Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/nz4iWaKhsnj0CBAx2kY6efcjWbI.roa
File:                     nz4iWaKhsnj0CBAx2kY6efcjWbI.roa (raw, json)
Hash identifier:          3iBcZ9G2X99Gsvoc2t0DW5tmz60vwwpyxEz2zwkXorM=
Subject key identifier:   9F:3E:22:59:A2:A1:B2:78:F4:08:10:31:DA:46:3A:79:F7:23:59:B2
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       019428233463E54D5A907D45B9F513B67A4B
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/nz4iWaKhsnj0CBAx2kY6efcjWbI.roa
Signing time:             Thu 02 Jan 2025 17:49:43 +0000
ROA not before:           Thu 02 Jan 2025 17:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214173
IP address blocks:        212.113.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:34:63:e5:4d:5a:90:7d:45:b9:f5:13:b6:7a:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  2 17:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f3e2259a2a1b278f4081031da463a79f72359b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:26:fa:cf:1f:b0:8b:1b:cb:2b:4d:f8:6e:ae:
                    40:a4:0f:f5:7f:69:52:85:f7:a7:9a:63:44:fe:9b:
                    1a:c5:db:48:0e:7b:9e:74:5a:4c:0b:c6:c5:79:3b:
                    0c:b0:15:01:34:00:11:58:dd:5d:0d:bd:95:c9:1c:
                    63:4c:3f:f8:31:08:82:43:19:01:94:5d:7e:68:b3:
                    57:db:79:91:3b:8a:de:67:37:5f:08:04:b7:a9:b2:
                    ed:4f:61:95:59:af:90:a2:89:97:df:cc:78:60:b4:
                    85:36:f9:f3:e1:5a:5c:9d:a3:c2:b3:03:ff:ea:16:
                    88:08:77:ae:9e:1a:d5:11:83:0e:08:66:7e:b3:6d:
                    22:27:df:1d:7a:3f:cd:c9:c3:2b:6d:0a:00:c4:fc:
                    dc:df:3d:0b:31:74:40:c3:e5:aa:c9:6c:ec:e4:c0:
                    e1:3f:2c:99:db:e0:66:b5:3f:df:59:7f:48:d3:32:
                    c4:d2:0c:32:be:a7:a5:78:c2:dc:aa:e6:b7:44:a3:
                    23:bf:d4:e9:12:2e:2c:04:de:1f:b4:9e:55:03:0b:
                    90:89:8e:cb:31:40:87:8f:ae:df:ea:ae:c5:67:31:
                    69:6c:42:f1:f7:47:d2:e2:5d:bf:20:ca:34:2a:89:
                    36:79:0a:64:32:93:54:ac:5c:3e:8f:a9:52:44:d4:
                    3c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:3E:22:59:A2:A1:B2:78:F4:08:10:31:DA:46:3A:79:F7:23:59:B2
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/nz4iWaKhsnj0CBAx2kY6efcjWbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:43:30:fb:e6:7b:2a:e2:d9:f3:e7:98:ae:a4:47:41:b2:46:
         dc:fc:ce:91:d4:cc:68:78:97:f5:72:e8:0d:42:ab:37:e6:4d:
         7a:2e:28:85:02:b0:53:ec:11:a2:67:da:a3:9d:39:8b:ee:cb:
         18:20:5d:d4:e1:fa:0f:b4:06:d8:cc:32:27:0b:1e:71:c2:65:
         02:a9:01:33:e1:24:c6:19:b2:79:00:df:d0:fb:fc:c8:0b:29:
         0a:48:a0:d7:b5:dc:1a:cd:f2:38:c7:29:c7:0d:1a:39:cb:d9:
         7b:27:d9:d1:28:d3:46:e2:61:50:ce:bb:bd:e0:a7:3f:90:aa:
         6e:06:f2:1e:34:0d:97:d1:40:3d:81:37:78:bb:e2:c4:42:0e:
         e1:88:f1:64:c8:44:5a:de:8d:5f:c9:7d:b8:1d:1b:84:15:06:
         51:5c:07:04:ae:29:14:2a:37:ca:b4:03:2e:66:44:8c:73:f2:
         c7:85:61:24:32:64:bc:10:03:b5:cd:46:a0:56:c2:1d:4a:97:
         f2:7f:a6:cf:a1:ef:90:a9:66:eb:bf:d0:1b:14:95:06:8f:af:
         83:81:af:d3:47:fb:67:23:92:6b:d4:b7:f9:dc:b4:51:9d:73:
         dc:31:1c:b1:e8:2c:80:a1:16:b5:1d:aa:95:b3:0b:98:92:a5:
         9e:cc:8f:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIzRj5U1akH1FufUTtnpLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjUwMTAyMTc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjNlMjI1OWEyYTFiMjc4ZjQwODEwMzFkYTQ2M2E3OWY3MjM1OWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApib6zx+wixvLK034bq5ApA/1f2lS
hfenmmNE/psaxdtIDnuedFpMC8bFeTsMsBUBNAARWN1dDb2VyRxjTD/4MQiCQxkB
lF1+aLNX23mRO4reZzdfCAS3qbLtT2GVWa+QoomX38x4YLSFNvnz4VpcnaPCswP/
6haICHeunhrVEYMOCGZ+s20iJ98dej/NycMrbQoAxPzc3z0LMXRAw+WqyWzs5MDh
PyyZ2+BmtT/fWX9I0zLE0gwyvqeleMLcqua3RKMjv9TpEi4sBN4ftJ5VAwuQiY7L
MUCHj67f6q7FZzFpbELx90fS4l2/IMo0Kok2eQpkMpNUrFw+j6lSRNQ8CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8+IlmiobJ49AgQMdpGOnn3I1myMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvbno0aVdhS2hzbmowQ0JBeDJrWTZlZmNqV2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HFxMA0G
CSqGSIb3DQEBCwUAA4IBAQAFQzD75nsq4tnz55iupEdBskbc/M6R1MxoeJf1cugN
Qqs35k16LiiFArBT7BGiZ9qjnTmL7ssYIF3U4foPtAbYzDInCx5xwmUCqQEz4STG
GbJ5AN/Q+/zICykKSKDXtdwazfI4xynHDRo5y9l7J9nRKNNG4mFQzru94Kc/kKpu
BvIeNA2X0UA9gTd4u+LEQg7hiPFkyERa3o1fyX24HRuEFQZRXAcErikUKjfKtAMu
ZkSMc/LHhWEkMmS8EAO1zUagVsIdSpfyf6bPoe+QqWbrv9AbFJUGj6+Dga/TR/tn
I5Jr1Lf53LRRnXPcMRyx6CyAoRa1HaqVswuYkqWezI+B
-----END CERTIFICATE-----