Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/33gnBpH0C9HBydNwmORPQljFqOs.roa
File:                     33gnBpH0C9HBydNwmORPQljFqOs.roa (raw, json)
Hash identifier:          hIM4M5xZf5eTHBdYMjfQeT35s9vSAe+7pUOsTdNdrnc=
Subject key identifier:   DF:78:27:06:91:F4:0B:D1:C1:C9:D3:70:98:E4:4F:42:58:C5:A8:EB
Certificate issuer:       /CN=2a8d3d3bdb06f00e6bb445f4db2d97f9b7c4beba
Certificate serial:       018FE50567ACB05AA304E50112AD347EEFD0
Authority key identifier: 2A:8D:3D:3B:DB:06:F0:0E:6B:B4:45:F4:DB:2D:97:F9:B7:C4:BE:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ko09O9sG8A5rtEX02y2X-bfEvro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/33gnBpH0C9HBydNwmORPQljFqOs.roa
Signing time:             Tue 04 Jun 2024 20:51:27 +0000
ROA not before:           Tue 04 Jun 2024 20:51:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215248
IP address blocks:        104.167.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/Ko09O9sG8A5rtEX02y2X-bfEvro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/Ko09O9sG8A5rtEX02y2X-bfEvro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ko09O9sG8A5rtEX02y2X-bfEvro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e5:05:67:ac:b0:5a:a3:04:e5:01:12:ad:34:7e:ef:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a8d3d3bdb06f00e6bb445f4db2d97f9b7c4beba
        Validity
            Not Before: Jun  4 20:51:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df78270691f40bd1c1c9d37098e44f4258c5a8eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:53:11:31:c5:c2:5a:8b:0d:ff:04:51:f4:da:
                    dc:02:2d:7b:f1:3a:30:68:6d:6d:d0:6b:6b:83:31:
                    ac:d7:ac:4f:4f:91:0e:a0:cd:18:e9:f9:03:12:e3:
                    08:f6:7c:25:20:0d:02:b8:00:0d:09:c8:cf:5f:5d:
                    11:52:ef:3e:aa:a4:d3:c4:11:d6:6c:ed:7a:c5:53:
                    94:bd:7b:80:e1:e1:1f:51:a9:9a:c9:44:42:8d:f8:
                    55:76:c0:40:b6:ab:c6:72:66:6e:ef:c1:ea:d0:a4:
                    12:f7:fb:02:42:d3:69:0c:81:64:cb:b4:98:6b:0d:
                    82:aa:39:38:9b:0f:a5:44:65:60:a0:f1:9a:ae:2f:
                    f0:ef:e8:c1:ad:7f:f7:0d:d5:72:15:a4:9d:d6:6f:
                    97:51:6e:d2:64:e4:b8:b3:ce:e0:34:72:1a:f5:6e:
                    25:d7:3a:6b:d6:e4:f4:75:5e:a5:4c:95:fb:84:17:
                    8a:f4:fd:ce:18:c7:8c:b4:cb:92:59:73:d9:3d:ff:
                    63:4f:e4:7b:01:23:f8:3d:1b:5b:b3:1c:1c:81:f1:
                    c3:dd:0d:93:b1:6a:f2:b3:81:a6:98:10:b7:cc:51:
                    fc:21:c9:07:20:f8:f1:40:72:49:dc:5a:9c:f5:de:
                    c3:a1:4c:02:4c:43:9e:30:82:ec:4b:49:8e:16:8e:
                    63:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:78:27:06:91:F4:0B:D1:C1:C9:D3:70:98:E4:4F:42:58:C5:A8:EB
            X509v3 Authority Key Identifier:
                keyid:2A:8D:3D:3B:DB:06:F0:0E:6B:B4:45:F4:DB:2D:97:F9:B7:C4:BE:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ko09O9sG8A5rtEX02y2X-bfEvro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/33gnBpH0C9HBydNwmORPQljFqOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/Ko09O9sG8A5rtEX02y2X-bfEvro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.167.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:63:21:1a:d2:64:76:e2:ec:9e:e5:0e:f9:66:f7:1d:85:75:
         b5:8d:a6:3d:14:6b:87:10:2c:30:99:0d:20:72:ab:d9:de:1a:
         56:d8:d6:14:a7:f9:1a:df:32:d4:e9:49:a3:ea:52:a1:84:66:
         be:a6:06:4e:a0:d9:b6:46:c1:d6:88:69:79:40:2e:8b:84:a7:
         ad:41:70:1c:ea:4a:be:c7:b4:66:18:35:fe:b3:3e:66:1e:d1:
         16:14:01:49:2c:16:17:bc:c2:11:5e:6b:af:35:2d:42:cd:83:
         d7:85:d5:7e:f2:42:0c:96:b3:20:00:88:10:ce:bc:2e:48:87:
         2b:73:70:dc:dc:27:7b:97:43:bf:ca:3f:4c:2b:0c:fe:ec:d2:
         00:78:e5:31:fc:3e:6f:29:45:7f:da:f2:e8:a5:5e:37:c9:65:
         46:62:2a:9e:e1:42:ce:2b:ad:e4:ef:7e:ec:3e:79:3b:80:97:
         36:cc:01:a8:0d:09:98:f3:fc:c0:44:55:aa:ba:40:9b:ce:35:
         aa:9e:34:df:05:cb:da:d7:c5:0e:c1:26:29:18:4b:bd:f1:5c:
         3f:44:c3:69:cf:00:9b:99:01:c5:4f:30:97:74:0c:35:48:4e:
         89:37:c3:b2:39:48:89:c0:fa:18:ae:e4:8b:23:83:f2:ce:f8:
         01:69:44:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/lBWessFqjBOUBEq00fu/QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOGQzZDNiZGIwNmYwMGU2YmI0NDVmNGRiMmQ5N2Y5Yjdj
NGJlYmEwHhcNMjQwNjA0MjA1MTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjc4MjcwNjkxZjQwYmQxYzFjOWQzNzA5OGU0NGY0MjU4YzVhOGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lMRMcXCWosN/wRR9NrcAi178Tow
aG1t0GtrgzGs16xPT5EOoM0Y6fkDEuMI9nwlIA0CuAANCcjPX10RUu8+qqTTxBHW
bO16xVOUvXuA4eEfUamayURCjfhVdsBAtqvGcmZu78Hq0KQS9/sCQtNpDIFky7SY
aw2Cqjk4mw+lRGVgoPGari/w7+jBrX/3DdVyFaSd1m+XUW7SZOS4s87gNHIa9W4l
1zpr1uT0dV6lTJX7hBeK9P3OGMeMtMuSWXPZPf9jT+R7ASP4PRtbsxwcgfHD3Q2T
sWrys4GmmBC3zFH8IckHIPjxQHJJ3Fqc9d7DoUwCTEOeMILsS0mOFo5jyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN94JwaR9AvRwcnTcJjkT0JYxajrMB8GA1UdIwQY
MBaAFCqNPTvbBvAOa7RF9Nstl/m3xL66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS28wOU85c0c4QTVydEVYMDJ5MlgtYmZFdnJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9hM2YwNmUtYWM2Yy00YjY2LWE5NmMt
MjliOTdiOTkwNTU1LzEvMzNnbkJwSDBDOUhCeWROd21PUlBRbGpGcU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9hM2YwNmUtYWM2Yy00YjY2LWE5NmMtMjliOTdiOTkwNTU1
LzEvS28wOU85c0c4QTVydEVYMDJ5MlgtYmZFdnJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaKcTMA0G
CSqGSIb3DQEBCwUAA4IBAQA+YyEa0mR24uye5Q75ZvcdhXW1jaY9FGuHECwwmQ0g
cqvZ3hpW2NYUp/ka3zLU6Umj6lKhhGa+pgZOoNm2RsHWiGl5QC6LhKetQXAc6kq+
x7RmGDX+sz5mHtEWFAFJLBYXvMIRXmuvNS1CzYPXhdV+8kIMlrMgAIgQzrwuSIcr
c3Dc3Cd7l0O/yj9MKwz+7NIAeOUx/D5vKUV/2vLopV43yWVGYiqe4ULOK63k737s
Pnk7gJc2zAGoDQmY8/zARFWqukCbzjWqnjTfBcva18UOwSYpGEu98Vw/RMNpzwCb
mQHFTzCXdAw1SE6JN8OyOUiJwPoYruSLI4PyzvgBaUTy
-----END CERTIFICATE-----