Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/8d9f77-4684-4d82-ae38-31e50bab716e/1/cFdhJPGnDIHoox1YTz8MlwyuU48.roa
File:                     cFdhJPGnDIHoox1YTz8MlwyuU48.roa (raw, json)
Hash identifier:          b07FLSUSCtEa5V1LMDcBUOfxWZtM819DnL9IFwqMiPc=
Subject key identifier:   70:57:61:24:F1:A7:0C:81:E8:A3:1D:58:4F:3F:0C:97:0C:AE:53:8F
Certificate issuer:       /CN=7c57532e1cfd31c72732e44e3539ff6e096c2a47
Certificate serial:       018DC4EA3DA0E45C850ABE8FCA4F302CDAF7
Authority key identifier: 7C:57:53:2E:1C:FD:31:C7:27:32:E4:4E:35:39:FF:6E:09:6C:2A:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fFdTLhz9MccnMuRONTn_bglsKkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/8d9f77-4684-4d82-ae38-31e50bab716e/1/cFdhJPGnDIHoox1YTz8MlwyuU48.roa
Signing time:             Tue 20 Feb 2024 05:08:21 +0000
ROA not before:           Tue 20 Feb 2024 05:08:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        213.241.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/8d9f77-4684-4d82-ae38-31e50bab716e/1/fFdTLhz9MccnMuRONTn_bglsKkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/8d9f77-4684-4d82-ae38-31e50bab716e/1/fFdTLhz9MccnMuRONTn_bglsKkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fFdTLhz9MccnMuRONTn_bglsKkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c4:ea:3d:a0:e4:5c:85:0a:be:8f:ca:4f:30:2c:da:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c57532e1cfd31c72732e44e3539ff6e096c2a47
        Validity
            Not Before: Feb 20 05:08:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70576124f1a70c81e8a31d584f3f0c970cae538f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:92:88:5c:e7:75:1a:53:b0:8e:75:7c:71:50:
                    b0:de:b5:9e:d4:ab:e9:b4:81:9f:48:77:93:42:64:
                    a8:84:39:7e:44:79:ff:5a:2b:bc:55:ce:b7:f5:49:
                    7d:22:0c:08:3e:5f:4e:fd:b1:a1:82:a9:48:13:03:
                    c5:aa:c4:56:e1:e5:a7:84:9a:87:19:7d:b0:9c:6e:
                    ae:0a:f6:3a:59:2a:30:20:c3:ad:05:89:90:91:15:
                    7a:25:d2:0d:08:64:4f:e4:30:16:8d:9c:9f:4e:84:
                    83:03:90:18:c5:31:06:77:e3:45:de:f2:63:7c:a6:
                    9a:df:38:64:d3:60:b9:69:63:ae:d5:3e:a7:c3:61:
                    b8:d1:fc:47:75:d9:75:e0:b8:5a:de:97:54:d5:a9:
                    80:8c:a8:f7:c0:6b:99:3b:42:23:fd:07:67:70:bd:
                    8e:6c:77:dc:8b:bf:73:1c:b4:0f:2c:6a:db:26:99:
                    41:dd:57:1e:ea:0e:2a:c0:d5:dc:54:40:14:ca:d8:
                    97:a5:39:0d:ea:08:4b:ba:e2:88:59:a7:9b:5c:69:
                    30:99:96:ec:20:f4:98:2f:62:fd:45:67:e3:b2:52:
                    8b:eb:e8:a2:14:a2:47:75:09:58:77:87:52:cf:ae:
                    1a:a6:c9:dd:48:1b:bf:80:78:33:f8:9f:8d:ac:a8:
                    ff:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:57:61:24:F1:A7:0C:81:E8:A3:1D:58:4F:3F:0C:97:0C:AE:53:8F
            X509v3 Authority Key Identifier:
                keyid:7C:57:53:2E:1C:FD:31:C7:27:32:E4:4E:35:39:FF:6E:09:6C:2A:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fFdTLhz9MccnMuRONTn_bglsKkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8d9f77-4684-4d82-ae38-31e50bab716e/1/cFdhJPGnDIHoox1YTz8MlwyuU48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8d9f77-4684-4d82-ae38-31e50bab716e/1/fFdTLhz9MccnMuRONTn_bglsKkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.241.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:5e:21:67:9e:1c:ea:10:99:d4:2b:8e:c8:1a:74:6f:45:bc:
         78:63:a0:0c:c6:19:d7:6d:d6:35:ac:88:b8:c0:9d:c5:82:12:
         f0:23:1c:4d:ba:78:cf:73:94:0e:10:23:c9:b7:88:34:78:f6:
         36:5a:74:82:0e:79:9c:f8:6f:8e:06:a2:29:9f:24:8e:d0:5b:
         96:fc:4d:7c:eb:9b:3d:42:85:ed:7c:eb:27:c4:7e:85:13:a8:
         61:ce:a2:f4:62:f1:b7:4d:b4:ea:46:17:15:54:b8:6c:a4:b2:
         b0:38:57:cb:c3:d1:b8:a3:60:40:35:65:c5:ef:2b:1f:3c:4b:
         7a:f2:e7:63:9b:bc:10:d3:8f:54:f8:09:5e:e7:38:38:7d:6e:
         5b:27:4f:f0:f6:48:da:1a:99:c5:a6:3d:b9:d3:7d:88:72:1a:
         d7:0c:68:c8:d1:8c:de:13:82:12:bc:aa:a2:5a:fb:d5:3f:eb:
         52:95:31:13:db:66:06:19:6e:bf:b7:e0:ad:9f:bf:36:fe:97:
         a0:b6:44:3e:e2:1c:9b:a8:8c:02:66:f7:47:cc:64:76:06:90:
         3f:a0:24:1b:38:a8:b8:aa:fb:ba:7b:d6:d8:20:2d:63:2e:9e:
         f3:39:02:0c:f9:f3:57:c6:66:93:a3:3d:dc:6d:dd:f5:73:46:
         b9:8e:24:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3E6j2g5FyFCr6Pyk8wLNr3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNTc1MzJlMWNmZDMxYzcyNzMyZTQ0ZTM1MzlmZjZlMDk2
YzJhNDcwHhcNMjQwMjIwMDUwODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDU3NjEyNGYxYTcwYzgxZThhMzFkNTg0ZjNmMGM5NzBjYWU1MzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJKIXOd1GlOwjnV8cVCw3rWe1Kvp
tIGfSHeTQmSohDl+RHn/Wiu8Vc639Ul9IgwIPl9O/bGhgqlIEwPFqsRW4eWnhJqH
GX2wnG6uCvY6WSowIMOtBYmQkRV6JdINCGRP5DAWjZyfToSDA5AYxTEGd+NF3vJj
fKaa3zhk02C5aWOu1T6nw2G40fxHddl14Lha3pdU1amAjKj3wGuZO0Ij/QdncL2O
bHfci79zHLQPLGrbJplB3Vce6g4qwNXcVEAUytiXpTkN6ghLuuKIWaebXGkwmZbs
IPSYL2L9RWfjslKL6+iiFKJHdQlYd4dSz64apsndSBu/gHgz+J+NrKj/dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBXYSTxpwyB6KMdWE8/DJcMrlOPMB8GA1UdIwQY
MBaAFHxXUy4c/THHJzLkTjU5/24JbCpHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkZkVExoejlNY2NuTXVST05Ubl9iZ2xzS2tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy84ZDlmNzctNDY4NC00ZDgyLWFlMzgt
MzFlNTBiYWI3MTZlLzEvY0ZkaEpQR25ESUhvb3gxWVR6OE1sd3l1VTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy84ZDlmNzctNDY4NC00ZDgyLWFlMzgtMzFlNTBiYWI3MTZl
LzEvZkZkVExoejlNY2NuTXVST05Ubl9iZ2xzS2tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1fHGMA0G
CSqGSIb3DQEBCwUAA4IBAQAkXiFnnhzqEJnUK47IGnRvRbx4Y6AMxhnXbdY1rIi4
wJ3FghLwIxxNunjPc5QOECPJt4g0ePY2WnSCDnmc+G+OBqIpnySO0FuW/E1865s9
QoXtfOsnxH6FE6hhzqL0YvG3TbTqRhcVVLhspLKwOFfLw9G4o2BANWXF7ysfPEt6
8udjm7wQ049U+Ale5zg4fW5bJ0/w9kjaGpnFpj25032IchrXDGjI0YzeE4ISvKqi
WvvVP+tSlTET22YGGW6/t+Ctn782/pegtkQ+4hybqIwCZvdHzGR2BpA/oCQbOKi4
qvu6e9bYIC1jLp7zOQIM+fNXxmaToz3cbd31c0a5jiR1
-----END CERTIFICATE-----