Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/ByM3cwTyOuyi2XyOhS5bNUiP5nI.roa
File:                     ByM3cwTyOuyi2XyOhS5bNUiP5nI.roa (raw, json)
Hash identifier:          XcFaIB598SO0OMjobDnTlm0rIsybFCtDDlxbb/z5pTA=
Subject key identifier:   07:23:37:73:04:F2:3A:EC:A2:D9:7C:8E:85:2E:5B:35:48:8F:E6:72
Certificate issuer:       /CN=e1f47c11a3a3cae06a192860a96c5053ec04b5dc
Certificate serial:       018CC501306ED4BD0302538623B4C6B09163
Authority key identifier: E1:F4:7C:11:A3:A3:CA:E0:6A:19:28:60:A9:6C:50:53:EC:04:B5:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fR8EaOjyuBqGShgqWxQU-wEtdw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/ByM3cwTyOuyi2XyOhS5bNUiP5nI.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207544
IP address blocks:        212.6.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/4fR8EaOjyuBqGShgqWxQU-wEtdw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/4fR8EaOjyuBqGShgqWxQU-wEtdw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fR8EaOjyuBqGShgqWxQU-wEtdw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:30:6e:d4:bd:03:02:53:86:23:b4:c6:b0:91:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f47c11a3a3cae06a192860a96c5053ec04b5dc
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0723377304f23aeca2d97c8e852e5b35488fe672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:cc:3e:20:17:0f:17:c7:89:f2:fb:c8:d1:1d:
                    ff:76:8a:7d:4c:7d:a5:67:63:bc:1a:19:b2:3b:43:
                    7a:3e:8e:df:cc:b3:4c:e3:3b:06:f6:6b:2e:eb:9b:
                    bf:14:e2:b0:cc:0d:91:6e:11:bb:44:7d:c8:68:08:
                    ee:76:82:fd:74:df:ee:c6:26:b7:b1:dc:35:7e:11:
                    a4:94:da:aa:0b:66:a5:48:ba:e3:70:92:3d:54:c8:
                    01:78:7a:0a:bc:fe:46:ff:87:80:c9:6b:2b:e1:cb:
                    ff:40:ee:a3:db:49:00:e1:2e:86:09:12:bb:7d:1c:
                    82:bd:3c:52:d9:6d:a3:c2:22:0e:cf:e0:bb:8d:19:
                    38:c2:b6:d4:bd:b2:10:9a:19:b8:51:c1:e2:57:f1:
                    e7:1a:6a:5f:0e:72:73:3a:f6:c8:ef:6a:18:95:6f:
                    b6:64:a0:14:4a:9e:4b:c4:47:52:28:b5:d2:d5:e5:
                    64:49:95:94:ec:b9:35:32:cb:33:30:ac:4e:50:cd:
                    ae:db:cf:78:60:7d:3e:d0:f4:df:34:47:d5:ad:0a:
                    b7:54:9e:1c:b8:c7:53:00:18:c6:7b:f1:7c:ad:e0:
                    95:5c:4d:ed:e3:5e:a4:61:03:ee:e3:fe:e1:c3:da:
                    fd:ca:73:19:45:80:8e:f5:06:8a:92:e1:2a:a4:4b:
                    b6:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:23:37:73:04:F2:3A:EC:A2:D9:7C:8E:85:2E:5B:35:48:8F:E6:72
            X509v3 Authority Key Identifier:
                keyid:E1:F4:7C:11:A3:A3:CA:E0:6A:19:28:60:A9:6C:50:53:EC:04:B5:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fR8EaOjyuBqGShgqWxQU-wEtdw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/ByM3cwTyOuyi2XyOhS5bNUiP5nI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/4fR8EaOjyuBqGShgqWxQU-wEtdw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:86:b7:09:23:35:e2:da:b3:18:e5:f7:13:c8:71:55:5a:b4:
         0a:c3:21:a9:6a:97:16:2f:03:66:86:6a:b5:a7:5a:fa:fa:9a:
         c3:9e:18:49:96:5f:b3:9a:e9:1f:49:e1:ba:d4:a0:57:10:9b:
         48:76:0a:32:2c:c1:a1:74:91:7d:dc:5d:1b:51:38:88:3c:c6:
         b1:41:ef:84:c3:50:1c:75:e8:30:07:a8:b0:1f:bc:67:8b:2a:
         a0:41:5d:0e:62:0d:a3:a9:c6:d6:6e:03:e5:f1:7a:f1:25:bf:
         8d:92:bf:1e:11:8c:eb:0c:57:79:18:f9:48:e7:16:1b:04:20:
         5f:7a:21:f4:ad:78:40:17:84:53:1b:7a:1a:7c:cc:2b:80:38:
         fd:35:c5:b1:a4:89:87:9d:22:63:76:57:f2:90:bc:41:1d:c0:
         fe:2b:ad:33:46:0f:0b:45:6c:f7:52:36:a7:f0:72:3c:46:d6:
         8c:86:bb:94:fb:cb:3b:b0:8c:d1:1d:b2:ab:5e:4d:a1:88:07:
         07:f7:c7:b6:87:af:07:9f:d8:d2:ca:6b:89:61:cb:2c:44:75:
         e6:50:9b:ba:0e:67:e6:e5:3f:4d:b6:0d:7c:3a:3b:52:33:dc:
         58:21:5b:6e:3b:1e:a0:81:4b:6a:05:1f:68:89:dc:39:2f:82:
         da:60:0f:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATBu1L0DAlOGI7TGsJFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZjQ3YzExYTNhM2NhZTA2YTE5Mjg2MGE5NmM1MDUzZWMw
NGI1ZGMwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzIzMzc3MzA0ZjIzYWVjYTJkOTdjOGU4NTJlNWIzNTQ4OGZlNjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Mw+IBcPF8eJ8vvI0R3/dop9TH2l
Z2O8GhmyO0N6Po7fzLNM4zsG9msu65u/FOKwzA2RbhG7RH3IaAjudoL9dN/uxia3
sdw1fhGklNqqC2alSLrjcJI9VMgBeHoKvP5G/4eAyWsr4cv/QO6j20kA4S6GCRK7
fRyCvTxS2W2jwiIOz+C7jRk4wrbUvbIQmhm4UcHiV/HnGmpfDnJzOvbI72oYlW+2
ZKAUSp5LxEdSKLXS1eVkSZWU7Lk1MsszMKxOUM2u2894YH0+0PTfNEfVrQq3VJ4c
uMdTABjGe/F8reCVXE3t416kYQPu4/7hw9r9ynMZRYCO9QaKkuEqpEu2WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcjN3ME8jrsotl8joUuWzVIj+ZyMB8GA1UdIwQY
MBaAFOH0fBGjo8rgahkoYKlsUFPsBLXcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGZSOEVhT2p5dUJxR1NoZ3FXeFFVLXdFdGR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC85MDgwNzAtZmQ5NC00YTc1LTk4NzIt
MzFjNzMzMTk3MDczLzEvQnlNM2N3VHlPdXlpMlh5T2hTNWJOVWlQNW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC85MDgwNzAtZmQ5NC00YTc1LTk4NzItMzFjNzMzMTk3MDcz
LzEvNGZSOEVhT2p5dUJxR1NoZ3FXeFFVLXdFdGR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AY9MA0G
CSqGSIb3DQEBCwUAA4IBAQA6hrcJIzXi2rMY5fcTyHFVWrQKwyGpapcWLwNmhmq1
p1r6+prDnhhJll+zmukfSeG61KBXEJtIdgoyLMGhdJF93F0bUTiIPMaxQe+Ew1Ac
degwB6iwH7xniyqgQV0OYg2jqcbWbgPl8XrxJb+Nkr8eEYzrDFd5GPlI5xYbBCBf
eiH0rXhAF4RTG3oafMwrgDj9NcWxpImHnSJjdlfykLxBHcD+K60zRg8LRWz3Ujan
8HI8RtaMhruU+8s7sIzRHbKrXk2hiAcH98e2h68Hn9jSymuJYcssRHXmUJu6Dmfm
5T9Ntg18OjtSM9xYIVtuOx6ggUtqBR9oidw5L4LaYA//
-----END CERTIFICATE-----