Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/AFhVw7L2cmfyKUGDwOCmO7Yo1gY.roa
File:                     AFhVw7L2cmfyKUGDwOCmO7Yo1gY.roa (raw, json)
Hash identifier:          iXRx1HHxSJILYVnLoIi9U9OHCxx0SDrAT43Hzdppprg=
Subject key identifier:   00:58:55:C3:B2:F6:72:67:F2:29:41:83:C0:E0:A6:3B:B6:28:D6:06
Certificate issuer:       /CN=33c342c06aacc359d39439ff58defa8ea1875748
Certificate serial:       018CC500B75B5EC5FB20EA064C5A40DAE043
Authority key identifier: 33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/AFhVw7L2cmfyKUGDwOCmO7Yo1gY.roa
Signing time:             Mon 01 Jan 2024 12:30:07 +0000
ROA not before:           Mon 01 Jan 2024 12:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39575
IP address blocks:        213.128.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b7:5b:5e:c5:fb:20:ea:06:4c:5a:40:da:e0:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33c342c06aacc359d39439ff58defa8ea1875748
        Validity
            Not Before: Jan  1 12:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=005855c3b2f67267f2294183c0e0a63bb628d606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:36:09:ed:63:7d:ef:63:d3:2e:7d:5a:52:71:
                    a3:7f:ba:52:1a:81:48:62:0e:eb:ad:9a:18:24:84:
                    2d:4e:6c:d3:cd:ea:19:51:9d:16:9e:91:de:7d:0d:
                    00:86:cf:90:c9:c8:6f:0a:4e:83:30:9d:bb:0b:59:
                    c7:5b:9a:74:50:bb:4b:d3:c0:45:74:b2:c5:6a:7a:
                    97:0f:5c:c6:63:ff:53:e9:71:ed:d0:16:5b:be:6f:
                    5d:93:8c:53:6c:d2:18:33:ed:e8:ff:5f:0f:61:0c:
                    4e:03:fb:33:23:f9:45:97:f1:4c:38:d4:40:fc:0a:
                    f4:d5:bf:64:65:44:b5:aa:a0:08:f0:6e:91:f3:8b:
                    31:f4:ef:8c:62:47:5a:6d:e1:4c:c3:13:bc:6f:8b:
                    eb:5f:29:2b:d9:16:83:c0:fc:9d:f1:92:34:dc:d1:
                    6e:16:e5:0d:1f:93:b3:69:cf:2a:51:fd:70:8f:b9:
                    0e:40:ff:6b:f9:ed:2d:5e:f1:03:1d:6e:30:8b:64:
                    c8:d8:4c:2c:84:38:79:7b:7e:b4:17:83:5b:f8:e9:
                    09:aa:bd:ef:b6:8d:18:35:d4:e0:10:25:cc:ef:a4:
                    01:e1:6a:4d:d8:68:d0:c9:08:99:e5:d1:25:5a:c7:
                    61:73:cf:d8:2c:85:4b:e0:54:f3:49:91:c9:12:97:
                    6c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:58:55:C3:B2:F6:72:67:F2:29:41:83:C0:E0:A6:3B:B6:28:D6:06
            X509v3 Authority Key Identifier:
                keyid:33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/AFhVw7L2cmfyKUGDwOCmO7Yo1gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.128.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:f5:11:5c:4d:f6:95:1e:f4:8d:5e:1f:fe:cb:45:f9:84:c2:
         59:75:c6:a8:e3:01:31:c8:69:69:d9:ca:50:98:80:7c:d3:2e:
         f0:61:04:b7:f8:4b:76:bf:d6:b8:20:c6:24:3b:10:39:2a:ba:
         29:01:5d:54:d9:64:51:1e:6b:6d:a9:3a:46:54:07:a6:d1:5b:
         9c:c8:be:be:ee:75:36:a5:93:51:fe:f9:c5:4a:e9:31:12:54:
         d2:1e:6b:f4:f3:f7:f4:0d:48:f9:8b:e4:45:e7:9f:5d:fb:c5:
         3e:61:55:1e:49:22:41:67:63:a6:cd:3e:ee:95:d0:d7:d5:89:
         a6:f7:7c:fd:83:f0:49:75:87:22:58:77:f5:2a:97:8b:3b:df:
         c3:55:7a:87:a4:e8:92:9f:02:73:67:86:a0:da:14:fe:db:0c:
         6b:a3:ee:61:68:d2:8d:26:69:2d:fe:ab:1c:d3:ef:cb:46:64:
         26:f3:42:18:da:44:c9:34:7f:76:da:d8:ef:ba:d9:35:9f:38:
         2e:18:64:b2:bb:56:3e:9b:aa:44:4a:63:86:80:87:d8:55:c1:
         98:6a:cf:80:e9:60:b5:52:27:a1:2c:3a:c2:81:f3:3b:c8:01:
         99:3e:aa:ff:ca:1b:11:8f:c9:98:9a:41:83:a2:6d:75:d7:b6:
         bd:b8:7e:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALdbXsX7IOoGTFpA2uBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYzM0MmMwNmFhY2MzNTlkMzk0MzlmZjU4ZGVmYThlYTE4
NzU3NDgwHhcNMjQwMTAxMTIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDU4NTVjM2IyZjY3MjY3ZjIyOTQxODNjMGUwYTYzYmI2MjhkNjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jYJ7WN972PTLn1aUnGjf7pSGoFI
Yg7rrZoYJIQtTmzTzeoZUZ0WnpHefQ0Ahs+QychvCk6DMJ27C1nHW5p0ULtL08BF
dLLFanqXD1zGY/9T6XHt0BZbvm9dk4xTbNIYM+3o/18PYQxOA/szI/lFl/FMONRA
/Ar01b9kZUS1qqAI8G6R84sx9O+MYkdabeFMwxO8b4vrXykr2RaDwPyd8ZI03NFu
FuUNH5Ozac8qUf1wj7kOQP9r+e0tXvEDHW4wi2TI2EwshDh5e360F4Nb+OkJqr3v
to0YNdTgECXM76QB4WpN2GjQyQiZ5dElWsdhc8/YLIVL4FTzSZHJEpdsOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABYVcOy9nJn8ilBg8Dgpju2KNYGMB8GA1UdIwQY
MBaAFDPDQsBqrMNZ05Q5/1je+o6hh1dIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUt
N2YyMzMzNjA0OTk3LzEvQUZoVnc3TDJjbWZ5S1VHRHdPQ21PN1lvMWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUtN2YyMzMzNjA0OTk3
LzEvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YDRMA0G
CSqGSIb3DQEBCwUAA4IBAQCY9RFcTfaVHvSNXh/+y0X5hMJZdcao4wExyGlp2cpQ
mIB80y7wYQS3+Et2v9a4IMYkOxA5KropAV1U2WRRHmttqTpGVAem0VucyL6+7nU2
pZNR/vnFSukxElTSHmv08/f0DUj5i+RF559d+8U+YVUeSSJBZ2OmzT7uldDX1Ymm
93z9g/BJdYciWHf1KpeLO9/DVXqHpOiSnwJzZ4ag2hT+2wxro+5haNKNJmkt/qsc
0+/LRmQm80IY2kTJNH922tjvutk1nzguGGSyu1Y+m6pESmOGgIfYVcGYas+A6WC1
UiehLDrCgfM7yAGZPqr/yhsRj8mYmkGDom1117a9uH4u
-----END CERTIFICATE-----