Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/_RGblB1GOKWIMsKXKpvofZOFLmc.roa
File:                     _RGblB1GOKWIMsKXKpvofZOFLmc.roa (raw, json)
Hash identifier:          RDd6IsD0tWX4RNiP/LQzTjACJx0E5y6bh2Sxlnbv2C4=
Subject key identifier:   FD:11:9B:94:1D:46:38:A5:88:32:C2:97:2A:9B:E8:7D:93:85:2E:67
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93B4E210DE4E38ABB2280C7E92442
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/_RGblB1GOKWIMsKXKpvofZOFLmc.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19551
IP address blocks:        213.253.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3b:4e:21:0d:e4:e3:8a:bb:22:80:c7:e9:24:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd119b941d4638a58832c2972a9be87d93852e67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8e:64:f6:22:ed:89:f5:a3:49:b4:71:5b:a1:
                    22:1f:32:5b:3f:b0:62:d3:a4:b6:20:8d:c8:73:5d:
                    b6:b4:bd:4b:5e:c9:f6:82:af:c1:ce:af:0e:77:60:
                    28:2d:55:0c:d1:0d:fc:60:92:ea:41:be:23:c6:2a:
                    9c:62:bd:be:c6:79:1f:8b:32:38:54:a4:a5:50:34:
                    a3:29:fd:cf:7a:62:53:a0:7c:61:19:05:a0:b4:e8:
                    22:d5:26:23:ae:6e:23:11:c7:ca:4b:aa:21:3f:e1:
                    40:2c:b1:fe:ba:fc:c0:f5:9d:ab:b3:5a:7d:f4:e5:
                    50:34:9e:b0:09:44:12:8d:e7:eb:d9:d7:42:2b:55:
                    18:da:77:72:7c:f2:20:ae:42:f9:65:a8:63:0d:03:
                    2b:1a:26:ec:e6:b4:89:b4:86:d0:47:5b:c1:4a:ea:
                    5b:c8:2d:37:22:0d:04:16:7c:be:d3:5d:cd:ea:77:
                    bc:87:6e:fb:c1:08:ae:92:4c:61:75:92:1a:c5:2a:
                    94:22:13:b2:6e:51:ec:72:ec:20:25:3b:25:b9:28:
                    0f:a7:e9:dc:a4:8c:7b:88:22:1f:6a:d5:f1:a8:ee:
                    16:ac:d6:01:0c:4b:c9:3d:21:ff:d5:92:63:ac:4d:
                    72:fc:34:27:db:2c:f3:c0:85:0e:ef:35:2d:db:05:
                    8e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:11:9B:94:1D:46:38:A5:88:32:C2:97:2A:9B:E8:7D:93:85:2E:67
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/_RGblB1GOKWIMsKXKpvofZOFLmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.253.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b1:92:39:df:22:6d:18:94:e8:0d:25:70:59:f0:62:95:30:
         e9:c1:00:9e:76:90:d5:ff:cd:fb:b6:01:6e:f0:0b:6f:2e:eb:
         df:5f:73:c2:5c:8a:9f:d3:13:50:c3:d5:73:a6:95:9f:65:14:
         d3:27:26:76:89:93:32:85:45:35:d6:73:52:4d:00:de:8e:5a:
         f1:05:b5:9b:7b:4c:da:81:8d:72:ab:1f:31:66:7d:5f:53:23:
         a2:9e:ec:67:f1:3e:7a:df:4b:96:5b:74:ee:e3:5a:7a:37:26:
         49:cb:5f:5a:b2:be:42:05:f6:43:b6:b8:71:fe:a1:7c:1f:47:
         23:c6:eb:a8:8e:ee:b4:cd:85:5a:b1:d0:e4:f2:d5:4b:a3:69:
         85:4c:06:c1:19:e1:5a:d9:90:a9:e8:09:64:21:67:13:e3:60:
         cb:c4:61:e9:e8:6d:b3:35:3f:0b:f3:57:1b:6a:a1:67:0a:df:
         91:4f:ff:e4:28:27:99:1d:48:64:19:10:14:a5:47:e2:ec:47:
         bb:ee:51:01:2f:76:4a:8b:5d:2b:1d:34:8f:32:89:c8:f4:e1:
         98:08:fd:22:8c:5c:5c:19:e0:09:58:08:34:74:11:a9:aa:24:
         59:2a:a2:14:b2:ea:b8:2f:90:9f:e4:fa:63:29:54:cf:de:16:
         42:13:f1:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTtOIQ3k44q7IoDH6SRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDExOWI5NDFkNDYzOGE1ODgzMmMyOTcyYTliZTg3ZDkzODUyZTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx45k9iLtifWjSbRxW6EiHzJbP7Bi
06S2II3Ic122tL1LXsn2gq/Bzq8Od2AoLVUM0Q38YJLqQb4jxiqcYr2+xnkfizI4
VKSlUDSjKf3PemJToHxhGQWgtOgi1SYjrm4jEcfKS6ohP+FALLH+uvzA9Z2rs1p9
9OVQNJ6wCUQSjefr2ddCK1UY2ndyfPIgrkL5ZahjDQMrGibs5rSJtIbQR1vBSupb
yC03Ig0EFny+013N6ne8h277wQiukkxhdZIaxSqUIhOyblHscuwgJTsluSgPp+nc
pIx7iCIfatXxqO4WrNYBDEvJPSH/1ZJjrE1y/DQn2yzzwIUO7zUt2wWOwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0Rm5QdRjiliDLClyqb6H2ThS5nMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvX1JHYmxCMUdPS1dJTXNLWEtwdm9mWk9GTG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1f3XMA0G
CSqGSIb3DQEBCwUAA4IBAQApsZI53yJtGJToDSVwWfBilTDpwQCedpDV/837tgFu
8AtvLuvfX3PCXIqf0xNQw9VzppWfZRTTJyZ2iZMyhUU11nNSTQDejlrxBbWbe0za
gY1yqx8xZn1fUyOinuxn8T5630uWW3Tu41p6NyZJy19asr5CBfZDtrhx/qF8H0cj
xuuoju60zYVasdDk8tVLo2mFTAbBGeFa2ZCp6AlkIWcT42DLxGHp6G2zNT8L81cb
aqFnCt+RT//kKCeZHUhkGRAUpUfi7Ee77lEBL3ZKi10rHTSPMonI9OGYCP0ijFxc
GeAJWAg0dBGpqiRZKqIUsuq4L5Cf5PpjKVTP3hZCE/FM
-----END CERTIFICATE-----