Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/DJJkHoiU8SLNwll5zzkVRCzg5-g.roa
File:                     DJJkHoiU8SLNwll5zzkVRCzg5-g.roa (raw, json)
Hash identifier:          v6XpoKQ0QMyCR9L1A8yw45623TRrzYH+9j/iWN0LM5Y=
Subject key identifier:   0C:92:64:1E:88:94:F1:22:CD:C2:59:79:CF:39:15:44:2C:E0:E7:E8
Certificate issuer:       /CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
Certificate serial:       01904FF3CA69810B707D487A8B1D6BC25020
Authority key identifier: E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/DJJkHoiU8SLNwll5zzkVRCzg5-g.roa
Signing time:             Tue 25 Jun 2024 15:11:35 +0000
ROA not before:           Tue 25 Jun 2024 15:11:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51424
IP address blocks:        212.4.132.0/24 maxlen: 24
                          212.96.184.0/24 maxlen: 24
                          213.211.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:f3:ca:69:81:0b:70:7d:48:7a:8b:1d:6b:c2:50:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
        Validity
            Not Before: Jun 25 15:11:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c92641e8894f122cdc25979cf3915442ce0e7e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3f:af:01:82:7f:ce:51:e2:aa:2b:26:05:23:
                    6a:2f:0e:81:f0:04:48:14:40:03:e3:98:c0:9f:3b:
                    b6:cd:24:95:a7:ef:26:2d:a0:17:05:99:56:a7:47:
                    fd:ab:e0:de:06:08:41:ea:5f:91:04:84:6d:7b:d8:
                    ce:86:2b:60:53:23:4f:87:e0:53:97:d1:ab:66:dc:
                    eb:7a:04:bf:ce:49:69:00:f9:43:6a:54:1d:ab:94:
                    36:18:05:d9:70:e7:51:9d:65:1d:f5:cc:c3:5d:37:
                    fd:46:5e:b8:eb:23:a4:a2:95:96:70:f6:73:de:c6:
                    b5:8a:42:1a:a7:86:b7:e7:9f:d9:a2:16:6b:d5:04:
                    7f:ca:69:16:d0:1e:05:1b:48:11:df:46:36:a1:3a:
                    bc:c5:d2:74:23:0c:82:2a:f8:6e:46:79:15:ec:a0:
                    43:c4:50:6a:9d:d7:a1:b5:04:b2:d3:84:6a:c4:0f:
                    2f:18:b1:88:0d:fa:aa:80:08:d8:fc:2f:3b:c2:5f:
                    60:32:53:0d:d4:5d:a3:a5:21:b0:6d:a3:3d:da:9e:
                    5c:63:09:45:f0:b8:bf:4b:de:c9:d0:69:5a:8d:50:
                    c0:6e:bf:ce:ec:c6:8a:a6:c6:c5:1a:b1:99:e6:b5:
                    f3:85:4f:e5:80:f9:33:ed:e7:f3:ba:c0:a7:60:04:
                    3b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:92:64:1E:88:94:F1:22:CD:C2:59:79:CF:39:15:44:2C:E0:E7:E8
            X509v3 Authority Key Identifier:
                keyid:E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/DJJkHoiU8SLNwll5zzkVRCzg5-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.4.132.0/24
                  212.96.184.0/24
                  213.211.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:6d:54:b3:58:4a:19:5b:21:e7:4c:9e:60:07:09:1a:ee:ae:
         c0:52:f6:17:bc:d3:a0:19:3e:60:38:dc:4d:85:fa:40:d2:4d:
         28:30:91:8c:a6:2f:cd:2a:51:76:f0:5c:31:1c:46:ea:ab:e9:
         de:98:d0:36:66:bb:ae:83:bf:fa:c2:87:9d:05:6d:3f:f8:85:
         83:68:e3:52:5d:4e:d0:6a:34:49:b0:21:31:2d:0a:07:e2:be:
         51:81:4a:b7:4d:2f:20:a3:99:38:24:c2:b0:10:c5:a5:46:09:
         c9:44:24:9b:47:37:9a:a6:09:aa:28:96:68:48:5d:92:53:45:
         57:eb:b4:4d:54:bb:77:ed:94:c1:c3:94:2c:ce:22:6a:4c:3a:
         07:b9:ba:a8:e9:4f:c3:db:c2:a8:9b:1b:a4:47:07:46:4c:8d:
         cf:54:4f:a5:70:38:89:9d:0a:05:69:05:a5:63:35:26:3b:31:
         76:fd:a7:bd:35:8e:76:37:b9:23:2c:c9:a4:00:d7:93:19:92:
         11:95:74:c6:67:b5:1c:59:12:ac:d8:49:bc:62:25:a4:0c:5c:
         bd:42:5f:c6:c2:fe:d2:93:7a:bb:ae:5a:23:74:f2:6a:5a:13:
         57:a5:41:d9:bb:dc:3d:f4:c7:e5:1e:b7:11:54:1e:48:5d:ca:
         68:e1:95:c8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZBP88ppgQtwfUh6ix1rwlAgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZDZjNmU4YmNlZDQwYmQwMzJkMTc3MThjMWIxZTM5YWU4
NDFhZTgwHhcNMjQwNjI1MTUxMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzkyNjQxZTg4OTRmMTIyY2RjMjU5NzljZjM5MTU0NDJjZTBlN2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1T+vAYJ/zlHiqismBSNqLw6B8ARI
FEAD45jAnzu2zSSVp+8mLaAXBZlWp0f9q+DeBghB6l+RBIRte9jOhitgUyNPh+BT
l9GrZtzregS/zklpAPlDalQdq5Q2GAXZcOdRnWUd9czDXTf9Rl646yOkopWWcPZz
3sa1ikIap4a355/ZohZr1QR/ymkW0B4FG0gR30Y2oTq8xdJ0IwyCKvhuRnkV7KBD
xFBqndehtQSy04RqxA8vGLGIDfqqgAjY/C87wl9gMlMN1F2jpSGwbaM92p5cYwlF
8Li/S97J0GlajVDAbr/O7MaKpsbFGrGZ5rXzhU/lgPkz7efzusCnYAQ7ZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAySZB6IlPEizcJZec85FUQs4OfoMB8GA1UdIwQY
MBaAFOXWxui87UC9Ay0XcYwbHjmuhBroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQt
YmQyNDliNjI1Nzk3LzEvREpKa0hvaVU4U0xOd2xsNXp6a1ZSQ3pnNS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQtYmQyNDliNjI1Nzk3
LzEvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1ASEAwQA
1GC4AwQA1dMkMA0GCSqGSIb3DQEBCwUAA4IBAQBxbVSzWEoZWyHnTJ5gBwka7q7A
UvYXvNOgGT5gONxNhfpA0k0oMJGMpi/NKlF28FwxHEbqq+nemNA2Zruug7/6woed
BW0/+IWDaONSXU7QajRJsCExLQoH4r5RgUq3TS8go5k4JMKwEMWlRgnJRCSbRzea
pgmqKJZoSF2SU0VX67RNVLt37ZTBw5QsziJqTDoHubqo6U/D28KomxukRwdGTI3P
VE+lcDiJnQoFaQWlYzUmOzF2/ae9NY52N7kjLMmkANeTGZIRlXTGZ7UcWRKs2Em8
YiWkDFy9Ql/Gwv7Sk3q7rlojdPJqWhNXpUHZu9w99MflHrcRVB5IXcpo4ZXI
-----END CERTIFICATE-----