Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/B222TXoLR44j3Cryk6TI_gUMOtY.roa
File:                     B222TXoLR44j3Cryk6TI_gUMOtY.roa (raw, json)
Hash identifier:          LcruqmMh4SUo4pQZSRt/PKJoh3q1uxHsoQxfVJOrS8A=
Subject key identifier:   07:6D:B6:4D:7A:0B:47:8E:23:DC:2A:F2:93:A4:C8:FE:05:0C:3A:D6
Certificate issuer:       /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial:       018CC86F85870699EBB597697CCB9594A470
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/B222TXoLR44j3Cryk6TI_gUMOtY.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25261
IP address blocks:        213.192.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:85:87:06:99:eb:b5:97:69:7c:cb:95:94:a4:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=076db64d7a0b478e23dc2af293a4c8fe050c3ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:39:fe:cd:af:a9:a0:24:fa:28:f2:55:cc:b4:
                    57:32:ef:99:3b:9d:73:17:76:97:85:d7:b2:33:60:
                    9f:eb:c7:3d:1d:60:70:a7:c2:a8:28:aa:cf:a5:6c:
                    b4:70:c7:a2:38:06:2d:e7:e1:95:5a:7a:ad:6b:5a:
                    df:43:f6:dd:8d:f2:16:af:5d:e4:4b:a5:3b:c6:e8:
                    9b:2e:00:b9:70:b9:15:57:05:99:2c:45:61:fa:2c:
                    92:05:8c:dd:72:7a:89:24:a2:81:37:00:20:85:fa:
                    87:2f:7e:88:96:43:91:6d:1d:88:41:f5:81:47:28:
                    16:54:3f:96:ca:46:a5:74:54:7a:db:d6:e8:d3:88:
                    18:72:75:26:49:30:cb:b9:65:6a:1b:7a:30:f9:58:
                    8b:ad:14:d0:4c:98:34:d1:8d:8a:90:c8:17:d2:4d:
                    1a:53:0d:09:52:62:dc:38:d4:8c:92:e3:9c:6b:ca:
                    e4:d7:f3:2d:da:30:e8:be:76:f8:3c:0d:ca:41:d8:
                    7e:da:3e:a8:34:ec:ab:90:c0:87:04:eb:96:05:cc:
                    2d:ae:04:37:48:64:30:be:a6:7f:dd:c9:d4:56:3a:
                    7d:1b:c1:69:ad:8a:02:61:d2:99:ef:46:de:ce:95:
                    41:68:ce:0d:d6:19:5d:d5:01:7e:79:e0:40:98:b9:
                    05:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:6D:B6:4D:7A:0B:47:8E:23:DC:2A:F2:93:A4:C8:FE:05:0C:3A:D6
            X509v3 Authority Key Identifier:
                keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/B222TXoLR44j3Cryk6TI_gUMOtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.192.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:52:fb:12:5e:4a:94:29:1f:b7:2e:88:11:da:b8:ae:15:65:
         87:14:5b:83:34:22:57:ed:c2:2a:c9:4c:3b:da:5f:6f:a7:13:
         7d:f9:49:6b:d8:01:4d:da:b9:56:40:6a:b9:6e:ce:03:49:7a:
         9f:44:93:d4:04:aa:99:44:8c:e7:48:74:4d:bb:07:54:f5:2f:
         7a:aa:68:dc:6a:e2:9f:7f:d6:5a:22:6b:45:83:3a:99:16:4f:
         01:89:50:1e:10:f0:40:f6:57:0b:69:0d:79:c3:e9:c2:dd:52:
         50:cf:44:68:ec:f6:12:71:18:22:6a:ad:ad:d3:95:d5:aa:e4:
         fe:03:fd:88:3c:73:0e:72:dd:9d:17:99:dd:87:4c:d2:1e:8f:
         74:7d:5c:62:39:6c:b0:91:29:d9:1c:44:f9:ea:8e:15:18:e0:
         e9:a8:39:78:01:19:bd:f2:b7:eb:4e:b2:83:3f:45:07:13:4a:
         99:8b:fa:c0:04:90:3b:f6:73:56:48:37:af:d7:07:5a:26:9e:
         8c:e8:41:bb:b7:e6:50:0c:23:31:2f:79:91:d0:2a:cb:b9:e9:
         6a:df:af:23:1f:d0:d1:74:60:e0:88:6e:52:40:b1:a3:9b:56:
         27:73:cd:10:13:12:b9:7b:b2:6c:a2:97:9c:14:46:c0:39:90:
         ab:2b:02:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4WHBpnrtZdpfMuVlKRwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzZkYjY0ZDdhMGI0NzhlMjNkYzJhZjI5M2E0YzhmZTA1MGMzYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljn+za+poCT6KPJVzLRXMu+ZO51z
F3aXhdeyM2Cf68c9HWBwp8KoKKrPpWy0cMeiOAYt5+GVWnqta1rfQ/bdjfIWr13k
S6U7xuibLgC5cLkVVwWZLEVh+iySBYzdcnqJJKKBNwAghfqHL36IlkORbR2IQfWB
RygWVD+WykaldFR629bo04gYcnUmSTDLuWVqG3ow+ViLrRTQTJg00Y2KkMgX0k0a
Uw0JUmLcONSMkuOca8rk1/Mt2jDovnb4PA3KQdh+2j6oNOyrkMCHBOuWBcwtrgQ3
SGQwvqZ/3cnUVjp9G8FprYoCYdKZ70bezpVBaM4N1hld1QF+eeBAmLkF+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdttk16C0eOI9wq8pOkyP4FDDrWMB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvQjIyMlRYb0xSNDRqM0NyeWs2VElfZ1VNT3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cDoMA0G
CSqGSIb3DQEBCwUAA4IBAQCCUvsSXkqUKR+3LogR2riuFWWHFFuDNCJX7cIqyUw7
2l9vpxN9+Ulr2AFN2rlWQGq5bs4DSXqfRJPUBKqZRIznSHRNuwdU9S96qmjcauKf
f9ZaImtFgzqZFk8BiVAeEPBA9lcLaQ15w+nC3VJQz0Ro7PYScRgiaq2t05XVquT+
A/2IPHMOct2dF5ndh0zSHo90fVxiOWywkSnZHET56o4VGODpqDl4ARm98rfrTrKD
P0UHE0qZi/rABJA79nNWSDev1wdaJp6M6EG7t+ZQDCMxL3mR0CrLuelq368jH9DR
dGDgiG5SQLGjm1Ync80QExK5e7JsopecFEbAOZCrKwLR
-----END CERTIFICATE-----