Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/wmJLXi2EDm8FiGMINxp3Ci-UmAA.roa
File:                     wmJLXi2EDm8FiGMINxp3Ci-UmAA.roa (raw, json)
Hash identifier:          14IUkLlfuNM0HPAIwSfD4gNEATlpJvp9Tc8kQ7iIOJ8=
Subject key identifier:   C2:62:4B:5E:2D:84:0E:6F:05:88:63:08:37:1A:77:0A:2F:94:98:00
Certificate issuer:       /CN=943e3f4856dac2a005c3a52347114dec453934b8
Certificate serial:       018CC348932B49867F6A34C0E9E9E948E057
Authority key identifier: 94:3E:3F:48:56:DA:C2:A0:05:C3:A5:23:47:11:4D:EC:45:39:34:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/wmJLXi2EDm8FiGMINxp3Ci-UmAA.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60633
IP address blocks:        213.3.80.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:93:2b:49:86:7f:6a:34:c0:e9:e9:e9:48:e0:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=943e3f4856dac2a005c3a52347114dec453934b8
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2624b5e2d840e6f05886308371a770a2f949800
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a5:b4:82:68:15:16:61:df:46:67:0b:17:01:
                    79:a4:6d:70:71:36:2f:da:6d:b6:83:d5:00:66:2c:
                    89:dd:93:30:29:30:a9:1f:e0:71:29:c9:f2:62:10:
                    a6:21:4e:9f:55:90:f5:6b:c2:29:20:2d:75:b1:9a:
                    69:4b:95:83:0d:38:fc:0d:b9:fb:67:65:40:b2:4e:
                    2c:1c:85:36:9b:51:03:83:08:1a:e4:89:b6:68:f7:
                    c8:03:96:2c:d1:92:17:90:ff:33:fa:34:18:1b:89:
                    d4:d6:e6:63:93:0c:bc:b2:1e:14:b6:92:44:2b:ec:
                    ab:2b:12:92:37:9d:c7:1e:6a:a0:e0:2d:21:06:f2:
                    d7:b9:47:28:f8:95:a9:a9:c5:03:2e:49:47:dd:21:
                    47:ab:3b:2c:f2:7f:ca:b1:97:77:0d:09:67:92:bd:
                    7c:b1:72:a3:61:e2:76:78:ac:b7:8b:1b:c8:0e:1b:
                    01:66:08:5c:0e:fd:71:ec:3b:d9:2a:46:e7:62:8c:
                    40:57:36:f8:58:28:06:7a:c8:1a:ae:4a:f5:06:e7:
                    33:76:aa:4c:a1:8e:11:99:b3:ce:c5:c8:2a:58:d0:
                    e4:07:76:6e:b3:19:5f:64:18:00:39:bd:2d:78:f6:
                    05:52:76:9e:e4:8e:36:2e:6e:ce:c8:13:c7:67:00:
                    6b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:62:4B:5E:2D:84:0E:6F:05:88:63:08:37:1A:77:0A:2F:94:98:00
            X509v3 Authority Key Identifier:
                keyid:94:3E:3F:48:56:DA:C2:A0:05:C3:A5:23:47:11:4D:EC:45:39:34:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/wmJLXi2EDm8FiGMINxp3Ci-UmAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.3.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7c:4d:a1:33:91:be:80:bc:e5:8a:90:11:9a:4a:d7:a7:d2:fd:
         c6:a9:00:98:e7:13:89:55:9c:15:6c:ab:30:6c:d9:be:9f:65:
         5e:6a:16:9e:cf:77:f0:9b:49:47:8e:2e:17:f6:82:16:dc:29:
         a4:75:dd:cd:d7:71:3e:18:fb:2f:61:7f:a1:d3:88:12:b9:16:
         6e:c5:77:57:04:d9:46:c3:18:51:ff:4e:39:c7:a9:d3:d8:ab:
         f7:4d:80:15:6d:47:3a:85:a5:19:09:80:0b:7d:a8:17:a9:97:
         7b:6f:b9:27:af:a7:1f:44:8c:35:66:ad:29:a6:7e:07:c6:ab:
         c3:ed:20:42:6d:69:a3:24:54:4d:a7:08:72:39:65:43:d9:eb:
         c0:87:14:9d:29:2a:b6:f3:9f:89:9b:57:b5:04:d8:27:d1:b8:
         b0:1a:f7:cc:d5:98:77:f0:2c:e0:21:99:bf:1e:d7:a1:ac:51:
         c8:85:7d:3a:d8:14:08:66:e6:d0:fc:cc:5b:ce:e1:bb:da:1e:
         db:f2:ca:56:69:71:89:a7:b0:f7:c8:45:ed:ea:e1:9d:78:78:
         71:96:d3:b4:8e:06:e7:c9:5c:33:5e:8e:2c:43:ff:05:52:93:
         81:ef:29:41:60:29:db:59:d5:bd:51:a1:fc:ff:24:a4:7e:21:
         b4:65:a6:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJMrSYZ/ajTA6enpSOBXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0M2UzZjQ4NTZkYWMyYTAwNWMzYTUyMzQ3MTE0ZGVjNDUz
OTM0YjgwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjYyNGI1ZTJkODQwZTZmMDU4ODYzMDgzNzFhNzcwYTJmOTQ5ODAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaW0gmgVFmHfRmcLFwF5pG1wcTYv
2m22g9UAZiyJ3ZMwKTCpH+BxKcnyYhCmIU6fVZD1a8IpIC11sZppS5WDDTj8Dbn7
Z2VAsk4sHIU2m1EDgwga5Im2aPfIA5Ys0ZIXkP8z+jQYG4nU1uZjkwy8sh4UtpJE
K+yrKxKSN53HHmqg4C0hBvLXuUco+JWpqcUDLklH3SFHqzss8n/KsZd3DQlnkr18
sXKjYeJ2eKy3ixvIDhsBZghcDv1x7DvZKkbnYoxAVzb4WCgGesgarkr1BuczdqpM
oY4RmbPOxcgqWNDkB3ZusxlfZBgAOb0tePYFUnae5I42Lm7OyBPHZwBrEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJiS14thA5vBYhjCDcadwovlJgAMB8GA1UdIwQY
MBaAFJQ+P0hW2sKgBcOlI0cRTexFOTS4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEQ0X1NGYmF3cUFGdzZValJ4Rk43RVU1TkxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy84YzE1NDQtN2NmMi00ODcxLWExZGYt
MDI1M2QwNGZiOGZmLzEvd21KTFhpMkVEbThGaUdNSU54cDNDaS1VbUFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy84YzE1NDQtN2NmMi00ODcxLWExZGYtMDI1M2QwNGZiOGZm
LzEvbEQ0X1NGYmF3cUFGdzZValJ4Rk43RVU1TkxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1QNQMA0G
CSqGSIb3DQEBCwUAA4IBAQB8TaEzkb6AvOWKkBGaSten0v3GqQCY5xOJVZwVbKsw
bNm+n2Veahaez3fwm0lHji4X9oIW3Cmkdd3N13E+GPsvYX+h04gSuRZuxXdXBNlG
wxhR/045x6nT2Kv3TYAVbUc6haUZCYALfagXqZd7b7knr6cfRIw1Zq0ppn4HxqvD
7SBCbWmjJFRNpwhyOWVD2evAhxSdKSq285+Jm1e1BNgn0biwGvfM1Zh38CzgIZm/
HtehrFHIhX062BQIZubQ/MxbzuG72h7b8spWaXGJp7D3yEXt6uGdeHhxltO0jgbn
yVwzXo4sQ/8FUpOB7ylBYCnbWdW9UaH8/ySkfiG0ZaZO
-----END CERTIFICATE-----