Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/ooC3rbwuITp34l9qaFj9Yt4_bMo.roa
File:                     ooC3rbwuITp34l9qaFj9Yt4_bMo.roa (raw, json)
Hash identifier:          EW+IfKizZOj57C19v27u12IHR6qi6dwXb2FPZkXpGvs=
Subject key identifier:   A2:80:B7:AD:BC:2E:21:3A:77:E2:5F:6A:68:58:FD:62:DE:3F:6C:CA
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       018D64A07E675E24C4858C0B395769FCF4BE
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/ooC3rbwuITp34l9qaFj9Yt4_bMo.roa
Signing time:             Thu 01 Feb 2024 12:24:16 +0000
ROA not before:           Thu 01 Feb 2024 12:24:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        176.116.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:a0:7e:67:5e:24:c4:85:8c:0b:39:57:69:fc:f4:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Feb  1 12:24:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a280b7adbc2e213a77e25f6a6858fd62de3f6cca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:93:a5:5d:15:64:ce:39:e2:5e:e0:e8:7a:b2:
                    df:cc:7b:5c:5f:2f:ba:44:57:9a:47:0c:84:3a:fc:
                    02:20:d3:4b:2f:59:5a:e2:4c:60:46:a8:4e:37:9d:
                    9f:eb:98:ab:32:4a:c8:d0:b9:c4:51:75:d8:6c:4c:
                    51:82:7a:51:e7:46:07:49:23:32:0b:20:c1:68:5a:
                    bc:3e:0c:c5:75:bd:fd:15:ea:45:98:d2:04:90:73:
                    7e:99:0e:90:b8:47:f4:01:1a:e7:98:80:ab:7a:62:
                    82:de:36:9f:bd:ec:56:ad:84:c4:56:3b:3b:83:2f:
                    fc:4e:d5:74:7e:01:6d:00:e0:c8:3b:ce:5c:9f:29:
                    b4:cf:c3:86:b2:28:84:1e:e6:70:55:f6:06:e9:f5:
                    a6:45:64:8d:73:d5:1d:e5:9a:a2:ab:64:4c:28:62:
                    b5:80:ed:0c:68:c4:f7:28:4d:d5:7e:18:17:97:6d:
                    c7:a2:fe:67:3b:80:d6:ec:42:c2:c4:f6:55:19:ec:
                    c8:3c:de:a5:bd:79:72:96:9c:dc:7d:ad:c3:30:af:
                    a4:b4:2c:63:dc:93:cb:50:f8:30:c8:83:d3:b3:53:
                    76:95:0c:4b:40:60:75:c6:39:84:46:25:8c:47:72:
                    7d:aa:27:f5:65:99:cd:e6:04:e3:6b:87:99:07:39:
                    94:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:80:B7:AD:BC:2E:21:3A:77:E2:5F:6A:68:58:FD:62:DE:3F:6C:CA
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/ooC3rbwuITp34l9qaFj9Yt4_bMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:f3:6c:6b:90:db:f9:73:52:f3:bb:2f:2f:f4:20:56:ed:3a:
         a6:9a:04:1f:8f:08:8b:22:aa:2a:67:bd:56:79:f8:dd:17:49:
         1a:44:3b:d7:24:9e:21:53:0e:da:fe:60:74:d4:41:8f:bb:e2:
         60:3b:cf:e2:04:85:bf:cd:ee:b9:ef:1a:d0:1e:4e:a3:8a:65:
         f7:7a:97:27:e4:93:01:2a:cc:85:3d:63:1b:87:a9:6a:fe:20:
         12:a2:4f:da:78:0e:96:47:78:a7:d0:63:49:d9:17:14:e3:eb:
         ba:4d:37:9e:6b:03:89:28:70:33:c6:7a:54:df:0b:04:c1:b8:
         87:3b:85:1b:98:2b:5f:c7:95:7d:a0:28:cc:ea:34:c2:e0:47:
         f4:8f:86:53:49:59:a9:ed:76:91:de:0a:e7:1d:1a:d3:b5:23:
         85:8f:3e:bc:48:20:91:5a:19:a5:c2:90:34:54:39:e5:4d:00:
         88:cd:6b:0f:85:4f:1c:4a:6f:7c:c5:db:8c:d2:8f:94:29:07:
         3e:c2:bb:05:dc:a4:5e:bc:8f:7f:c9:19:b7:d3:bd:34:a0:d8:
         bf:37:2e:56:42:92:e2:82:23:f8:83:f2:42:05:a8:11:2a:27:
         bd:71:e2:79:11:1d:37:2c:3a:b6:bb:de:fa:c1:38:35:ce:96:
         4f:37:26:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1koH5nXiTEhYwLOVdp/PS+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjQwMjAxMTIyNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjgwYjdhZGJjMmUyMTNhNzdlMjVmNmE2ODU4ZmQ2MmRlM2Y2Y2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5OlXRVkzjniXuDoerLfzHtcXy+6
RFeaRwyEOvwCINNLL1la4kxgRqhON52f65irMkrI0LnEUXXYbExRgnpR50YHSSMy
CyDBaFq8PgzFdb39FepFmNIEkHN+mQ6QuEf0ARrnmICremKC3jafvexWrYTEVjs7
gy/8TtV0fgFtAODIO85cnym0z8OGsiiEHuZwVfYG6fWmRWSNc9Ud5Zqiq2RMKGK1
gO0MaMT3KE3VfhgXl23Hov5nO4DW7ELCxPZVGezIPN6lvXlylpzcfa3DMK+ktCxj
3JPLUPgwyIPTs1N2lQxLQGB1xjmERiWMR3J9qif1ZZnN5gTja4eZBzmUSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKAt628LiE6d+JfamhY/WLeP2zKMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvb29DM3Jid3VJVHAzNGw5cWFGajlZdDRfYk1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQGMA0G
CSqGSIb3DQEBCwUAA4IBAQAb82xrkNv5c1Lzuy8v9CBW7TqmmgQfjwiLIqoqZ71W
efjdF0kaRDvXJJ4hUw7a/mB01EGPu+JgO8/iBIW/ze657xrQHk6jimX3epcn5JMB
KsyFPWMbh6lq/iASok/aeA6WR3in0GNJ2RcU4+u6TTeeawOJKHAzxnpU3wsEwbiH
O4UbmCtfx5V9oCjM6jTC4Ef0j4ZTSVmp7XaR3grnHRrTtSOFjz68SCCRWhmlwpA0
VDnlTQCIzWsPhU8cSm98xduM0o+UKQc+wrsF3KRevI9/yRm30700oNi/Ny5WQpLi
giP4g/JCBagRKie9ceJ5ER03LDq2u976wTg1zpZPNyYX
-----END CERTIFICATE-----