Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/a565fb-50bd-4bb6-875c-0e2bbd4337aa/1/HXoM4xalBUt5bYjQ1IT6mEF_FuA.roa
File:                     HXoM4xalBUt5bYjQ1IT6mEF_FuA.roa (raw, json)
Hash identifier:          ZBxcK/NAH27/pFXs1PmAjs1auOUvM34WmlW092OvVwY=
Subject key identifier:   1D:7A:0C:E3:16:A5:05:4B:79:6D:88:D0:D4:84:FA:98:41:7F:16:E0
Certificate issuer:       /CN=b1c208a23b2d4d87be93f89d532bc6f44908819b
Certificate serial:       018CC56DF9110B096EF1AD70F7CAAFB65C5C
Authority key identifier: B1:C2:08:A2:3B:2D:4D:87:BE:93:F8:9D:53:2B:C6:F4:49:08:81:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/scIIojstTYe-k_idUyvG9EkIgZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/a565fb-50bd-4bb6-875c-0e2bbd4337aa/1/HXoM4xalBUt5bYjQ1IT6mEF_FuA.roa
Signing time:             Mon 01 Jan 2024 14:29:27 +0000
ROA not before:           Mon 01 Jan 2024 14:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59848
IP address blocks:        213.109.145.0/24 maxlen: 24
                          2a11:6ac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/a565fb-50bd-4bb6-875c-0e2bbd4337aa/1/scIIojstTYe-k_idUyvG9EkIgZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/a565fb-50bd-4bb6-875c-0e2bbd4337aa/1/scIIojstTYe-k_idUyvG9EkIgZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/scIIojstTYe-k_idUyvG9EkIgZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f9:11:0b:09:6e:f1:ad:70:f7:ca:af:b6:5c:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1c208a23b2d4d87be93f89d532bc6f44908819b
        Validity
            Not Before: Jan  1 14:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d7a0ce316a5054b796d88d0d484fa98417f16e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:7a:13:68:6c:df:fa:22:e3:47:6c:e0:c9:cd:
                    35:c1:ff:38:5b:c5:b0:60:3f:2f:72:38:14:6b:26:
                    8a:73:47:15:a6:77:82:3b:54:98:3d:d0:d3:be:fd:
                    15:65:4d:37:92:fb:86:82:64:ea:62:e2:23:bb:ab:
                    e2:93:ee:a9:b9:24:64:d2:eb:29:48:fb:4c:b9:8c:
                    64:5d:8e:c4:65:b5:b5:a8:67:d9:c5:37:1d:74:27:
                    58:d2:72:3e:b0:9e:dc:96:72:9a:34:97:88:c5:51:
                    4c:92:5d:07:c3:f0:30:d3:be:33:f1:0c:9f:be:3e:
                    5b:89:c6:c2:eb:05:39:de:76:45:97:83:33:ed:09:
                    92:2c:e4:75:03:56:5e:7b:ae:b1:28:b7:c0:a6:25:
                    2b:73:80:08:d3:28:34:f2:e6:fa:bc:31:46:c7:81:
                    1e:d8:48:7e:1f:04:db:80:fd:34:06:a1:0a:e9:0c:
                    73:44:a9:56:c0:11:6f:26:22:4e:16:b9:46:d4:8e:
                    96:6c:e3:28:15:6c:b0:aa:c8:f5:df:aa:49:dc:4a:
                    26:3a:76:e8:8d:4e:62:dc:62:46:da:4d:fc:b7:c0:
                    99:e7:2d:44:e1:ca:0a:b3:f9:b0:11:ff:39:34:d1:
                    38:8f:6e:51:95:c5:44:3a:17:dd:95:21:2a:ed:f7:
                    85:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:7A:0C:E3:16:A5:05:4B:79:6D:88:D0:D4:84:FA:98:41:7F:16:E0
            X509v3 Authority Key Identifier:
                keyid:B1:C2:08:A2:3B:2D:4D:87:BE:93:F8:9D:53:2B:C6:F4:49:08:81:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/scIIojstTYe-k_idUyvG9EkIgZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/a565fb-50bd-4bb6-875c-0e2bbd4337aa/1/HXoM4xalBUt5bYjQ1IT6mEF_FuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/a565fb-50bd-4bb6-875c-0e2bbd4337aa/1/scIIojstTYe-k_idUyvG9EkIgZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.145.0/24
                IPv6:
                  2a11:6ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:38:33:18:4c:10:36:94:bc:eb:57:3c:7e:96:4c:43:79:e6:
         b0:82:b1:1a:df:64:51:3e:27:3e:64:c4:5e:d3:41:28:4a:0b:
         a0:61:85:0d:2b:64:d6:ce:76:b6:c4:e9:b8:20:bd:70:c9:59:
         e8:bb:1c:bb:8f:55:9e:b8:08:a4:8c:a7:26:7e:1d:26:23:13:
         0b:04:fd:66:73:d7:31:60:9d:88:3c:e4:27:2b:a4:84:fa:71:
         71:75:03:3c:43:a3:3c:18:99:14:18:02:4f:54:60:92:e8:01:
         3b:05:01:ac:ac:42:16:97:9d:71:84:21:74:65:f7:90:a3:9a:
         d1:02:e7:95:81:40:f1:60:81:1d:b3:63:1e:9c:f8:3f:32:a7:
         35:f6:8c:7a:d5:9d:e5:a6:db:5b:81:5d:32:1e:3b:0c:b2:76:
         b9:c9:ab:9d:1a:88:d9:75:55:7f:1b:1e:30:4c:57:8c:d9:e1:
         4b:b4:37:6b:f7:06:b3:cd:b2:33:8d:d4:4b:9a:8b:95:9a:b9:
         32:15:e1:31:f6:32:c6:3b:1d:63:49:0f:5a:d6:64:da:29:80:
         d2:57:6c:d9:5e:c7:33:04:4d:60:aa:b7:29:2f:29:a6:3a:1e:
         18:6b:e6:9d:21:55:77:ac:62:09:47:f6:d0:3a:94:2b:22:a2:
         14:72:ea:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbfkRCwlu8a1w98qvtlxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYzIwOGEyM2IyZDRkODdiZTkzZjg5ZDUzMmJjNmY0NDkw
ODgxOWIwHhcNMjQwMTAxMTQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDdhMGNlMzE2YTUwNTRiNzk2ZDg4ZDBkNDg0ZmE5ODQxN2YxNmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHoTaGzf+iLjR2zgyc01wf84W8Ww
YD8vcjgUayaKc0cVpneCO1SYPdDTvv0VZU03kvuGgmTqYuIju6vik+6puSRk0usp
SPtMuYxkXY7EZbW1qGfZxTcddCdY0nI+sJ7clnKaNJeIxVFMkl0Hw/Aw074z8Qyf
vj5bicbC6wU53nZFl4Mz7QmSLOR1A1Zee66xKLfApiUrc4AI0yg08ub6vDFGx4Ee
2Eh+HwTbgP00BqEK6QxzRKlWwBFvJiJOFrlG1I6WbOMoFWywqsj136pJ3EomOnbo
jU5i3GJG2k38t8CZ5y1E4coKs/mwEf85NNE4j25RlcVEOhfdlSEq7feFMQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB16DOMWpQVLeW2I0NSE+phBfxbgMB8GA1UdIwQY
MBaAFLHCCKI7LU2HvpP4nVMrxvRJCIGbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2NJSW9qc3RUWWUta19pZFV5dkc5RWtJZ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9hNTY1ZmItNTBiZC00YmI2LTg3NWMt
MGUyYmJkNDMzN2FhLzEvSFhvTTR4YWxCVXQ1YllqUTFJVDZtRUZfRnVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9hNTY1ZmItNTBiZC00YmI2LTg3NWMtMGUyYmJkNDMzN2Fh
LzEvc2NJSW9qc3RUWWUta19pZFV5dkc5RWtJZ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1W2RMA0E
AgACMAcDBQMqEWrAMA0GCSqGSIb3DQEBCwUAA4IBAQCJODMYTBA2lLzrVzx+lkxD
eeawgrEa32RRPic+ZMRe00EoSgugYYUNK2TWzna2xOm4IL1wyVnouxy7j1WeuAik
jKcmfh0mIxMLBP1mc9cxYJ2IPOQnK6SE+nFxdQM8Q6M8GJkUGAJPVGCS6AE7BQGs
rEIWl51xhCF0ZfeQo5rRAueVgUDxYIEds2MenPg/Mqc19ox61Z3lpttbgV0yHjsM
sna5yaudGojZdVV/Gx4wTFeM2eFLtDdr9wazzbIzjdRLmouVmrkyFeEx9jLGOx1j
SQ9a1mTaKYDSV2zZXsczBE1gqrcpLymmOh4Ya+adIVV3rGIJR/bQOpQrIqIUcuqj
-----END CERTIFICATE-----