Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/lvUb5jUaLrZtcQTZg6BwSE9rLfU.roa
File:                     lvUb5jUaLrZtcQTZg6BwSE9rLfU.roa (raw, json)
Hash identifier:          5em9rV7NyHd33spZJlV6TAWWwODNybkCid5KOSlQtlA=
Subject key identifier:   96:F5:1B:E6:35:1A:2E:B6:6D:71:04:D9:83:A0:70:48:4F:6B:2D:F5
Certificate issuer:       /CN=b0cc95fc42f3d81920f464b0f20c8a5203f21e30
Certificate serial:       018CC49361DB9B76FC815F4B2E816ADC9A52
Authority key identifier: B0:CC:95:FC:42:F3:D8:19:20:F4:64:B0:F2:0C:8A:52:03:F2:1E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/lvUb5jUaLrZtcQTZg6BwSE9rLfU.roa
Signing time:             Mon 01 Jan 2024 10:30:42 +0000
ROA not before:           Mon 01 Jan 2024 10:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212215
IP address blocks:        212.8.192.0/19 maxlen: 24
                          212.15.192.0/19 maxlen: 24
                          2001:ae0::/30 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 06:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:61:db:9b:76:fc:81:5f:4b:2e:81:6a:dc:9a:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0cc95fc42f3d81920f464b0f20c8a5203f21e30
        Validity
            Not Before: Jan  1 10:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96f51be6351a2eb66d7104d983a070484f6b2df5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:50:47:ee:44:4d:2b:59:cf:77:dd:64:c8:af:
                    dc:26:d0:f3:fa:4f:37:e2:9d:f5:6b:e2:db:74:0c:
                    14:cb:13:6c:34:e3:87:7f:76:c5:2e:5c:35:35:4c:
                    e4:45:8a:55:ee:37:5a:42:97:b4:c2:5e:e4:94:49:
                    41:a5:b3:bf:e0:e3:79:d3:6a:64:c3:ea:9b:4c:ef:
                    32:a5:d8:66:6f:56:05:67:6d:c0:ab:7f:ae:87:ef:
                    8a:0a:e5:69:bc:c1:12:ab:c9:ca:11:5b:38:e9:7a:
                    eb:c4:fe:ff:b3:b9:e6:14:74:9f:a1:bc:c2:37:f4:
                    65:8d:14:9b:50:98:0d:85:15:a9:df:eb:88:62:50:
                    7f:d5:19:5f:84:18:35:1c:2f:8b:8d:18:85:d8:a1:
                    08:32:de:c8:2e:1e:18:21:fe:28:87:af:10:4d:6a:
                    89:f6:82:80:c8:e0:a8:16:82:07:33:88:de:e0:bd:
                    99:37:32:03:55:7d:be:11:ba:e3:4e:89:72:2c:19:
                    01:9c:ea:d8:03:e9:fd:7f:11:53:dd:e6:30:d3:e5:
                    9f:b7:eb:18:1f:35:44:81:be:ec:b6:bb:4c:41:cc:
                    87:b8:87:b8:9d:fc:00:fb:fb:1e:f6:35:88:61:71:
                    41:3d:39:53:5d:cb:f6:00:69:b0:9a:11:6c:1e:c5:
                    d1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:F5:1B:E6:35:1A:2E:B6:6D:71:04:D9:83:A0:70:48:4F:6B:2D:F5
            X509v3 Authority Key Identifier:
                keyid:B0:CC:95:FC:42:F3:D8:19:20:F4:64:B0:F2:0C:8A:52:03:F2:1E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/lvUb5jUaLrZtcQTZg6BwSE9rLfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.8.192.0/19
                  212.15.192.0/19
                IPv6:
                  2001:ae0::/30

    Signature Algorithm: sha256WithRSAEncryption
         5a:a4:86:62:3e:92:92:e9:02:43:79:6e:c2:ca:e8:9f:91:49:
         c7:13:d5:d8:f4:b1:61:5e:e1:80:97:d2:7a:b5:00:a3:b0:c3:
         9c:ea:06:90:47:f8:71:4f:2a:13:5a:2f:b2:f6:9f:b0:e2:2c:
         14:55:65:04:aa:0f:a1:d5:77:55:78:e5:0f:6c:2d:90:25:b4:
         65:2b:bc:67:45:b0:f1:e3:04:dd:7b:5f:af:c7:54:30:4a:1a:
         84:dd:d6:06:2a:ca:cf:01:e9:6e:47:4b:46:a2:ab:80:d1:3f:
         d7:e2:d1:73:07:41:b1:0c:6d:2c:42:e6:b1:19:46:6a:f9:e4:
         d7:19:21:98:41:b9:36:b9:d5:83:b1:e5:24:1c:6e:16:81:4b:
         4f:bc:e5:49:2a:c1:be:5b:ea:0f:d7:d5:29:f1:eb:65:27:7d:
         ee:ab:f4:e8:51:d3:b3:9c:8a:2d:cd:45:ca:48:1e:90:55:6e:
         58:71:82:e9:5c:55:88:b4:4a:8f:2d:7b:47:89:15:d2:b6:12:
         04:bc:c2:be:81:73:c9:0a:76:c2:ec:0c:0b:e4:de:10:49:3a:
         ce:b1:e4:d6:87:c1:da:07:59:9b:ef:13:d6:03:48:d5:0c:4d:
         64:1a:67:76:e9:89:60:b5:ef:85:9d:ab:e2:d4:e0:65:3c:7d:
         6b:19:33:ab
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk2Hbm3b8gV9LLoFq3JpSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwY2M5NWZjNDJmM2Q4MTkyMGY0NjRiMGYyMGM4YTUyMDNm
MjFlMzAwHhcNMjQwMTAxMTAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmY1MWJlNjM1MWEyZWI2NmQ3MTA0ZDk4M2EwNzA0ODRmNmIyZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11BH7kRNK1nPd91kyK/cJtDz+k83
4p31a+LbdAwUyxNsNOOHf3bFLlw1NUzkRYpV7jdaQpe0wl7klElBpbO/4ON502pk
w+qbTO8ypdhmb1YFZ23Aq3+uh++KCuVpvMESq8nKEVs46XrrxP7/s7nmFHSfobzC
N/RljRSbUJgNhRWp3+uIYlB/1RlfhBg1HC+LjRiF2KEIMt7ILh4YIf4oh68QTWqJ
9oKAyOCoFoIHM4je4L2ZNzIDVX2+EbrjTolyLBkBnOrYA+n9fxFT3eYw0+Wft+sY
HzVEgb7strtMQcyHuIe4nfwA+/se9jWIYXFBPTlTXcv2AGmwmhFsHsXRuQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJb1G+Y1Gi62bXEE2YOgcEhPay31MB8GA1UdIwQY
MBaAFLDMlfxC89gZIPRksPIMilID8h4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc015Vl9FTHoyQmtnOUdTdzhneUtVZ1B5SGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9lOTY4NzctMTEzMy00YjI5LWE2YmEt
ODQ1M2MwZjEzNWQ2LzEvbHZVYjVqVWFMclp0Y1FUWmc2QndTRTlyTGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9lOTY4NzctMTEzMy00YjI5LWE2YmEtODQ1M2MwZjEzNWQ2
LzEvc015Vl9FTHoyQmtnOUdTdzhneUtVZ1B5SGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQF1AjAAwQF
1A/AMA0EAgACMAcDBQIgAQrgMA0GCSqGSIb3DQEBCwUAA4IBAQBapIZiPpKS6QJD
eW7CyuifkUnHE9XY9LFhXuGAl9J6tQCjsMOc6gaQR/hxTyoTWi+y9p+w4iwUVWUE
qg+h1XdVeOUPbC2QJbRlK7xnRbDx4wTde1+vx1QwShqE3dYGKsrPAeluR0tGoquA
0T/X4tFzB0GxDG0sQuaxGUZq+eTXGSGYQbk2udWDseUkHG4WgUtPvOVJKsG+W+oP
19Up8etlJ33uq/ToUdOznIotzUXKSB6QVW5YcYLpXFWItEqPLXtHiRXSthIEvMK+
gXPJCnbC7AwL5N4QSTrOseTWh8HaB1mb7xPWA0jVDE1kGmd26Ylgte+Fnavi1OBl
PH1rGTOr
-----END CERTIFICATE-----