Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/tUvoIhHVZ4l41aDw9Z5cdXycdP0.roa
File:                     tUvoIhHVZ4l41aDw9Z5cdXycdP0.roa (raw, json)
Hash identifier:          xR+rZ7n6noG65Q+Ydoot4OrxoWZWA1bgqpGvteDimng=
Subject key identifier:   B5:4B:E8:22:11:D5:67:89:78:D5:A0:F0:F5:9E:5C:75:7C:9C:74:FD
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E0B29DDFC2D1DAA5FBC9EA42B2E44
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/tUvoIhHVZ4l41aDw9Z5cdXycdP0.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        212.69.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0b:29:dd:fc:2d:1d:aa:5f:bc:9e:a4:2b:2e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b54be82211d5678978d5a0f0f59e5c757c9c74fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:18:f4:d7:75:d4:53:a1:78:8f:b2:8e:7a:ce:
                    08:12:64:a3:bb:fe:c6:4b:27:f2:c0:5d:c6:76:54:
                    5f:a9:b6:9d:d5:66:81:3b:5a:26:c0:6f:39:d0:f2:
                    84:e5:92:1f:7a:5f:ea:1b:c9:c1:80:cf:2e:71:9e:
                    d5:05:84:01:f8:5d:28:45:d1:8e:9a:d6:04:dc:4e:
                    af:8c:b2:f4:84:01:b3:1d:50:75:6d:cc:c8:0d:de:
                    f7:02:86:00:81:cc:53:af:82:c5:5e:96:cf:ed:7d:
                    79:15:41:07:d7:2a:9b:be:11:f9:66:83:96:89:a2:
                    cd:12:4a:76:54:0e:58:89:06:f3:10:34:5b:b4:2d:
                    13:21:32:b0:b4:e7:12:9b:4c:9a:c5:c0:8e:90:4f:
                    3f:b0:88:6c:c0:84:ff:00:7c:9c:f4:5c:65:03:9b:
                    d9:86:38:49:5d:2d:93:2f:b2:cf:69:1a:62:2b:12:
                    78:5a:5e:df:7a:7c:1b:d8:0c:ae:19:34:79:e2:3d:
                    62:e1:41:75:d6:e0:25:c3:31:9e:8c:2c:36:f5:b1:
                    c7:39:46:54:64:bb:67:57:6e:d7:38:0e:83:24:58:
                    a0:de:51:d4:30:84:75:9b:a1:19:fb:e9:98:cc:ab:
                    78:a6:cc:67:1f:9d:17:22:ad:92:21:cf:62:b0:58:
                    31:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:4B:E8:22:11:D5:67:89:78:D5:A0:F0:F5:9E:5C:75:7C:9C:74:FD
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/tUvoIhHVZ4l41aDw9Z5cdXycdP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.69.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:9a:75:60:72:de:7d:8d:a3:52:85:c7:6b:c3:eb:36:b5:13:
         06:83:e6:6a:35:c5:a2:61:df:b3:45:9e:20:f7:0a:fb:d0:68:
         7f:3b:b9:2f:d5:7c:dd:48:a2:2b:99:96:8a:46:a6:85:de:94:
         18:1b:86:77:71:ad:9e:a5:8d:14:18:a2:bd:33:f6:cb:c4:58:
         68:5e:99:62:06:be:4c:d2:95:d6:81:af:a4:07:8f:4a:0a:21:
         82:5b:83:c6:c9:77:76:4f:a4:af:4c:72:24:0a:03:0f:dc:68:
         09:bc:1b:fb:32:14:65:69:c8:1d:a3:93:e1:31:e8:7e:a7:5f:
         09:6a:03:25:c0:29:c0:35:bf:e1:d2:3f:ec:c4:d0:a5:2a:c1:
         73:ec:81:f6:3c:85:3f:0a:14:91:f0:0b:42:92:2e:00:7d:5c:
         a6:7e:09:15:18:6a:99:d7:d3:cd:1b:68:28:44:12:f1:5d:00:
         45:11:37:74:8c:b9:78:cf:5b:ab:bd:70:a4:f7:da:7b:44:5d:
         0c:4f:0a:db:1f:3d:1f:01:08:dc:31:db:1a:09:cd:bd:fc:e8:
         53:53:85:3b:5e:c9:32:e1:73:22:5f:f7:6a:ff:da:b4:5e:10:
         9c:b4:c9:8c:fb:bf:3b:af:4a:46:db:a8:87:ac:02:0d:8b:05:
         25:4c:8b:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgsp3fwtHapfvJ6kKy5EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTRiZTgyMjExZDU2Nzg5NzhkNWEwZjBmNTllNWM3NTdjOWM3NGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRj013XUU6F4j7KOes4IEmSju/7G
SyfywF3GdlRfqbad1WaBO1omwG850PKE5ZIfel/qG8nBgM8ucZ7VBYQB+F0oRdGO
mtYE3E6vjLL0hAGzHVB1bczIDd73AoYAgcxTr4LFXpbP7X15FUEH1yqbvhH5ZoOW
iaLNEkp2VA5YiQbzEDRbtC0TITKwtOcSm0yaxcCOkE8/sIhswIT/AHyc9FxlA5vZ
hjhJXS2TL7LPaRpiKxJ4Wl7fenwb2AyuGTR54j1i4UF11uAlwzGejCw29bHHOUZU
ZLtnV27XOA6DJFig3lHUMIR1m6EZ++mYzKt4psxnH50XIq2SIc9isFgxCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVL6CIR1WeJeNWg8PWeXHV8nHT9MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvdFV2b0loSFZaNGw0MWFEdzlaNWNkWHljZFAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EUAMA0G
CSqGSIb3DQEBCwUAA4IBAQBvmnVgct59jaNShcdrw+s2tRMGg+ZqNcWiYd+zRZ4g
9wr70Gh/O7kv1XzdSKIrmZaKRqaF3pQYG4Z3ca2epY0UGKK9M/bLxFhoXpliBr5M
0pXWga+kB49KCiGCW4PGyXd2T6SvTHIkCgMP3GgJvBv7MhRlacgdo5PhMeh+p18J
agMlwCnANb/h0j/sxNClKsFz7IH2PIU/ChSR8AtCki4AfVymfgkVGGqZ19PNG2go
RBLxXQBFETd0jLl4z1urvXCk99p7RF0MTwrbHz0fAQjcMdsaCc29/OhTU4U7Xsky
4XMiX/dq/9q0XhCctMmM+787r0pG26iHrAINiwUlTIsg
-----END CERTIFICATE-----