Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/U-DMdsIn0pa6a6YbCybOiCdspxQ.roa
File:                     U-DMdsIn0pa6a6YbCybOiCdspxQ.roa (raw, json)
Hash identifier:          dWa6aZBDEgU5mvJL4ajfDmdyit16aF4NBp0b3Ej2k7o=
Subject key identifier:   53:E0:CC:76:C2:27:D2:96:BA:6B:A6:1B:0B:26:CE:88:27:6C:A7:14
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF159859B233FFFE42F8B66864965
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/U-DMdsIn0pa6a6YbCybOiCdspxQ.roa
Signing time:             Mon 01 Jan 2024 00:29:28 +0000
ROA not before:           Mon 01 Jan 2024 00:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25070
IP address blocks:        213.199.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f1:59:85:9b:23:3f:ff:e4:2f:8b:66:86:49:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53e0cc76c227d296ba6ba61b0b26ce88276ca714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ca:d6:ac:20:44:70:4b:3f:4f:67:2d:b1:78:
                    71:b3:87:a5:d8:21:83:f4:ec:76:ae:5b:69:1e:4e:
                    21:86:f2:db:bc:48:d1:0c:b4:ae:c8:0e:91:e1:64:
                    33:22:ea:04:41:c8:97:3c:0b:70:2a:f1:78:89:c0:
                    79:47:7a:0d:6f:28:5c:44:9b:43:4e:c8:da:00:35:
                    50:5f:14:f6:c3:43:8e:b8:4f:e2:79:50:16:75:b5:
                    79:db:df:0b:de:e9:be:b2:0a:43:31:c7:62:10:e1:
                    56:ba:cc:12:21:4a:83:24:89:c0:1b:3d:67:45:92:
                    eb:c7:2e:4c:fd:9d:b1:41:f5:43:20:d5:d6:35:1f:
                    f6:55:f5:60:f2:f6:4d:3e:b8:2f:f4:49:d4:fd:71:
                    1c:0c:1b:3f:e3:cb:d6:0f:78:07:f7:92:7a:98:a6:
                    89:3e:7c:e2:ba:9e:f2:60:5c:27:23:2a:7d:a5:1e:
                    e9:83:d3:27:b0:32:a8:a6:00:64:b6:d8:0a:3c:7f:
                    13:71:84:7c:4e:e8:03:96:bb:11:1b:c1:3f:57:60:
                    e9:ad:b8:ff:1e:a6:f5:cd:4f:91:08:1d:e0:1c:9f:
                    23:4d:85:dc:ef:a9:3b:1c:c6:89:fd:8a:66:b7:e0:
                    9b:28:25:51:37:1c:99:6f:6e:65:5c:00:1a:ba:f6:
                    47:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E0:CC:76:C2:27:D2:96:BA:6B:A6:1B:0B:26:CE:88:27:6C:A7:14
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/U-DMdsIn0pa6a6YbCybOiCdspxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.199.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:24:30:88:b4:12:aa:30:61:79:75:6b:cb:4d:59:7e:c1:60:
         11:c1:4d:5b:09:5f:73:54:92:9c:e3:76:09:d0:63:4f:17:07:
         a7:e2:43:fa:94:8d:ea:b1:ae:4f:07:82:80:f4:19:b3:bc:9f:
         32:79:a0:36:17:3d:8f:64:ea:b9:a3:38:37:c1:9a:71:3d:7f:
         61:96:d9:d3:8b:95:0a:be:90:c0:04:dc:f4:6c:b5:d3:fe:d7:
         3c:f8:7b:a6:cc:12:c1:54:84:7c:98:e8:a2:f1:93:56:1b:f7:
         8b:42:e6:7e:c5:a5:91:51:70:27:5a:fd:79:cb:2a:9f:f5:ff:
         af:5a:b4:82:e8:0f:fe:29:cd:4a:99:85:1a:f1:11:81:27:d7:
         ac:4d:b7:dd:c9:68:76:de:9e:2d:ad:26:d5:d7:e0:c1:6a:c5:
         50:dc:f7:b4:35:8a:19:eb:06:d1:cf:04:5c:f2:d3:1f:eb:a5:
         02:a3:5a:bb:45:7c:78:6e:8a:9b:d2:df:e0:ad:d0:3d:1b:d8:
         72:2f:b1:c1:50:09:09:37:55:ae:96:c2:8f:e4:c2:a4:49:e7:
         17:bb:57:62:78:db:01:e3:f9:46:cf:9a:13:9f:33:de:98:90:
         64:da:27:40:7f:a1:63:76:9f:1e:d2:8c:18:bf:04:72:57:32:
         b3:ba:27:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPFZhZsjP//kL4tmhkllMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2UwY2M3NmMyMjdkMjk2YmE2YmE2MWIwYjI2Y2U4ODI3NmNhNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8rWrCBEcEs/T2ctsXhxs4el2CGD
9Ox2rltpHk4hhvLbvEjRDLSuyA6R4WQzIuoEQciXPAtwKvF4icB5R3oNbyhcRJtD
TsjaADVQXxT2w0OOuE/ieVAWdbV5298L3um+sgpDMcdiEOFWuswSIUqDJInAGz1n
RZLrxy5M/Z2xQfVDINXWNR/2VfVg8vZNPrgv9EnU/XEcDBs/48vWD3gH95J6mKaJ
Pnziup7yYFwnIyp9pR7pg9MnsDKopgBkttgKPH8TcYR8TugDlrsRG8E/V2Dprbj/
Hqb1zU+RCB3gHJ8jTYXc76k7HMaJ/Ypmt+CbKCVRNxyZb25lXAAauvZHMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPgzHbCJ9KWumumGwsmzognbKcUMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvVS1ETWRzSW4wcGE2YTZZYkN5Yk9pQ2RzcHhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cfVMA0G
CSqGSIb3DQEBCwUAA4IBAQAIJDCItBKqMGF5dWvLTVl+wWARwU1bCV9zVJKc43YJ
0GNPFwen4kP6lI3qsa5PB4KA9BmzvJ8yeaA2Fz2PZOq5ozg3wZpxPX9hltnTi5UK
vpDABNz0bLXT/tc8+HumzBLBVIR8mOii8ZNWG/eLQuZ+xaWRUXAnWv15yyqf9f+v
WrSC6A/+Kc1KmYUa8RGBJ9esTbfdyWh23p4trSbV1+DBasVQ3Pe0NYoZ6wbRzwRc
8tMf66UCo1q7RXx4boqb0t/grdA9G9hyL7HBUAkJN1WulsKP5MKkSecXu1dieNsB
4/lGz5oTnzPemJBk2idAf6Fjdp8e0owYvwRyVzKzuifv
-----END CERTIFICATE-----