Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/p5HeCIOr5hEJVzUQ9epz6ENzoUA.roa
File:                     p5HeCIOr5hEJVzUQ9epz6ENzoUA.roa (raw, json)
Hash identifier:          l/AKzMagv0EyRArhqAb3J9ITIRgNZAvmq+Q4qvOFme4=
Subject key identifier:   A7:91:DE:08:83:AB:E6:11:09:57:35:10:F5:EA:73:E8:43:73:A1:40
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93C716B070AE5E9546DF10671B076
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/p5HeCIOr5hEJVzUQ9epz6ENzoUA.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21209
IP address blocks:        213.253.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3c:71:6b:07:0a:e5:e9:54:6d:f1:06:71:b0:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a791de0883abe61109573510f5ea73e84373a140
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:96:2b:0a:47:4c:fc:82:e7:0f:cd:f6:cd:b5:
                    d8:fa:f7:7b:d3:e2:df:6a:1c:51:b2:10:97:00:4d:
                    d4:ed:27:9a:de:2f:c4:d3:87:e5:22:67:b7:8d:eb:
                    d2:2a:0a:5d:32:04:c6:62:1e:73:24:23:91:87:39:
                    e3:a5:df:2d:2e:f0:73:c7:0e:43:51:82:7e:6a:49:
                    ef:3c:ef:25:48:2b:e9:9c:58:4d:63:84:ed:2a:e0:
                    78:67:da:71:96:98:cf:08:f5:35:c4:de:e4:3f:6f:
                    62:fc:cb:58:03:a2:9f:9d:6c:0a:b4:b5:49:f3:c8:
                    4c:55:59:88:32:f3:5a:bd:02:5a:a6:cc:6b:bc:fd:
                    d5:20:97:00:53:da:38:e0:ba:4b:26:4d:89:93:94:
                    2c:71:ca:b6:bc:d7:2c:cc:cf:12:49:1c:ea:aa:39:
                    05:66:52:8f:05:9a:76:da:eb:01:85:39:fe:8a:7b:
                    73:14:cd:0a:2b:8b:32:0a:02:69:e0:6c:40:68:d6:
                    43:73:e7:df:b9:b8:fd:bc:4a:de:35:29:a2:b2:75:
                    95:a1:8b:85:39:67:1c:c9:a3:30:e5:12:ce:b9:6b:
                    3e:1c:47:ee:ef:ed:65:e2:59:a4:62:f4:96:94:1d:
                    e4:c4:e8:01:df:a0:4d:5c:54:c3:00:76:1f:b6:a7:
                    e5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:91:DE:08:83:AB:E6:11:09:57:35:10:F5:EA:73:E8:43:73:A1:40
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/p5HeCIOr5hEJVzUQ9epz6ENzoUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.253.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:8c:a8:1e:4b:eb:71:30:b9:4a:53:54:06:67:fd:9e:31:9b:
         02:6d:f4:b0:3c:2e:ad:aa:0f:50:e7:6c:de:89:f7:44:7b:27:
         cf:77:ba:07:f7:05:9f:99:5e:78:ea:22:e2:17:e9:c0:73:9e:
         a1:65:f4:e8:02:61:fb:98:84:b5:fa:ef:15:5b:7f:dd:58:2c:
         49:55:ef:f2:6c:71:32:fc:1c:fc:e2:e8:0a:62:c0:48:a9:af:
         90:88:0a:eb:ce:35:6d:29:f2:d2:8c:46:d6:3e:2d:7a:33:cd:
         0f:30:70:15:8c:96:cd:78:13:28:fb:46:17:94:f4:6c:8e:92:
         ab:71:42:bc:71:42:f2:d7:3b:a5:d6:b0:4d:61:36:8e:d9:78:
         a5:35:c2:19:87:7a:b0:05:a4:f3:5d:05:93:c1:18:b5:da:72:
         92:f8:4c:d5:25:08:c6:ae:c7:a2:7d:62:9c:f8:1f:79:fb:80:
         05:ea:bc:2d:b1:33:06:21:f0:08:ea:a1:5d:d8:ff:65:c6:c5:
         f6:d6:d5:b6:a5:ec:39:ac:d7:a0:0f:c8:3f:39:4e:a4:03:4d:
         e6:a3:13:5b:2e:83:1d:52:b4:d8:d0:78:f7:96:0f:97:1f:4e:
         5e:fd:e1:7a:05:24:dd:db:bd:a2:fa:12:0a:a0:0d:4d:4e:ab:
         73:9d:fa:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTxxawcK5elUbfEGcbB2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzkxZGUwODgzYWJlNjExMDk1NzM1MTBmNWVhNzNlODQzNzNhMTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpYrCkdM/ILnD832zbXY+vd70+Lf
ahxRshCXAE3U7Sea3i/E04flIme3jevSKgpdMgTGYh5zJCORhznjpd8tLvBzxw5D
UYJ+aknvPO8lSCvpnFhNY4TtKuB4Z9pxlpjPCPU1xN7kP29i/MtYA6KfnWwKtLVJ
88hMVVmIMvNavQJapsxrvP3VIJcAU9o44LpLJk2Jk5Qsccq2vNcszM8SSRzqqjkF
ZlKPBZp22usBhTn+intzFM0KK4syCgJp4GxAaNZDc+ffubj9vEreNSmisnWVoYuF
OWccyaMw5RLOuWs+HEfu7+1l4lmkYvSWlB3kxOgB36BNXFTDAHYftqflIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKeR3giDq+YRCVc1EPXqc+hDc6FAMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvcDVIZUNJT3I1aEVKVnpVUTllcHo2RU56b1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1f3XMA0G
CSqGSIb3DQEBCwUAA4IBAQCPjKgeS+txMLlKU1QGZ/2eMZsCbfSwPC6tqg9Q52ze
ifdEeyfPd7oH9wWfmV546iLiF+nAc56hZfToAmH7mIS1+u8VW3/dWCxJVe/ybHEy
/Bz84ugKYsBIqa+QiArrzjVtKfLSjEbWPi16M80PMHAVjJbNeBMo+0YXlPRsjpKr
cUK8cULy1zul1rBNYTaO2XilNcIZh3qwBaTzXQWTwRi12nKS+EzVJQjGrseifWKc
+B95+4AF6rwtsTMGIfAI6qFd2P9lxsX21tW2pew5rNegD8g/OU6kA03moxNbLoMd
UrTY0Hj3lg+XH05e/eF6BSTd272i+hIKoA1NTqtznfrE
-----END CERTIFICATE-----