Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/653e8b-1f78-4c37-b254-73676526053b/1/kSP85nRmf_pMQ7aw_quvRnwE0VQ.roa
File:                     kSP85nRmf_pMQ7aw_quvRnwE0VQ.roa (raw, json)
Hash identifier:          ffd1NJ95Tp5K58icyyrfdHA8LmxOETc5J58UDsZSkRI=
Subject key identifier:   91:23:FC:E6:74:66:7F:FA:4C:43:B6:B0:FE:AB:AF:46:7C:04:D1:54
Certificate issuer:       /CN=af3b13fc9a60400172561b0a520df16cb251cf95
Certificate serial:       018CC64AF8D94DE572294732EC7CD1F95C40
Authority key identifier: AF:3B:13:FC:9A:60:40:01:72:56:1B:0A:52:0D:F1:6C:B2:51:CF:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rzsT_JpgQAFyVhsKUg3xbLJRz5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/653e8b-1f78-4c37-b254-73676526053b/1/kSP85nRmf_pMQ7aw_quvRnwE0VQ.roa
Signing time:             Mon 01 Jan 2024 18:30:51 +0000
ROA not before:           Mon 01 Jan 2024 18:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        212.23.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/653e8b-1f78-4c37-b254-73676526053b/1/rzsT_JpgQAFyVhsKUg3xbLJRz5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/653e8b-1f78-4c37-b254-73676526053b/1/rzsT_JpgQAFyVhsKUg3xbLJRz5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rzsT_JpgQAFyVhsKUg3xbLJRz5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f8:d9:4d:e5:72:29:47:32:ec:7c:d1:f9:5c:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af3b13fc9a60400172561b0a520df16cb251cf95
        Validity
            Not Before: Jan  1 18:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9123fce674667ffa4c43b6b0feabaf467c04d154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:99:36:b8:02:62:9c:36:62:44:0f:e3:2e:2d:
                    93:f8:b1:25:ee:32:ac:60:15:c0:6a:04:c1:5a:f2:
                    13:7c:a4:d3:1a:f7:b3:97:f5:92:30:0a:2b:26:1d:
                    ab:cd:8f:1f:8b:61:ff:ca:0e:b8:0f:98:10:2e:7a:
                    97:61:be:75:41:9d:72:03:78:52:3f:b6:a8:8a:dd:
                    90:e6:a4:c3:68:2e:57:89:7f:94:5c:f1:9e:1f:ab:
                    cb:fd:5a:d7:62:31:b5:42:13:c1:e3:e9:3e:de:5d:
                    8f:a8:e2:c4:84:21:61:c5:68:3e:59:2e:57:09:4a:
                    0d:d6:85:15:8b:ec:09:61:89:fc:a7:f6:4c:8d:7e:
                    a9:5f:17:a6:2e:9f:3f:dd:31:54:bb:33:98:b0:de:
                    4f:af:f9:35:92:ab:c4:bb:17:3b:ba:a8:84:6c:77:
                    58:79:70:2b:d0:1c:eb:b3:21:61:14:56:07:bd:1b:
                    f1:87:db:ba:63:dd:86:68:04:89:85:d7:68:ae:67:
                    28:cc:d1:90:80:54:89:30:bd:5d:05:a0:b6:ed:01:
                    af:31:88:41:41:80:d5:28:8f:18:d0:c9:2c:eb:b5:
                    8e:c7:91:bc:0c:e3:cc:af:9b:29:a1:62:eb:ec:b3:
                    61:60:b9:2b:5c:e9:95:3c:2f:c0:4d:19:0f:96:0a:
                    03:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:23:FC:E6:74:66:7F:FA:4C:43:B6:B0:FE:AB:AF:46:7C:04:D1:54
            X509v3 Authority Key Identifier:
                keyid:AF:3B:13:FC:9A:60:40:01:72:56:1B:0A:52:0D:F1:6C:B2:51:CF:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rzsT_JpgQAFyVhsKUg3xbLJRz5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/653e8b-1f78-4c37-b254-73676526053b/1/kSP85nRmf_pMQ7aw_quvRnwE0VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/653e8b-1f78-4c37-b254-73676526053b/1/rzsT_JpgQAFyVhsKUg3xbLJRz5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:0d:1e:67:63:84:c1:2f:56:71:6b:f1:82:fa:b9:5d:31:e4:
         cf:dd:8e:88:6e:a3:31:1f:44:8d:e2:99:5d:53:47:67:63:69:
         79:26:8a:5c:6e:20:4a:f5:c3:26:39:ea:44:df:1e:0d:c9:85:
         48:50:d3:54:bf:e5:0d:a4:bb:98:78:59:48:47:76:0b:48:01:
         a6:51:87:6e:40:f7:cc:99:b1:f0:13:e0:51:df:3f:7e:47:03:
         70:87:e1:22:70:e8:eb:e9:dd:29:b1:dd:f5:e6:7f:cb:18:48:
         2f:76:d8:e1:f8:2b:1d:0f:6b:22:8e:a1:c2:ef:07:f9:92:5a:
         fe:39:0f:ad:67:16:13:e8:3b:50:8f:54:94:ff:43:81:c7:a3:
         2b:50:20:c6:36:9d:eb:41:74:90:9a:f4:ec:21:bd:c5:a6:2b:
         6b:2b:85:b2:cd:c1:0c:a0:89:99:1c:6e:ca:b0:e6:90:0d:03:
         24:83:bb:70:d8:a6:cd:88:1f:7a:93:05:4a:57:24:6a:29:72:
         c2:6b:22:17:f1:a6:b3:dc:30:28:78:1d:b3:30:ca:a9:1a:07:
         2d:a2:f4:bc:48:b8:bb:5d:54:28:d3:a7:fb:66:ad:cc:66:8a:
         32:67:a5:4a:8b:fa:d5:fa:44:e1:c8:ab:36:d6:6b:dd:ce:c6:
         49:44:dd:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvjZTeVyKUcy7HzR+VxAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmM2IxM2ZjOWE2MDQwMDE3MjU2MWIwYTUyMGRmMTZjYjI1
MWNmOTUwHhcNMjQwMTAxMTgzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTIzZmNlNjc0NjY3ZmZhNGM0M2I2YjBmZWFiYWY0NjdjMDRkMTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5k2uAJinDZiRA/jLi2T+LEl7jKs
YBXAagTBWvITfKTTGvezl/WSMAorJh2rzY8fi2H/yg64D5gQLnqXYb51QZ1yA3hS
P7aoit2Q5qTDaC5XiX+UXPGeH6vL/VrXYjG1QhPB4+k+3l2PqOLEhCFhxWg+WS5X
CUoN1oUVi+wJYYn8p/ZMjX6pXxemLp8/3TFUuzOYsN5Pr/k1kqvEuxc7uqiEbHdY
eXAr0BzrsyFhFFYHvRvxh9u6Y92GaASJhddormcozNGQgFSJML1dBaC27QGvMYhB
QYDVKI8Y0Mks67WOx5G8DOPMr5spoWLr7LNhYLkrXOmVPC/ATRkPlgoDpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEj/OZ0Zn/6TEO2sP6rr0Z8BNFUMB8GA1UdIwQY
MBaAFK87E/yaYEABclYbClIN8WyyUc+VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnpzVF9KcGdRQUZ5VmhzS1VnM3hiTEpSejVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi82NTNlOGItMWY3OC00YzM3LWIyNTQt
NzM2NzY1MjYwNTNiLzEva1NQODVuUm1mX3BNUTdhd19xdXZSbndFMFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi82NTNlOGItMWY3OC00YzM3LWIyNTQtNzM2NzY1MjYwNTNi
LzEvcnpzVF9KcGdRQUZ5VmhzS1VnM3hiTEpSejVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfJMA0G
CSqGSIb3DQEBCwUAA4IBAQBjDR5nY4TBL1Zxa/GC+rldMeTP3Y6IbqMxH0SN4pld
U0dnY2l5JopcbiBK9cMmOepE3x4NyYVIUNNUv+UNpLuYeFlIR3YLSAGmUYduQPfM
mbHwE+BR3z9+RwNwh+EicOjr6d0psd315n/LGEgvdtjh+CsdD2sijqHC7wf5klr+
OQ+tZxYT6DtQj1SU/0OBx6MrUCDGNp3rQXSQmvTsIb3FpitrK4WyzcEMoImZHG7K
sOaQDQMkg7tw2KbNiB96kwVKVyRqKXLCayIX8aaz3DAoeB2zMMqpGgctovS8SLi7
XVQo06f7Zq3MZooyZ6VKi/rV+kThyKs21mvdzsZJRN29
-----END CERTIFICATE-----