Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/itJZC7vRUqmhfGOpbvRqRVfDHA8.roa
File:                     itJZC7vRUqmhfGOpbvRqRVfDHA8.roa (raw, json)
Hash identifier:          Sg3YrC14wZEUE9yCEoyOm1s/ZOzXNAI1CAecaeI25VQ=
Subject key identifier:   8A:D2:59:0B:BB:D1:52:A9:A1:7C:63:A9:6E:F4:6A:45:57:C3:1C:0F
Certificate issuer:       /CN=30683cffa061f28a9e1135c9fc30376a6474cbf4
Certificate serial:       018CC5DC7AF094BC63D59782CE165BEEF9D9
Authority key identifier: 30:68:3C:FF:A0:61:F2:8A:9E:11:35:C9:FC:30:37:6A:64:74:CB:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/itJZC7vRUqmhfGOpbvRqRVfDHA8.roa
Signing time:             Mon 01 Jan 2024 16:30:10 +0000
ROA not before:           Mon 01 Jan 2024 16:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        212.82.233.0/24 maxlen: 24
                          2a00:1798:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:7a:f0:94:bc:63:d5:97:82:ce:16:5b:ee:f9:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30683cffa061f28a9e1135c9fc30376a6474cbf4
        Validity
            Not Before: Jan  1 16:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ad2590bbbd152a9a17c63a96ef46a4557c31c0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:76:4e:fb:87:ab:12:c0:cd:7b:37:3a:f8:c7:
                    44:28:ff:50:4e:1d:56:9d:42:34:ca:5f:64:5c:ca:
                    4f:82:dd:8a:9d:58:70:cb:d1:3e:eb:79:c6:07:5a:
                    ce:db:14:b2:97:fa:48:e6:e2:8f:ec:17:7d:5d:c2:
                    03:d5:14:fb:2e:f5:b8:3e:0b:44:a1:05:e5:24:bd:
                    b2:5b:67:46:6c:7a:1b:26:72:85:97:00:da:7e:0e:
                    b4:51:15:14:80:33:c8:7e:77:66:ef:da:6e:2a:bb:
                    64:cc:bf:3b:85:5a:f7:a8:1b:36:21:3a:7d:ce:6c:
                    f5:92:e3:87:04:15:80:fd:e1:ad:f1:35:6a:fa:3f:
                    33:d8:22:8f:23:82:eb:a9:0f:93:67:e5:5f:70:f5:
                    5b:92:a3:4d:78:62:90:20:88:7b:b4:7a:59:40:3b:
                    18:69:75:3b:a5:85:73:6e:b6:07:3d:07:fb:53:96:
                    b1:e0:43:87:94:1d:cc:3a:60:ff:28:ce:96:b3:88:
                    86:7c:55:e4:f2:da:ac:a9:98:f2:5a:23:35:38:12:
                    e8:a3:d9:22:80:29:62:10:c3:dd:1e:e5:dc:a4:62:
                    98:de:3a:15:de:3e:2e:74:61:6b:1a:44:8a:a0:98:
                    e5:26:f0:f2:bd:f9:4e:64:70:60:b1:04:7d:72:1f:
                    4c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:D2:59:0B:BB:D1:52:A9:A1:7C:63:A9:6E:F4:6A:45:57:C3:1C:0F
            X509v3 Authority Key Identifier:
                keyid:30:68:3C:FF:A0:61:F2:8A:9E:11:35:C9:FC:30:37:6A:64:74:CB:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/itJZC7vRUqmhfGOpbvRqRVfDHA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.82.233.0/24
                IPv6:
                  2a00:1798:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:84:9c:52:59:5f:34:cb:64:97:a9:bf:48:fb:8a:18:58:d8:
         e1:52:10:db:9e:d3:99:45:0e:2c:71:89:85:38:ef:df:d1:83:
         a2:83:49:db:ce:a4:04:0c:7e:c2:26:35:ed:59:75:0f:8d:fe:
         6b:fc:26:d9:7f:af:ce:25:b1:cf:9b:6a:5c:e6:e7:89:aa:b4:
         66:5a:e7:44:cd:a9:01:8f:b4:24:90:f6:a4:c1:54:19:0b:73:
         30:6a:b2:e8:61:2d:5f:46:7d:73:6f:b4:4d:7f:a3:68:70:26:
         d8:7d:d9:ab:47:28:c8:2a:57:7b:e9:1b:8d:27:6b:23:f9:0f:
         45:07:f6:f4:4c:c1:8e:5b:f1:b0:2f:70:1e:ac:36:50:dc:34:
         af:f0:9a:6f:ad:d9:00:5b:ff:b6:cc:de:cd:9d:12:c3:17:ba:
         c6:ae:7f:2e:82:21:aa:4a:67:11:98:a4:a2:76:0b:0f:a6:08:
         d7:64:52:e2:17:6b:7f:be:76:00:59:39:8e:ba:ec:1d:1f:13:
         f4:1c:d6:d8:cf:6b:b2:51:41:52:b8:4e:4c:1d:4d:29:50:b0:
         79:4e:6e:d7:68:05:bf:e2:2c:8f:56:83:ce:ac:43:e8:db:cb:
         67:93:0c:9a:10:dc:70:4a:79:55:4e:7e:d2:62:30:ef:06:db:
         bc:18:a1:2b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3HrwlLxj1ZeCzhZb7vnZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNjgzY2ZmYTA2MWYyOGE5ZTExMzVjOWZjMzAzNzZhNjQ3
NGNiZjQwHhcNMjQwMTAxMTYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQyNTkwYmJiZDE1MmE5YTE3YzYzYTk2ZWY0NmE0NTU3YzMxYzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XZO+4erEsDNezc6+MdEKP9QTh1W
nUI0yl9kXMpPgt2KnVhwy9E+63nGB1rO2xSyl/pI5uKP7Bd9XcID1RT7LvW4PgtE
oQXlJL2yW2dGbHobJnKFlwDafg60URUUgDPIfndm79puKrtkzL87hVr3qBs2ITp9
zmz1kuOHBBWA/eGt8TVq+j8z2CKPI4LrqQ+TZ+VfcPVbkqNNeGKQIIh7tHpZQDsY
aXU7pYVzbrYHPQf7U5ax4EOHlB3MOmD/KM6Ws4iGfFXk8tqsqZjyWiM1OBLoo9ki
gCliEMPdHuXcpGKY3joV3j4udGFrGkSKoJjlJvDyvflOZHBgsQR9ch9MAwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIrSWQu70VKpoXxjqW70akVXwxwPMB8GA1UdIwQY
MBaAFDBoPP+gYfKKnhE1yfwwN2pkdMv0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUdnOF82Qmg4b3FlRVRYSl9EQTNhbVIweV9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8wMWY2ZWQtN2I4Ni00Zjc2LTgyOGYt
NGUxOTIzOWYwYzM1LzEvaXRKWkM3dlJVcW1oZkdPcGJ2UnFSVmZESEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8wMWY2ZWQtN2I4Ni00Zjc2LTgyOGYtNGUxOTIzOWYwYzM1
LzEvTUdnOF82Qmg4b3FlRVRYSl9EQTNhbVIweV9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1FLpMA8E
AgACMAkDBwAqABeYAAYwDQYJKoZIhvcNAQELBQADggEBAG6EnFJZXzTLZJepv0j7
ihhY2OFSENue05lFDixxiYU479/Rg6KDSdvOpAQMfsImNe1ZdQ+N/mv8Jtl/r84l
sc+balzm54mqtGZa50TNqQGPtCSQ9qTBVBkLczBqsuhhLV9GfXNvtE1/o2hwJth9
2atHKMgqV3vpG40nayP5D0UH9vRMwY5b8bAvcB6sNlDcNK/wmm+t2QBb/7bM3s2d
EsMXusaufy6CIapKZxGYpKJ2Cw+mCNdkUuIXa3++dgBZOY667B0fE/Qc1tjPa7JR
QVK4TkwdTSlQsHlObtdoBb/iLI9Wg86sQ+jby2eTDJoQ3HBKeVVOftJiMO8G27wY
oSs=
-----END CERTIFICATE-----