Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/uS9fULm5Jtq5NZrQYdReWZ8w1BY.roa
File:                     uS9fULm5Jtq5NZrQYdReWZ8w1BY.roa (raw, json)
Hash identifier:          mbrlh2gJgMo+LGGGY0Pt7xViEPpqVofZQDlWm4ZJm5I=
Subject key identifier:   B9:2F:5F:50:B9:B9:26:DA:B9:35:9A:D0:61:D4:5E:59:9F:30:D4:16
Certificate issuer:       /CN=28f8ede20b78f995993da98f434a966074d562c2
Certificate serial:       018DEA998E2AC1F7B19E804AB84E2D6F34EA
Authority key identifier: 28:F8:ED:E2:0B:78:F9:95:99:3D:A9:8F:43:4A:96:60:74:D5:62:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/uS9fULm5Jtq5NZrQYdReWZ8w1BY.roa
Signing time:             Tue 27 Feb 2024 12:45:48 +0000
ROA not before:           Tue 27 Feb 2024 12:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12399
IP address blocks:        213.153.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:99:8e:2a:c1:f7:b1:9e:80:4a:b8:4e:2d:6f:34:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28f8ede20b78f995993da98f434a966074d562c2
        Validity
            Not Before: Feb 27 12:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b92f5f50b9b926dab9359ad061d45e599f30d416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e4:68:34:a2:dc:d9:ac:f2:72:6f:98:df:97:
                    d6:5d:98:2c:1c:d8:7e:a5:fa:70:d0:27:48:00:40:
                    b4:67:8f:70:c1:49:4b:ae:27:9e:8b:90:73:86:64:
                    2b:06:c9:58:8d:44:d9:6e:b2:f9:6c:8f:63:7a:2a:
                    64:07:00:0b:48:1b:eb:6f:52:ca:00:ba:48:7f:aa:
                    c0:d3:86:d6:6f:52:2b:3f:00:f4:8d:24:33:2b:eb:
                    dd:4c:7f:26:25:d5:e4:79:a8:b9:08:1e:69:bc:ea:
                    61:8f:99:d7:fa:0c:38:50:95:d9:06:a4:42:46:b5:
                    8f:cf:08:83:2a:ec:dc:46:ee:c9:22:32:5e:a2:67:
                    19:b8:42:e6:5a:fe:68:c0:51:66:60:f5:33:45:80:
                    bb:6c:c9:01:64:53:5b:8b:c1:cf:6f:fe:d6:b7:95:
                    9f:71:27:f0:c7:56:f5:94:73:8a:47:05:c9:80:83:
                    47:f2:bd:04:8b:1c:54:0b:e7:c2:c8:94:17:e7:e5:
                    8e:a5:e9:58:27:c7:eb:9f:e6:e0:a9:a2:3a:70:8e:
                    b6:34:11:f0:9c:93:4b:e4:da:27:85:49:da:81:5e:
                    0f:dd:47:d1:1a:92:d9:f4:fd:f7:79:61:14:b4:fe:
                    29:f6:2d:4a:b9:62:cd:b1:1a:3d:5f:4d:2b:8b:7a:
                    f7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:2F:5F:50:B9:B9:26:DA:B9:35:9A:D0:61:D4:5E:59:9F:30:D4:16
            X509v3 Authority Key Identifier:
                keyid:28:F8:ED:E2:0B:78:F9:95:99:3D:A9:8F:43:4A:96:60:74:D5:62:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/uS9fULm5Jtq5NZrQYdReWZ8w1BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.153.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:29:56:df:37:71:4d:4b:0d:c8:ca:d0:1a:9f:08:af:99:b2:
         8c:ae:0b:c1:80:21:55:25:76:e6:90:f8:8b:84:9c:35:43:07:
         8a:a9:d3:26:f0:ba:0a:e7:28:9c:e4:3c:45:2f:c4:21:41:03:
         86:f7:38:1f:b4:cb:7c:b3:1b:b5:a3:72:24:f7:51:8b:85:1f:
         47:5b:ae:3b:38:19:7c:75:7b:2c:9b:c2:e1:3b:33:fd:00:d6:
         f0:9f:db:56:d3:87:c7:30:81:9c:b1:43:3c:ef:35:5a:ab:8f:
         d3:25:00:ba:d2:4c:89:75:df:22:f2:2e:b8:43:b2:4e:5e:7a:
         6b:af:33:d4:ca:87:e7:8d:8a:8b:dc:46:ab:a4:fb:f4:7f:f4:
         3f:7b:93:f1:d4:84:79:fb:bb:4d:fe:78:75:03:9d:ef:f9:d7:
         40:e2:21:23:a6:c2:be:fd:f8:90:3b:8d:b7:a6:cc:db:7f:d8:
         8b:3b:11:e6:7b:bd:53:73:b9:1c:6f:e4:65:9a:c4:8b:83:c9:
         30:df:db:f7:5d:58:b4:29:ff:5b:c5:8e:e1:4e:84:24:1b:a0:
         7a:ab:53:b1:8d:9d:fe:0d:b8:72:77:a6:98:7b:86:f1:70:b9:
         5b:b3:88:cd:89:5d:ff:d6:6e:32:3d:73:ab:c9:df:6d:cd:3b:
         42:18:b9:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3qmY4qwfexnoBKuE4tbzTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZjhlZGUyMGI3OGY5OTU5OTNkYTk4ZjQzNGE5NjYwNzRk
NTYyYzIwHhcNMjQwMjI3MTI0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTJmNWY1MGI5YjkyNmRhYjkzNTlhZDA2MWQ0NWU1OTlmMzBkNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlORoNKLc2azycm+Y35fWXZgsHNh+
pfpw0CdIAEC0Z49wwUlLrieei5BzhmQrBslYjUTZbrL5bI9jeipkBwALSBvrb1LK
ALpIf6rA04bWb1IrPwD0jSQzK+vdTH8mJdXkeai5CB5pvOphj5nX+gw4UJXZBqRC
RrWPzwiDKuzcRu7JIjJeomcZuELmWv5owFFmYPUzRYC7bMkBZFNbi8HPb/7Wt5Wf
cSfwx1b1lHOKRwXJgINH8r0EixxUC+fCyJQX5+WOpelYJ8frn+bgqaI6cI62NBHw
nJNL5NonhUnagV4P3UfRGpLZ9P33eWEUtP4p9i1KuWLNsRo9X00ri3r3CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkvX1C5uSbauTWa0GHUXlmfMNQWMB8GA1UdIwQY
MBaAFCj47eILePmVmT2pj0NKlmB01WLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1BqdDRndDQtWldaUGFtUFEwcVdZSFRWWXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jZmNmZmEtNjAyOS00MmRkLTllZjgt
OWQzYTBmMjNjYmU3LzEvdVM5ZlVMbTVKdHE1TlpyUVlkUmVXWjh3MUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jZmNmZmEtNjAyOS00MmRkLTllZjgtOWQzYTBmMjNjYmU3
LzEvS1BqdDRndDQtWldaUGFtUFEwcVdZSFRWWXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZlCMA0G
CSqGSIb3DQEBCwUAA4IBAQBUKVbfN3FNSw3IytAanwivmbKMrgvBgCFVJXbmkPiL
hJw1QweKqdMm8LoK5yic5DxFL8QhQQOG9zgftMt8sxu1o3Ik91GLhR9HW647OBl8
dXssm8LhOzP9ANbwn9tW04fHMIGcsUM87zVaq4/TJQC60kyJdd8i8i64Q7JOXnpr
rzPUyofnjYqL3EarpPv0f/Q/e5Px1IR5+7tN/nh1A53v+ddA4iEjpsK+/fiQO423
pszbf9iLOxHme71Tc7kcb+RlmsSLg8kw39v3XVi0Kf9bxY7hToQkG6B6q1OxjZ3+
Dbhyd6aYe4bxcLlbs4jNiV3/1m4yPXOryd9tzTtCGLnR
-----END CERTIFICATE-----