Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/AYAprSypundCLIiquHrSdu2e8N4.roa
File:                     AYAprSypundCLIiquHrSdu2e8N4.roa (raw, json)
Hash identifier:          eGSD/mOfsejD2/VdmJe269/HfVra3HLeqpuEHY1Vk0I=
Subject key identifier:   01:80:29:AD:2C:A9:BA:77:42:2C:88:AA:B8:7A:D2:76:ED:9E:F0:DE
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC72758F7905E0B6BAA5883EA4DBFD9AD
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/AYAprSypundCLIiquHrSdu2e8N4.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213252
IP address blocks:        213.238.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:58:f7:90:5e:0b:6b:aa:58:83:ea:4d:bf:d9:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=018029ad2ca9ba77422c88aab87ad276ed9ef0de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ea:1c:9e:5a:56:8a:e9:09:d4:48:f2:e1:2c:
                    df:ab:1e:6e:09:a4:d5:01:7d:b0:cf:5e:0c:85:63:
                    16:9b:6f:f4:45:dc:28:72:4a:38:7c:c6:5f:93:15:
                    74:b6:b5:f7:e6:95:d3:0a:3a:ad:29:fb:c3:15:b4:
                    84:82:26:e2:b1:aa:bd:40:d4:b7:4b:75:f6:6c:fd:
                    96:93:32:82:7c:1c:5b:31:0a:2e:15:0b:7f:35:1a:
                    34:29:3b:f6:e8:70:2d:b1:88:19:84:1b:47:84:d8:
                    3f:4f:4c:66:a3:10:c3:2a:1b:bb:63:5f:ac:a5:eb:
                    77:9d:1c:7d:f3:36:25:e8:7d:f6:55:c8:21:20:e5:
                    3c:87:e3:24:0c:ef:04:7a:50:ca:d7:d9:39:fe:32:
                    e6:61:29:d0:b5:61:e4:e4:70:45:b8:a5:c3:e0:d4:
                    67:5f:14:e7:de:dc:e0:7e:78:0b:32:b4:ef:98:9c:
                    2e:4f:5b:b8:fa:9b:ae:6d:71:ab:8a:e5:4d:48:fa:
                    39:2d:cc:4d:58:f1:02:57:ab:2d:d8:6c:84:98:f9:
                    41:0d:48:49:b7:d2:3e:c1:15:0a:ff:06:67:b1:b2:
                    b8:84:a5:f0:89:f4:b1:77:5a:99:ef:f3:45:30:0a:
                    b2:ae:24:ae:fc:ba:be:4b:46:38:33:ab:3c:89:94:
                    d0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:80:29:AD:2C:A9:BA:77:42:2C:88:AA:B8:7A:D2:76:ED:9E:F0:DE
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/AYAprSypundCLIiquHrSdu2e8N4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d1:6d:f5:5e:93:d7:f8:ed:6a:a4:84:cb:77:2a:cf:cb:14:
         25:54:50:6e:6e:e3:41:fc:8e:d7:9d:5b:42:48:24:2d:a1:6a:
         01:4a:47:c4:8e:05:04:7a:64:47:8c:e7:4a:af:95:f1:b5:4a:
         f3:e2:c7:ec:28:dc:fe:35:dc:3b:fc:55:27:1d:8d:89:bc:45:
         d6:75:6f:09:c0:b0:5a:8a:b0:e4:06:48:0d:15:38:e7:9f:c7:
         99:d4:dd:87:98:a9:cf:33:45:5d:8d:c9:70:fa:70:77:6b:39:
         d0:3f:2b:eb:b8:a2:8e:78:7f:f0:6c:64:0e:0e:06:1d:c3:7c:
         d4:fd:7d:61:55:c7:67:f6:ae:f5:fc:6e:7d:0f:93:56:4c:b0:
         e5:69:f6:19:9c:41:55:f8:ba:ba:7d:63:c2:82:26:42:b3:cb:
         54:82:61:d7:c4:d2:5d:81:5f:2a:30:66:63:6d:70:7f:66:c7:
         77:f8:69:1a:a5:38:87:5c:59:27:4a:44:ff:53:9a:bf:e7:e7:
         3a:51:79:ca:a7:20:1f:f5:eb:b0:dc:db:b7:9c:4c:75:f3:e1:
         d9:df:80:73:34:99:a3:00:eb:6c:1f:94:9e:c9:f9:b8:fe:8d:
         43:3f:a7:ee:68:9d:56:59:b9:97:10:8e:3f:da:11:fe:d3:86:
         7e:0a:85:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1j3kF4La6pYg+pNv9mtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTgwMjlhZDJjYTliYTc3NDIyYzg4YWFiODdhZDI3NmVkOWVmMGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuocnlpWiukJ1Ejy4Szfqx5uCaTV
AX2wz14MhWMWm2/0Rdwocko4fMZfkxV0trX35pXTCjqtKfvDFbSEgibisaq9QNS3
S3X2bP2WkzKCfBxbMQouFQt/NRo0KTv26HAtsYgZhBtHhNg/T0xmoxDDKhu7Y1+s
pet3nRx98zYl6H32VcghIOU8h+MkDO8EelDK19k5/jLmYSnQtWHk5HBFuKXD4NRn
XxTn3tzgfngLMrTvmJwuT1u4+puubXGriuVNSPo5LcxNWPECV6st2GyEmPlBDUhJ
t9I+wRUK/wZnsbK4hKXwifSxd1qZ7/NFMAqyriSu/Lq+S0Y4M6s8iZTQbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGAKa0sqbp3QiyIqrh60nbtnvDeMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvQVlBcHJTeXB1bmRDTElpcXVIclNkdTJlOE40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e63MA0G
CSqGSIb3DQEBCwUAA4IBAQBy0W31XpPX+O1qpITLdyrPyxQlVFBubuNB/I7XnVtC
SCQtoWoBSkfEjgUEemRHjOdKr5XxtUrz4sfsKNz+Ndw7/FUnHY2JvEXWdW8JwLBa
irDkBkgNFTjnn8eZ1N2HmKnPM0Vdjclw+nB3aznQPyvruKKOeH/wbGQODgYdw3zU
/X1hVcdn9q71/G59D5NWTLDlafYZnEFV+Lq6fWPCgiZCs8tUgmHXxNJdgV8qMGZj
bXB/Zsd3+GkapTiHXFknSkT/U5q/5+c6UXnKpyAf9euw3Nu3nEx18+HZ34BzNJmj
AOtsH5Seyfm4/o1DP6fuaJ1WWbmXEI4/2hH+04Z+CoW0
-----END CERTIFICATE-----