Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/pLvMgiZAKSFnLE7B1Hzr9gjoXk8.roa
File:                     pLvMgiZAKSFnLE7B1Hzr9gjoXk8.roa (raw, json)
Hash identifier:          Yo8IK65u2JfJQqCTTWLtWHKwGa/vXzjvgF4G+AvGYxw=
Subject key identifier:   A4:BB:CC:82:26:40:29:21:67:2C:4E:C1:D4:7C:EB:F6:08:E8:5E:4F
Certificate issuer:       /CN=defc2686c29abef18f40b30e7e9513247a66ef13
Certificate serial:       018CC64B548D5043CF20693C5D991A8C0A39
Authority key identifier: DE:FC:26:86:C2:9A:BE:F1:8F:40:B3:0E:7E:95:13:24:7A:66:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/pLvMgiZAKSFnLE7B1Hzr9gjoXk8.roa
Signing time:             Mon 01 Jan 2024 18:31:14 +0000
ROA not before:           Mon 01 Jan 2024 18:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207534
IP address blocks:        212.6.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 10:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:54:8d:50:43:cf:20:69:3c:5d:99:1a:8c:0a:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=defc2686c29abef18f40b30e7e9513247a66ef13
        Validity
            Not Before: Jan  1 18:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4bbcc8226402921672c4ec1d47cebf608e85e4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ac:a9:63:97:02:f9:6e:5a:81:b0:66:ef:c4:
                    89:a4:1d:ae:ee:74:3d:5c:5e:0c:d3:3d:65:e5:1a:
                    fc:3d:c9:83:bc:80:91:b5:d1:73:f3:6f:e1:01:a0:
                    a9:aa:65:59:9e:d1:d0:87:85:62:af:cd:01:86:88:
                    a8:19:fc:36:70:86:1a:97:7f:9d:34:13:45:8f:7c:
                    1a:a1:71:48:84:47:04:ed:19:c5:3d:e9:cb:b8:c9:
                    ac:92:00:0d:3e:04:5c:71:98:37:01:a7:bb:b1:e8:
                    ca:b5:0c:40:17:cf:d8:23:88:3c:61:53:3a:22:cf:
                    94:50:29:2f:1a:3c:dd:94:b5:48:ff:1b:73:13:ff:
                    19:93:31:bd:c3:ff:77:80:6d:5d:e2:32:10:1b:b3:
                    9e:19:be:20:1c:e4:0b:52:95:30:a0:fe:63:ec:3b:
                    f2:3b:7e:58:a4:e1:36:b9:ce:b9:74:ca:ef:09:34:
                    57:bf:f9:21:ea:e6:9c:45:46:43:18:16:32:19:a2:
                    8f:4c:b7:30:cf:f5:af:30:42:57:62:86:3a:43:b2:
                    7a:66:48:51:28:88:cd:4b:37:3f:91:31:d8:3d:09:
                    38:9a:1e:41:7d:72:a3:92:e1:01:ab:a2:80:db:a6:
                    66:a9:11:3e:4e:38:0f:24:81:e4:10:7b:ab:4f:f5:
                    00:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:BB:CC:82:26:40:29:21:67:2C:4E:C1:D4:7C:EB:F6:08:E8:5E:4F
            X509v3 Authority Key Identifier:
                keyid:DE:FC:26:86:C2:9A:BE:F1:8F:40:B3:0E:7E:95:13:24:7A:66:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/pLvMgiZAKSFnLE7B1Hzr9gjoXk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:31:ef:a2:d0:bd:99:49:5c:c1:b9:42:f6:37:74:4b:cd:bb:
         3f:e0:d2:0b:80:69:58:2d:02:80:53:fc:76:3e:97:ef:ce:53:
         79:0c:33:dc:16:58:69:3c:1c:bc:50:b1:73:0a:8e:d7:36:74:
         31:da:97:e6:0d:9d:60:c6:63:a2:9f:a1:b6:f3:0e:4b:e6:ad:
         00:60:ef:b0:46:ee:44:1e:16:96:36:02:ae:87:54:4e:fc:f7:
         ad:f4:68:00:fe:46:5b:6c:be:46:f5:3a:d5:22:8f:f4:a8:b0:
         a3:dc:ec:41:2b:f4:c1:1b:2d:01:f7:ba:f8:14:97:54:e5:d2:
         38:07:44:2c:be:cd:51:0d:fe:0a:73:03:8f:dc:45:fe:7e:cb:
         ff:81:2a:0c:3b:04:43:cf:ca:fc:41:68:9f:a2:e0:62:e5:95:
         cf:95:34:b3:34:47:19:38:d6:44:06:35:de:1e:5c:05:ff:68:
         93:c4:62:c0:6a:e8:b2:eb:99:93:51:eb:c9:93:d9:69:49:64:
         17:92:1a:6a:42:50:05:93:43:9c:5d:3f:6b:07:be:a5:65:6c:
         72:a7:d8:e2:6e:46:03:0a:c9:4c:70:31:97:3a:cf:01:ff:61:
         b9:80:34:e5:af:87:5c:45:6c:92:b0:8d:c7:33:24:0d:70:6c:
         72:d0:98:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1SNUEPPIGk8XZkajAo5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZmMyNjg2YzI5YWJlZjE4ZjQwYjMwZTdlOTUxMzI0N2E2
NmVmMTMwHhcNMjQwMTAxMTgzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGJiY2M4MjI2NDAyOTIxNjcyYzRlYzFkNDdjZWJmNjA4ZTg1ZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqypY5cC+W5agbBm78SJpB2u7nQ9
XF4M0z1l5Rr8PcmDvICRtdFz82/hAaCpqmVZntHQh4Vir80BhoioGfw2cIYal3+d
NBNFj3waoXFIhEcE7RnFPenLuMmskgANPgRccZg3Aae7sejKtQxAF8/YI4g8YVM6
Is+UUCkvGjzdlLVI/xtzE/8ZkzG9w/93gG1d4jIQG7OeGb4gHOQLUpUwoP5j7Dvy
O35YpOE2uc65dMrvCTRXv/kh6uacRUZDGBYyGaKPTLcwz/WvMEJXYoY6Q7J6ZkhR
KIjNSzc/kTHYPQk4mh5BfXKjkuEBq6KA26ZmqRE+TjgPJIHkEHurT/UAhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKS7zIImQCkhZyxOwdR86/YI6F5PMB8GA1UdIwQY
MBaAFN78JobCmr7xj0CzDn6VEyR6Zu8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Z3bWhzS2F2dkdQUUxNT2ZwVVRKSHBtN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9iNDUxNWUtODY0MS00NWIwLWI3NWYt
MDk2OTIxYzkxYzQxLzEvcEx2TWdpWkFLU0ZuTEU3QjFIenI5Z2pvWGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9iNDUxNWUtODY0MS00NWIwLWI3NWYtMDk2OTIxYzkxYzQx
LzEvM3Z3bWhzS2F2dkdQUUxNT2ZwVVRKSHBtN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AYhMA0G
CSqGSIb3DQEBCwUAA4IBAQAmMe+i0L2ZSVzBuUL2N3RLzbs/4NILgGlYLQKAU/x2
PpfvzlN5DDPcFlhpPBy8ULFzCo7XNnQx2pfmDZ1gxmOin6G28w5L5q0AYO+wRu5E
HhaWNgKuh1RO/Pet9GgA/kZbbL5G9TrVIo/0qLCj3OxBK/TBGy0B97r4FJdU5dI4
B0Qsvs1RDf4KcwOP3EX+fsv/gSoMOwRDz8r8QWifouBi5ZXPlTSzNEcZONZEBjXe
HlwF/2iTxGLAauiy65mTUevJk9lpSWQXkhpqQlAFk0OcXT9rB76lZWxyp9jibkYD
CslMcDGXOs8B/2G5gDTlr4dcRWySsI3HMyQNcGxy0JgD
-----END CERTIFICATE-----