Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/IPEtSQAobeqXfZAsJPzk8ObHJio.roa
File:                     IPEtSQAobeqXfZAsJPzk8ObHJio.roa (raw, json)
Hash identifier:          Eu8FRHHn0K8Ws3x48thGxvnq+dnRx7dfP1TOau8aiBU=
Subject key identifier:   20:F1:2D:49:00:28:6D:EA:97:7D:90:2C:24:FC:E4:F0:E6:C7:26:2A
Certificate issuer:       /CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
Certificate serial:       018CC94E35B22E940A0BFA70315D72104947
Authority key identifier: C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/IPEtSQAobeqXfZAsJPzk8ObHJio.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47886
IP address blocks:        213.193.232.0/24 maxlen: 24
                          213.193.212.0/24 maxlen: 24
                          213.193.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:35:b2:2e:94:0a:0b:fa:70:31:5d:72:10:49:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20f12d4900286dea977d902c24fce4f0e6c7262a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:13:cc:85:4b:43:20:cc:af:93:45:be:fc:58:
                    88:15:13:ca:a7:4e:56:20:50:37:2c:11:76:8a:77:
                    e6:e9:b0:fa:be:4f:77:5a:77:4a:93:4d:66:7f:49:
                    9c:76:89:a7:59:fa:2f:ff:2c:78:de:59:4d:c4:78:
                    87:b7:b0:1f:68:f1:47:00:27:68:53:e1:c8:a8:28:
                    ba:0f:66:19:de:c6:9c:ad:0a:a2:4b:52:18:65:41:
                    e6:11:34:e8:7d:f9:c2:7f:c3:d7:b1:34:00:3c:8f:
                    42:7b:4d:12:6f:b7:a1:94:21:37:cf:28:09:b7:50:
                    ff:37:04:2b:94:8b:9e:1e:53:f0:e1:58:a5:a0:c6:
                    d2:ec:5e:18:6c:9c:a7:47:22:89:e7:0a:6b:33:0a:
                    69:9e:f6:b3:3a:03:d0:7a:6b:37:f3:c2:f5:93:db:
                    cb:d1:7d:5c:bc:69:84:3d:dc:ff:3e:d6:ae:df:df:
                    f3:08:49:4e:b6:e3:56:da:ea:78:88:11:c4:75:c7:
                    77:ee:66:73:34:ca:96:42:59:1e:c3:a5:6c:7e:3b:
                    59:c7:16:cd:b0:d0:4a:ea:37:45:84:ce:a5:6a:61:
                    59:4e:ad:9c:2c:58:16:0b:f5:78:d7:38:68:39:9f:
                    27:3e:9c:e9:95:88:3f:d9:0a:55:20:15:25:4d:b3:
                    b0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F1:2D:49:00:28:6D:EA:97:7D:90:2C:24:FC:E4:F0:E6:C7:26:2A
            X509v3 Authority Key Identifier:
                keyid:C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/IPEtSQAobeqXfZAsJPzk8ObHJio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.193.209.0/24
                  213.193.212.0/24
                  213.193.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:69:07:24:42:31:e7:4a:e6:6a:cd:46:9b:27:e5:12:64:ba:
         7c:f6:9a:43:80:85:b0:3c:89:fa:37:e4:8d:94:21:45:99:aa:
         f5:3f:90:90:22:b7:e9:72:23:76:13:f0:27:88:1f:11:12:35:
         f7:6d:1b:ee:e1:ea:13:0a:19:df:04:78:e8:19:62:ec:a4:2f:
         dd:9d:7c:c3:89:25:55:4a:26:17:4b:3d:bd:f0:03:c9:cf:27:
         48:48:6a:bf:ac:96:9a:df:f7:d9:d3:8e:a1:4e:8b:a3:06:ab:
         f5:1a:81:a5:3d:f5:48:90:aa:85:a0:d9:04:e6:da:c6:80:b3:
         53:71:e8:54:87:55:1c:23:d9:e3:08:95:4d:e3:f2:5a:b5:8a:
         82:53:70:58:44:f2:e3:3f:44:f1:28:a2:01:1c:df:76:2f:b0:
         b8:d0:22:93:1b:96:f4:50:06:f9:a6:35:a3:4f:e3:52:30:b7:
         de:0a:72:32:db:ec:64:09:48:d2:08:00:46:00:5a:6d:8f:72:
         94:29:5d:61:64:09:89:b5:bf:c0:45:37:de:f3:ce:a9:b7:7d:
         8a:e4:ea:9b:7c:63:c2:3b:d8:62:46:57:f6:c8:0b:f2:a1:5a:
         c2:53:44:a3:1e:a9:b4:27:8e:80:6c:d5:0e:0f:85:2e:ad:98:
         41:a1:4b:be
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTjWyLpQKC/pwMV1yEElHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzM1ODY4MmRmM2RmOGJkYzcwMjQ1MDdmOTJlY2ZjNWFl
MDk3YmIwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGYxMmQ0OTAwMjg2ZGVhOTc3ZDkwMmMyNGZjZTRmMGU2YzcyNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBPMhUtDIMyvk0W+/FiIFRPKp05W
IFA3LBF2infm6bD6vk93WndKk01mf0mcdomnWfov/yx43llNxHiHt7AfaPFHACdo
U+HIqCi6D2YZ3sacrQqiS1IYZUHmETToffnCf8PXsTQAPI9Ce00Sb7ehlCE3zygJ
t1D/NwQrlIueHlPw4ViloMbS7F4YbJynRyKJ5wprMwppnvazOgPQems388L1k9vL
0X1cvGmEPdz/Ptau39/zCElOtuNW2up4iBHEdcd37mZzNMqWQlkew6VsfjtZxxbN
sNBK6jdFhM6lamFZTq2cLFgWC/V41zhoOZ8nPpzplYg/2QpVIBUlTbOwDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCDxLUkAKG3ql32QLCT85PDmxyYqMB8GA1UdIwQY
MBaAFMJzWGgt89+L3HAkUH+S7Pxa4Je7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDct
ZTg4NDY1YzQ2MTg2LzEvSVBFdFNRQW9iZXFYZlpBc0pQems4T2JISmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDctZTg4NDY1YzQ2MTg2
LzEvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1cHRAwQA
1cHUAwQA1cHoMA0GCSqGSIb3DQEBCwUAA4IBAQCbaQckQjHnSuZqzUabJ+USZLp8
9ppDgIWwPIn6N+SNlCFFmar1P5CQIrfpciN2E/AniB8REjX3bRvu4eoTChnfBHjo
GWLspC/dnXzDiSVVSiYXSz298APJzydISGq/rJaa3/fZ046hToujBqv1GoGlPfVI
kKqFoNkE5trGgLNTcehUh1UcI9njCJVN4/JatYqCU3BYRPLjP0TxKKIBHN92L7C4
0CKTG5b0UAb5pjWjT+NSMLfeCnIy2+xkCUjSCABGAFptj3KUKV1hZAmJtb/ARTfe
886pt32K5OqbfGPCO9hiRlf2yAvyoVrCU0SjHqm0J46AbNUOD4UurZhBoUu+
-----END CERTIFICATE-----