Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/5SncsLDV_mLK11zjn-ua56NzNOA.roa
File:                     5SncsLDV_mLK11zjn-ua56NzNOA.roa (raw, json)
Hash identifier:          zuLC6yIPYmfUepLkU++s8Cwpuo2cOA9zrLrgs/OIPYw=
Subject key identifier:   E5:29:DC:B0:B0:D5:FE:62:CA:D7:5C:E3:9F:EB:9A:E7:A3:73:34:E0
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       018CC4934D915308D3F923DF9141FBAE9AB2
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/5SncsLDV_mLK11zjn-ua56NzNOA.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32181
IP address blocks:        213.21.235.0/24 maxlen: 24
                          213.21.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4d:91:53:08:d3:f9:23:df:91:41:fb:ae:9a:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e529dcb0b0d5fe62cad75ce39feb9ae7a37334e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:05:80:d3:8a:e5:be:46:3f:d9:e8:19:2e:c7:
                    5b:92:1b:85:fb:cf:2a:e6:c0:a0:4a:47:d9:36:60:
                    f9:f6:4a:bc:60:3e:62:03:54:f1:26:0d:37:55:82:
                    27:34:90:c0:1c:b6:e7:7c:8f:9e:e6:ee:cb:09:d8:
                    5f:b5:3c:ae:30:74:9a:b5:29:7b:85:fd:bb:ff:c2:
                    99:d6:05:d5:44:39:5a:9b:24:2d:77:78:de:4d:2f:
                    2e:e1:eb:9a:a6:c8:52:e4:52:79:1e:5a:44:2c:94:
                    f4:ea:c1:de:fd:fd:4c:64:21:0d:bd:ef:7a:b4:ef:
                    9a:70:06:a9:87:36:8e:e7:27:5a:1e:f0:b6:70:f4:
                    ad:ff:38:fb:dd:37:2c:35:58:af:66:96:f1:36:79:
                    f6:29:71:0a:74:97:9e:d4:f4:e4:22:f0:88:9f:8b:
                    cd:93:b1:6e:c8:7c:15:92:44:53:c0:b8:20:69:58:
                    0c:9f:24:e8:e6:97:98:03:24:63:9a:05:83:6d:64:
                    77:a8:4c:9a:fe:12:64:48:ba:cc:ad:ea:50:ee:99:
                    bd:bc:7c:3e:7e:00:c5:e0:56:da:51:4a:fa:7e:f5:
                    3f:8f:6a:6f:8c:3e:4e:0b:c2:b6:52:34:c7:54:f9:
                    7f:cd:0f:53:2b:f2:2e:27:24:c1:cc:06:2e:22:d5:
                    66:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:29:DC:B0:B0:D5:FE:62:CA:D7:5C:E3:9F:EB:9A:E7:A3:73:34:E0
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/5SncsLDV_mLK11zjn-ua56NzNOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.235.0/24
                  213.21.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:f0:bb:d7:a0:9f:8a:2a:4b:a8:94:c0:88:5a:11:d0:4b:1f:
         1d:18:75:b9:7a:7f:b2:04:a9:b0:84:ca:5b:b0:ab:a2:b9:14:
         1e:f6:47:9f:4c:a1:bd:2b:06:74:1c:b6:88:71:80:77:ba:bc:
         8d:50:40:01:8f:df:a2:7a:16:36:a4:58:ec:d4:70:b8:e7:12:
         aa:f7:c5:e1:6e:1a:37:ea:a3:85:ca:52:fc:76:e7:a3:07:e9:
         f0:06:08:19:df:e7:ba:ae:ef:a7:18:02:d3:46:9f:a4:07:32:
         5f:82:51:dd:e4:41:aa:4c:f2:f8:06:7a:05:9f:cd:9d:d6:15:
         ee:1e:41:52:82:0f:e3:f4:20:06:1f:d8:c2:76:c7:51:3d:29:
         66:e3:f4:5b:92:e3:b1:22:41:8e:c3:58:c9:c0:bc:cd:5a:93:
         14:17:dd:f3:79:9e:53:b3:49:66:55:fc:c1:24:dc:1f:3b:10:
         55:a3:f8:f1:83:25:ee:38:81:e5:0b:0a:82:27:9d:be:db:d4:
         3b:b1:eb:8a:4f:2c:ef:25:bc:9d:97:a3:da:b9:79:96:34:1b:
         6d:1e:97:8c:40:1e:33:95:32:22:b8:c9:b2:06:1e:6e:d9:e8:
         0a:c6:c9:f4:45:9f:8c:f7:74:0c:11:72:db:89:97:99:fe:40:
         2b:74:8e:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk02RUwjT+SPfkUH7rpqyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTI5ZGNiMGIwZDVmZTYyY2FkNzVjZTM5ZmViOWFlN2EzNzMzNGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQWA04rlvkY/2egZLsdbkhuF+88q
5sCgSkfZNmD59kq8YD5iA1TxJg03VYInNJDAHLbnfI+e5u7LCdhftTyuMHSatSl7
hf27/8KZ1gXVRDlamyQtd3jeTS8u4euapshS5FJ5HlpELJT06sHe/f1MZCENve96
tO+acAaphzaO5ydaHvC2cPSt/zj73TcsNVivZpbxNnn2KXEKdJee1PTkIvCIn4vN
k7FuyHwVkkRTwLggaVgMnyTo5peYAyRjmgWDbWR3qEya/hJkSLrMrepQ7pm9vHw+
fgDF4FbaUUr6fvU/j2pvjD5OC8K2UjTHVPl/zQ9TK/IuJyTBzAYuItVm9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOUp3LCw1f5iytdc45/rmuejczTgMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvNVNuY3NMRFZfbUxLMTF6am4tdWE1Nk56Tk9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1RXrAwQA
1RXxMA0GCSqGSIb3DQEBCwUAA4IBAQCZ8LvXoJ+KKkuolMCIWhHQSx8dGHW5en+y
BKmwhMpbsKuiuRQe9kefTKG9KwZ0HLaIcYB3uryNUEABj9+iehY2pFjs1HC45xKq
98Xhbho36qOFylL8duejB+nwBggZ3+e6ru+nGALTRp+kBzJfglHd5EGqTPL4BnoF
n82d1hXuHkFSgg/j9CAGH9jCdsdRPSlm4/RbkuOxIkGOw1jJwLzNWpMUF93zeZ5T
s0lmVfzBJNwfOxBVo/jxgyXuOIHlCwqCJ52+29Q7seuKTyzvJbydl6PauXmWNBtt
HpeMQB4zlTIiuMmyBh5u2egKxsn0RZ+M93QMEXLbiZeZ/kArdI5X
-----END CERTIFICATE-----