Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/fv8DPIKcV9KWATTd5NiBa4sIFeA.roa
File:                     fv8DPIKcV9KWATTd5NiBa4sIFeA.roa (raw, json)
Hash identifier:          DtHO6DcjQ3Mw0G84EqtI0Tm9SOS3H58zDAj1TTnGUuk=
Subject key identifier:   7E:FF:03:3C:82:9C:57:D2:96:01:34:DD:E4:D8:81:6B:8B:08:15:E0
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       018CC6B8A4A99F6721158FE02F94590D72F0
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/fv8DPIKcV9KWATTd5NiBa4sIFeA.roa
Signing time:             Mon 01 Jan 2024 20:30:38 +0000
ROA not before:           Mon 01 Jan 2024 20:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        212.113.119.0/24 maxlen: 24
                          212.113.106.0/24 maxlen: 24
                          212.113.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 02:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a4:a9:9f:67:21:15:8f:e0:2f:94:59:0d:72:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  1 20:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eff033c829c57d2960134dde4d8816b8b0815e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:3f:0e:6c:af:eb:0a:80:ba:45:76:8a:35:14:
                    bd:d0:89:84:5b:b0:6a:37:c5:d0:81:ba:44:ca:72:
                    27:39:9c:46:1c:22:8b:aa:81:f3:48:4e:e9:6d:e9:
                    6d:ca:81:0e:88:6a:ff:e8:bb:f0:7e:3e:07:90:c7:
                    b2:b3:d2:55:16:9f:35:12:c8:e5:b7:01:1b:97:77:
                    e0:eb:13:dc:6f:de:7c:04:9d:6c:5c:c1:6f:09:82:
                    6f:66:38:f6:2c:d5:a3:1f:45:a8:10:e0:e4:24:98:
                    0f:56:66:f9:1b:22:e0:89:39:95:4e:00:cd:5b:40:
                    af:e1:82:34:67:67:fd:fd:ac:33:69:da:bb:5e:b9:
                    ca:93:4e:03:d3:b7:e9:0f:96:1c:63:31:39:9d:fd:
                    f1:09:1e:7b:7d:2e:61:11:43:3e:de:0e:62:c9:5f:
                    a0:82:c4:9c:2d:4b:a2:0a:1d:1a:12:7d:a5:c0:f2:
                    e8:f5:49:8d:43:b8:d7:bb:bf:c1:0b:fb:8a:d5:2d:
                    34:6c:93:df:07:c5:58:03:62:74:45:3b:e7:77:b0:
                    8b:ce:e9:7e:0b:31:b9:14:0a:6b:a6:c4:e1:45:df:
                    fd:46:89:8a:0e:14:c4:20:dd:71:e6:df:1f:6c:bf:
                    e7:1a:53:05:7a:3d:35:2f:34:16:f4:de:9f:65:e2:
                    2e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:FF:03:3C:82:9C:57:D2:96:01:34:DD:E4:D8:81:6B:8B:08:15:E0
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/fv8DPIKcV9KWATTd5NiBa4sIFeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.106.0/24
                  212.113.116.0/24
                  212.113.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:74:8d:47:58:f0:ad:4f:c7:37:bf:cd:b3:59:2a:f6:be:1f:
         e0:cb:89:bd:2d:66:ea:05:df:2d:f7:c5:b3:45:bf:f1:2d:1f:
         b8:bd:d3:4a:ad:1c:9c:3f:6f:2e:47:0d:33:1e:a1:9f:c0:94:
         50:a3:87:68:6e:b1:aa:0b:a9:23:11:78:0a:99:a6:a8:ff:72:
         fa:53:d0:ca:8f:78:90:d7:84:74:5c:ea:21:ce:9f:5c:4e:6b:
         c5:52:7d:86:c0:c0:cc:a9:2f:41:99:7f:8e:85:71:33:1f:23:
         27:00:59:56:cf:b6:26:32:b4:53:49:9c:e8:61:ce:64:95:f5:
         73:5e:f0:99:94:31:1b:19:f5:dd:e3:b5:db:c6:48:12:45:8b:
         4e:61:67:3c:c2:ba:cb:75:eb:5a:a4:46:d9:16:71:76:02:24:
         8d:a2:e8:be:b5:76:54:45:11:eb:2f:57:3b:39:95:7f:08:32:
         7b:bd:7d:b1:fa:73:aa:c1:0c:d1:c6:11:2b:58:e1:04:fa:fc:
         04:a0:06:ec:34:02:9b:6c:06:9a:ef:a4:9b:51:4f:ab:1d:08:
         b7:2d:f4:03:72:3e:dd:bb:ee:96:12:53:c8:19:68:ff:a6:e0:
         dd:d6:d2:8d:46:cc:d3:6e:c3:96:79:ad:a8:ac:71:6c:60:59:
         60:c1:f1:b9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuKSpn2chFY/gL5RZDXLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjQwMTAxMjAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWZmMDMzYzgyOWM1N2QyOTYwMTM0ZGRlNGQ4ODE2YjhiMDgxNWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhz8ObK/rCoC6RXaKNRS90ImEW7Bq
N8XQgbpEynInOZxGHCKLqoHzSE7pbeltyoEOiGr/6Lvwfj4HkMeys9JVFp81Esjl
twEbl3fg6xPcb958BJ1sXMFvCYJvZjj2LNWjH0WoEODkJJgPVmb5GyLgiTmVTgDN
W0Cv4YI0Z2f9/awzadq7XrnKk04D07fpD5YcYzE5nf3xCR57fS5hEUM+3g5iyV+g
gsScLUuiCh0aEn2lwPLo9UmNQ7jXu7/BC/uK1S00bJPfB8VYA2J0RTvnd7CLzul+
CzG5FAprpsThRd/9RomKDhTEIN1x5t8fbL/nGlMFej01LzQW9N6fZeIuwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH7/AzyCnFfSlgE03eTYgWuLCBXgMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvZnY4RFBJS2NWOUtXQVRUZDVOaUJhNHNJRmVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1HFqAwQA
1HF0AwQA1HF3MA0GCSqGSIb3DQEBCwUAA4IBAQBydI1HWPCtT8c3v82zWSr2vh/g
y4m9LWbqBd8t98WzRb/xLR+4vdNKrRycP28uRw0zHqGfwJRQo4dobrGqC6kjEXgK
maao/3L6U9DKj3iQ14R0XOohzp9cTmvFUn2GwMDMqS9BmX+OhXEzHyMnAFlWz7Ym
MrRTSZzoYc5klfVzXvCZlDEbGfXd47XbxkgSRYtOYWc8wrrLdetapEbZFnF2AiSN
oui+tXZURRHrL1c7OZV/CDJ7vX2x+nOqwQzRxhErWOEE+vwEoAbsNAKbbAaa76Sb
UU+rHQi3LfQDcj7du+6WElPIGWj/puDd1tKNRszTbsOWea2orHFsYFlgwfG5
-----END CERTIFICATE-----