Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/8pUk7KzuAVoiLvD1psT5pECWxcc.roa
File:                     8pUk7KzuAVoiLvD1psT5pECWxcc.roa (raw, json)
Hash identifier:          aoJZpb4n7hpjxVod8mgIy2EuABkmbas+Y+hRZvM3JqU=
Subject key identifier:   F2:95:24:EC:AC:EE:01:5A:22:2E:F0:F5:A6:C4:F9:A4:40:96:C5:C7
Certificate issuer:       /CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
Certificate serial:       018CC9BB19698AEFAFD41BF10D702D01228A
Authority key identifier: AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/8pUk7KzuAVoiLvD1psT5pECWxcc.roa
Signing time:             Tue 02 Jan 2024 10:32:11 +0000
ROA not before:           Tue 02 Jan 2024 10:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46261
IP address blocks:        213.139.196.0/24 maxlen: 24
                          213.139.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:19:69:8a:ef:af:d4:1b:f1:0d:70:2d:01:22:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
        Validity
            Not Before: Jan  2 10:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f29524ecacee015a222ef0f5a6c4f9a44096c5c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:27:36:04:c3:18:12:fe:3a:ff:a7:99:c0:48:
                    60:10:77:8b:29:c5:e9:c3:60:27:2b:25:e1:f4:f6:
                    e0:b0:91:8d:84:50:82:e9:d8:a9:23:a1:83:88:c0:
                    29:82:41:7b:d1:21:1e:38:4a:ce:d6:ba:a8:14:eb:
                    68:2c:06:d8:d4:5b:8e:66:5c:2f:ca:0a:ca:54:43:
                    45:0f:d8:92:d5:38:5a:91:a7:c9:9f:e7:6d:9d:04:
                    89:dc:81:84:29:03:30:65:73:85:cb:b3:b0:27:f4:
                    76:a7:a8:fe:16:da:34:ea:71:21:68:0c:cc:ef:0c:
                    8e:b3:a7:9a:dc:02:d0:89:40:36:ac:bf:0d:23:71:
                    f7:ac:cf:27:90:e6:17:64:4b:22:13:92:1d:08:e3:
                    06:a4:ff:ce:12:aa:9f:fe:96:dc:de:53:51:0d:2b:
                    7e:28:33:33:60:2d:e8:d6:06:c6:5a:e2:c9:d3:7c:
                    94:48:7e:16:1c:5e:06:98:6b:18:64:73:86:b0:cc:
                    b1:fd:9b:ae:e5:be:11:1c:0b:b9:bd:06:29:e5:16:
                    fa:29:37:cc:f3:25:02:07:1c:09:3b:81:e1:de:ec:
                    a4:71:66:c5:f8:76:4c:64:0f:c6:d1:25:72:ae:78:
                    32:0d:a4:1a:09:07:3a:71:26:6d:b5:66:c6:2c:8e:
                    5f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:95:24:EC:AC:EE:01:5A:22:2E:F0:F5:A6:C4:F9:A4:40:96:C5:C7
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/8pUk7KzuAVoiLvD1psT5pECWxcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:6b:13:67:80:33:38:93:1f:57:c1:c2:b1:1f:5b:c7:59:af:
         52:34:9b:82:b1:de:74:4a:c6:80:6c:9d:3c:8a:fd:25:cb:f2:
         f8:86:cf:2e:b9:d0:b7:9c:a3:f1:e5:7d:a6:5f:42:87:f2:70:
         e3:97:ee:74:e9:bc:6e:05:e0:79:ad:a6:cc:74:4f:fb:0e:3b:
         c4:de:f1:bc:49:f3:1d:31:3b:e1:00:f0:70:95:38:30:a5:c4:
         5d:46:e1:b9:50:f8:32:8e:b9:46:52:44:a0:ce:f8:1c:df:b2:
         f6:50:50:03:1f:b0:d8:64:a5:a8:1c:dd:fd:4e:e2:c3:02:86:
         df:f3:33:b1:7c:e4:10:77:68:32:32:fc:65:46:25:64:ab:72:
         f4:f3:9a:ea:71:5a:58:95:11:b0:b4:1f:ec:39:35:bc:4d:ac:
         de:63:20:3f:29:61:e4:b7:84:a1:87:e6:a0:fc:bf:c9:23:20:
         a2:47:a4:2b:ad:07:a2:6a:13:55:55:9b:19:22:05:1e:de:11:
         97:5e:c0:dc:01:66:20:42:f9:f0:d0:28:40:17:cb:59:c6:d3:
         31:11:da:c4:16:91:80:d3:55:95:c2:8e:2b:ba:32:17:8e:cc:
         67:2f:b9:d8:96:eb:bd:56:27:1d:99:ef:f3:77:6a:2e:c1:d6:
         60:bb:40:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuxlpiu+v1BvxDXAtASKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjZmODVhYWQxMDFjNDU2YzFhYzlhMDFhNzE5MmZjNTc4
OGU5MmMwHhcNMjQwMTAyMTAzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjk1MjRlY2FjZWUwMTVhMjIyZWYwZjVhNmM0ZjlhNDQwOTZjNWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlic2BMMYEv46/6eZwEhgEHeLKcXp
w2AnKyXh9PbgsJGNhFCC6dipI6GDiMApgkF70SEeOErO1rqoFOtoLAbY1FuOZlwv
ygrKVENFD9iS1ThakafJn+dtnQSJ3IGEKQMwZXOFy7OwJ/R2p6j+Fto06nEhaAzM
7wyOs6ea3ALQiUA2rL8NI3H3rM8nkOYXZEsiE5IdCOMGpP/OEqqf/pbc3lNRDSt+
KDMzYC3o1gbGWuLJ03yUSH4WHF4GmGsYZHOGsMyx/Zuu5b4RHAu5vQYp5Rb6KTfM
8yUCBxwJO4Hh3uykcWbF+HZMZA/G0SVyrngyDaQaCQc6cSZttWbGLI5f/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKVJOys7gFaIi7w9abE+aRAlsXHMB8GA1UdIwQY
MBaAFK/2+FqtEBxFbBrJoBpxkvxXiOksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTIt
NjQ0YmQwZmM3ZjgwLzEvOHBVazdLenVBVm9pTHZEMXBzVDVwRUNXeGNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTItNjQ0YmQwZmM3Zjgw
LzEvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1YvEMA0G
CSqGSIb3DQEBCwUAA4IBAQALaxNngDM4kx9XwcKxH1vHWa9SNJuCsd50SsaAbJ08
iv0ly/L4hs8uudC3nKPx5X2mX0KH8nDjl+506bxuBeB5rabMdE/7DjvE3vG8SfMd
MTvhAPBwlTgwpcRdRuG5UPgyjrlGUkSgzvgc37L2UFADH7DYZKWoHN39TuLDAobf
8zOxfOQQd2gyMvxlRiVkq3L085rqcVpYlRGwtB/sOTW8TazeYyA/KWHkt4Shh+ag
/L/JIyCiR6QrrQeiahNVVZsZIgUe3hGXXsDcAWYgQvnw0ChAF8tZxtMxEdrEFpGA
01WVwo4rujIXjsxnL7nYluu9Vicdme/zd2ouwdZgu0A/
-----END CERTIFICATE-----