Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/87607e-5c9a-43a6-8d8a-38dfeaf2b710/1/y2d5m2PkTV-QHXUvbgi3rialUnM.roa
File:                     y2d5m2PkTV-QHXUvbgi3rialUnM.roa (raw, json)
Hash identifier:          yV8bncUwYZuVWMFFAhnBDyVmfkdzesyblIsmaRbwq1Y=
Subject key identifier:   CB:67:79:9B:63:E4:4D:5F:90:1D:75:2F:6E:08:B7:AE:26:A5:52:73
Certificate issuer:       /CN=875f4ce913962181cf7c9376dfab5a225d6e5aea
Certificate serial:       018CC50108B8CC23DAF379E30045214BC823
Authority key identifier: 87:5F:4C:E9:13:96:21:81:CF:7C:93:76:DF:AB:5A:22:5D:6E:5A:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h19M6ROWIYHPfJN236taIl1uWuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/87607e-5c9a-43a6-8d8a-38dfeaf2b710/1/y2d5m2PkTV-QHXUvbgi3rialUnM.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51586
IP address blocks:        212.18.101.0/24 maxlen: 24
                          2a12:5c00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/87607e-5c9a-43a6-8d8a-38dfeaf2b710/1/h19M6ROWIYHPfJN236taIl1uWuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/87607e-5c9a-43a6-8d8a-38dfeaf2b710/1/h19M6ROWIYHPfJN236taIl1uWuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h19M6ROWIYHPfJN236taIl1uWuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:08:b8:cc:23:da:f3:79:e3:00:45:21:4b:c8:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=875f4ce913962181cf7c9376dfab5a225d6e5aea
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb67799b63e44d5f901d752f6e08b7ae26a55273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:36:bc:c8:28:59:81:b7:c4:c0:b3:1c:3a:2c:
                    74:d9:ec:ed:a0:9e:66:9e:fc:f4:4f:c8:36:b9:36:
                    bc:04:53:f1:53:a6:d6:c5:4e:06:89:06:86:40:3b:
                    c1:f9:27:ef:82:bb:77:53:34:c7:ae:d7:a6:6a:91:
                    60:c3:15:f4:41:91:e5:a5:2a:2d:49:84:81:ad:46:
                    1e:18:89:8a:8f:2d:93:ba:09:28:a4:44:ac:c4:cf:
                    fa:fa:0a:07:b4:90:2e:93:5f:20:d8:df:15:38:31:
                    5e:d0:23:0e:d7:e2:1b:7a:b8:1e:09:23:a5:33:8a:
                    e7:e3:50:98:56:82:9c:e3:34:c3:a7:60:db:61:3c:
                    13:44:52:bb:19:36:1d:dc:1f:fc:08:91:36:14:2f:
                    66:1f:24:c7:56:91:2d:52:c0:ee:d7:aa:5c:a1:b6:
                    d4:c2:ea:75:8d:22:f3:11:b3:14:61:c1:43:50:88:
                    4f:f1:01:4f:87:0c:8d:dc:03:57:c9:a5:79:0b:74:
                    a2:13:02:e3:07:22:0c:d9:04:c6:1f:2f:3e:9f:07:
                    71:2b:6b:7b:d0:74:b4:be:d8:ed:e4:70:b3:c3:f6:
                    af:57:c4:2e:41:34:d1:d9:d4:db:99:1d:d9:ef:15:
                    4d:0f:ca:19:a2:25:7a:82:8d:02:52:37:da:51:34:
                    8d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:67:79:9B:63:E4:4D:5F:90:1D:75:2F:6E:08:B7:AE:26:A5:52:73
            X509v3 Authority Key Identifier:
                keyid:87:5F:4C:E9:13:96:21:81:CF:7C:93:76:DF:AB:5A:22:5D:6E:5A:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h19M6ROWIYHPfJN236taIl1uWuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/87607e-5c9a-43a6-8d8a-38dfeaf2b710/1/y2d5m2PkTV-QHXUvbgi3rialUnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/87607e-5c9a-43a6-8d8a-38dfeaf2b710/1/h19M6ROWIYHPfJN236taIl1uWuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.18.101.0/24
                IPv6:
                  2a12:5c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:07:d2:05:2c:f5:b6:20:95:ff:77:ed:c2:82:77:0c:b2:d7:
         62:dd:77:a8:15:05:f3:93:d2:cf:5e:7d:10:7f:b4:60:82:57:
         6b:7b:9e:8a:9e:48:b5:1f:8d:3b:7f:57:36:36:a5:18:0c:04:
         de:1a:0d:d4:a1:e0:ac:3f:37:73:02:2e:d1:da:dd:3e:b8:e5:
         ee:ca:a3:df:46:d8:0b:10:1b:5d:53:f1:cd:5d:ea:e0:e5:38:
         8b:2f:18:b3:f0:cb:1f:ef:cb:90:91:dc:b1:e2:bf:07:f7:a5:
         59:0a:c9:50:44:77:d7:89:17:84:00:02:7c:0d:c6:63:a6:0b:
         74:a7:78:8e:72:22:42:47:b1:16:63:f2:65:f5:43:90:f0:0e:
         d8:0a:8c:43:dc:e1:96:1a:cf:2b:48:fc:97:a7:2f:bd:ac:33:
         95:d6:0e:ec:67:5d:82:62:be:a3:68:11:5a:d0:6d:f9:7e:7e:
         7e:a5:f8:36:10:45:f0:7d:68:8e:0c:23:fc:5a:46:a3:e3:4e:
         33:02:f7:b7:c9:0b:bd:d5:cd:f7:b3:d3:94:e8:bc:1c:36:d9:
         00:8e:5e:95:a1:9f:a1:c9:23:c8:52:31:2c:05:df:cb:e0:38:
         65:fe:53:5f:6a:c6:40:a1:52:0b:09:ae:85:6d:8f:6c:56:c6:
         9e:c7:56:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAQi4zCPa83njAEUhS8gjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NWY0Y2U5MTM5NjIxODFjZjdjOTM3NmRmYWI1YTIyNWQ2
ZTVhZWEwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjY3Nzk5YjYzZTQ0ZDVmOTAxZDc1MmY2ZTA4YjdhZTI2YTU1MjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5za8yChZgbfEwLMcOix02eztoJ5m
nvz0T8g2uTa8BFPxU6bWxU4GiQaGQDvB+Sfvgrt3UzTHrtemapFgwxX0QZHlpSot
SYSBrUYeGImKjy2TugkopESsxM/6+goHtJAuk18g2N8VODFe0CMO1+IbergeCSOl
M4rn41CYVoKc4zTDp2DbYTwTRFK7GTYd3B/8CJE2FC9mHyTHVpEtUsDu16pcobbU
wup1jSLzEbMUYcFDUIhP8QFPhwyN3ANXyaV5C3SiEwLjByIM2QTGHy8+nwdxK2t7
0HS0vtjt5HCzw/avV8QuQTTR2dTbmR3Z7xVND8oZoiV6go0CUjfaUTSNywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMtneZtj5E1fkB11L24It64mpVJzMB8GA1UdIwQY
MBaAFIdfTOkTliGBz3yTdt+rWiJdblrqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDE5TTZST1dJWUhQZkpOMjM2dGFJbDF1V3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84NzYwN2UtNWM5YS00M2E2LThkOGEt
MzhkZmVhZjJiNzEwLzEveTJkNW0yUGtUVi1RSFhVdmJnaTNyaWFsVW5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84NzYwN2UtNWM5YS00M2E2LThkOGEtMzhkZmVhZjJiNzEw
LzEvaDE5TTZST1dJWUhQZkpOMjM2dGFJbDF1V3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1BJlMA0E
AgACMAcDBQAqElwAMA0GCSqGSIb3DQEBCwUAA4IBAQCPB9IFLPW2IJX/d+3CgncM
stdi3XeoFQXzk9LPXn0Qf7Rggldre56Knki1H407f1c2NqUYDATeGg3UoeCsPzdz
Ai7R2t0+uOXuyqPfRtgLEBtdU/HNXerg5TiLLxiz8Msf78uQkdyx4r8H96VZCslQ
RHfXiReEAAJ8DcZjpgt0p3iOciJCR7EWY/Jl9UOQ8A7YCoxD3OGWGs8rSPyXpy+9
rDOV1g7sZ12CYr6jaBFa0G35fn5+pfg2EEXwfWiODCP8Wkaj404zAve3yQu91c33
s9OU6LwcNtkAjl6VoZ+hySPIUjEsBd/L4Dhl/lNfasZAoVILCa6FbY9sVsaex1bo
-----END CERTIFICATE-----