Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/sBZyctgvNvtriFhe8m6CbBJ7dYg.roa
File:                     sBZyctgvNvtriFhe8m6CbBJ7dYg.roa (raw, json)
Hash identifier:          JowCeeluxMSod/7/LxTDdw9H9SvUld/0RlKOgZZipFI=
Subject key identifier:   B0:16:72:72:D8:2F:36:FB:6B:88:58:5E:F2:6E:82:6C:12:7B:75:88
Certificate issuer:       /CN=69b66c6e9a14c6fd773fa31df9820b3396952e2e
Certificate serial:       01942823D9C4B6DFD4CDC3B2EE3988897B32
Authority key identifier: 69:B6:6C:6E:9A:14:C6:FD:77:3F:A3:1D:F9:82:0B:33:96:95:2E:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/abZsbpoUxv13P6Md-YILM5aVLi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/sBZyctgvNvtriFhe8m6CbBJ7dYg.roa
Signing time:             Thu 02 Jan 2025 17:50:25 +0000
ROA not before:           Thu 02 Jan 2025 17:50:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215839
IP address blocks:        213.134.27.0/24 maxlen: 24
                          2a14:2c80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/abZsbpoUxv13P6Md-YILM5aVLi4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/abZsbpoUxv13P6Md-YILM5aVLi4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/abZsbpoUxv13P6Md-YILM5aVLi4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 14:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:d9:c4:b6:df:d4:cd:c3:b2:ee:39:88:89:7b:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69b66c6e9a14c6fd773fa31df9820b3396952e2e
        Validity
            Not Before: Jan  2 17:50:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0167272d82f36fb6b88585ef26e826c127b7588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b4:5f:c6:50:0d:9b:5d:ac:12:9b:83:e8:fa:
                    d4:e8:81:0e:af:9f:b7:bd:b6:b6:de:42:76:93:36:
                    03:d9:a0:ce:44:f1:cb:ff:6e:46:cc:a6:94:98:86:
                    51:f9:76:02:7e:8f:55:3a:3a:c6:cc:e5:ef:8f:5e:
                    35:77:83:77:2f:9e:41:cd:61:4d:62:66:10:8c:f9:
                    3b:b1:db:0b:eb:1b:61:cb:5f:6d:43:eb:19:f1:e5:
                    c1:6d:6d:49:8f:fc:37:23:a6:71:27:06:41:1c:76:
                    f1:4b:b4:85:1f:1c:6b:33:bb:55:a6:c8:f0:a3:3c:
                    a0:57:04:49:5e:dc:7c:29:cb:89:7f:7d:bd:cc:ca:
                    dd:e3:6e:b0:69:35:57:70:9b:78:fe:c2:03:e3:3e:
                    51:35:c0:d8:1c:13:c5:ca:0f:8e:f3:6d:58:70:b6:
                    09:4b:0e:b4:eb:43:4e:3a:e3:7a:a7:35:b4:69:8d:
                    e0:30:c1:2c:2d:88:74:c8:c7:3a:bd:2c:d9:e9:6b:
                    65:57:dc:ad:9a:30:5f:58:be:46:73:4b:2f:15:6a:
                    81:7c:0f:80:e9:39:33:41:d0:4a:34:7a:71:f2:34:
                    80:50:85:e5:ee:d1:a5:65:96:b1:14:14:e9:95:e4:
                    14:81:7c:5e:9a:ce:4b:1a:f0:c8:0a:1d:f8:bb:08:
                    93:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:16:72:72:D8:2F:36:FB:6B:88:58:5E:F2:6E:82:6C:12:7B:75:88
            X509v3 Authority Key Identifier:
                keyid:69:B6:6C:6E:9A:14:C6:FD:77:3F:A3:1D:F9:82:0B:33:96:95:2E:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/abZsbpoUxv13P6Md-YILM5aVLi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/sBZyctgvNvtriFhe8m6CbBJ7dYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/abZsbpoUxv13P6Md-YILM5aVLi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.134.27.0/24
                IPv6:
                  2a14:2c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:e4:14:8c:77:c5:3d:b0:d8:f4:ba:ab:3e:7b:d1:cf:a9:92:
         8c:2d:71:5c:8e:c7:85:c6:10:15:42:9d:0d:ea:88:8a:12:86:
         87:65:05:fa:d2:b0:9b:05:d2:78:d1:e1:7e:aa:c6:f2:ea:7e:
         dc:c2:7d:e1:a7:4e:e3:04:e0:14:20:98:ec:00:85:bd:80:55:
         d4:f8:3c:73:69:74:70:43:5d:57:1b:ca:40:d0:84:dd:1f:3f:
         e3:13:72:6e:a7:46:b6:a6:a0:14:e6:98:49:28:dd:c0:bd:67:
         9e:c0:be:c4:de:8b:7c:90:b1:7f:5f:4a:ee:39:36:c3:7a:98:
         88:c9:ef:ec:e7:16:cb:6b:21:b6:25:2d:98:74:31:47:cf:05:
         40:e4:08:f2:20:11:9c:13:77:18:51:c0:2a:0e:e4:3a:68:53:
         30:96:bb:26:bd:23:60:ad:84:ad:de:1a:80:b9:a6:cb:02:30:
         70:ff:23:15:fb:f0:18:bb:7a:fb:d5:8a:0c:5f:de:45:05:e7:
         05:3b:9c:c5:5c:89:16:19:ad:b8:27:54:fa:1d:ea:80:cd:76:
         ef:94:0c:c0:c3:7e:e3:fe:02:cd:ef:f5:ac:0d:29:c2:63:f8:
         3a:d6:a7:ef:f1:99:37:92:6f:48:c8:c6:8f:27:0d:1e:d8:13:
         1d:1e:7e:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoI9nEtt/UzcOy7jmIiXsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YjY2YzZlOWExNGM2ZmQ3NzNmYTMxZGY5ODIwYjMzOTY5
NTJlMmUwHhcNMjUwMTAyMTc1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDE2NzI3MmQ4MmYzNmZiNmI4ODU4NWVmMjZlODI2YzEyN2I3NTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LRfxlANm12sEpuD6PrU6IEOr5+3
vba23kJ2kzYD2aDORPHL/25GzKaUmIZR+XYCfo9VOjrGzOXvj141d4N3L55BzWFN
YmYQjPk7sdsL6xthy19tQ+sZ8eXBbW1Jj/w3I6ZxJwZBHHbxS7SFHxxrM7tVpsjw
ozygVwRJXtx8KcuJf329zMrd426waTVXcJt4/sID4z5RNcDYHBPFyg+O821YcLYJ
Sw6060NOOuN6pzW0aY3gMMEsLYh0yMc6vSzZ6WtlV9ytmjBfWL5Gc0svFWqBfA+A
6TkzQdBKNHpx8jSAUIXl7tGlZZaxFBTpleQUgXxems5LGvDICh34uwiTOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLAWcnLYLzb7a4hYXvJugmwSe3WIMB8GA1UdIwQY
MBaAFGm2bG6aFMb9dz+jHfmCCzOWlS4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWJac2Jwb1V4djEzUDZNZC1ZSUxNNWFWTGk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85ZGU3MGQtNzQyNS00YzA3LWE4MGYt
NDJkYzgyY2NhMTkyLzEvc0JaeWN0Z3ZOdnRyaUZoZThtNkNiQko3ZFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85ZGU3MGQtNzQyNS00YzA3LWE4MGYtNDJkYzgyY2NhMTky
LzEvYWJac2Jwb1V4djEzUDZNZC1ZSUxNNWFWTGk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1YYbMA0E
AgACMAcDBQMqFCyAMA0GCSqGSIb3DQEBCwUAA4IBAQCt5BSMd8U9sNj0uqs+e9HP
qZKMLXFcjseFxhAVQp0N6oiKEoaHZQX60rCbBdJ40eF+qsby6n7cwn3hp07jBOAU
IJjsAIW9gFXU+DxzaXRwQ11XG8pA0ITdHz/jE3Jup0a2pqAU5phJKN3AvWeewL7E
3ot8kLF/X0ruOTbDepiIye/s5xbLayG2JS2YdDFHzwVA5AjyIBGcE3cYUcAqDuQ6
aFMwlrsmvSNgrYSt3hqAuabLAjBw/yMV+/AYu3r71YoMX95FBecFO5zFXIkWGa24
J1T6HeqAzXbvlAzAw37j/gLN7/WsDSnCY/g61qfv8Zk3km9IyMaPJw0e2BMdHn4q
-----END CERTIFICATE-----