh6KldLWc0ErWYL9jDA9CinuA37M93p6HWHowEGcD89
U+j01hECfKt/PfRoCVv1EszbPet/CAzpfX/opYBJm9yzqkAk3LZ4TLImniVmIxL2
I9HKAcL2B8HruX9moG+UtB/SprN1pDOwYCDLp4uMZ+r4Aw0vpnmgLSzdanYIsxo1
VoU3iRqiYdK7smLPFUP5qZzL91QikN8DVFJFqguz9wGVFUoGqNO1Bfihk0NVcBsx
D6JZUXC1QFtLqTEhhlHdStWgx5oRxrOlB0wUbHKBB6v6tlVWmNDL+J1LEZO4/QQk
mkVt8dy0ensGTNsfysM9+HwFiuKQYcPpRf4QaNEv9xQ=
-----END CERTIFICATE-----