Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/kZcW_VndMOdDL54WjeF2ApA04-o.roa
File:                     kZcW_VndMOdDL54WjeF2ApA04-o.roa (raw, json)
Hash identifier:          ZIuVIeE0A7EOg1V4JUxcORbVcTFmGC8UQcDs71nwz8w=
Subject key identifier:   91:97:16:FD:59:DD:30:E7:43:2F:9E:16:8D:E1:76:02:90:34:E3:EA
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D44B23480C314107C8E625D26345D
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/kZcW_VndMOdDL54WjeF2ApA04-o.roa
Signing time:             Tue 02 Jan 2024 08:32:13 +0000
ROA not before:           Tue 02 Jan 2024 08:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212397
IP address blocks:        212.111.199.0/24 maxlen: 24
                          2a01:5c40:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:44:b2:34:80:c3:14:10:7c:8e:62:5d:26:34:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=919716fd59dd30e7432f9e168de176029034e3ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fd:69:81:14:5f:f7:42:f5:df:c5:de:e8:c3:
                    b5:62:d1:4b:ec:c8:ce:82:cf:b5:c7:43:7e:f6:34:
                    4b:49:2b:9c:20:4f:6a:7d:70:dd:e7:da:5f:f2:da:
                    de:7e:4c:52:4f:8e:5c:34:f3:b6:7e:99:ce:e3:77:
                    a4:77:45:1d:5b:ac:ed:cd:a6:c7:73:38:4f:f6:38:
                    9a:de:f7:a3:40:65:a9:74:c2:9c:87:9a:97:65:14:
                    d2:df:43:de:84:06:2e:ce:7a:f2:33:83:9c:df:29:
                    2f:43:a5:8a:dc:bd:66:26:1b:e5:d5:5f:9f:49:3f:
                    b5:e3:e6:5c:d3:7d:4c:37:f1:61:4c:96:d5:07:75:
                    5e:b7:75:2f:cb:86:23:42:7f:90:a0:6b:90:cb:4f:
                    01:67:e9:8c:02:b3:26:99:78:32:1f:2a:7d:d7:3f:
                    1e:04:6e:be:a4:a3:b5:97:ca:53:c6:c7:55:94:4c:
                    cc:75:4d:a4:94:32:57:4e:eb:b5:2b:ca:73:4d:ff:
                    a5:2a:a3:27:dd:f0:75:de:66:bf:1e:8f:de:aa:fc:
                    f0:36:2b:9c:00:45:f3:cd:96:69:63:1a:76:f6:1d:
                    16:af:96:f4:29:45:a0:a5:1b:79:98:21:bf:99:2b:
                    f8:a3:59:81:2e:d2:a0:db:a5:e9:b5:fa:fb:e5:aa:
                    b8:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:97:16:FD:59:DD:30:E7:43:2F:9E:16:8D:E1:76:02:90:34:E3:EA
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/kZcW_VndMOdDL54WjeF2ApA04-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.199.0/24
                IPv6:
                  2a01:5c40:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:8e:19:a8:7a:59:17:65:f2:0a:93:00:54:78:9c:71:67:67:
         fa:38:6f:c6:cd:0a:77:6b:23:e7:00:c3:ee:49:66:ea:96:d4:
         c3:90:81:ae:6d:22:7e:39:34:a9:d7:4c:79:1b:05:f4:47:a9:
         1e:f7:c4:0e:db:9b:ce:c6:68:9a:5f:40:dc:31:75:63:49:aa:
         e9:f3:b1:3f:9d:ac:ef:e7:79:af:35:4e:86:38:77:a6:ff:c4:
         97:1d:c3:ce:b3:f5:c2:5c:36:5f:9e:f2:b1:48:dc:f8:52:d9:
         78:3f:10:0e:a0:25:59:c5:1d:9b:c8:8a:38:20:c1:34:3e:3f:
         1f:34:66:00:3f:40:e0:4e:ec:ce:c6:93:b6:9d:be:e5:19:fd:
         c8:65:fb:80:60:d8:36:34:bd:4e:9f:3f:e6:0e:8f:fe:94:10:
         82:00:e5:81:82:80:3e:ba:e8:be:95:c7:bf:7e:0f:08:49:93:
         b8:5d:d7:92:83:2e:e1:2c:48:70:90:c0:2a:1c:62:0f:37:11:
         ae:8b:a0:8e:09:94:ca:38:d4:c9:d7:dd:c2:f3:f8:30:06:8e:
         e7:64:69:85:f3:de:0f:7f:a6:98:0c:d9:ae:b5:fd:2c:f6:9a:
         e4:17:d2:d2:7f:8b:40:23:60:a1:9e:cd:58:27:95:4a:4c:31:
         03:e7:7f:cb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTUSyNIDDFBB8jmJdJjRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTk3MTZmZDU5ZGQzMGU3NDMyZjllMTY4ZGUxNzYwMjkwMzRlM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf1pgRRf90L138Xe6MO1YtFL7MjO
gs+1x0N+9jRLSSucIE9qfXDd59pf8trefkxST45cNPO2fpnO43ekd0UdW6ztzabH
czhP9jia3vejQGWpdMKch5qXZRTS30PehAYuznryM4Oc3ykvQ6WK3L1mJhvl1V+f
ST+14+Zc031MN/FhTJbVB3Vet3Uvy4YjQn+QoGuQy08BZ+mMArMmmXgyHyp91z8e
BG6+pKO1l8pTxsdVlEzMdU2klDJXTuu1K8pzTf+lKqMn3fB13ma/Ho/eqvzwNiuc
AEXzzZZpYxp29h0Wr5b0KUWgpRt5mCG/mSv4o1mBLtKg26Xptfr75aq4DQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJGXFv1Z3TDnQy+eFo3hdgKQNOPqMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEva1pjV19WbmRNT2RETDU0V2plRjJBcEEwNC1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1G/HMA8E
AgACMAkDBwAqAVxAAAYwDQYJKoZIhvcNAQELBQADggEBAFeOGah6WRdl8gqTAFR4
nHFnZ/o4b8bNCndrI+cAw+5JZuqW1MOQga5tIn45NKnXTHkbBfRHqR73xA7bm87G
aJpfQNwxdWNJqunzsT+drO/nea81ToY4d6b/xJcdw86z9cJcNl+e8rFI3PhS2Xg/
EA6gJVnFHZvIijggwTQ+Px80ZgA/QOBO7M7Gk7advuUZ/chl+4Bg2DY0vU6fP+YO
j/6UEIIA5YGCgD666L6Vx79+DwhJk7hd15KDLuEsSHCQwCocYg83Ea6LoI4JlMo4
1MnX3cLz+DAGjudkaYXz3g9/ppgM2a61/Sz2muQX0tJ/i0AjYKGezVgnlUpMMQPn
f8s=
-----END CERTIFICATE-----