Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/_fj0S1ECWH141M9UR5HgoAfPvK8.roa
File:                     _fj0S1ECWH141M9UR5HgoAfPvK8.roa (raw, json)
Hash identifier:          ebvq0J7Krqy9StNMoZUwGu8w/MdHOdENHXouCrlBReY=
Subject key identifier:   FD:F8:F4:4B:51:02:58:7D:78:D4:CF:54:47:91:E0:A0:07:CF:BC:AF
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC246A04F440633807A03961EE6AC6
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/_fj0S1ECWH141M9UR5HgoAfPvK8.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211984
IP address blocks:        213.33.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:24:6a:04:f4:40:63:38:07:a0:39:61:ee:6a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdf8f44b5102587d78d4cf544791e0a007cfbcaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9b:e2:2c:09:e8:d9:35:56:c8:91:17:77:41:
                    55:02:80:bf:e6:fb:4c:37:98:dd:7f:f8:7e:4a:82:
                    40:ba:23:83:13:23:75:9e:93:a2:81:0b:a6:8c:1a:
                    dd:5a:47:9b:fe:d7:e2:8c:f6:57:76:aa:6d:fe:0f:
                    04:7c:47:06:de:5b:0c:37:15:82:89:89:2f:1b:60:
                    6e:e8:90:b1:31:3e:07:08:52:8d:75:3b:8e:06:0a:
                    02:b0:00:26:b0:06:e0:82:ce:20:53:3c:b2:6d:a2:
                    75:69:a6:ee:96:4c:78:ca:17:7a:70:93:62:32:b2:
                    1b:e0:9f:1e:66:4e:02:3e:cb:a9:59:dc:63:9a:85:
                    93:d3:9b:a7:ab:5c:97:d5:8e:fa:55:db:3e:fd:ba:
                    23:3c:cf:b0:af:07:aa:3a:dc:ba:2d:01:44:20:f2:
                    3a:85:84:e5:4a:b5:07:57:7f:c4:7b:5a:bf:bd:d2:
                    ad:a9:aa:e7:59:c4:50:ff:ce:2e:a6:fb:af:a4:0a:
                    7d:7b:53:c4:d4:b6:40:81:da:43:7e:c6:18:47:dd:
                    db:3a:86:64:ce:ab:e1:46:92:80:21:d4:a0:06:16:
                    6b:c7:3e:9e:5a:ed:07:4a:62:93:d2:64:ed:aa:d8:
                    98:23:72:d0:09:6e:9e:79:a0:ab:45:0f:b2:3d:e9:
                    74:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:F8:F4:4B:51:02:58:7D:78:D4:CF:54:47:91:E0:A0:07:CF:BC:AF
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/_fj0S1ECWH141M9UR5HgoAfPvK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:74:47:fa:35:30:a2:98:b6:f5:46:f3:da:69:50:ca:61:50:
         a5:a1:1b:47:56:37:32:06:d4:ef:26:f8:b7:6d:8c:f3:7f:93:
         85:08:7c:60:69:c7:b9:5f:04:3e:8b:91:99:e5:88:6e:66:20:
         a6:d4:c0:bf:32:d8:60:e3:1a:b9:44:db:10:15:94:90:25:e6:
         77:cd:d8:aa:4e:49:0b:e4:9e:92:b6:99:60:be:26:98:20:f9:
         5c:8c:a3:c4:90:d4:ba:a5:1b:27:98:47:a8:2c:ac:80:4b:43:
         8e:a0:fb:00:01:a2:d3:11:d7:0f:79:99:16:5d:c7:9c:d5:5e:
         03:6c:23:e2:95:f2:ec:e8:10:57:fb:cd:d3:c1:59:b9:9f:89:
         5d:12:16:df:59:64:b4:41:cd:b8:32:9e:43:5c:eb:01:79:1e:
         30:d3:45:96:ae:52:a5:70:17:42:3d:37:a2:0b:97:0d:49:ef:
         37:7c:88:7b:3f:63:45:27:8f:b4:21:36:a7:54:c7:b5:65:5a:
         2a:38:38:77:2f:43:45:95:77:19:17:ee:8b:76:4f:a6:11:f0:
         03:8e:1a:79:45:ec:af:65:4e:ef:c9:bf:93:dd:47:df:2c:63:
         53:cc:08:11:bb:20:ec:a2:d7:6d:ed:3e:0b:c0:f0:18:7e:f9:
         62:ce:b5:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CRqBPRAYzgHoDlh7mrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGY4ZjQ0YjUxMDI1ODdkNzhkNGNmNTQ0NzkxZTBhMDA3Y2ZiY2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJviLAno2TVWyJEXd0FVAoC/5vtM
N5jdf/h+SoJAuiODEyN1npOigQumjBrdWkeb/tfijPZXdqpt/g8EfEcG3lsMNxWC
iYkvG2Bu6JCxMT4HCFKNdTuOBgoCsAAmsAbggs4gUzyybaJ1aabulkx4yhd6cJNi
MrIb4J8eZk4CPsupWdxjmoWT05unq1yX1Y76Vds+/bojPM+wrweqOty6LQFEIPI6
hYTlSrUHV3/Ee1q/vdKtqarnWcRQ/84upvuvpAp9e1PE1LZAgdpDfsYYR93bOoZk
zqvhRpKAIdSgBhZrxz6eWu0HSmKT0mTtqtiYI3LQCW6eeaCrRQ+yPel0BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP349EtRAlh9eNTPVEeR4KAHz7yvMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvX2ZqMFMxRUNXSDE0MU05VVI1SGdvQWZQdks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SFPMA0G
CSqGSIb3DQEBCwUAA4IBAQAJdEf6NTCimLb1RvPaaVDKYVCloRtHVjcyBtTvJvi3
bYzzf5OFCHxgace5XwQ+i5GZ5YhuZiCm1MC/Mthg4xq5RNsQFZSQJeZ3zdiqTkkL
5J6StplgviaYIPlcjKPEkNS6pRsnmEeoLKyAS0OOoPsAAaLTEdcPeZkWXcec1V4D
bCPilfLs6BBX+83TwVm5n4ldEhbfWWS0Qc24Mp5DXOsBeR4w00WWrlKlcBdCPTei
C5cNSe83fIh7P2NFJ4+0ITanVMe1ZVoqODh3L0NFlXcZF+6Ldk+mEfADjhp5Reyv
ZU7vyb+T3UffLGNTzAgRuyDsotdt7T4LwPAYfvlizrUR
-----END CERTIFICATE-----