Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/pDfZriw_lIN8rfA0vBpA42g2grE.roa
File:                     pDfZriw_lIN8rfA0vBpA42g2grE.roa (raw, json)
Hash identifier:          RWx9aANf2Lpxd+ILRy/yWTyz4hbCsb/sB6dExpqLEXg=
Subject key identifier:   A4:37:D9:AE:2C:3F:94:83:7C:AD:F0:34:BC:1A:40:E3:68:36:82:B1
Certificate issuer:       /CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Certificate serial:       018CC86EFB662B3F595A752DA13C6DC44E59
Authority key identifier: BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/pDfZriw_lIN8rfA0vBpA42g2grE.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57255
IP address blocks:        213.156.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Nov 2024 11:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fb:66:2b:3f:59:5a:75:2d:a1:3c:6d:c4:4e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a437d9ae2c3f94837cadf034bc1a40e3683682b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ef:5b:f5:a7:e5:b7:ab:29:19:5b:ae:e9:fe:
                    d1:0a:7a:61:3c:4a:3c:19:72:e0:db:7f:57:60:8b:
                    2d:96:12:e0:83:fd:17:7f:d6:8d:e3:ce:9f:88:b2:
                    ae:d8:7c:1e:72:fc:a4:1b:2a:78:cb:15:7f:20:74:
                    53:05:e6:8c:43:cc:fc:1a:aa:8b:c5:e3:f4:a6:b3:
                    73:46:ef:5f:d6:28:09:5a:40:20:a2:90:ca:1f:0d:
                    70:b2:1f:32:a2:2f:0b:28:31:96:2b:b1:98:35:09:
                    21:43:4a:66:04:30:70:e8:6f:e9:3f:84:3a:b3:4a:
                    e2:01:76:a8:23:09:4c:d1:99:17:5e:23:9c:68:89:
                    b6:5d:0e:6f:84:ae:3b:3f:c2:51:16:80:3f:43:b4:
                    29:e7:e2:9c:30:82:6f:84:01:cc:1a:90:8a:84:96:
                    f8:c5:fe:a6:95:05:13:59:7e:b0:2e:65:da:65:e5:
                    22:18:66:71:b2:b8:f7:25:51:c6:40:4d:f1:65:53:
                    08:a1:65:d9:63:34:5e:38:db:62:bb:f3:86:81:44:
                    01:62:1b:c7:40:19:95:77:38:3b:da:71:9d:7d:31:
                    09:15:26:08:44:a8:45:ef:47:3e:95:c0:66:78:c1:
                    f7:52:bd:2c:f2:4a:82:3e:30:ff:f9:a5:5b:2a:ba:
                    f0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:37:D9:AE:2C:3F:94:83:7C:AD:F0:34:BC:1A:40:E3:68:36:82:B1
            X509v3 Authority Key Identifier:
                keyid:BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/pDfZriw_lIN8rfA0vBpA42g2grE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.156.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:4f:57:67:48:5b:d4:35:08:38:80:4f:e4:90:29:6c:16:14:
         05:c7:8d:1d:00:62:ec:73:98:b3:e6:6b:37:90:e8:1a:7e:63:
         30:8d:cc:31:f7:79:01:85:05:7c:8f:44:08:55:d3:af:66:6e:
         e1:70:0b:07:68:47:39:86:a0:34:05:c6:99:ff:c1:4f:79:66:
         51:39:7a:f7:34:60:34:cb:2c:42:d1:84:8e:6b:17:9a:1b:3b:
         be:87:76:45:cc:23:ea:f1:7e:47:db:c4:8d:97:ba:40:ff:17:
         a7:14:d9:91:d9:c5:54:29:88:78:66:4a:0c:92:74:bb:c7:9d:
         71:b5:36:49:27:af:9c:33:21:ac:94:3e:3d:a0:76:cb:d8:87:
         a6:c2:75:44:d7:39:d9:2c:72:d1:06:b9:a4:ff:33:87:47:07:
         79:75:19:1c:f0:51:26:28:07:09:bc:74:fd:ca:e9:3a:bd:6f:
         fe:79:24:f7:9e:4a:26:a8:6e:3b:66:3c:31:a0:cb:4b:33:50:
         22:3c:e1:52:f8:d6:85:8e:92:99:a8:88:db:a7:20:23:be:5e:
         28:07:42:5a:aa:2b:f2:d1:2d:ba:fd:29:eb:28:88:36:b6:80:
         10:58:91:66:51:40:98:75:84:86:b8:3f:25:0a:cb:6c:07:31:
         bf:3b:9f:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvtmKz9ZWnUtoTxtxE5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDcwM2UwOGNhMGQ2YTMxMGNiYzY0M2ZmY2IzMDdmZjZj
ZGM2NWMwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDM3ZDlhZTJjM2Y5NDgzN2NhZGYwMzRiYzFhNDBlMzY4MzY4MmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAku9b9aflt6spGVuu6f7RCnphPEo8
GXLg239XYIstlhLgg/0Xf9aN486fiLKu2HwecvykGyp4yxV/IHRTBeaMQ8z8GqqL
xeP0prNzRu9f1igJWkAgopDKHw1wsh8yoi8LKDGWK7GYNQkhQ0pmBDBw6G/pP4Q6
s0riAXaoIwlM0ZkXXiOcaIm2XQ5vhK47P8JRFoA/Q7Qp5+KcMIJvhAHMGpCKhJb4
xf6mlQUTWX6wLmXaZeUiGGZxsrj3JVHGQE3xZVMIoWXZYzReONtiu/OGgUQBYhvH
QBmVdzg72nGdfTEJFSYIRKhF70c+lcBmeMH3Ur0s8kqCPjD/+aVbKrrwQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQ32a4sP5SDfK3wNLwaQONoNoKxMB8GA1UdIwQY
MBaAFLxHA+CMoNajEMvGQ//LMH/2zcZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTct
NjZlZGEyMjhmZWM3LzEvcERmWnJpd19sSU44cmZBMHZCcEE0MmcyZ3JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTctNjZlZGEyMjhmZWM3
LzEvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZxnMA0G
CSqGSIb3DQEBCwUAA4IBAQB3T1dnSFvUNQg4gE/kkClsFhQFx40dAGLsc5iz5ms3
kOgafmMwjcwx93kBhQV8j0QIVdOvZm7hcAsHaEc5hqA0BcaZ/8FPeWZROXr3NGA0
yyxC0YSOaxeaGzu+h3ZFzCPq8X5H28SNl7pA/xenFNmR2cVUKYh4ZkoMknS7x51x
tTZJJ6+cMyGslD49oHbL2IemwnVE1znZLHLRBrmk/zOHRwd5dRkc8FEmKAcJvHT9
yuk6vW/+eST3nkomqG47ZjwxoMtLM1AiPOFS+NaFjpKZqIjbpyAjvl4oB0Jaqivy
0S26/SnrKIg2toAQWJFmUUCYdYSGuD8lCstsBzG/O58G
-----END CERTIFICATE-----