Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/6zPK28B6g3lAL0jk8y8ZvNZADSc.roa
File:                     6zPK28B6g3lAL0jk8y8ZvNZADSc.roa (raw, json)
Hash identifier:          SsJ+mCayzTUP7pZSZbIJWA9S8lhXEkjoWgYYskU148s=
Subject key identifier:   EB:33:CA:DB:C0:7A:83:79:40:2F:48:E4:F3:2F:19:BC:D6:40:0D:27
Certificate issuer:       /CN=4687dac0837ed31137a32496a6c93e9431c60784
Certificate serial:       018CC4245402F6C652A872C4C947F37CA098
Authority key identifier: 46:87:DA:C0:83:7E:D3:11:37:A3:24:96:A6:C9:3E:94:31:C6:07:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RofawIN-0xE3oySWpsk-lDHGB4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/6zPK28B6g3lAL0jk8y8ZvNZADSc.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        212.19.236.0/24 maxlen: 24
                          212.19.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/RofawIN-0xE3oySWpsk-lDHGB4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/RofawIN-0xE3oySWpsk-lDHGB4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RofawIN-0xE3oySWpsk-lDHGB4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:54:02:f6:c6:52:a8:72:c4:c9:47:f3:7c:a0:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4687dac0837ed31137a32496a6c93e9431c60784
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb33cadbc07a8379402f48e4f32f19bcd6400d27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2b:c4:61:09:f3:3c:54:a9:61:aa:3e:c4:42:
                    90:36:7d:c9:12:6c:0c:39:a5:13:5e:41:9e:47:45:
                    a2:a6:b9:2b:5b:39:b0:1c:62:59:3d:88:16:b8:37:
                    7f:bf:39:e6:c9:8c:77:cc:d7:22:ab:b3:98:4d:06:
                    a8:85:d2:af:cd:63:1f:a9:8f:1e:ee:95:fd:0a:b5:
                    ab:ae:85:8b:ed:8c:86:9f:99:85:aa:94:72:86:64:
                    eb:2b:99:43:79:e1:69:1d:f3:73:12:7e:50:08:43:
                    40:3c:3f:97:8e:14:8c:17:dc:3a:3c:57:e6:da:12:
                    13:36:21:7f:12:3f:61:8b:4e:17:3f:9c:25:75:cb:
                    8e:3f:66:c1:fb:ec:6a:d4:f1:6e:2a:67:c8:de:f0:
                    e2:8d:45:53:8a:b0:b0:3f:20:84:f6:b1:81:39:c2:
                    f6:86:63:5e:22:69:13:41:fa:aa:6d:50:6b:76:55:
                    24:5a:ac:9b:d4:4e:0c:ab:ed:26:72:9c:18:b1:c8:
                    26:d7:b2:48:85:0f:54:4d:68:69:70:bc:7b:ea:c3:
                    59:0e:42:d5:31:44:4b:8c:f6:d8:59:c5:55:63:34:
                    eb:19:ee:cd:ff:30:52:f3:14:4e:ba:dc:74:65:00:
                    6f:59:41:3e:b8:f3:ef:ca:2e:8c:25:3d:88:51:db:
                    83:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:33:CA:DB:C0:7A:83:79:40:2F:48:E4:F3:2F:19:BC:D6:40:0D:27
            X509v3 Authority Key Identifier:
                keyid:46:87:DA:C0:83:7E:D3:11:37:A3:24:96:A6:C9:3E:94:31:C6:07:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RofawIN-0xE3oySWpsk-lDHGB4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/6zPK28B6g3lAL0jk8y8ZvNZADSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/RofawIN-0xE3oySWpsk-lDHGB4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.19.235.0-212.19.236.255

    Signature Algorithm: sha256WithRSAEncryption
         10:7d:3a:39:84:00:97:63:7e:e7:08:f0:15:b4:8d:7d:ba:29:
         aa:94:b2:37:11:e5:1b:73:3a:4a:aa:68:fd:13:a5:60:0b:9e:
         57:c9:aa:c5:76:28:cb:e3:96:d6:80:72:99:68:a7:cc:71:b3:
         19:d2:3c:81:d2:67:cf:5f:1f:e8:30:a9:43:86:0b:b9:2a:c6:
         a0:8e:49:3a:1b:9b:ae:cb:51:76:7f:cd:4f:9f:c9:23:e1:39:
         f4:7a:21:d0:34:e6:a0:02:91:f8:cc:9d:92:61:b7:29:eb:3e:
         10:d7:f3:3d:3b:55:1a:30:2e:31:b7:48:28:c9:0a:34:ca:77:
         80:d2:41:bf:ba:8e:6f:5d:24:96:49:be:7c:39:c9:a7:cf:ef:
         37:d7:e3:3e:72:de:5f:96:a1:14:78:8f:1f:06:39:67:15:ee:
         e4:07:f2:14:3c:49:be:24:6f:58:56:cf:fb:72:d4:2e:bd:f9:
         e4:1e:9d:3f:47:5a:de:ad:b0:ee:a2:70:23:22:92:92:6c:16:
         1f:7c:8e:66:2f:8f:89:98:3c:14:22:07:e7:5b:f8:e8:d0:1c:
         44:a2:40:a5:9b:ae:86:a7:bc:79:21:4f:92:53:6a:dd:2b:f7:
         8c:1d:71:c1:e1:29:23:18:f1:fb:e7:38:4d:89:2c:fe:79:ce:
         f6:b9:5f:8e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEJFQC9sZSqHLEyUfzfKCYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ODdkYWMwODM3ZWQzMTEzN2EzMjQ5NmE2YzkzZTk0MzFj
NjA3ODQwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjMzY2FkYmMwN2E4Mzc5NDAyZjQ4ZTRmMzJmMTliY2Q2NDAwZDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnivEYQnzPFSpYao+xEKQNn3JEmwM
OaUTXkGeR0WiprkrWzmwHGJZPYgWuDd/vznmyYx3zNciq7OYTQaohdKvzWMfqY8e
7pX9CrWrroWL7YyGn5mFqpRyhmTrK5lDeeFpHfNzEn5QCENAPD+XjhSMF9w6PFfm
2hITNiF/Ej9hi04XP5wldcuOP2bB++xq1PFuKmfI3vDijUVTirCwPyCE9rGBOcL2
hmNeImkTQfqqbVBrdlUkWqyb1E4Mq+0mcpwYscgm17JIhQ9UTWhpcLx76sNZDkLV
MURLjPbYWcVVYzTrGe7N/zBS8xROutx0ZQBvWUE+uPPvyi6MJT2IUduDLQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOszytvAeoN5QC9I5PMvGbzWQA0nMB8GA1UdIwQY
MBaAFEaH2sCDftMRN6MklqbJPpQxxgeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm9mYXdJTi0weEUzb3lTV3Bzay1sREhHQjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8xMjY0ZjgtOWM3ZC00MGNkLTk3Mjkt
NzA4OWJjNTk4ZDgzLzEvNnpQSzI4QjZnM2xBTDBqazh5OFp2TlpBRFNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8xMjY0ZjgtOWM3ZC00MGNkLTk3MjktNzA4OWJjNTk4ZDgz
LzEvUm9mYXdJTi0weEUzb3lTV3Bzay1sREhHQjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADUE+sD
BADUE+wwDQYJKoZIhvcNAQELBQADggEBABB9OjmEAJdjfucI8BW0jX26KaqUsjcR
5RtzOkqqaP0TpWALnlfJqsV2KMvjltaAcplop8xxsxnSPIHSZ89fH+gwqUOGC7kq
xqCOSTobm67LUXZ/zU+fySPhOfR6IdA05qACkfjMnZJhtynrPhDX8z07VRowLjG3
SCjJCjTKd4DSQb+6jm9dJJZJvnw5yafP7zfX4z5y3l+WoRR4jx8GOWcV7uQH8hQ8
Sb4kb1hWz/ty1C69+eQenT9HWt6tsO6icCMikpJsFh98jmYvj4mYPBQiB+db+OjQ
HESiQKWbroanvHkhT5JTat0r94wdccHhKSMY8fvnOE2JLP55zva5X44=
-----END CERTIFICATE-----