Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/83cf01-6cca-48d1-9cbf-5ac6fdfdc0cc/1/xvhZBJE_iBKI-v8ePovqYNDFPS0.roa
File:                     xvhZBJE_iBKI-v8ePovqYNDFPS0.roa (raw, json)
Hash identifier:          osxKhfp7Yn9GK+e68D9O5CPyuJFFVJH1uslE1otLW5Y=
Subject key identifier:   C6:F8:59:04:91:3F:88:12:88:FA:FF:1E:3E:8B:EA:60:D0:C5:3D:2D
Certificate issuer:       /CN=1b6df0bc093f298b043522ebd4ede19793081a29
Certificate serial:       018E45E7D4EAA970FAA8082182C28C347187
Authority key identifier: 1B:6D:F0:BC:09:3F:29:8B:04:35:22:EB:D4:ED:E1:97:93:08:1A:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G23wvAk_KYsENSLr1O3hl5MIGik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/83cf01-6cca-48d1-9cbf-5ac6fdfdc0cc/1/xvhZBJE_iBKI-v8ePovqYNDFPS0.roa
Signing time:             Sat 16 Mar 2024 06:16:44 +0000
ROA not before:           Sat 16 Mar 2024 06:16:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200109
IP address blocks:        212.46.61.0/24 maxlen: 24
                          2a13:cd00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/83cf01-6cca-48d1-9cbf-5ac6fdfdc0cc/1/G23wvAk_KYsENSLr1O3hl5MIGik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/83cf01-6cca-48d1-9cbf-5ac6fdfdc0cc/1/G23wvAk_KYsENSLr1O3hl5MIGik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G23wvAk_KYsENSLr1O3hl5MIGik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:45:e7:d4:ea:a9:70:fa:a8:08:21:82:c2:8c:34:71:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b6df0bc093f298b043522ebd4ede19793081a29
        Validity
            Not Before: Mar 16 06:16:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6f85904913f881288faff1e3e8bea60d0c53d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5c:03:cc:ae:0d:88:83:d7:76:e6:a8:1a:54:
                    f4:5e:4c:3e:78:b8:6b:51:e7:27:9c:14:cc:1c:2d:
                    26:00:f5:d0:b9:de:72:cc:52:0c:cb:9c:8a:a9:61:
                    b0:98:89:c9:41:06:ea:6d:b1:3e:17:0a:79:b8:d0:
                    55:70:fa:e6:d6:8f:c5:8c:68:5f:52:ee:6e:d3:f6:
                    92:5d:e4:8e:8e:a3:23:29:f2:59:2e:dd:05:10:95:
                    db:d1:62:ef:ae:f3:85:eb:d6:82:96:93:40:33:47:
                    52:b5:e4:64:ba:fb:63:8a:8a:0b:e0:e4:28:e4:25:
                    a7:ae:d2:99:8a:28:3c:21:ad:74:02:05:4d:bd:33:
                    2c:b1:54:18:e6:14:19:05:75:b0:cb:50:96:2b:0c:
                    1c:23:9f:7c:9d:e3:de:e4:a2:11:d7:a2:38:fc:5b:
                    ea:ef:ba:04:b2:e6:54:86:4c:98:f2:67:d0:fc:d8:
                    1d:59:0d:10:f2:8b:71:fa:10:73:b5:d8:50:ea:d3:
                    58:01:f7:ad:3d:a3:f0:0f:74:51:8b:96:35:5a:d5:
                    25:be:87:01:fa:30:7c:2f:73:d4:11:56:0d:9f:01:
                    60:43:7c:d7:7c:66:e3:9d:90:7b:18:b3:58:aa:f3:
                    bb:c2:80:30:21:f0:64:ae:4b:f8:de:98:a8:64:60:
                    90:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:F8:59:04:91:3F:88:12:88:FA:FF:1E:3E:8B:EA:60:D0:C5:3D:2D
            X509v3 Authority Key Identifier:
                keyid:1B:6D:F0:BC:09:3F:29:8B:04:35:22:EB:D4:ED:E1:97:93:08:1A:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G23wvAk_KYsENSLr1O3hl5MIGik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/83cf01-6cca-48d1-9cbf-5ac6fdfdc0cc/1/xvhZBJE_iBKI-v8ePovqYNDFPS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/83cf01-6cca-48d1-9cbf-5ac6fdfdc0cc/1/G23wvAk_KYsENSLr1O3hl5MIGik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.61.0/24
                IPv6:
                  2a13:cd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:a2:92:c2:9b:f1:d9:38:e6:59:fa:78:d5:db:49:86:1c:0a:
         89:83:1d:b1:4c:f7:43:88:2f:cb:56:2c:81:c9:9c:a3:a6:33:
         b0:9a:30:86:fa:b1:2f:25:78:e8:e7:64:4f:b5:0f:0f:f9:05:
         14:dd:62:ba:9c:30:e1:e3:ef:e1:d0:21:e3:94:f2:c6:4d:d2:
         1f:f4:5d:c9:15:64:f3:ef:77:16:b2:3e:e5:8d:df:e3:3c:f1:
         f3:8e:f2:a1:bb:e6:c5:15:11:47:45:05:ba:09:a5:3d:0a:2b:
         86:f7:fe:c8:d7:d3:56:a2:60:8b:64:98:93:af:ac:27:52:e1:
         71:c3:4a:7d:3d:88:8e:4a:bb:56:db:22:b4:c6:34:12:4c:2b:
         f0:13:7a:bb:6f:70:98:f6:b4:fa:0c:db:c0:e1:07:ba:0b:ba:
         71:56:9b:8e:57:b3:17:55:86:22:c8:99:57:99:b5:43:27:26:
         78:b2:91:57:44:4b:d7:1e:2c:33:7f:e2:1e:f0:18:b3:4f:b0:
         e0:31:d2:dd:26:95:4f:58:e1:ab:e4:2d:72:af:a4:82:91:49:
         c4:29:4b:5c:63:aa:ff:76:d5:52:5e:da:38:19:8e:ac:2f:da:
         d5:7e:61:da:ff:21:12:de:4b:98:28:e8:75:33:6f:ee:b2:19:
         cf:ef:ce:57
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5F59TqqXD6qAghgsKMNHGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiNmRmMGJjMDkzZjI5OGIwNDM1MjJlYmQ0ZWRlMTk3OTMw
ODFhMjkwHhcNMjQwMzE2MDYxNjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmY4NTkwNDkxM2Y4ODEyODhmYWZmMWUzZThiZWE2MGQwYzUzZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVwDzK4NiIPXduaoGlT0Xkw+eLhr
UecnnBTMHC0mAPXQud5yzFIMy5yKqWGwmInJQQbqbbE+Fwp5uNBVcPrm1o/FjGhf
Uu5u0/aSXeSOjqMjKfJZLt0FEJXb0WLvrvOF69aClpNAM0dSteRkuvtjiooL4OQo
5CWnrtKZiig8Ia10AgVNvTMssVQY5hQZBXWwy1CWKwwcI598nePe5KIR16I4/Fvq
77oEsuZUhkyY8mfQ/NgdWQ0Q8otx+hBztdhQ6tNYAfetPaPwD3RRi5Y1WtUlvocB
+jB8L3PUEVYNnwFgQ3zXfGbjnZB7GLNYqvO7woAwIfBkrkv43pioZGCQtwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMb4WQSRP4gSiPr/Hj6L6mDQxT0tMB8GA1UdIwQY
MBaAFBtt8LwJPymLBDUi69Tt4ZeTCBopMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzIzd3ZBa19LWXNFTlNMcjFPM2hsNU1JR2lrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC84M2NmMDEtNmNjYS00OGQxLTljYmYt
NWFjNmZkZmRjMGNjLzEveHZoWkJKRV9pQktJLXY4ZVBvdnFZTkRGUFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC84M2NmMDEtNmNjYS00OGQxLTljYmYtNWFjNmZkZmRjMGNj
LzEvRzIzd3ZBa19LWXNFTlNMcjFPM2hsNU1JR2lrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1C49MA0E
AgACMAcDBQMqE80AMA0GCSqGSIb3DQEBCwUAA4IBAQAhopLCm/HZOOZZ+njV20mG
HAqJgx2xTPdDiC/LViyByZyjpjOwmjCG+rEvJXjo52RPtQ8P+QUU3WK6nDDh4+/h
0CHjlPLGTdIf9F3JFWTz73cWsj7ljd/jPPHzjvKhu+bFFRFHRQW6CaU9CiuG9/7I
19NWomCLZJiTr6wnUuFxw0p9PYiOSrtW2yK0xjQSTCvwE3q7b3CY9rT6DNvA4Qe6
C7pxVpuOV7MXVYYiyJlXmbVDJyZ4spFXREvXHiwzf+Ie8BizT7DgMdLdJpVPWOGr
5C1yr6SCkUnEKUtcY6r/dtVSXto4GY6sL9rVfmHa/yES3kuYKOh1M2/ushnP785X
-----END CERTIFICATE-----