Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/5657c8-5037-48cd-8db5-8115df317235/1/TdonjEDoXmoVbzxcAzY0W6zp2i8.roa
File:                     TdonjEDoXmoVbzxcAzY0W6zp2i8.roa (raw, json)
Hash identifier:          mj7HWkoEk+RuSWFSNdIHsYB0Xt9oGY8lsmO0KXk+hog=
Subject key identifier:   4D:DA:27:8C:40:E8:5E:6A:15:6F:3C:5C:03:36:34:5B:AC:E9:DA:2F
Certificate issuer:       /CN=f84a65599afb9d8727c3db947effbae2e5b853d1
Certificate serial:       018CC72749EBECEE4F59C91489862368F3E7
Authority key identifier: F8:4A:65:59:9A:FB:9D:87:27:C3:DB:94:7E:FF:BA:E2:E5:B8:53:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-EplWZr7nYcnw9uUfv-64uW4U9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/5657c8-5037-48cd-8db5-8115df317235/1/TdonjEDoXmoVbzxcAzY0W6zp2i8.roa
Signing time:             Mon 01 Jan 2024 22:31:29 +0000
ROA not before:           Mon 01 Jan 2024 22:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207498
IP address blocks:        212.6.41.0/24 maxlen: 24
                          2a0d:9b00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/5657c8-5037-48cd-8db5-8115df317235/1/1-EplWZr7nYcnw9uUfv-64uW4U9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/5657c8-5037-48cd-8db5-8115df317235/1/1-EplWZr7nYcnw9uUfv-64uW4U9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-EplWZr7nYcnw9uUfv-64uW4U9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:49:eb:ec:ee:4f:59:c9:14:89:86:23:68:f3:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f84a65599afb9d8727c3db947effbae2e5b853d1
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dda278c40e85e6a156f3c5c0336345bace9da2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fa:0d:e0:db:8b:83:63:42:fe:2f:f0:1c:f9:
                    2f:92:53:15:46:1b:d1:80:5d:d6:d3:72:20:c7:3e:
                    ab:c9:a4:9b:77:b2:42:9a:70:d5:c6:9e:99:4f:21:
                    3e:56:7d:ba:06:f5:4d:45:43:8e:cc:e4:36:d9:17:
                    35:e8:07:93:cb:4d:0d:e0:90:0c:bd:47:d8:9c:9d:
                    62:7b:14:e4:62:2f:a5:e6:db:9d:4a:a5:3a:68:88:
                    8e:2a:3b:92:8f:c2:97:b1:25:0e:95:aa:f2:82:f2:
                    96:90:53:62:33:6f:40:37:bd:68:6a:ea:e4:6a:75:
                    0b:a3:2a:55:ee:19:f2:17:ee:87:29:3d:1a:8f:ac:
                    47:99:6b:93:92:82:d8:d4:ab:a3:a8:d0:dc:77:44:
                    f4:de:1a:a9:ed:38:64:36:c9:a2:76:bb:01:a5:cd:
                    f0:da:fe:e5:9e:97:fa:8b:11:48:cc:77:f4:3e:37:
                    24:40:0d:72:99:be:88:c0:63:77:3e:54:94:09:c6:
                    c8:88:d9:7a:c4:68:cf:c1:19:c8:56:71:d6:10:3b:
                    18:07:8b:51:9f:7d:ec:96:d3:5c:9c:b3:84:2c:b2:
                    83:d6:c8:42:d1:fb:66:be:b6:1d:d3:7e:93:16:36:
                    7c:5b:b1:03:f5:1c:1b:d6:fc:62:a9:0e:7a:aa:c0:
                    4b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:DA:27:8C:40:E8:5E:6A:15:6F:3C:5C:03:36:34:5B:AC:E9:DA:2F
            X509v3 Authority Key Identifier:
                keyid:F8:4A:65:59:9A:FB:9D:87:27:C3:DB:94:7E:FF:BA:E2:E5:B8:53:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-EplWZr7nYcnw9uUfv-64uW4U9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/5657c8-5037-48cd-8db5-8115df317235/1/TdonjEDoXmoVbzxcAzY0W6zp2i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/5657c8-5037-48cd-8db5-8115df317235/1/1-EplWZr7nYcnw9uUfv-64uW4U9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.41.0/24
                IPv6:
                  2a0d:9b00::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:3d:ac:41:34:71:15:e1:a5:2c:9e:63:3f:6b:4d:bd:4d:f2:
         a8:0b:60:70:45:3c:69:b5:ab:92:f4:f7:53:38:7f:96:87:ea:
         0d:de:f4:ae:b1:ee:13:87:41:ae:01:69:ff:c3:0f:e8:7c:6f:
         f1:31:0a:40:c1:72:2c:47:ba:d0:25:26:40:13:d0:31:18:59:
         98:2e:c6:53:84:9b:c1:a6:78:1a:52:fd:80:bc:dd:20:d0:94:
         d5:3e:ff:01:ce:62:d8:03:45:9e:6b:16:c9:10:7b:a2:2e:54:
         df:ed:46:cd:c2:50:7e:23:7f:b8:78:b8:69:c3:00:a6:f6:e9:
         4c:d8:0c:db:96:7b:aa:45:28:62:cc:e1:07:41:7b:c7:32:7d:
         5c:57:06:45:c4:b6:c4:9f:15:9a:95:9d:df:64:fb:00:49:fc:
         13:59:c8:64:83:a1:dc:a5:e7:47:f7:5b:4d:16:d3:8e:a5:03:
         ca:93:34:d8:03:f2:e8:81:83:51:98:25:b4:1d:7a:98:4e:fc:
         16:eb:80:98:86:7a:e3:6f:cb:87:82:0d:ed:76:a8:48:e6:6a:
         1b:62:d8:65:b1:eb:64:99:d2:2d:d3:06:c6:5b:c5:27:94:02:
         e4:67:da:c8:a3:e7:67:ea:0e:b9:d2:e7:84:bb:a3:f4:6b:7a:
         90:60:c6:0e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJ0nr7O5PWckUiYYjaPPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NGE2NTU5OWFmYjlkODcyN2MzZGI5NDdlZmZiYWUyZTVi
ODUzZDEwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGRhMjc4YzQwZTg1ZTZhMTU2ZjNjNWMwMzM2MzQ1YmFjZTlkYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPoN4NuLg2NC/i/wHPkvklMVRhvR
gF3W03Igxz6ryaSbd7JCmnDVxp6ZTyE+Vn26BvVNRUOOzOQ22Rc16AeTy00N4JAM
vUfYnJ1iexTkYi+l5tudSqU6aIiOKjuSj8KXsSUOlarygvKWkFNiM29AN71oaurk
anULoypV7hnyF+6HKT0aj6xHmWuTkoLY1KujqNDcd0T03hqp7ThkNsmidrsBpc3w
2v7lnpf6ixFIzHf0PjckQA1ymb6IwGN3PlSUCcbIiNl6xGjPwRnIVnHWEDsYB4tR
n33sltNcnLOELLKD1shC0ftmvrYd036TFjZ8W7ED9Rwb1vxiqQ56qsBL8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE3aJ4xA6F5qFW88XAM2NFus6dovMB8GA1UdIwQY
MBaAFPhKZVma+52HJ8PblH7/uuLluFPRMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1FcGxXWnI3blljbnc5dVVmdi02NHVXNFU5RS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEvNTY1N2M4LTUwMzctNDhjZC04ZGI1
LTgxMTVkZjMxNzIzNS8xL1Rkb25qRURvWG1vVmJ6eGNBelkwVzZ6cDJpOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDEvNTY1N2M4LTUwMzctNDhjZC04ZGI1LTgxMTVkZjMxNzIz
NS8xLzEtRXBsV1pyN25ZY253OXVVZnYtNjR1VzRVOUUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBADUBikw
DQQCAAIwBwMFACoNmwAwDQYJKoZIhvcNAQELBQADggEBAIM9rEE0cRXhpSyeYz9r
Tb1N8qgLYHBFPGm1q5L091M4f5aH6g3e9K6x7hOHQa4Baf/DD+h8b/ExCkDBcixH
utAlJkAT0DEYWZguxlOEm8GmeBpS/YC83SDQlNU+/wHOYtgDRZ5rFskQe6IuVN/t
Rs3CUH4jf7h4uGnDAKb26UzYDNuWe6pFKGLM4QdBe8cyfVxXBkXEtsSfFZqVnd9k
+wBJ/BNZyGSDodyl50f3W00W046lA8qTNNgD8uiBg1GYJbQdephO/BbrgJiGeuNv
y4eCDe12qEjmahti2GWx62SZ0i3TBsZbxSeUAuRn2sij52fqDrnS54S7o/RrepBg
xg4=
-----END CERTIFICATE-----