Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/263mABkmKCoB2-pdeQM-sCzMDrw.roa
File:                     263mABkmKCoB2-pdeQM-sCzMDrw.roa (raw, json)
Hash identifier:          H64nkYCx1MqU++VUixHzgmtE6WlB6Uwitxtoc7ojCcw=
Subject key identifier:   DB:AD:E6:00:19:26:28:2A:01:DB:EA:5D:79:03:3E:B0:2C:CC:0E:BC
Certificate issuer:       /CN=4b4fbfcf5fdc48ab0bfb52854f7a04fc1cff1dbd
Certificate serial:       01934E34D539997103D387CBE35B7C9D44E7
Authority key identifier: 4B:4F:BF:CF:5F:DC:48:AB:0B:FB:52:85:4F:7A:04:FC:1C:FF:1D:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/263mABkmKCoB2-pdeQM-sCzMDrw.roa
Signing time:             Thu 21 Nov 2024 10:11:45 +0000
ROA not before:           Thu 21 Nov 2024 10:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5609
IP address blocks:        163.162.0.0/16 maxlen: 24
                          185.57.208.0/22 maxlen: 24
                          2001:6b8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:34:d5:39:99:71:03:d3:87:cb:e3:5b:7c:9d:44:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b4fbfcf5fdc48ab0bfb52854f7a04fc1cff1dbd
        Validity
            Not Before: Nov 21 10:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbade6001926282a01dbea5d79033eb02ccc0ebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:27:8c:8b:70:a4:27:7b:67:c5:7d:ec:67:36:
                    66:c0:11:fb:ff:ce:bd:5e:33:b1:40:05:1f:c5:b8:
                    ee:19:c0:8a:7c:a1:16:2c:42:ec:fe:cb:7b:19:f0:
                    6a:c7:a9:be:c6:78:30:cf:7d:7d:21:f4:de:49:7f:
                    14:fb:2c:79:84:72:2e:63:e7:59:17:89:66:ec:e5:
                    58:af:98:06:06:5a:41:88:85:2c:0a:5d:5f:ea:32:
                    e1:31:a1:95:6b:64:38:e1:ef:8e:6b:b0:f5:66:73:
                    23:4f:61:c6:0a:e3:b3:7e:b6:c9:76:f3:1a:0d:9f:
                    86:cc:d4:ad:ed:95:cd:29:a9:85:80:6f:22:83:f3:
                    35:88:3b:41:30:ef:6d:d4:22:d2:6e:0f:54:ad:ed:
                    ea:d5:f8:0b:4c:3a:db:cb:07:bb:c7:a1:d9:b6:29:
                    5e:72:eb:6b:8a:8c:36:67:19:ba:e1:4b:dd:d0:24:
                    8d:5e:31:22:da:2e:e0:92:a7:fe:ac:05:1f:cf:16:
                    a0:69:44:6f:d4:cb:c3:13:34:67:77:1a:a8:49:a6:
                    b5:b2:bc:1d:0e:83:dd:81:64:7c:5d:c7:66:b6:5e:
                    40:39:2a:18:23:be:df:e9:3c:ac:57:d8:a5:af:1a:
                    fc:7e:3f:b4:61:91:64:13:d6:25:29:7c:aa:02:36:
                    ec:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:AD:E6:00:19:26:28:2A:01:DB:EA:5D:79:03:3E:B0:2C:CC:0E:BC
            X509v3 Authority Key Identifier:
                keyid:4B:4F:BF:CF:5F:DC:48:AB:0B:FB:52:85:4F:7A:04:FC:1C:FF:1D:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/263mABkmKCoB2-pdeQM-sCzMDrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.162.0.0/16
                  185.57.208.0/22
                IPv6:
                  2001:6b8::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:ec:3f:7f:42:e4:8e:31:8e:a5:9c:4c:99:76:1e:94:85:84:
         01:ff:00:5e:0f:1d:a0:34:13:23:d6:de:ba:60:6e:3b:f1:df:
         bb:6a:69:e8:d0:d2:dc:91:9e:e4:f0:90:3b:40:03:8b:e3:2a:
         13:c9:20:05:bf:68:43:d9:20:21:4f:7c:14:81:13:34:bd:9f:
         ea:12:d8:c5:be:ab:d5:43:f9:08:a9:f1:de:57:c8:4d:db:32:
         00:92:7e:71:58:0d:85:62:3c:b4:e4:31:34:64:38:16:d7:3d:
         38:2a:0a:53:0f:bb:3a:6b:a1:d8:43:04:6c:2d:0e:69:9e:d3:
         2b:2b:9a:0a:88:63:df:01:f5:bf:47:e2:af:9a:d9:8e:23:19:
         6d:c9:f3:29:0b:a6:10:4f:01:a1:96:fd:cf:43:41:05:3a:d8:
         98:31:e8:8e:e3:67:83:09:00:13:31:98:1d:96:75:a0:0a:f0:
         86:f8:22:5b:bb:6b:8e:04:bd:ae:06:d3:36:1a:4e:0d:f8:75:
         93:a6:61:34:ef:69:62:f2:6b:c8:4e:4f:51:42:18:92:b0:d2:
         2b:e8:48:59:30:92:58:66:30:61:fe:47:08:68:87:67:20:dc:
         e9:b0:3f:ee:e9:91:3e:40:ca:62:6e:74:3e:77:e6:f2:37:a3:
         d9:3a:6d:2e
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZNONNU5mXED04fL41t8nUTnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNGZiZmNmNWZkYzQ4YWIwYmZiNTI4NTRmN2EwNGZjMWNm
ZjFkYmQwHhcNMjQxMTIxMTAxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmFkZTYwMDE5MjYyODJhMDFkYmVhNWQ3OTAzM2ViMDJjY2MwZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7yeMi3CkJ3tnxX3sZzZmwBH7/869
XjOxQAUfxbjuGcCKfKEWLELs/st7GfBqx6m+xngwz319IfTeSX8U+yx5hHIuY+dZ
F4lm7OVYr5gGBlpBiIUsCl1f6jLhMaGVa2Q44e+Oa7D1ZnMjT2HGCuOzfrbJdvMa
DZ+GzNSt7ZXNKamFgG8ig/M1iDtBMO9t1CLSbg9Ure3q1fgLTDrbywe7x6HZtile
cutriow2Zxm64Uvd0CSNXjEi2i7gkqf+rAUfzxagaURv1MvDEzRndxqoSaa1srwd
DoPdgWR8Xcdmtl5AOSoYI77f6TysV9ilrxr8fj+0YZFkE9YlKXyqAjbsyQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNut5gAZJigqAdvqXXkDPrAszA68MB8GA1UdIwQY
MBaAFEtPv89f3EirC/tShU96BPwc/x29MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzAtX3oxX2NTS3NMLTFLRlQzb0VfQnpfSGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9jNjBiMWItOWI0Mi00NWViLWE1ODIt
OTJkZGVjNmJkMGEyLzEvMjYzbUFCa21LQ29CMi1wZGVRTS1zQ3pNRHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9jNjBiMWItOWI0Mi00NWViLWE1ODItOTJkZGVjNmJkMGEy
LzEvUzAtX3oxX2NTS3NMLTFLRlQzb0VfQnpfSGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAo6IDBAK5
OdAwDQQCAAIwBwMFACABBrgwDQYJKoZIhvcNAQELBQADggEBALbsP39C5I4xjqWc
TJl2HpSFhAH/AF4PHaA0EyPW3rpgbjvx37tqaejQ0tyRnuTwkDtAA4vjKhPJIAW/
aEPZICFPfBSBEzS9n+oS2MW+q9VD+Qip8d5XyE3bMgCSfnFYDYViPLTkMTRkOBbX
PTgqClMPuzprodhDBGwtDmme0ysrmgqIY98B9b9H4q+a2Y4jGW3J8ykLphBPAaGW
/c9DQQU62Jgx6I7jZ4MJABMxmB2WdaAK8Ib4Ilu7a44Eva4G0zYaTg34dZOmYTTv
aWLya8hOT1FCGJKw0ivoSFkwklhmMGH+Rwhoh2cg3OmwP+7pkT5AymJudD535vI3
o9k6bS4=
-----END CERTIFICATE-----