Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/63299a-86b2-49ff-b6e2-241eab61483f/1/vvIf2rS14u3krjjWjlzkRR8MHKo.roa
File:                     vvIf2rS14u3krjjWjlzkRR8MHKo.roa (raw, json)
Hash identifier:          YvDjt09diDJ8RcEhkNcl/baCg2kusdUTnxTpd1MZOP8=
Subject key identifier:   BE:F2:1F:DA:B4:B5:E2:ED:E4:AE:38:D6:8E:5C:E4:45:1F:0C:1C:AA
Certificate issuer:       /CN=e479af1716dc461e5bb3f876215bcb94e8808ba0
Certificate serial:       018CC9BB3B0C33CE6AA6B6E23FBC9C8DA8C8
Authority key identifier: E4:79:AF:17:16:DC:46:1E:5B:B3:F8:76:21:5B:CB:94:E8:80:8B:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5HmvFxbcRh5bs_h2IVvLlOiAi6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/63299a-86b2-49ff-b6e2-241eab61483f/1/vvIf2rS14u3krjjWjlzkRR8MHKo.roa
Signing time:             Tue 02 Jan 2024 10:32:19 +0000
ROA not before:           Tue 02 Jan 2024 10:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199027
IP address blocks:        213.152.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/63299a-86b2-49ff-b6e2-241eab61483f/1/5HmvFxbcRh5bs_h2IVvLlOiAi6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/63299a-86b2-49ff-b6e2-241eab61483f/1/5HmvFxbcRh5bs_h2IVvLlOiAi6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5HmvFxbcRh5bs_h2IVvLlOiAi6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:3b:0c:33:ce:6a:a6:b6:e2:3f:bc:9c:8d:a8:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e479af1716dc461e5bb3f876215bcb94e8808ba0
        Validity
            Not Before: Jan  2 10:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bef21fdab4b5e2ede4ae38d68e5ce4451f0c1caa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:da:0c:15:ba:21:8a:fe:98:7b:8d:50:9d:3c:
                    b4:9b:90:6d:d9:a4:aa:10:b1:47:c7:05:6a:06:3c:
                    d1:f9:8e:a4:f8:0e:b6:11:af:8a:c9:e8:cc:ed:a0:
                    71:df:ba:4d:d3:7f:cc:b0:cf:67:d0:d1:79:6f:e2:
                    d4:63:7a:86:56:11:50:43:78:68:7b:92:ab:81:9b:
                    4f:7a:2f:6b:4b:aa:78:7b:07:d6:ec:d8:aa:0e:d9:
                    67:5d:e6:e6:47:e2:51:7e:8d:de:61:b2:79:84:e8:
                    e9:00:e3:1c:b7:36:8a:f0:7b:6b:6b:4c:fb:2e:ee:
                    27:ec:a8:13:12:15:db:66:cf:c9:18:92:5f:c6:4f:
                    46:ae:ee:f8:0c:8d:e0:c2:f9:68:0d:ee:ee:00:43:
                    15:3b:c4:1f:11:a5:8a:1c:ff:a8:25:1a:3c:18:cf:
                    a4:a0:34:c2:af:85:e9:76:a5:d9:7d:c4:61:a1:43:
                    6c:71:29:22:56:4d:c0:c2:b4:c8:bf:1c:5b:94:a1:
                    44:6c:15:10:eb:97:ff:f5:e2:2c:45:11:8a:f0:4b:
                    a8:62:fa:df:25:63:3d:3a:80:68:6e:c5:57:d6:19:
                    2f:f8:77:ef:b9:19:5e:73:db:f3:78:3e:a1:c2:97:
                    12:2d:75:dc:5c:fc:c8:92:61:ab:b4:6a:9c:38:12:
                    25:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:F2:1F:DA:B4:B5:E2:ED:E4:AE:38:D6:8E:5C:E4:45:1F:0C:1C:AA
            X509v3 Authority Key Identifier:
                keyid:E4:79:AF:17:16:DC:46:1E:5B:B3:F8:76:21:5B:CB:94:E8:80:8B:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5HmvFxbcRh5bs_h2IVvLlOiAi6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/63299a-86b2-49ff-b6e2-241eab61483f/1/vvIf2rS14u3krjjWjlzkRR8MHKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/63299a-86b2-49ff-b6e2-241eab61483f/1/5HmvFxbcRh5bs_h2IVvLlOiAi6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.152.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:6c:c1:48:cf:a0:ec:ee:89:72:88:4d:f3:62:b4:bd:45:79:
         46:a6:54:c1:90:f7:63:d4:85:f9:8c:1b:21:f3:79:17:34:f6:
         4f:21:fe:a9:62:be:fa:9a:13:aa:e0:d6:3f:86:86:6a:a0:06:
         66:0a:7c:42:f2:b9:ce:b2:39:d3:2a:8f:58:b1:f9:b4:44:db:
         9f:35:81:8e:4f:b4:3d:8e:67:5b:8f:c8:a4:b6:9e:c0:a2:62:
         3b:c1:28:5c:37:6e:00:80:40:7c:24:00:a3:a5:7a:70:75:f3:
         b5:7b:0d:df:d3:3c:1a:e6:d3:05:40:09:99:45:25:2b:6b:9e:
         5f:31:55:11:10:33:ea:8a:16:9e:04:c3:55:7e:c1:c0:7e:5d:
         90:3f:98:dc:23:3f:a9:53:59:fa:05:66:65:db:74:44:c4:5b:
         b0:b2:c7:1c:9b:99:92:00:d8:cf:fb:b0:a8:ce:3f:59:3a:bf:
         de:59:e8:71:45:39:ec:02:33:fe:17:9e:10:6e:65:8c:dc:5e:
         68:12:a7:a1:1c:88:14:79:a0:f1:5c:75:56:82:4a:46:3b:86:
         22:6b:9d:38:83:e5:6d:24:60:5f:1f:72:a9:66:df:cd:0d:fe:
         19:a5:87:fa:57:05:c9:7c:2c:fe:a6:c2:bf:8f:03:a5:bf:3c:
         56:7c:0e:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuzsMM85qprbiP7ycjajIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NzlhZjE3MTZkYzQ2MWU1YmIzZjg3NjIxNWJjYjk0ZTg4
MDhiYTAwHhcNMjQwMTAyMTAzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWYyMWZkYWI0YjVlMmVkZTRhZTM4ZDY4ZTVjZTQ0NTFmMGMxY2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitoMFbohiv6Ye41QnTy0m5Bt2aSq
ELFHxwVqBjzR+Y6k+A62Ea+KyejM7aBx37pN03/MsM9n0NF5b+LUY3qGVhFQQ3ho
e5KrgZtPei9rS6p4ewfW7NiqDtlnXebmR+JRfo3eYbJ5hOjpAOMctzaK8Htra0z7
Lu4n7KgTEhXbZs/JGJJfxk9Gru74DI3gwvloDe7uAEMVO8QfEaWKHP+oJRo8GM+k
oDTCr4XpdqXZfcRhoUNscSkiVk3AwrTIvxxblKFEbBUQ65f/9eIsRRGK8EuoYvrf
JWM9OoBobsVX1hkv+HfvuRlec9vzeD6hwpcSLXXcXPzIkmGrtGqcOBIlzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7yH9q0teLt5K441o5c5EUfDByqMB8GA1UdIwQY
MBaAFOR5rxcW3EYeW7P4diFby5TogIugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUhtdkZ4YmNSaDVic19oMklWdkxsT2lBaTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS82MzI5OWEtODZiMi00OWZmLWI2ZTIt
MjQxZWFiNjE0ODNmLzEvdnZJZjJyUzE0dTNrcmpqV2psemtSUjhNSEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS82MzI5OWEtODZiMi00OWZmLWI2ZTItMjQxZWFiNjE0ODNm
LzEvNUhtdkZ4YmNSaDVic19oMklWdkxsT2lBaTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZgVMA0G
CSqGSIb3DQEBCwUAA4IBAQASbMFIz6Ds7olyiE3zYrS9RXlGplTBkPdj1IX5jBsh
83kXNPZPIf6pYr76mhOq4NY/hoZqoAZmCnxC8rnOsjnTKo9Ysfm0RNufNYGOT7Q9
jmdbj8iktp7AomI7wShcN24AgEB8JACjpXpwdfO1ew3f0zwa5tMFQAmZRSUra55f
MVUREDPqihaeBMNVfsHAfl2QP5jcIz+pU1n6BWZl23RExFuwssccm5mSANjP+7Co
zj9ZOr/eWehxRTnsAjP+F54QbmWM3F5oEqehHIgUeaDxXHVWgkpGO4Yia504g+Vt
JGBfH3KpZt/NDf4ZpYf6VwXJfCz+psK/jwOlvzxWfA72
-----END CERTIFICATE-----