Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/q7MvvyJeo6PHtEXcpRfMROnx-Lg.roa
File:                     q7MvvyJeo6PHtEXcpRfMROnx-Lg.roa (raw, json)
Hash identifier:          Kb3gpAtwhU+fWmfgoKKTnnU9mbdeTtIZSzMzZ+M+yTo=
Subject key identifier:   AB:B3:2F:BF:22:5E:A3:A3:C7:B4:45:DC:A5:17:CC:44:E9:F1:F8:B8
Certificate issuer:       /CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
Certificate serial:       019064709778805853A42E08BAEEEC123747
Authority key identifier: DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/q7MvvyJeo6PHtEXcpRfMROnx-Lg.roa
Signing time:             Sat 29 Jun 2024 14:40:18 +0000
ROA not before:           Sat 29 Jun 2024 14:40:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212293
IP address blocks:        213.202.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:64:70:97:78:80:58:53:a4:2e:08:ba:ee:ec:12:37:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
        Validity
            Not Before: Jun 29 14:40:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abb32fbf225ea3a3c7b445dca517cc44e9f1f8b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:37:5e:4b:5f:c8:4a:fd:9f:40:49:56:21:29:
                    a5:c0:2f:69:3c:eb:55:db:ab:b3:a6:b0:dd:7a:3a:
                    7c:f8:a2:7a:34:3a:ea:0d:c7:90:dc:44:cf:eb:a4:
                    fb:dd:50:35:49:de:13:ff:56:b9:29:09:02:04:47:
                    a9:c3:90:b6:db:03:91:71:53:04:4f:e0:ed:cd:d9:
                    86:3b:a3:0b:64:2d:ee:1c:e6:88:92:e4:c3:6d:17:
                    b1:92:09:70:93:dd:19:7c:ec:1f:f4:51:ad:65:bf:
                    d9:ed:34:87:b6:f9:c3:78:0d:54:68:28:34:34:f1:
                    6e:80:35:d2:71:77:ba:b3:bf:e1:ce:80:37:fc:88:
                    c3:0d:09:ab:55:09:ed:2b:d3:80:1e:7d:85:e9:4e:
                    6f:a0:c4:69:22:13:8e:ca:3a:55:e8:58:91:b2:fa:
                    d9:a3:6f:1c:0f:69:e5:3b:57:81:e0:d3:77:ae:f4:
                    74:30:86:a8:81:af:37:9b:25:41:2c:fc:7c:eb:2a:
                    da:05:45:95:7a:11:7a:af:c6:f0:64:75:6a:47:26:
                    5c:27:dd:f1:50:bb:b9:8c:ef:c0:b4:c9:f6:0b:b9:
                    51:11:c3:bc:65:2b:94:68:5c:d5:a2:ee:88:d2:b0:
                    73:33:21:f9:92:ee:9a:ed:ce:39:c4:78:15:31:71:
                    8a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:B3:2F:BF:22:5E:A3:A3:C7:B4:45:DC:A5:17:CC:44:E9:F1:F8:B8
            X509v3 Authority Key Identifier:
                keyid:DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/q7MvvyJeo6PHtEXcpRfMROnx-Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.202.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:41:05:77:c6:98:b6:2f:2e:36:f0:1e:6c:0d:d7:e5:37:7d:
         d0:9c:b7:fa:d1:21:97:a8:10:bb:bf:36:0f:d3:0a:3d:4e:cd:
         c9:9b:59:f5:c2:46:fc:00:4c:9d:9a:96:a4:e2:ae:cb:bc:e7:
         21:2f:35:a4:4e:2a:4a:ad:5a:57:72:06:2a:d9:5d:79:57:a1:
         8c:93:ea:a6:0b:50:68:6e:80:cb:f6:4c:c8:90:2f:c8:b3:85:
         0f:aa:a7:fc:39:b7:9f:8e:68:a9:70:5b:07:88:0a:f4:7d:d2:
         9a:19:1b:9e:f4:c1:90:48:fe:16:fc:4a:0e:dc:0e:f3:1f:66:
         83:80:36:69:9b:66:49:0a:dc:81:ee:75:e9:50:86:b2:4f:93:
         45:0f:c7:f3:78:62:70:a8:d2:91:4f:2d:19:29:32:4c:17:3e:
         65:65:62:27:d7:96:a0:cf:a5:8d:07:c4:39:1e:31:6b:29:ed:
         cb:ab:08:0f:c1:f3:8c:e9:97:03:09:cd:06:d6:ea:01:cd:7d:
         1a:f9:75:5c:bc:02:40:4d:7e:b7:ed:f7:df:7d:60:30:f6:63:
         73:af:3a:5c:2c:11:0a:f2:fc:b0:db:cc:33:59:c4:f4:4b:6f:
         4b:4b:c7:13:ce:36:5e:b7:e0:60:10:01:54:bb:98:8c:0a:8f:
         29:a8:f0:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBkcJd4gFhTpC4Iuu7sEjdHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNWM1MzJmM2NkNWUxMWUxOWZlYjE5NjU1ZDRmMTk5MjZm
MDIwMjAwHhcNMjQwNjI5MTQ0MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmIzMmZiZjIyNWVhM2EzYzdiNDQ1ZGNhNTE3Y2M0NGU5ZjFmOGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTdeS1/ISv2fQElWISmlwC9pPOtV
26uzprDdejp8+KJ6NDrqDceQ3ETP66T73VA1Sd4T/1a5KQkCBEepw5C22wORcVME
T+DtzdmGO6MLZC3uHOaIkuTDbRexkglwk90ZfOwf9FGtZb/Z7TSHtvnDeA1UaCg0
NPFugDXScXe6s7/hzoA3/IjDDQmrVQntK9OAHn2F6U5voMRpIhOOyjpV6FiRsvrZ
o28cD2nlO1eB4NN3rvR0MIaoga83myVBLPx86yraBUWVehF6r8bwZHVqRyZcJ93x
ULu5jO/AtMn2C7lREcO8ZSuUaFzVou6I0rBzMyH5ku6a7c45xHgVMXGK7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuzL78iXqOjx7RF3KUXzETp8fi4MB8GA1UdIwQY
MBaAFNxcUy881eEeGf6xllXU8Zkm8CAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEt
NGI2YzFjZjlmZTRmLzEvcTdNdnZ5SmVvNlBIdEVYY3BSZk1ST254LUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEtNGI2YzFjZjlmZTRm
LzEvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cpVMA0G
CSqGSIb3DQEBCwUAA4IBAQAQQQV3xpi2Ly428B5sDdflN33QnLf60SGXqBC7vzYP
0wo9Ts3Jm1n1wkb8AEydmpak4q7LvOchLzWkTipKrVpXcgYq2V15V6GMk+qmC1Bo
boDL9kzIkC/Is4UPqqf8ObefjmipcFsHiAr0fdKaGRue9MGQSP4W/EoO3A7zH2aD
gDZpm2ZJCtyB7nXpUIayT5NFD8fzeGJwqNKRTy0ZKTJMFz5lZWIn15agz6WNB8Q5
HjFrKe3LqwgPwfOM6ZcDCc0G1uoBzX0a+XVcvAJATX637ffffWAw9mNzrzpcLBEK
8vyw28wzWcT0S29LS8cTzjZet+BgEAFUu5iMCo8pqPCP
-----END CERTIFICATE-----