Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/AuDbSsdTWZx7zxYRdpL82NK4bo4.roa
File:                     AuDbSsdTWZx7zxYRdpL82NK4bo4.roa (raw, json)
Hash identifier:          0t4ApWcRWJs89hueMxWccwfR+hWhWgc59sKrcRwrH/0=
Subject key identifier:   02:E0:DB:4A:C7:53:59:9C:7B:CF:16:11:76:92:FC:D8:D2:B8:6E:8E
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       018CC6B8902B7DBB547F37D8FFB2EBC601FA
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/AuDbSsdTWZx7zxYRdpL82NK4bo4.roa
Signing time:             Mon 01 Jan 2024 20:30:33 +0000
ROA not before:           Mon 01 Jan 2024 20:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47333
IP address blocks:        213.108.32.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:90:2b:7d:bb:54:7f:37:d8:ff:b2:eb:c6:01:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan  1 20:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02e0db4ac753599c7bcf16117692fcd8d2b86e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:41:41:1f:e8:41:fe:99:d7:43:90:9b:2a:1e:
                    6d:5f:18:98:33:c7:7b:00:9c:9b:21:02:e8:7f:c9:
                    2d:5a:af:b4:25:c6:65:dc:8e:eb:bd:36:db:36:fd:
                    cf:90:b6:fd:07:b4:09:7f:4d:0b:23:28:eb:2c:64:
                    75:d3:51:ba:7b:3d:c1:1c:23:97:81:56:94:e4:41:
                    b0:e8:26:72:af:96:f2:21:4c:70:0f:24:17:02:06:
                    b8:36:e4:2a:5f:77:0a:c0:82:b2:c4:ae:d3:16:cf:
                    70:1d:8a:ac:05:c4:c2:6d:af:15:e3:aa:5b:be:11:
                    5c:29:0c:3a:07:0a:0d:cd:99:c9:38:87:ab:3d:bb:
                    40:f6:39:8b:88:ac:a1:bd:c3:de:8a:08:34:dc:96:
                    6b:43:6b:5e:26:d6:3e:b9:8b:7c:88:dd:7f:2e:47:
                    15:a0:37:13:f5:b3:e8:45:87:34:83:2c:3b:2b:8d:
                    92:9e:31:6d:31:75:c0:b0:74:c7:d1:0d:a6:e8:70:
                    bb:61:55:6a:a4:10:b7:28:86:44:6d:95:8c:d2:39:
                    99:b1:02:64:c7:f7:1a:0c:9c:ff:c9:1c:0b:81:43:
                    1a:a6:af:af:a4:67:33:df:8a:4e:c8:ac:74:fc:49:
                    30:8c:91:fa:d7:3b:4b:b3:b8:da:ba:59:d9:a6:09:
                    4c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:E0:DB:4A:C7:53:59:9C:7B:CF:16:11:76:92:FC:D8:D2:B8:6E:8E
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/AuDbSsdTWZx7zxYRdpL82NK4bo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9c:f7:88:c7:c1:69:2e:35:c6:80:16:5e:6a:76:cd:ce:76:b1:
         ed:ff:79:a0:38:eb:c6:54:e2:57:c0:10:90:b8:63:41:9e:81:
         3b:0d:c4:68:95:af:c9:64:d5:b9:62:36:ab:88:9b:9b:85:97:
         8f:d4:ce:4a:5a:0c:d2:04:71:fd:02:2b:b3:e2:a8:da:55:f0:
         1a:78:cb:ce:68:67:a3:8b:56:a9:07:b9:4b:3a:c8:36:81:f0:
         14:5c:af:a3:90:48:b0:4b:bb:0c:e0:e5:4e:d8:ac:50:fe:e3:
         af:5d:d4:e0:b6:50:bc:18:6e:22:fe:96:ea:fc:4b:94:97:35:
         93:a5:34:de:1d:74:73:b6:88:de:84:fe:33:d6:db:3c:35:90:
         02:db:38:a6:5d:a6:4c:77:d3:d8:88:6b:fb:97:43:94:76:6c:
         e7:ca:b3:24:f3:cd:4b:01:c9:44:4f:79:ce:8d:db:d5:6e:ac:
         11:7f:8b:a7:02:87:54:7f:3f:68:ba:7c:dd:9b:70:b3:8d:71:
         81:4f:8a:8d:f1:81:f8:65:a2:cb:bc:64:67:e0:6b:b3:c6:29:
         2b:57:ec:46:07:2e:60:9e:66:3c:b7:13:82:f3:aa:f3:0f:d9:
         38:87:d0:87:af:bc:82:51:e7:d6:35:af:18:8f:52:7a:7d:30:
         1d:4a:0c:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuJArfbtUfzfY/7LrxgH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjQwMTAxMjAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmUwZGI0YWM3NTM1OTljN2JjZjE2MTE3NjkyZmNkOGQyYjg2ZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikFBH+hB/pnXQ5CbKh5tXxiYM8d7
AJybIQLof8ktWq+0JcZl3I7rvTbbNv3PkLb9B7QJf00LIyjrLGR101G6ez3BHCOX
gVaU5EGw6CZyr5byIUxwDyQXAga4NuQqX3cKwIKyxK7TFs9wHYqsBcTCba8V46pb
vhFcKQw6BwoNzZnJOIerPbtA9jmLiKyhvcPeigg03JZrQ2teJtY+uYt8iN1/LkcV
oDcT9bPoRYc0gyw7K42SnjFtMXXAsHTH0Q2m6HC7YVVqpBC3KIZEbZWM0jmZsQJk
x/caDJz/yRwLgUMapq+vpGcz34pOyKx0/EkwjJH61ztLs7jaulnZpglMMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALg20rHU1mce88WEXaS/NjSuG6OMB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEvQXVEYlNzZFRXWng3enhZUmRwTDgyTks0Ym80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1WwgMA0G
CSqGSIb3DQEBCwUAA4IBAQCc94jHwWkuNcaAFl5qds3OdrHt/3mgOOvGVOJXwBCQ
uGNBnoE7DcRola/JZNW5YjariJubhZeP1M5KWgzSBHH9Aiuz4qjaVfAaeMvOaGej
i1apB7lLOsg2gfAUXK+jkEiwS7sM4OVO2KxQ/uOvXdTgtlC8GG4i/pbq/EuUlzWT
pTTeHXRztojehP4z1ts8NZAC2zimXaZMd9PYiGv7l0OUdmznyrMk881LAclET3nO
jdvVbqwRf4unAodUfz9ounzdm3CzjXGBT4qN8YH4ZaLLvGRn4GuzxikrV+xGBy5g
nmY8txOC86rzD9k4h9CHr7yCUefWNa8Yj1J6fTAdSgwd
-----END CERTIFICATE-----