Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/u-v3zKfNdUfUN4A2mVg-AVV1Wis.roa
File:                     u-v3zKfNdUfUN4A2mVg-AVV1Wis.roa (raw, json)
Hash identifier:          hee7F5ixdnqpJF+l9phuGiZhuLdvwq1VYQqGlcjQTqE=
Subject key identifier:   BB:EB:F7:CC:A7:CD:75:47:D4:37:80:36:99:58:3E:01:55:75:5A:2B
Certificate issuer:       /CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Certificate serial:       019169F77A4E5DFAFFBE32FBA0186BE3B00D
Authority key identifier: 4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/u-v3zKfNdUfUN4A2mVg-AVV1Wis.roa
Signing time:             Mon 19 Aug 2024 09:28:32 +0000
ROA not before:           Mon 19 Aug 2024 09:28:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151487
IP address blocks:        206.245.212.0/24 maxlen: 24
                          206.245.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:69:f7:7a:4e:5d:fa:ff:be:32:fb:a0:18:6b:e3:b0:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
        Validity
            Not Before: Aug 19 09:28:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbebf7cca7cd7547d437803699583e0155755a2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:35:19:5f:97:9b:53:e4:ce:b6:81:39:73:fc:
                    58:1a:ca:97:83:1b:25:45:51:c3:36:35:b5:bd:ed:
                    90:d8:bb:b5:20:84:62:f4:53:83:8c:88:dc:2a:89:
                    5f:71:a8:f0:39:3b:a6:74:f9:aa:75:71:47:bf:64:
                    d3:3d:e9:78:43:29:61:aa:b6:fd:e2:cb:d1:7a:01:
                    d4:0c:03:f6:c7:83:84:51:bc:ca:35:c3:f6:4f:a9:
                    f0:55:e0:4d:d3:5c:dc:dc:64:45:5f:d3:55:3b:5f:
                    f9:91:c9:ec:68:56:70:3e:ff:08:31:d7:6c:a6:e4:
                    42:66:9d:86:05:21:1b:12:1f:e2:a0:00:49:83:2f:
                    84:db:2e:f5:ed:b6:85:5b:51:dd:2b:f3:2d:74:b7:
                    d2:40:1b:21:27:d6:a5:d7:55:66:83:99:04:e9:f6:
                    df:9e:4b:d4:56:14:82:4e:2d:00:e3:92:0a:c6:28:
                    0a:06:e8:25:d3:0a:ea:7d:1f:f6:ce:4f:4d:40:71:
                    ce:2a:b4:f2:b2:cf:9d:71:29:d3:d3:36:28:a2:a4:
                    3b:4d:83:10:2a:1c:65:49:ee:f6:93:52:72:3e:a8:
                    79:43:48:d7:fd:2d:5c:fc:ec:cc:d4:ec:2d:c7:a0:
                    f1:46:ae:27:17:00:9e:56:cc:7f:cb:48:15:cb:59:
                    26:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:EB:F7:CC:A7:CD:75:47:D4:37:80:36:99:58:3E:01:55:75:5A:2B
            X509v3 Authority Key Identifier:
                keyid:4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/u-v3zKfNdUfUN4A2mVg-AVV1Wis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.245.212.0/24
                  206.245.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:b5:10:f4:65:66:e8:f6:cb:73:d5:1c:51:97:66:a9:34:e7:
         65:75:2d:7d:58:6b:9d:2f:52:da:bb:4c:45:95:9b:1d:fc:30:
         ba:1e:48:4c:f0:7d:d4:04:d0:da:d9:c0:0b:6b:61:fc:26:da:
         53:4a:8e:02:c8:31:f7:1c:e7:a6:22:38:ed:f7:4c:7a:7e:89:
         04:97:a9:f7:4d:69:38:7f:f0:ff:b3:e9:7f:de:cb:4f:1d:3e:
         ee:2a:0f:4d:f7:47:58:9a:83:a4:c8:22:7a:d3:be:ec:a6:ca:
         f0:cd:06:97:a2:77:5e:93:87:08:a2:6f:5b:5b:97:04:0d:29:
         7a:20:3e:29:b0:35:84:77:9f:e8:5a:70:b6:18:9c:ea:1d:f9:
         7b:1a:b2:ac:a9:99:f3:16:2f:6a:4f:d9:b9:56:d9:e0:ba:29:
         60:77:bd:7e:89:4b:53:8d:43:df:77:6a:c7:a3:36:b1:3f:7e:
         0d:42:1c:8e:59:de:4f:b2:74:db:4e:d9:15:77:f7:f4:2c:b5:
         94:46:7f:ea:51:d3:20:27:ee:ad:8b:7d:69:5f:3f:4f:e8:f8:
         49:11:74:b7:0d:66:31:3c:36:b8:4a:b4:e3:99:a7:4d:2b:4f:
         75:d1:30:2f:7c:7a:8f:2a:53:18:68:0f:a4:fd:01:0e:2f:2f:
         bb:c8:61:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFp93pOXfr/vjL7oBhr47ANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTg0M2E4NWRkNjY0ZTlkYzAzMTA4OTJiZDdkZDljZTUy
NTkxYzcwHhcNMjQwODE5MDkyODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmViZjdjY2E3Y2Q3NTQ3ZDQzNzgwMzY5OTU4M2UwMTU1NzU1YTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDUZX5ebU+TOtoE5c/xYGsqXgxsl
RVHDNjW1ve2Q2Lu1IIRi9FODjIjcKolfcajwOTumdPmqdXFHv2TTPel4Qylhqrb9
4svRegHUDAP2x4OEUbzKNcP2T6nwVeBN01zc3GRFX9NVO1/5kcnsaFZwPv8IMdds
puRCZp2GBSEbEh/ioABJgy+E2y717baFW1HdK/MtdLfSQBshJ9al11Vmg5kE6fbf
nkvUVhSCTi0A45IKxigKBugl0wrqfR/2zk9NQHHOKrTyss+dcSnT0zYooqQ7TYMQ
KhxlSe72k1JyPqh5Q0jX/S1c/OzM1Owtx6DxRq4nFwCeVsx/y0gVy1kmewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLvr98ynzXVH1DeANplYPgFVdVorMB8GA1UdIwQY
MBaAFE7oQ6hd1mTp3AMQiSvX3ZzlJZHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjct
NDhjZjQxMmIzODdiLzEvdS12M3pLZk5kVWZVTjRBMm1WZy1BVlYxV2lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjctNDhjZjQxMmIzODdi
LzEvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAzvXUAwQA
zvXvMA0GCSqGSIb3DQEBCwUAA4IBAQCCtRD0ZWbo9stz1RxRl2apNOdldS19WGud
L1Lau0xFlZsd/DC6HkhM8H3UBNDa2cALa2H8JtpTSo4CyDH3HOemIjjt90x6fokE
l6n3TWk4f/D/s+l/3stPHT7uKg9N90dYmoOkyCJ6077spsrwzQaXondek4cIom9b
W5cEDSl6ID4psDWEd5/oWnC2GJzqHfl7GrKsqZnzFi9qT9m5Vtnguilgd71+iUtT
jUPfd2rHozaxP34NQhyOWd5PsnTbTtkVd/f0LLWURn/qUdMgJ+6ti31pXz9P6PhJ
EXS3DWYxPDa4SrTjmadNK0910TAvfHqPKlMYaA+k/QEOLy+7yGGs
-----END CERTIFICATE-----