Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/f9ZJYubhF8x_bvbKw7vamvyXh04.roa
File:                     f9ZJYubhF8x_bvbKw7vamvyXh04.roa (raw, json)
Hash identifier:          AdYyFUvBkZ53HVCXQSZEDr2rSz9/mZiUqCx8uToYsmg=
Subject key identifier:   7F:D6:49:62:E6:E1:17:CC:7F:6E:F6:CA:C3:BB:DA:9A:FC:97:87:4E
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC72759608379AA8511FA22627D843B06
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/f9ZJYubhF8x_bvbKw7vamvyXh04.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213261
IP address blocks:        213.238.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:59:60:83:79:aa:85:11:fa:22:62:7d:84:3b:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fd64962e6e117cc7f6ef6cac3bbda9afc97874e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:46:94:90:fa:29:26:60:58:a0:8b:e0:27:7b:
                    a3:84:38:47:12:8b:1f:83:98:e7:d7:f1:0f:3d:c8:
                    7c:df:a6:2f:f5:23:6d:79:b2:25:38:17:58:73:23:
                    30:58:1f:33:35:ea:8e:4e:ba:fa:56:3b:d2:b1:14:
                    d3:73:8c:d5:80:b5:8a:f1:f5:bc:b7:b9:4d:26:dc:
                    d8:59:ab:8c:36:24:3c:92:94:cd:6a:50:c7:f5:45:
                    a1:6d:b7:79:e1:6b:ea:53:9f:eb:76:87:35:3a:dd:
                    ce:e0:90:ed:c4:15:80:fe:8b:81:5b:79:b3:17:11:
                    05:92:85:0f:32:67:59:75:25:ed:fb:08:94:da:fe:
                    de:61:f9:0d:a2:ca:c0:4b:90:08:5d:f9:23:52:88:
                    7c:99:e6:6e:2f:b4:c5:cc:c8:c3:46:71:2b:1e:dc:
                    aa:65:0c:5c:3f:b7:33:73:8f:38:33:17:0a:3d:f1:
                    b7:0e:e3:71:50:57:b2:e8:56:3a:b7:2b:8e:29:fc:
                    74:63:c0:3a:3f:52:8a:82:2a:ec:ab:cb:79:e3:1d:
                    72:ff:8a:05:15:0d:21:47:e0:bc:5e:97:cd:e9:03:
                    19:30:58:42:b2:f2:23:84:81:d9:2a:3e:7a:02:8e:
                    57:0a:22:85:d9:ea:89:c2:e0:cb:c3:30:1a:bc:e0:
                    60:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D6:49:62:E6:E1:17:CC:7F:6E:F6:CA:C3:BB:DA:9A:FC:97:87:4E
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/f9ZJYubhF8x_bvbKw7vamvyXh04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:17:51:55:1a:b0:59:06:04:87:46:9a:20:85:6e:f8:6c:c5:
         4c:6f:0e:a1:27:2b:30:cd:64:c5:22:cf:bb:9b:14:60:12:37:
         25:75:c0:37:8c:2c:a0:bb:47:e0:5a:33:0b:6a:ef:e1:6f:19:
         11:3e:15:c6:d8:72:6b:e5:32:14:62:ae:97:63:18:05:a2:55:
         30:05:c0:c1:72:12:5d:31:b7:fa:5a:35:64:43:b4:87:09:67:
         22:c1:1b:a5:48:8f:0d:02:0c:77:16:f0:60:66:22:9b:07:6e:
         54:f8:ed:b5:27:7c:dc:f8:1e:6c:1e:12:ba:69:82:ab:a9:11:
         d2:38:d2:db:8a:6b:9c:f3:d1:23:69:80:f8:83:65:f1:5d:a6:
         bf:d9:1c:34:19:0f:24:50:48:89:8c:9e:3a:19:91:40:d2:e8:
         b2:b9:54:aa:81:30:23:dc:72:40:c7:91:fa:a9:33:16:35:5d:
         0b:d1:38:5f:8d:b3:99:10:56:d4:a5:d1:a4:fd:4f:82:2c:c0:
         2c:49:ef:1b:0a:ef:fd:e8:d3:cb:0d:0d:c1:b1:98:17:e7:80:
         bc:41:5d:d9:b7:67:70:70:0c:85:5e:08:83:d5:61:73:c4:de:
         68:aa:27:a6:40:98:f5:86:ed:79:bc:f8:97:d9:42:32:bb:7f:
         b6:5a:8e:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1lgg3mqhRH6ImJ9hDsGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmQ2NDk2MmU2ZTExN2NjN2Y2ZWY2Y2FjM2JiZGE5YWZjOTc4NzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkaUkPopJmBYoIvgJ3ujhDhHEosf
g5jn1/EPPch836Yv9SNtebIlOBdYcyMwWB8zNeqOTrr6VjvSsRTTc4zVgLWK8fW8
t7lNJtzYWauMNiQ8kpTNalDH9UWhbbd54WvqU5/rdoc1Ot3O4JDtxBWA/ouBW3mz
FxEFkoUPMmdZdSXt+wiU2v7eYfkNosrAS5AIXfkjUoh8meZuL7TFzMjDRnErHtyq
ZQxcP7czc484MxcKPfG3DuNxUFey6FY6tyuOKfx0Y8A6P1KKgirsq8t54x1y/4oF
FQ0hR+C8XpfN6QMZMFhCsvIjhIHZKj56Ao5XCiKF2eqJwuDLwzAavOBgowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/WSWLm4RfMf272ysO72pr8l4dOMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvZjlaSll1YmhGOHhfYnZiS3c3dmFtdnlYaDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e68MA0G
CSqGSIb3DQEBCwUAA4IBAQBZF1FVGrBZBgSHRpoghW74bMVMbw6hJyswzWTFIs+7
mxRgEjcldcA3jCygu0fgWjMLau/hbxkRPhXG2HJr5TIUYq6XYxgFolUwBcDBchJd
Mbf6WjVkQ7SHCWciwRulSI8NAgx3FvBgZiKbB25U+O21J3zc+B5sHhK6aYKrqRHS
ONLbimuc89EjaYD4g2XxXaa/2Rw0GQ8kUEiJjJ46GZFA0uiyuVSqgTAj3HJAx5H6
qTMWNV0L0ThfjbOZEFbUpdGk/U+CLMAsSe8bCu/96NPLDQ3BsZgX54C8QV3Zt2dw
cAyFXgiD1WFzxN5oqiemQJj1hu15vPiX2UIyu3+2Wo5j
-----END CERTIFICATE-----