Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/e8M3VC3lbsUFT2kyH5yrrw_bL20.roa
File:                     e8M3VC3lbsUFT2kyH5yrrw_bL20.roa (raw, json)
Hash identifier:          IfZRd6fFJfSa5I3KIoLSZcb6IBNqdLEEoDHeh+bezRQ=
Subject key identifier:   7B:C3:37:54:2D:E5:6E:C5:05:4F:69:32:1F:9C:AB:AF:0F:DB:2F:6D
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       0191B8781327D90CFA9FDAD7E08ED6870762
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/e8M3VC3lbsUFT2kyH5yrrw_bL20.roa
Signing time:             Tue 03 Sep 2024 15:19:22 +0000
ROA not before:           Tue 03 Sep 2024 15:19:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209638
IP address blocks:        212.23.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b8:78:13:27:d9:0c:fa:9f:da:d7:e0:8e:d6:87:07:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Sep  3 15:19:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bc337542de56ec5054f69321f9cabaf0fdb2f6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d9:6b:5b:f6:bf:37:50:ba:07:62:cd:9d:4b:
                    cb:87:bd:0d:fd:41:4b:af:af:15:6d:f5:5b:a7:79:
                    8a:15:9f:05:e7:ef:73:8e:a7:86:45:7d:02:e9:43:
                    af:ef:19:b7:2f:ff:23:cb:f8:b9:ba:f5:03:31:59:
                    39:fb:38:55:d6:5c:77:a2:11:2f:2e:3e:bd:36:4e:
                    1f:dd:8e:f7:5e:3a:0f:50:50:c0:de:94:fb:4b:bd:
                    a7:b3:d1:88:71:1a:58:1e:95:de:8a:40:d8:40:88:
                    21:46:02:0a:b8:8a:79:c1:62:9f:9e:1f:a1:30:86:
                    c8:b1:70:2e:8b:b1:3a:96:ae:b7:07:e0:b1:34:f3:
                    ac:d6:a9:85:60:f5:32:cc:e0:9f:9c:7e:bc:97:3a:
                    4c:56:fe:38:ef:c1:90:34:7d:1a:9d:d5:98:a4:25:
                    b2:bb:49:9d:b5:12:ea:d4:7e:c6:10:81:eb:05:af:
                    6a:f8:f0:52:91:be:52:00:dc:8e:25:47:45:a4:ca:
                    48:73:66:a8:18:f8:2e:e9:9d:49:78:74:f4:90:de:
                    36:74:14:88:16:db:33:b9:97:cb:4c:30:d0:f7:89:
                    aa:c4:48:5d:29:b1:3a:57:be:2c:8b:92:ce:e3:a1:
                    27:82:e8:c3:25:0b:92:44:3b:c3:a9:8c:65:74:74:
                    2f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:C3:37:54:2D:E5:6E:C5:05:4F:69:32:1F:9C:AB:AF:0F:DB:2F:6D
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/e8M3VC3lbsUFT2kyH5yrrw_bL20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:e7:af:b2:a8:f2:21:40:34:7b:59:07:0e:2f:01:a0:c4:aa:
         c5:ec:c3:99:cc:ee:07:e5:64:0b:e4:89:d6:89:51:7c:17:85:
         a4:7b:a9:47:88:68:53:ab:a8:bd:4b:71:18:1c:43:d5:00:fb:
         07:1b:81:8d:d5:c9:69:40:57:4f:4c:8a:90:a1:53:5d:6e:72:
         7f:e8:ff:69:f5:5e:9f:fa:f1:70:fd:dc:e5:ad:6e:77:b1:fb:
         22:18:bb:ec:a1:d2:ef:ad:26:3e:3d:83:73:48:0d:fe:be:6d:
         31:f3:f6:42:2a:a3:4c:0d:1b:3d:6f:97:be:60:24:6d:07:46:
         12:73:af:45:06:cf:2f:b7:c4:50:44:2e:15:de:dd:fc:7e:79:
         dd:11:c6:26:1e:88:c3:b9:4a:7f:22:36:20:2e:b6:7c:46:ed:
         3f:2f:20:28:cf:13:91:92:35:1f:21:5e:ee:f5:ae:f8:2d:72:
         13:04:1e:d7:cf:19:57:df:a4:9c:a1:02:57:52:a7:9a:b0:23:
         e1:86:ea:e1:f7:84:cb:ba:63:26:e0:03:80:7f:e8:8c:e4:38:
         3c:21:e4:a6:a0:41:6f:d8:a5:02:12:20:f4:27:24:49:8b:0d:
         6b:5f:a0:d6:17:0b:33:07:fe:d2:49:7c:25:6b:ab:cc:00:33:
         ad:2b:bb:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG4eBMn2Qz6n9rX4I7WhwdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjQwOTAzMTUxOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmMzMzc1NDJkZTU2ZWM1MDU0ZjY5MzIxZjljYWJhZjBmZGIyZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29lrW/a/N1C6B2LNnUvLh70N/UFL
r68VbfVbp3mKFZ8F5+9zjqeGRX0C6UOv7xm3L/8jy/i5uvUDMVk5+zhV1lx3ohEv
Lj69Nk4f3Y73XjoPUFDA3pT7S72ns9GIcRpYHpXeikDYQIghRgIKuIp5wWKfnh+h
MIbIsXAui7E6lq63B+CxNPOs1qmFYPUyzOCfnH68lzpMVv4478GQNH0andWYpCWy
u0mdtRLq1H7GEIHrBa9q+PBSkb5SANyOJUdFpMpIc2aoGPgu6Z1JeHT0kN42dBSI
FtszuZfLTDDQ94mqxEhdKbE6V74si5LO46EngujDJQuSRDvDqYxldHQvWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvDN1Qt5W7FBU9pMh+cq68P2y9tMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvZThNM1ZDM2xic1VGVDJreUg1eXJyd19iTDIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfWMA0G
CSqGSIb3DQEBCwUAA4IBAQCM56+yqPIhQDR7WQcOLwGgxKrF7MOZzO4H5WQL5InW
iVF8F4Wke6lHiGhTq6i9S3EYHEPVAPsHG4GN1clpQFdPTIqQoVNdbnJ/6P9p9V6f
+vFw/dzlrW53sfsiGLvsodLvrSY+PYNzSA3+vm0x8/ZCKqNMDRs9b5e+YCRtB0YS
c69FBs8vt8RQRC4V3t38fnndEcYmHojDuUp/IjYgLrZ8Ru0/LyAozxORkjUfIV7u
9a74LXITBB7XzxlX36ScoQJXUqeasCPhhurh94TLumMm4AOAf+iM5Dg8IeSmoEFv
2KUCEiD0JyRJiw1rX6DWFwszB/7SSXwla6vMADOtK7up
-----END CERTIFICATE-----