Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/FDd0wJTLWHr9TyZVfIV8cPoh5wM.roa
File:                     FDd0wJTLWHr9TyZVfIV8cPoh5wM.roa (raw, json)
Hash identifier:          QBg6EO7WVYoSR9mOILzNZEn420XjHwdyaq/mdRPxqGA=
Subject key identifier:   14:37:74:C0:94:CB:58:7A:FD:4F:26:55:7C:85:7C:70:FA:21:E7:03
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC23F2EDA88577BD69BB21F82CCDD5
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/FDd0wJTLWHr9TyZVfIV8cPoh5wM.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208082
IP address blocks:        213.33.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:23:f2:ed:a8:85:77:bd:69:bb:21:f8:2c:cd:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=143774c094cb587afd4f26557c857c70fa21e703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:42:ac:4c:ce:a6:34:7e:d5:6b:20:bd:8f:b3:
                    fb:45:48:c2:26:cf:8c:9a:52:10:56:37:74:bf:d5:
                    ff:db:d2:c8:f1:4d:96:06:0b:d7:10:2e:94:57:25:
                    70:80:cb:91:54:93:78:b1:c7:bf:f0:c6:c4:67:41:
                    78:fd:7f:2b:48:8a:65:8b:bb:29:69:e2:20:f5:46:
                    f1:6f:1d:e6:d9:4f:b3:d5:07:2a:f0:ad:76:72:fe:
                    ad:07:12:16:ef:12:e2:3a:0c:83:13:6b:d7:7c:ee:
                    38:98:d5:67:83:ff:dd:4b:9b:ec:75:10:4d:8a:6b:
                    5a:8f:b1:4a:43:1d:a2:d0:03:92:69:47:12:5d:4f:
                    16:58:05:5b:ed:64:f4:e1:c3:11:2f:87:69:e1:54:
                    fe:b9:e6:af:ac:64:69:0b:34:65:2c:4a:79:22:0e:
                    bd:18:e4:1f:9f:0d:e4:e8:3b:e5:40:6f:56:f5:ac:
                    2c:bc:9f:c1:06:40:4b:11:a7:99:a4:43:a3:c5:1f:
                    31:6a:5e:80:e0:43:40:0d:5b:74:e7:c3:1d:93:0e:
                    bc:e1:85:15:6d:78:df:3c:e8:67:ce:7d:b2:22:9c:
                    06:a2:f5:8b:df:e0:91:2b:9c:7d:a8:14:80:cf:32:
                    00:92:cd:cf:10:21:d2:9f:d3:84:26:84:16:ab:46:
                    32:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:37:74:C0:94:CB:58:7A:FD:4F:26:55:7C:85:7C:70:FA:21:E7:03
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/FDd0wJTLWHr9TyZVfIV8cPoh5wM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:42:5e:7f:4a:a3:b7:ed:ef:a6:85:b5:c6:41:10:28:7e:b9:
         00:a5:24:35:ff:8b:4a:b6:c4:51:fa:cf:fb:04:21:c3:19:3b:
         b5:e0:a3:05:09:63:8e:b8:73:b4:88:d1:eb:94:61:d7:a4:cb:
         fd:85:e4:8d:62:67:80:2c:c3:96:10:1e:47:9b:ee:e1:a4:5b:
         ac:f9:9b:ff:1c:be:bc:90:32:9e:ce:08:80:0d:35:7d:dc:fb:
         f6:08:21:f6:9b:25:5c:e8:20:a5:87:3d:fa:b5:6d:f4:cd:fc:
         1c:2e:98:79:eb:f3:ea:10:eb:a0:e6:97:72:12:53:a3:8b:c4:
         75:dc:47:65:fa:16:d5:6d:6b:30:6f:49:44:0e:8a:40:84:39:
         e8:24:ee:80:81:0b:e6:3e:9f:5d:10:bc:6d:9e:cd:74:1c:7b:
         4b:f6:f9:ec:e0:12:95:4f:bf:9b:40:07:f1:41:57:f8:9a:a0:
         12:52:1c:f1:35:e6:6d:3d:79:78:0f:e1:54:b3:4b:bb:7e:8e:
         4a:6e:40:38:1d:21:7b:5d:02:2e:73:2a:ff:7e:a0:ac:33:cc:
         95:e0:20:7a:44:39:12:73:1d:03:36:32:d1:f3:83:e9:9e:1c:
         39:d8:31:5c:4a:33:de:7a:a2:2f:e1:12:f3:76:dd:d0:d7:6d:
         39:b3:a4:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CPy7aiFd71puyH4LM3VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDM3NzRjMDk0Y2I1ODdhZmQ0ZjI2NTU3Yzg1N2M3MGZhMjFlNzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0KsTM6mNH7VayC9j7P7RUjCJs+M
mlIQVjd0v9X/29LI8U2WBgvXEC6UVyVwgMuRVJN4sce/8MbEZ0F4/X8rSIpli7sp
aeIg9Ubxbx3m2U+z1Qcq8K12cv6tBxIW7xLiOgyDE2vXfO44mNVng//dS5vsdRBN
imtaj7FKQx2i0AOSaUcSXU8WWAVb7WT04cMRL4dp4VT+ueavrGRpCzRlLEp5Ig69
GOQfnw3k6DvlQG9W9awsvJ/BBkBLEaeZpEOjxR8xal6A4ENADVt058Mdkw684YUV
bXjfPOhnzn2yIpwGovWL3+CRK5x9qBSAzzIAks3PECHSn9OEJoQWq0YyrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQ3dMCUy1h6/U8mVXyFfHD6IecDMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvRkRkMHdKVExXSHI5VHlaVmZJVjhjUG9oNXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SEIMA0G
CSqGSIb3DQEBCwUAA4IBAQA7Ql5/SqO37e+mhbXGQRAofrkApSQ1/4tKtsRR+s/7
BCHDGTu14KMFCWOOuHO0iNHrlGHXpMv9heSNYmeALMOWEB5Hm+7hpFus+Zv/HL68
kDKezgiADTV93Pv2CCH2myVc6CClhz36tW30zfwcLph56/PqEOug5pdyElOji8R1
3Edl+hbVbWswb0lEDopAhDnoJO6AgQvmPp9dELxtns10HHtL9vns4BKVT7+bQAfx
QVf4mqASUhzxNeZtPXl4D+FUs0u7fo5KbkA4HSF7XQIucyr/fqCsM8yV4CB6RDkS
cx0DNjLR84Ppnhw52DFcSjPeeqIv4RLzdt3Q1205s6Se
-----END CERTIFICATE-----