Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/x6v3kOVm35aJLKVKmsFciEubcOo.roa
File:                     x6v3kOVm35aJLKVKmsFciEubcOo.roa (raw, json)
Hash identifier:          f5Va+EA30+4q2K7ooRQU4yObo27+gd22mhk4V/OuWYQ=
Subject key identifier:   C7:AB:F7:90:E5:66:DF:96:89:2C:A5:4A:9A:C1:5C:88:4B:9B:70:EA
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       018CC6B8A2E081EA3E7C6143091E18C153D6
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/x6v3kOVm35aJLKVKmsFciEubcOo.roa
Signing time:             Mon 01 Jan 2024 20:30:38 +0000
ROA not before:           Mon 01 Jan 2024 20:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        212.113.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a2:e0:81:ea:3e:7c:61:43:09:1e:18:c1:53:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  1 20:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7abf790e566df96892ca54a9ac15c884b9b70ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:37:48:f0:c6:04:04:54:53:80:d9:dd:d0:b6:
                    05:23:55:be:af:48:53:6a:8d:a1:3c:30:61:46:2d:
                    03:49:e0:33:4a:62:6c:ac:fa:02:b3:91:70:6c:f9:
                    ff:08:7b:3d:9c:dc:8e:db:1b:db:72:c8:2b:3c:d4:
                    54:c9:0c:02:6f:77:85:26:67:2d:86:5b:2f:7d:bb:
                    dd:42:11:1c:9e:da:e4:11:20:1b:d7:e6:a8:c1:9b:
                    f0:65:51:68:bd:41:07:53:7f:ee:bb:64:98:16:91:
                    3d:7c:02:56:04:19:ed:4d:c7:9e:6c:b7:4e:d1:df:
                    42:24:93:b2:11:cc:92:04:34:3f:8b:4d:69:e5:6f:
                    09:8b:1f:b4:c0:15:37:bc:d1:7a:44:84:68:8b:e8:
                    81:bd:d4:92:84:c0:a8:03:30:5c:39:cb:c8:22:13:
                    9a:77:c6:c8:fa:46:a6:ea:f1:59:e6:e2:9f:1d:fa:
                    50:6b:27:58:c1:ac:87:9e:e5:37:2e:fd:b1:c4:9f:
                    c4:13:d1:eb:eb:43:f6:f6:8f:72:df:22:8e:e1:7f:
                    a6:3f:6d:4b:19:d9:a3:b8:2e:a2:e5:c7:e2:1d:01:
                    5c:53:32:7c:68:e1:70:ed:4c:e4:5e:a3:0a:3c:7c:
                    79:71:df:a1:2a:9f:32:3b:4b:91:ab:a9:0e:fb:bf:
                    39:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:AB:F7:90:E5:66:DF:96:89:2C:A5:4A:9A:C1:5C:88:4B:9B:70:EA
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/x6v3kOVm35aJLKVKmsFciEubcOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:c0:32:49:c5:2e:62:31:c2:f2:09:c4:92:98:02:c3:65:78:
         be:7f:64:ee:6b:ca:49:5b:3d:76:0b:ce:07:9b:e8:87:75:cc:
         67:14:a2:75:f0:e6:2f:b2:eb:18:eb:3c:54:f6:4d:dc:ba:26:
         5b:63:1e:dd:76:1c:19:c1:47:6a:24:1a:16:90:7e:00:e9:c6:
         d9:1a:42:fe:6e:72:25:fc:be:6e:7f:34:74:4a:4c:39:0e:13:
         29:e0:82:9d:f8:b4:0c:16:ff:7d:29:01:df:50:8e:e1:86:7c:
         60:c4:61:95:cc:61:58:8d:0d:40:80:88:03:2a:58:6d:32:f5:
         06:a7:bb:ab:e0:e2:40:c7:0f:34:69:e9:50:9c:48:67:6c:fd:
         21:f2:20:99:27:80:09:a2:c7:c5:97:ec:44:ef:58:b5:8c:bb:
         f5:2d:ae:1e:8f:2c:ac:00:36:0c:7c:f0:30:3a:ac:34:8c:b9:
         46:06:ea:fb:07:f3:95:ae:43:3e:64:0a:ac:97:b2:e8:d2:23:
         0f:3a:bf:6d:3d:a4:b4:69:89:3f:5b:0e:aa:21:f4:2f:da:62:
         a1:55:fc:69:12:ef:f1:9b:3d:76:16:d2:83:bc:ce:f3:5f:a0:
         f0:ba:a3:4b:12:32:02:86:29:ed:90:eb:d3:2a:dd:0f:9e:9d:
         e4:1a:ed:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuKLggeo+fGFDCR4YwVPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjQwMTAxMjAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2FiZjc5MGU1NjZkZjk2ODkyY2E1NGE5YWMxNWM4ODRiOWI3MGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTdI8MYEBFRTgNnd0LYFI1W+r0hT
ao2hPDBhRi0DSeAzSmJsrPoCs5FwbPn/CHs9nNyO2xvbcsgrPNRUyQwCb3eFJmct
hlsvfbvdQhEcntrkESAb1+aowZvwZVFovUEHU3/uu2SYFpE9fAJWBBntTceebLdO
0d9CJJOyEcySBDQ/i01p5W8Jix+0wBU3vNF6RIRoi+iBvdSShMCoAzBcOcvIIhOa
d8bI+kam6vFZ5uKfHfpQaydYwayHnuU3Lv2xxJ/EE9Hr60P29o9y3yKO4X+mP21L
GdmjuC6i5cfiHQFcUzJ8aOFw7UzkXqMKPHx5cd+hKp8yO0uRq6kO+785+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMer95DlZt+WiSylSprBXIhLm3DqMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEveDZ2M2tPVm0zNWFKTEtWS21zRmNpRXViY09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1HFkMA0G
CSqGSIb3DQEBCwUAA4IBAQCNwDJJxS5iMcLyCcSSmALDZXi+f2Tua8pJWz12C84H
m+iHdcxnFKJ18OYvsusY6zxU9k3cuiZbYx7ddhwZwUdqJBoWkH4A6cbZGkL+bnIl
/L5ufzR0Skw5DhMp4IKd+LQMFv99KQHfUI7hhnxgxGGVzGFYjQ1AgIgDKlhtMvUG
p7ur4OJAxw80aelQnEhnbP0h8iCZJ4AJosfFl+xE71i1jLv1La4ejyysADYMfPAw
Oqw0jLlGBur7B/OVrkM+ZAqsl7Lo0iMPOr9tPaS0aYk/Ww6qIfQv2mKhVfxpEu/x
mz12FtKDvM7zX6DwuqNLEjIChintkOvTKt0Pnp3kGu3w
-----END CERTIFICATE-----