Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/PT7knUMPS8UjN4DBdJedwxVdvg8.roa
File:                     PT7knUMPS8UjN4DBdJedwxVdvg8.roa (raw, json)
Hash identifier:          eVCT4v5o7MJfFjETS/MIOU5KY9E+DNFRdoq48Ebcg10=
Subject key identifier:   3D:3E:E4:9D:43:0F:4B:C5:23:37:80:C1:74:97:9D:C3:15:5D:BE:0F
Certificate issuer:       /CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Certificate serial:       01919973B6656CC99A4164221925A9525B21
Authority key identifier: 4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/PT7knUMPS8UjN4DBdJedwxVdvg8.roa
Signing time:             Wed 28 Aug 2024 14:46:22 +0000
ROA not before:           Wed 28 Aug 2024 14:46:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48266
IP address blocks:        206.245.212.0/24 maxlen: 24
                          206.245.238.0/24 maxlen: 24
                          206.245.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:99:73:b6:65:6c:c9:9a:41:64:22:19:25:a9:52:5b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
        Validity
            Not Before: Aug 28 14:46:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d3ee49d430f4bc5233780c174979dc3155dbe0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b5:de:fd:c2:a4:29:c7:27:0e:eb:41:d2:34:
                    ba:f2:0e:07:94:0d:8e:42:84:e5:6b:c6:bd:e8:3e:
                    2c:fa:6d:39:39:2a:2c:6b:f3:ca:a0:eb:f7:73:19:
                    0c:07:ea:03:3a:6f:10:6c:12:84:ae:50:c0:1a:11:
                    6f:d1:6d:76:f4:77:60:34:af:8e:18:35:3f:65:e7:
                    e9:35:ac:5f:85:bf:73:83:a5:43:a5:b8:5f:2f:a9:
                    27:c5:5c:f5:ac:89:c6:7a:fa:dd:23:2c:c7:90:0e:
                    7f:70:72:42:37:fb:99:56:5f:59:e2:fb:2c:35:11:
                    de:c6:02:3e:96:15:a6:1c:30:f7:9d:af:93:a8:61:
                    f4:ed:b6:d1:d9:b0:7c:cc:95:b4:d5:78:d9:69:4b:
                    a9:d7:0a:d2:88:cb:c2:c2:f3:2b:ad:3d:d1:e7:40:
                    05:88:f6:3f:b4:d9:29:89:aa:94:13:65:25:26:7a:
                    26:e9:0d:6d:f0:8f:f4:05:a8:b3:33:14:93:f3:73:
                    14:f6:59:75:f2:5e:e9:82:ad:4e:1c:81:4a:ac:7b:
                    16:81:b8:42:28:92:ed:ad:70:76:7a:6e:e4:6e:f5:
                    22:fc:1c:34:ab:8d:c6:2d:7a:3f:18:e3:61:9e:63:
                    ba:a2:87:e8:e3:df:1b:9c:b6:ab:6d:e0:11:da:32:
                    90:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:3E:E4:9D:43:0F:4B:C5:23:37:80:C1:74:97:9D:C3:15:5D:BE:0F
            X509v3 Authority Key Identifier:
                keyid:4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/PT7knUMPS8UjN4DBdJedwxVdvg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.245.212.0/24
                  206.245.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:9b:a5:f1:2a:2b:98:64:82:fb:ce:cb:82:24:dc:8f:3a:a8:
         12:e0:31:cf:cc:56:54:0d:64:c8:4d:d0:fe:95:ea:5e:0b:1f:
         78:57:d3:1d:97:29:be:29:3c:f4:a9:28:65:fe:92:f4:7d:9e:
         27:45:44:9b:0b:d0:d7:b2:0c:de:2a:ee:a4:4b:1e:21:e9:39:
         81:91:b5:57:c4:4c:d7:0b:ee:f4:c1:57:ef:4c:44:01:71:7f:
         42:bc:69:f1:7f:86:c4:ae:21:d4:99:70:f6:3c:2f:56:cb:a1:
         8f:52:e9:eb:af:3b:67:98:b9:8e:4b:d9:3a:c1:bf:3e:ff:af:
         40:84:16:97:33:5c:0d:a0:a5:8a:f5:20:84:43:c0:54:f0:37:
         1a:ed:5a:b2:2b:38:39:57:e0:c4:8a:34:d9:b9:da:fc:93:ab:
         e5:1b:86:09:f5:ad:d7:a1:fb:06:e5:a2:25:05:34:77:82:a6:
         f5:65:d8:36:0e:c8:3a:fa:95:07:39:28:ea:2e:3a:13:e1:4d:
         42:2e:e8:7c:71:d8:6d:b6:67:11:bd:bb:4e:52:b1:2f:91:34:
         31:92:1e:00:ae:6c:ce:84:1c:97:91:a5:12:6f:74:12:7c:16:
         24:61:ba:b0:75:4d:ce:6a:45:d1:75:11:24:a8:7b:ee:84:24:
         4a:78:72:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGZc7ZlbMmaQWQiGSWpUlshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTg0M2E4NWRkNjY0ZTlkYzAzMTA4OTJiZDdkZDljZTUy
NTkxYzcwHhcNMjQwODI4MTQ0NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDNlZTQ5ZDQzMGY0YmM1MjMzNzgwYzE3NDk3OWRjMzE1NWRiZTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrXe/cKkKccnDutB0jS68g4HlA2O
QoTla8a96D4s+m05OSosa/PKoOv3cxkMB+oDOm8QbBKErlDAGhFv0W129HdgNK+O
GDU/ZefpNaxfhb9zg6VDpbhfL6knxVz1rInGevrdIyzHkA5/cHJCN/uZVl9Z4vss
NRHexgI+lhWmHDD3na+TqGH07bbR2bB8zJW01XjZaUup1wrSiMvCwvMrrT3R50AF
iPY/tNkpiaqUE2UlJnom6Q1t8I/0BaizMxST83MU9ll18l7pgq1OHIFKrHsWgbhC
KJLtrXB2em7kbvUi/Bw0q43GLXo/GONhnmO6oofo498bnLarbeAR2jKQzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD0+5J1DD0vFIzeAwXSXncMVXb4PMB8GA1UdIwQY
MBaAFE7oQ6hd1mTp3AMQiSvX3ZzlJZHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjct
NDhjZjQxMmIzODdiLzEvUFQ3a25VTVBTOFVqTjREQmRKZWR3eFZkdmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjctNDhjZjQxMmIzODdi
LzEvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAzvXUAwQB
zvXuMA0GCSqGSIb3DQEBCwUAA4IBAQCLm6XxKiuYZIL7zsuCJNyPOqgS4DHPzFZU
DWTITdD+lepeCx94V9Mdlym+KTz0qShl/pL0fZ4nRUSbC9DXsgzeKu6kSx4h6TmB
kbVXxEzXC+70wVfvTEQBcX9CvGnxf4bEriHUmXD2PC9Wy6GPUunrrztnmLmOS9k6
wb8+/69AhBaXM1wNoKWK9SCEQ8BU8Dca7VqyKzg5V+DEijTZudr8k6vlG4YJ9a3X
ofsG5aIlBTR3gqb1Zdg2Dsg6+pUHOSjqLjoT4U1CLuh8cdhttmcRvbtOUrEvkTQx
kh4ArmzOhByXkaUSb3QSfBYkYbqwdU3OakXRdREkqHvuhCRKeHLg
-----END CERTIFICATE-----