Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/19ae05-2fb3-424e-ae26-2230dbd5edbb/1/OW2ZJvh1Usgd46OFKe_L-Si9IxE.roa
File:                     OW2ZJvh1Usgd46OFKe_L-Si9IxE.roa (raw, json)
Hash identifier:          hN2QLZEmyliwoFBP3+iDwMKJpLa2gf9gZI1kJfv83Zw=
Subject key identifier:   39:6D:99:26:F8:75:52:C8:1D:E3:A3:85:29:EF:CB:F9:28:BD:23:11
Certificate issuer:       /CN=b17ebf441ee1085631eeb7719a8982dfd8057be1
Certificate serial:       018CC56EEB50C07A81A1E3580CFC57C12432
Authority key identifier: B1:7E:BF:44:1E:E1:08:56:31:EE:B7:71:9A:89:82:DF:D8:05:7B:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sX6_RB7hCFYx7rdxmomC39gFe-E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/19ae05-2fb3-424e-ae26-2230dbd5edbb/1/OW2ZJvh1Usgd46OFKe_L-Si9IxE.roa
Signing time:             Mon 01 Jan 2024 14:30:29 +0000
ROA not before:           Mon 01 Jan 2024 14:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199444
IP address blocks:        188.213.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/19ae05-2fb3-424e-ae26-2230dbd5edbb/1/sX6_RB7hCFYx7rdxmomC39gFe-E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/19ae05-2fb3-424e-ae26-2230dbd5edbb/1/sX6_RB7hCFYx7rdxmomC39gFe-E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sX6_RB7hCFYx7rdxmomC39gFe-E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:eb:50:c0:7a:81:a1:e3:58:0c:fc:57:c1:24:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b17ebf441ee1085631eeb7719a8982dfd8057be1
        Validity
            Not Before: Jan  1 14:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=396d9926f87552c81de3a38529efcbf928bd2311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:24:a2:ae:14:a5:11:6d:d1:a0:d8:9e:65:39:
                    f2:83:3d:fd:ac:e6:37:bc:0d:b4:ae:9b:48:21:25:
                    fe:11:93:24:15:08:50:0d:43:49:dd:3b:16:1a:b5:
                    61:5a:01:89:92:1c:c0:56:07:a2:1b:cf:72:5b:d9:
                    e9:e1:39:bf:a0:6c:48:a3:ad:3a:dc:47:ec:45:1e:
                    76:14:a5:36:a6:3e:62:1e:24:13:82:90:74:03:bd:
                    1d:40:8f:8c:8c:00:95:f4:7c:d1:d1:93:65:2b:9a:
                    18:a0:c1:79:4c:95:7a:12:52:07:f0:15:1f:7c:ad:
                    8c:b2:f5:fb:18:48:c6:63:50:2b:f3:0b:29:5b:88:
                    cb:0d:fc:99:10:69:20:0d:47:db:46:fe:a3:4c:fe:
                    14:4b:13:bb:8a:00:af:91:ef:97:c7:3b:73:f4:8d:
                    fa:eb:d8:c4:60:6d:8a:af:f6:69:7a:fd:ad:ec:11:
                    de:d7:d0:b4:f9:c8:f3:dc:28:30:88:19:fd:f5:fa:
                    ee:d7:69:ee:ef:b0:52:c2:0c:01:45:f0:df:84:de:
                    90:b8:fb:45:4b:d3:f2:fe:bc:b6:92:8e:07:30:2b:
                    65:b0:ac:49:b2:fd:22:f9:13:98:58:6f:a3:2b:4d:
                    b4:a7:93:e8:6f:41:5f:af:b6:69:c2:c6:21:49:97:
                    57:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:6D:99:26:F8:75:52:C8:1D:E3:A3:85:29:EF:CB:F9:28:BD:23:11
            X509v3 Authority Key Identifier:
                keyid:B1:7E:BF:44:1E:E1:08:56:31:EE:B7:71:9A:89:82:DF:D8:05:7B:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sX6_RB7hCFYx7rdxmomC39gFe-E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/19ae05-2fb3-424e-ae26-2230dbd5edbb/1/OW2ZJvh1Usgd46OFKe_L-Si9IxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/19ae05-2fb3-424e-ae26-2230dbd5edbb/1/sX6_RB7hCFYx7rdxmomC39gFe-E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.213.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:2e:f0:22:d1:61:b6:f2:62:02:60:01:d7:07:fb:c4:6e:84:
         ce:74:60:bb:7c:82:76:2c:81:68:f4:aa:be:de:e4:ad:62:b8:
         e0:b0:53:11:5d:11:d8:36:42:e1:a3:a5:00:5b:32:4b:88:7d:
         06:fd:1e:f1:b3:78:83:f7:08:53:a1:3c:07:d7:b0:32:88:69:
         84:24:55:16:1b:88:bc:34:29:16:80:02:9a:83:19:4d:ce:4a:
         ad:ca:cd:b3:04:49:c6:c9:b9:cf:d0:5b:e4:da:b5:fd:19:d5:
         12:3d:3c:44:e7:f9:c0:ea:10:e7:85:00:69:e7:fd:6a:6f:59:
         c9:5b:1e:1c:0c:c3:37:5a:86:a2:7e:88:b6:c7:6f:ec:7d:6f:
         a1:73:11:fa:f2:a7:76:fb:b7:45:5a:d5:50:3a:60:a3:5a:90:
         a4:f9:1b:2b:88:16:f5:22:6c:40:98:6e:fc:e6:3a:4f:a4:df:
         2f:be:9a:b2:68:bb:af:b3:07:f5:98:81:05:d9:3f:1c:69:9c:
         b2:62:56:7e:d5:02:91:f2:04:07:d0:5b:2b:d0:7e:97:75:95:
         b5:98:d0:63:c9:30:63:32:1f:a3:5f:81:d7:6e:3a:d4:c3:5a:
         d2:e7:ea:0b:d0:ac:f8:03:a4:a1:b1:bd:3a:f7:b5:30:40:15:
         df:51:44:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbutQwHqBoeNYDPxXwSQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxN2ViZjQ0MWVlMTA4NTYzMWVlYjc3MTlhODk4MmRmZDgw
NTdiZTEwHhcNMjQwMTAxMTQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTZkOTkyNmY4NzU1MmM4MWRlM2EzODUyOWVmY2JmOTI4YmQyMzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniSirhSlEW3RoNieZTnygz39rOY3
vA20rptIISX+EZMkFQhQDUNJ3TsWGrVhWgGJkhzAVgeiG89yW9np4Tm/oGxIo606
3EfsRR52FKU2pj5iHiQTgpB0A70dQI+MjACV9HzR0ZNlK5oYoMF5TJV6ElIH8BUf
fK2MsvX7GEjGY1Ar8wspW4jLDfyZEGkgDUfbRv6jTP4USxO7igCvke+Xxztz9I36
69jEYG2Kr/Zpev2t7BHe19C0+cjz3CgwiBn99fru12nu77BSwgwBRfDfhN6QuPtF
S9Py/ry2ko4HMCtlsKxJsv0i+ROYWG+jK020p5Pob0Ffr7ZpwsYhSZdXHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDltmSb4dVLIHeOjhSnvy/kovSMRMB8GA1UdIwQY
MBaAFLF+v0Qe4QhWMe63cZqJgt/YBXvhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1g2X1JCN2hDRll4N3JkeG1vbUMzOWdGZS1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8xOWFlMDUtMmZiMy00MjRlLWFlMjYt
MjIzMGRiZDVlZGJiLzEvT1cyWkp2aDFVc2dkNDZPRktlX0wtU2k5SXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8xOWFlMDUtMmZiMy00MjRlLWFlMjYtMjIzMGRiZDVlZGJi
LzEvc1g2X1JCN2hDRll4N3JkeG1vbUMzOWdGZS1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNXUMA0G
CSqGSIb3DQEBCwUAA4IBAQA7LvAi0WG28mICYAHXB/vEboTOdGC7fIJ2LIFo9Kq+
3uStYrjgsFMRXRHYNkLho6UAWzJLiH0G/R7xs3iD9whToTwH17AyiGmEJFUWG4i8
NCkWgAKagxlNzkqtys2zBEnGybnP0Fvk2rX9GdUSPTxE5/nA6hDnhQBp5/1qb1nJ
Wx4cDMM3Woaifoi2x2/sfW+hcxH68qd2+7dFWtVQOmCjWpCk+RsriBb1ImxAmG78
5jpPpN8vvpqyaLuvswf1mIEF2T8caZyyYlZ+1QKR8gQH0Fsr0H6XdZW1mNBjyTBj
Mh+jX4HXbjrUw1rS5+oL0Kz4A6Shsb0697UwQBXfUUQ6
-----END CERTIFICATE-----