Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/NxF2Cyt5llnCNI_vXdmc9sDjjDg.roa
File:                     NxF2Cyt5llnCNI_vXdmc9sDjjDg.roa (raw, json)
Hash identifier:          R2BQ5eg/vIm8OWNUAn8Iiim/Pq6eL5zypKjZ8nuw8W0=
Subject key identifier:   37:11:76:0B:2B:79:96:59:C2:34:8F:EF:5D:D9:9C:F6:C0:E3:8C:38
Certificate issuer:       /CN=defc2686c29abef18f40b30e7e9513247a66ef13
Certificate serial:       019421446F251551223445E0FF77B2980D7B
Authority key identifier: DE:FC:26:86:C2:9A:BE:F1:8F:40:B3:0E:7E:95:13:24:7A:66:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/NxF2Cyt5llnCNI_vXdmc9sDjjDg.roa
Signing time:             Wed 01 Jan 2025 09:48:40 +0000
ROA not before:           Wed 01 Jan 2025 09:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207534
IP address blocks:        212.6.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:6f:25:15:51:22:34:45:e0:ff:77:b2:98:0d:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=defc2686c29abef18f40b30e7e9513247a66ef13
        Validity
            Not Before: Jan  1 09:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3711760b2b799659c2348fef5dd99cf6c0e38c38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c4:dc:b4:19:09:4e:58:6f:4d:36:32:58:0a:
                    23:b0:68:63:1a:bb:0e:71:9b:a2:42:a0:81:1c:f3:
                    d1:cb:9a:f0:c0:17:d2:95:9e:f7:81:85:4f:5d:05:
                    16:ca:f5:18:94:f0:09:54:f0:e5:19:7c:61:9c:b5:
                    71:e3:64:e2:6d:21:f5:86:92:73:83:ed:f7:c8:d7:
                    51:c2:c5:5d:91:81:61:7b:08:89:1f:7e:33:af:8d:
                    f9:75:e8:ac:42:80:19:1b:64:c1:d3:5b:ac:e6:a7:
                    cf:e9:49:31:33:25:89:2c:2b:0d:ac:a9:56:f6:bd:
                    14:55:7b:1f:03:64:58:ce:37:6f:f0:40:1e:20:b2:
                    73:93:0e:ab:09:c1:21:f8:d3:4c:4d:fe:60:b9:a6:
                    f8:f1:fe:64:f0:9e:a6:db:4e:c0:a7:d9:58:93:63:
                    77:7c:c7:1a:c2:45:53:41:11:d6:cf:74:49:9b:81:
                    96:46:1f:3c:92:4f:c7:31:92:0a:62:b1:26:9a:8d:
                    b3:a6:01:7f:58:6f:38:69:f6:10:2a:b7:00:24:09:
                    98:1b:0a:bf:1e:71:c0:61:35:d7:8d:50:f9:6b:3a:
                    ac:f9:46:72:8c:a5:91:d8:46:6a:bb:c1:3e:34:74:
                    86:f7:9b:e8:92:17:2e:42:b6:d4:13:90:4c:55:74:
                    95:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:11:76:0B:2B:79:96:59:C2:34:8F:EF:5D:D9:9C:F6:C0:E3:8C:38
            X509v3 Authority Key Identifier:
                keyid:DE:FC:26:86:C2:9A:BE:F1:8F:40:B3:0E:7E:95:13:24:7A:66:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/NxF2Cyt5llnCNI_vXdmc9sDjjDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:e4:bd:15:af:ab:7c:68:0a:af:a5:ef:4b:fa:a8:ba:64:a6:
         ce:90:8e:a5:d1:d6:62:a6:2f:03:3d:79:7b:cf:82:23:8a:fe:
         8f:a0:f0:f7:a8:61:c4:aa:1e:be:63:03:05:d3:d6:06:c1:1c:
         21:d9:f3:39:af:66:cb:d2:e8:31:56:34:75:23:27:fe:33:db:
         e3:fc:43:1d:01:3e:ac:e5:a3:7a:b3:4d:a4:75:b5:e7:f6:9a:
         1e:3a:4b:6e:0c:b1:30:f2:07:c3:96:b4:c5:2a:e4:f2:8a:70:
         13:72:24:85:e2:23:96:bc:78:d0:84:28:ef:26:5f:ce:53:c9:
         0b:84:a3:29:1e:be:e3:ab:7c:a9:62:08:4e:a5:fa:07:74:36:
         52:98:81:51:1a:ca:96:92:31:39:46:92:f0:0b:f0:ff:31:b3:
         aa:13:c8:8c:08:d7:cd:d2:f4:29:21:4e:a1:1e:b7:f0:41:3f:
         5d:dc:0d:66:8e:d8:87:d0:5d:8f:b2:e5:50:97:aa:9a:f9:06:
         6d:c4:55:bd:7a:b7:00:18:4a:37:56:d9:98:53:3d:76:97:88:
         61:16:4c:75:da:c2:b5:12:da:77:c9:e5:4a:b2:c2:9c:aa:a8:
         50:6d:d2:ef:10:4e:49:4f:4f:a7:27:8a:d8:51:6a:80:4d:67:
         9b:a2:62:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRG8lFVEiNEXg/3eymA17MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZmMyNjg2YzI5YWJlZjE4ZjQwYjMwZTdlOTUxMzI0N2E2
NmVmMTMwHhcNMjUwMTAxMDk0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzExNzYwYjJiNzk5NjU5YzIzNDhmZWY1ZGQ5OWNmNmMwZTM4YzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cTctBkJTlhvTTYyWAojsGhjGrsO
cZuiQqCBHPPRy5rwwBfSlZ73gYVPXQUWyvUYlPAJVPDlGXxhnLVx42TibSH1hpJz
g+33yNdRwsVdkYFhewiJH34zr435deisQoAZG2TB01us5qfP6UkxMyWJLCsNrKlW
9r0UVXsfA2RYzjdv8EAeILJzkw6rCcEh+NNMTf5guab48f5k8J6m207Ap9lYk2N3
fMcawkVTQRHWz3RJm4GWRh88kk/HMZIKYrEmmo2zpgF/WG84afYQKrcAJAmYGwq/
HnHAYTXXjVD5azqs+UZyjKWR2EZqu8E+NHSG95vokhcuQrbUE5BMVXSV+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcRdgsreZZZwjSP713ZnPbA44w4MB8GA1UdIwQY
MBaAFN78JobCmr7xj0CzDn6VEyR6Zu8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Z3bWhzS2F2dkdQUUxNT2ZwVVRKSHBtN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9iNDUxNWUtODY0MS00NWIwLWI3NWYt
MDk2OTIxYzkxYzQxLzEvTnhGMkN5dDVsbG5DTklfdlhkbWM5c0RqakRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9iNDUxNWUtODY0MS00NWIwLWI3NWYtMDk2OTIxYzkxYzQx
LzEvM3Z3bWhzS2F2dkdQUUxNT2ZwVVRKSHBtN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AYhMA0G
CSqGSIb3DQEBCwUAA4IBAQAK5L0Vr6t8aAqvpe9L+qi6ZKbOkI6l0dZipi8DPXl7
z4Ijiv6PoPD3qGHEqh6+YwMF09YGwRwh2fM5r2bL0ugxVjR1Iyf+M9vj/EMdAT6s
5aN6s02kdbXn9poeOktuDLEw8gfDlrTFKuTyinATciSF4iOWvHjQhCjvJl/OU8kL
hKMpHr7jq3ypYghOpfoHdDZSmIFRGsqWkjE5RpLwC/D/MbOqE8iMCNfN0vQpIU6h
HrfwQT9d3A1mjtiH0F2PsuVQl6qa+QZtxFW9ercAGEo3VtmYUz12l4hhFkx12sK1
Etp3yeVKssKcqqhQbdLvEE5JT0+nJ4rYUWqATWebomJu
-----END CERTIFICATE-----