Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/u1mP7B2F3KTBh40s6OJ_b5gcIF8.roa
File:                     u1mP7B2F3KTBh40s6OJ_b5gcIF8.roa (raw, json)
Hash identifier:          lt8DrYW0kvHW4OCbaehHrnhkNH6hH3939sIUIanqjwI=
Subject key identifier:   BB:59:8F:EC:1D:85:DC:A4:C1:87:8D:2C:E8:E2:7F:6F:98:1C:20:5F
Certificate issuer:       /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial:       018F760627EEC13EF5F1FC501C6FF52465DF
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/u1mP7B2F3KTBh40s6OJ_b5gcIF8.roa
Signing time:             Tue 14 May 2024 07:34:25 +0000
ROA not before:           Tue 14 May 2024 07:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213224
IP address blocks:        209.227.208.0/20 maxlen: 24
                          209.227.240.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:06:27:ee:c1:3e:f5:f1:fc:50:1c:6f:f5:24:65:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
        Validity
            Not Before: May 14 07:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb598fec1d85dca4c1878d2ce8e27f6f981c205f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5b:01:fc:c8:dc:40:7d:4f:55:09:97:73:b5:
                    29:76:ae:3d:70:c4:f1:88:b6:04:2f:41:f4:6d:ad:
                    45:bc:e8:5c:de:c6:2c:9f:97:d3:ac:56:c5:24:39:
                    e6:40:4b:1e:df:e6:98:78:8a:64:51:be:54:e1:7e:
                    34:d9:0c:99:6c:72:60:b5:57:37:1f:a4:2a:13:b4:
                    cc:13:71:a7:e6:bf:be:56:43:67:13:21:55:17:43:
                    04:f7:dc:56:99:8c:77:7a:75:fd:6e:4a:b4:4e:3a:
                    f0:ae:56:d7:8d:3f:4f:85:a8:3c:ef:85:a2:e9:02:
                    b4:79:1b:70:0b:5a:b4:86:53:a8:8d:e1:29:21:e0:
                    f9:2b:80:37:a0:97:2f:a5:5b:93:cf:be:e3:2e:92:
                    d3:7a:2e:5f:5e:50:7e:09:e1:31:f4:ed:64:1d:90:
                    c3:a0:49:49:43:6f:59:70:7f:e6:b0:fb:86:37:65:
                    9c:10:ee:f3:e0:a1:bc:28:02:71:d9:76:b7:93:89:
                    7c:a1:b8:0c:d3:c4:64:a6:ee:09:6c:ae:19:e2:5c:
                    1e:4d:88:75:42:4e:85:42:5b:18:24:1c:72:b7:1b:
                    0c:4d:cf:b3:99:f5:87:41:88:90:b7:16:9d:69:58:
                    d3:3d:7e:30:09:25:b8:77:b9:e4:43:ed:b4:cb:33:
                    2e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:59:8F:EC:1D:85:DC:A4:C1:87:8D:2C:E8:E2:7F:6F:98:1C:20:5F
            X509v3 Authority Key Identifier:
                keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/u1mP7B2F3KTBh40s6OJ_b5gcIF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.227.208.0/20
                  209.227.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8e:da:48:12:6f:67:e9:cc:aa:9d:be:5a:8f:c3:b2:9a:78:b4:
         ca:70:49:ea:ef:9a:41:f4:09:0f:7c:72:cc:bb:e2:05:f8:7b:
         77:54:0c:50:b8:7d:15:0f:e8:7b:81:7a:f9:96:30:34:00:67:
         07:7f:6d:bf:c2:81:a6:fd:83:90:d6:2b:1f:9b:fd:9b:6d:9a:
         0e:06:df:cc:3c:6d:99:f8:d0:0c:00:0c:70:5a:79:3b:d1:87:
         de:41:bb:a6:15:98:6c:e3:44:d5:fb:5c:f1:4c:99:73:96:80:
         ee:e1:1c:86:69:99:a7:c9:ba:cf:40:6e:c9:e1:27:43:80:df:
         c8:4c:39:b0:a0:24:40:b5:71:9b:d8:a5:dd:84:11:9a:f6:e0:
         dd:51:a7:11:a8:e0:b8:4c:34:e9:d8:03:70:0b:12:fb:6c:7a:
         34:b9:00:63:3d:13:c5:cc:39:97:89:fc:22:f4:0b:86:58:27:
         9a:f3:5e:17:f3:bb:16:c7:45:b3:ca:dc:93:01:4d:28:13:78:
         1d:88:e3:61:3d:ba:c6:a3:53:37:50:44:53:46:37:b3:35:99:
         65:3b:bb:02:23:b5:39:bc:0c:88:e8:b6:58:68:cf:55:cb:15:
         1c:07:f3:34:40:bb:d4:2c:78:54:e6:e9:60:8c:e1:3b:2d:a1:
         20:65:a8:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY92BifuwT718fxQHG/1JGXfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjQwNTE0MDczNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjU5OGZlYzFkODVkY2E0YzE4NzhkMmNlOGUyN2Y2Zjk4MWMyMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlsB/MjcQH1PVQmXc7Updq49cMTx
iLYEL0H0ba1FvOhc3sYsn5fTrFbFJDnmQEse3+aYeIpkUb5U4X402QyZbHJgtVc3
H6QqE7TME3Gn5r++VkNnEyFVF0ME99xWmYx3enX9bkq0TjrwrlbXjT9Phag874Wi
6QK0eRtwC1q0hlOojeEpIeD5K4A3oJcvpVuTz77jLpLTei5fXlB+CeEx9O1kHZDD
oElJQ29ZcH/msPuGN2WcEO7z4KG8KAJx2Xa3k4l8obgM08Rkpu4JbK4Z4lweTYh1
Qk6FQlsYJBxytxsMTc+zmfWHQYiQtxadaVjTPX4wCSW4d7nkQ+20yzMu1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLtZj+wdhdykwYeNLOjif2+YHCBfMB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvdTFtUDdCMkYzS1RCaDQwczZPSl9iNWdjSUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQE0ePQAwQE
0ePwMA0GCSqGSIb3DQEBCwUAA4IBAQCO2kgSb2fpzKqdvlqPw7KaeLTKcEnq75pB
9AkPfHLMu+IF+Ht3VAxQuH0VD+h7gXr5ljA0AGcHf22/woGm/YOQ1isfm/2bbZoO
Bt/MPG2Z+NAMAAxwWnk70YfeQbumFZhs40TV+1zxTJlzloDu4RyGaZmnybrPQG7J
4SdDgN/ITDmwoCRAtXGb2KXdhBGa9uDdUacRqOC4TDTp2ANwCxL7bHo0uQBjPRPF
zDmXifwi9AuGWCea814X87sWx0WzytyTAU0oE3gdiONhPbrGo1M3UERTRjezNZll
O7sCI7U5vAyI6LZYaM9VyxUcB/M0QLvULHhU5ulgjOE7LaEgZaiy
-----END CERTIFICATE-----