Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/bMdoY8uaejzxL3QjXxLjjVoiGz0.roa
File:                     bMdoY8uaejzxL3QjXxLjjVoiGz0.roa (raw, json)
Hash identifier:          DDeAdgEi0BGxjHB9zfWVUPqFCU4KidXa4ImCSv8t5n4=
Subject key identifier:   6C:C7:68:63:CB:9A:7A:3C:F1:2F:74:23:5F:12:E3:8D:5A:22:1B:3D
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0190535E1CE36B4A6F34DF847C2A641099FA
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/bMdoY8uaejzxL3QjXxLjjVoiGz0.roa
Signing time:             Wed 26 Jun 2024 07:06:34 +0000
ROA not before:           Wed 26 Jun 2024 07:06:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215436
IP address blocks:        213.176.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:5e:1c:e3:6b:4a:6f:34:df:84:7c:2a:64:10:99:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jun 26 07:06:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cc76863cb9a7a3cf12f74235f12e38d5a221b3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e1:a8:93:13:67:f7:f6:66:f0:77:75:54:da:
                    a0:4a:39:cf:17:8f:18:4a:bc:53:db:9b:c7:e9:8e:
                    1b:74:95:ac:1f:ba:27:cc:fc:c1:fb:26:54:0f:13:
                    e4:9f:32:db:3a:48:5d:ca:33:1e:8e:ec:c6:ad:01:
                    99:31:82:2b:d0:d3:8e:29:08:7d:a8:41:67:2f:93:
                    4e:8b:a0:d6:85:fc:2b:15:a6:72:95:c5:80:e7:92:
                    fe:60:2a:7d:c7:99:10:c2:98:53:b7:0e:f1:d4:c3:
                    4d:70:be:75:50:dc:52:da:b8:52:ea:49:8c:75:ad:
                    45:6a:4d:66:20:bc:f3:24:db:32:dd:76:d5:ff:c2:
                    82:ed:ac:e9:27:80:9e:be:60:c9:55:dc:21:9c:a2:
                    e8:e1:b5:51:89:cc:40:18:05:e2:0c:21:f5:3c:8b:
                    de:e1:36:d0:7e:47:ad:a5:b7:62:36:c5:0e:dd:d3:
                    13:14:0f:b1:b5:18:33:61:99:75:77:dc:65:c0:54:
                    d7:96:f7:d8:af:d7:9a:b3:eb:20:78:00:a9:99:76:
                    9c:14:5c:fb:b0:96:16:9e:87:ce:56:7a:72:6c:33:
                    1a:05:02:58:7f:72:a4:1b:e0:4c:43:75:29:9c:87:
                    4f:7a:38:54:9c:a0:4a:41:58:7c:2e:ba:98:52:32:
                    2d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:C7:68:63:CB:9A:7A:3C:F1:2F:74:23:5F:12:E3:8D:5A:22:1B:3D
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/bMdoY8uaejzxL3QjXxLjjVoiGz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:07:53:2f:a1:76:a2:6a:59:93:d0:4f:7c:fa:66:1d:17:f3:
         d2:ed:8a:ae:f6:30:c5:5a:8a:aa:0a:1f:91:0d:1c:15:40:57:
         d6:7f:e6:bf:55:66:7b:0a:8f:88:8a:ab:7c:11:21:a2:a1:84:
         2f:a9:55:b8:5a:d7:a7:6d:95:f4:44:0c:f1:02:2e:22:92:e8:
         ad:85:9d:45:32:1f:ba:da:4c:b2:27:84:67:81:78:9e:35:b2:
         37:5c:a7:dc:43:b0:27:ed:49:27:bf:13:8b:51:33:fa:a3:f7:
         5a:5c:35:80:92:a0:83:32:f5:78:5c:fa:34:63:05:9a:1a:4a:
         fd:24:3b:c5:d3:94:28:8c:c0:0c:23:5f:4a:ed:c7:28:96:b0:
         e5:66:10:5b:74:e4:b7:87:8f:ff:8e:51:8c:81:f5:fa:9f:17:
         19:cd:f9:df:24:65:18:1a:bc:9d:15:b6:4a:2d:35:7b:7f:ea:
         89:d6:b0:76:19:35:97:dd:16:44:fc:14:1e:ce:13:89:03:b5:
         b0:76:3f:7f:74:79:c9:01:1c:78:78:0c:7f:fc:cf:1b:5c:9e:
         bc:fd:e4:85:e9:75:30:88:57:b3:f5:7d:cc:15:9e:4f:a7:44:
         9e:2f:f8:85:0f:13:17:e6:79:41:b5:66:95:e4:1e:4f:59:10:
         52:6e:94:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBTXhzja0pvNN+EfCpkEJn6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwNjI2MDcwNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2M3Njg2M2NiOWE3YTNjZjEyZjc0MjM1ZjEyZTM4ZDVhMjIxYjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOGokxNn9/Zm8Hd1VNqgSjnPF48Y
SrxT25vH6Y4bdJWsH7onzPzB+yZUDxPknzLbOkhdyjMejuzGrQGZMYIr0NOOKQh9
qEFnL5NOi6DWhfwrFaZylcWA55L+YCp9x5kQwphTtw7x1MNNcL51UNxS2rhS6kmM
da1Fak1mILzzJNsy3XbV/8KC7azpJ4CevmDJVdwhnKLo4bVRicxAGAXiDCH1PIve
4TbQfketpbdiNsUO3dMTFA+xtRgzYZl1d9xlwFTXlvfYr9eas+sgeACpmXacFFz7
sJYWnofOVnpybDMaBQJYf3KkG+BMQ3UpnIdPejhUnKBKQVh8LrqYUjIt0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzHaGPLmno88S90I18S441aIhs9MB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvYk1kb1k4dWFlanp4TDNRalh4TGpqVm9pR3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1bBAMA0G
CSqGSIb3DQEBCwUAA4IBAQAKB1MvoXaialmT0E98+mYdF/PS7Yqu9jDFWoqqCh+R
DRwVQFfWf+a/VWZ7Co+Iiqt8ESGioYQvqVW4WtenbZX0RAzxAi4ikuithZ1FMh+6
2kyyJ4RngXieNbI3XKfcQ7An7UknvxOLUTP6o/daXDWAkqCDMvV4XPo0YwWaGkr9
JDvF05QojMAMI19K7ccolrDlZhBbdOS3h4//jlGMgfX6nxcZzfnfJGUYGrydFbZK
LTV7f+qJ1rB2GTWX3RZE/BQezhOJA7Wwdj9/dHnJARx4eAx//M8bXJ68/eSF6XUw
iFez9X3MFZ5Pp0SeL/iFDxMX5nlBtWaV5B5PWRBSbpTB
-----END CERTIFICATE-----