Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/RlI6D_7zmryO0M9FyqshzqpzEeQ.roa
File:                     RlI6D_7zmryO0M9FyqshzqpzEeQ.roa (raw, json)
Hash identifier:          UX7BoQ1RCCxbc0uFnB3DEvQH2WFvIM4CfUqmt/bdZVs=
Subject key identifier:   46:52:3A:0F:FE:F3:9A:BC:8E:D0:CF:45:CA:AB:21:CE:AA:73:11:E4
Certificate issuer:       /CN=7339870e10262c6709b7b61637134b5f9a6c78ca
Certificate serial:       018CC7272044C5A4A558750DEE50F730F89D
Authority key identifier: 73:39:87:0E:10:26:2C:67:09:B7:B6:16:37:13:4B:5F:9A:6C:78:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/czmHDhAmLGcJt7YWNxNLX5pseMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/RlI6D_7zmryO0M9FyqshzqpzEeQ.roa
Signing time:             Mon 01 Jan 2024 22:31:19 +0000
ROA not before:           Mon 01 Jan 2024 22:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25091
IP address blocks:        213.139.244.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/czmHDhAmLGcJt7YWNxNLX5pseMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/czmHDhAmLGcJt7YWNxNLX5pseMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/czmHDhAmLGcJt7YWNxNLX5pseMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:20:44:c5:a4:a5:58:75:0d:ee:50:f7:30:f8:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7339870e10262c6709b7b61637134b5f9a6c78ca
        Validity
            Not Before: Jan  1 22:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46523a0ffef39abc8ed0cf45caab21ceaa7311e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:da:bf:15:ec:f5:43:4a:a3:45:92:33:7c:f6:
                    22:41:c0:99:00:98:35:cd:3e:26:f8:aa:05:ba:68:
                    4d:1c:61:e2:97:d8:5f:d2:5f:68:5c:05:65:00:31:
                    99:2c:2e:51:18:3c:f7:aa:c7:b0:39:81:2c:0d:f7:
                    e0:5e:33:bb:50:1a:f1:9c:1b:47:55:18:a7:f6:56:
                    c3:b2:4b:d4:0a:bc:02:cc:84:b0:c4:08:f5:5f:68:
                    f2:ad:e7:5e:c1:0d:15:7f:31:30:15:39:2c:d9:c7:
                    5c:5c:40:21:85:8d:f7:48:07:84:d5:ec:d9:7e:e9:
                    34:0a:2b:e1:82:f1:71:7b:18:86:80:7e:49:ea:34:
                    5b:a9:10:39:b0:fe:0e:fd:c4:5a:d0:d2:6b:5e:3e:
                    31:2a:5e:71:a6:49:18:4f:76:c3:75:17:f4:f6:21:
                    01:5b:cd:b5:4c:61:85:54:ae:d0:9e:ee:1a:a5:51:
                    2d:56:13:b8:7d:a9:8d:64:bc:98:8b:66:e8:6a:9e:
                    e8:b5:9c:4b:03:20:79:ff:d5:a8:5d:dc:3a:93:81:
                    ff:2c:92:1c:f3:88:7b:a7:ff:d4:9a:83:c6:75:56:
                    16:e7:51:0f:bd:57:a2:eb:3d:9f:a7:89:10:41:e1:
                    02:73:6a:26:5f:1f:c0:05:d4:e7:f8:68:8c:46:41:
                    d9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:52:3A:0F:FE:F3:9A:BC:8E:D0:CF:45:CA:AB:21:CE:AA:73:11:E4
            X509v3 Authority Key Identifier:
                keyid:73:39:87:0E:10:26:2C:67:09:B7:B6:16:37:13:4B:5F:9A:6C:78:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/czmHDhAmLGcJt7YWNxNLX5pseMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/RlI6D_7zmryO0M9FyqshzqpzEeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/czmHDhAmLGcJt7YWNxNLX5pseMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cd:32:ac:77:5f:b5:9b:93:f0:91:eb:50:40:c2:97:e7:01:22:
         61:f7:e4:9a:d1:70:11:45:fd:de:52:a7:8a:18:6e:d8:f1:da:
         37:b7:36:c8:90:4b:1b:9c:41:b3:60:61:99:48:c0:97:90:3d:
         a9:2d:d5:bb:71:fc:28:a7:02:ae:67:40:b0:f2:a9:44:eb:97:
         07:8c:a9:f8:7b:b1:6e:ee:9b:58:08:c5:d6:4d:d1:f2:a4:1d:
         df:54:55:67:6c:cf:de:8a:49:f4:85:11:d9:f8:d9:e0:2a:01:
         27:62:ef:e6:18:e8:d7:b0:3b:c5:bf:b7:49:bc:a2:d3:3f:31:
         53:e1:fa:ff:54:b0:52:e1:43:93:e6:6c:8b:81:62:bc:53:9a:
         16:4c:66:0c:51:bd:0c:43:59:0c:e9:1e:73:83:49:00:71:c6:
         dd:79:e9:ee:ef:ab:a1:52:cd:fd:29:fe:63:02:bc:8d:1d:ab:
         87:14:98:3c:33:32:db:58:9b:fb:a2:55:26:58:e5:b2:dd:bb:
         84:a8:7a:0b:bd:40:3b:ea:0f:d4:ce:9a:f7:66:04:5e:3a:08:
         c7:56:64:02:67:d8:bc:ee:de:42:f8:fe:c8:b7:71:9b:be:0e:
         a1:60:e6:b9:f7:a3:a1:7e:32:fc:78:be:a5:fc:4a:3b:3a:12:
         1a:cd:9a:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyBExaSlWHUN7lD3MPidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMzk4NzBlMTAyNjJjNjcwOWI3YjYxNjM3MTM0YjVmOWE2
Yzc4Y2EwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjUyM2EwZmZlZjM5YWJjOGVkMGNmNDVjYWFiMjFjZWFhNzMxMWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtq/Fez1Q0qjRZIzfPYiQcCZAJg1
zT4m+KoFumhNHGHil9hf0l9oXAVlADGZLC5RGDz3qsewOYEsDffgXjO7UBrxnBtH
VRin9lbDskvUCrwCzISwxAj1X2jyredewQ0VfzEwFTks2cdcXEAhhY33SAeE1ezZ
fuk0CivhgvFxexiGgH5J6jRbqRA5sP4O/cRa0NJrXj4xKl5xpkkYT3bDdRf09iEB
W821TGGFVK7Qnu4apVEtVhO4famNZLyYi2boap7otZxLAyB5/9WoXdw6k4H/LJIc
84h7p//UmoPGdVYW51EPvVei6z2fp4kQQeECc2omXx/ABdTn+GiMRkHZ2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZSOg/+85q8jtDPRcqrIc6qcxHkMB8GA1UdIwQY
MBaAFHM5hw4QJixnCbe2FjcTS1+abHjKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3ptSERoQW1MR2NKdDdZV054TkxYNXBzZU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS80YjgzZGItZjRmZi00ZjBjLWEzZjYt
MTU0NTc0ZmJiMzg5LzEvUmxJNkRfN3ptcnlPME05Rnlxc2h6cXB6RWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS80YjgzZGItZjRmZi00ZjBjLWEzZjYtMTU0NTc0ZmJiMzg5
LzEvY3ptSERoQW1MR2NKdDdZV054TkxYNXBzZU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1Yv0MA0G
CSqGSIb3DQEBCwUAA4IBAQDNMqx3X7Wbk/CR61BAwpfnASJh9+Sa0XARRf3eUqeK
GG7Y8do3tzbIkEsbnEGzYGGZSMCXkD2pLdW7cfwopwKuZ0Cw8qlE65cHjKn4e7Fu
7ptYCMXWTdHypB3fVFVnbM/eikn0hRHZ+NngKgEnYu/mGOjXsDvFv7dJvKLTPzFT
4fr/VLBS4UOT5myLgWK8U5oWTGYMUb0MQ1kM6R5zg0kAccbdeenu76uhUs39Kf5j
AryNHauHFJg8MzLbWJv7olUmWOWy3buEqHoLvUA76g/Uzpr3ZgReOgjHVmQCZ9i8
7t5C+P7It3Gbvg6hYOa596OhfjL8eL6l/Eo7OhIazZoB
-----END CERTIFICATE-----