Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/9cdedb-4dd5-4dac-977e-149079627713/1/aTrfdoHPeb9RTFFE9P1plGteozs.roa
File:                     aTrfdoHPeb9RTFFE9P1plGteozs.roa (raw, json)
Hash identifier:          nl13gBcCSKgX6nbjIP6sfO7oUHSLDLjVh6PuQSmKYeI=
Subject key identifier:   69:3A:DF:76:81:CF:79:BF:51:4C:51:44:F4:FD:69:94:6B:5E:A3:3B
Certificate issuer:       /CN=1c6104a2d3350827cad11a16569cab59f0f8774c
Certificate serial:       0192D952381BEDC7AC6585281AB6EA1D2BC0
Authority key identifier: 1C:61:04:A2:D3:35:08:27:CA:D1:1A:16:56:9C:AB:59:F0:F8:77:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HGEEotM1CCfK0RoWVpyrWfD4d0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/9cdedb-4dd5-4dac-977e-149079627713/1/aTrfdoHPeb9RTFFE9P1plGteozs.roa
Signing time:             Tue 29 Oct 2024 17:28:17 +0000
ROA not before:           Tue 29 Oct 2024 17:28:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200296
IP address blocks:        213.108.240.0/23 maxlen: 23
                          213.108.242.0/24 maxlen: 24
                          213.108.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/9cdedb-4dd5-4dac-977e-149079627713/1/HGEEotM1CCfK0RoWVpyrWfD4d0w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/9cdedb-4dd5-4dac-977e-149079627713/1/HGEEotM1CCfK0RoWVpyrWfD4d0w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HGEEotM1CCfK0RoWVpyrWfD4d0w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:52:38:1b:ed:c7:ac:65:85:28:1a:b6:ea:1d:2b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c6104a2d3350827cad11a16569cab59f0f8774c
        Validity
            Not Before: Oct 29 17:28:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=693adf7681cf79bf514c5144f4fd69946b5ea33b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:87:b6:96:b4:d0:cb:50:5a:57:b0:3a:58:2b:
                    66:06:14:c8:be:6e:51:74:09:c9:1f:b9:99:e8:59:
                    ad:8f:67:71:b8:47:d1:e0:98:f1:79:82:9a:de:78:
                    93:18:39:44:74:b9:f9:98:61:88:e6:1e:20:4c:a9:
                    95:2d:46:eb:bc:34:46:44:2d:b3:1a:ab:2c:b8:5c:
                    27:43:15:de:69:42:1d:ae:63:63:0f:2f:83:54:4e:
                    3b:63:d4:1c:8f:d3:8a:fe:a7:04:4b:08:52:29:04:
                    4d:88:e3:af:9a:f5:7c:91:44:b1:ad:b5:2e:ce:05:
                    ab:3f:f5:7c:5c:41:0a:36:63:63:51:b9:76:6a:c8:
                    c5:ce:0b:7e:3c:fd:81:c6:89:3e:d4:74:ce:2d:a6:
                    71:89:df:db:ca:eb:6b:14:98:dd:90:9a:87:c8:a4:
                    f2:82:ee:f1:8c:57:2c:df:bd:39:ff:80:dd:e8:74:
                    e7:6d:3f:f1:a3:f1:6a:68:01:9f:c3:d0:97:07:ef:
                    88:ee:06:3e:16:26:27:1d:e5:25:0b:16:ff:5a:5d:
                    87:26:17:36:c3:2e:bc:8f:57:28:1f:18:50:f7:a8:
                    22:23:3c:f5:c4:37:78:c5:50:7b:0d:dd:9c:d9:02:
                    ae:20:58:d9:02:97:4c:71:44:e4:8a:e6:27:e6:e2:
                    12:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:3A:DF:76:81:CF:79:BF:51:4C:51:44:F4:FD:69:94:6B:5E:A3:3B
            X509v3 Authority Key Identifier:
                keyid:1C:61:04:A2:D3:35:08:27:CA:D1:1A:16:56:9C:AB:59:F0:F8:77:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HGEEotM1CCfK0RoWVpyrWfD4d0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/9cdedb-4dd5-4dac-977e-149079627713/1/aTrfdoHPeb9RTFFE9P1plGteozs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/9cdedb-4dd5-4dac-977e-149079627713/1/HGEEotM1CCfK0RoWVpyrWfD4d0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:6a:0a:7d:9b:ca:86:71:b4:c4:ee:f1:a9:f0:87:78:cf:09:
         10:0b:fc:e9:60:aa:2f:ac:79:1e:56:5e:67:85:63:74:a1:69:
         74:04:5f:d3:c1:89:bb:72:05:d9:25:db:7c:e6:ba:8f:24:85:
         25:54:96:ef:08:20:27:df:df:e3:cd:8e:0a:74:2d:a0:b3:22:
         59:4f:77:5a:ed:56:3b:53:a6:73:c9:f4:20:f5:8e:36:f7:fb:
         16:48:1f:64:63:90:26:a7:94:26:c7:2e:ba:9c:e0:d7:c2:90:
         dc:1c:44:85:97:ea:3b:44:9d:04:7e:28:fb:a0:8e:85:5f:a4:
         c4:84:fe:e4:29:78:33:37:42:66:51:4b:78:35:33:b4:e9:c1:
         01:ab:ba:f1:22:e3:f6:fa:2d:39:25:3d:f0:51:b0:b8:96:8e:
         3e:37:7d:86:5a:b5:f6:da:59:6c:00:af:6b:bc:ca:74:52:9e:
         91:d9:86:ea:38:64:07:92:f7:d1:13:98:d7:90:62:c7:ff:c9:
         76:2d:74:4b:72:ae:91:4d:8c:27:b8:03:10:89:f1:53:4d:40:
         eb:4d:e5:a6:ce:a2:59:e2:5a:f5:ef:b3:2a:4f:84:1a:38:b9:
         08:73:19:26:a6:86:07:e7:f4:83:6c:66:b0:d5:5b:a6:b1:e2:
         55:4e:32:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLZUjgb7cesZYUoGrbqHSvAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNjEwNGEyZDMzNTA4MjdjYWQxMWExNjU2OWNhYjU5ZjBm
ODc3NGMwHhcNMjQxMDI5MTcyODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTNhZGY3NjgxY2Y3OWJmNTE0YzUxNDRmNGZkNjk5NDZiNWVhMzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Ye2lrTQy1BaV7A6WCtmBhTIvm5R
dAnJH7mZ6Fmtj2dxuEfR4JjxeYKa3niTGDlEdLn5mGGI5h4gTKmVLUbrvDRGRC2z
GqssuFwnQxXeaUIdrmNjDy+DVE47Y9Qcj9OK/qcESwhSKQRNiOOvmvV8kUSxrbUu
zgWrP/V8XEEKNmNjUbl2asjFzgt+PP2Bxok+1HTOLaZxid/byutrFJjdkJqHyKTy
gu7xjFcs3705/4Dd6HTnbT/xo/FqaAGfw9CXB++I7gY+FiYnHeUlCxb/Wl2HJhc2
wy68j1coHxhQ96giIzz1xDd4xVB7Dd2c2QKuIFjZApdMcUTkiuYn5uISKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGk633aBz3m/UUxRRPT9aZRrXqM7MB8GA1UdIwQY
MBaAFBxhBKLTNQgnytEaFlacq1nw+HdMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEdFRW90TTFDQ2ZLMFJvV1ZweXJXZkQ0ZDB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC85Y2RlZGItNGRkNS00ZGFjLTk3N2Ut
MTQ5MDc5NjI3NzEzLzEvYVRyZmRvSFBlYjlSVEZGRTlQMXBsR3Rlb3pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC85Y2RlZGItNGRkNS00ZGFjLTk3N2UtMTQ5MDc5NjI3NzEz
LzEvSEdFRW90TTFDQ2ZLMFJvV1ZweXJXZkQ0ZDB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1WzwMA0G
CSqGSIb3DQEBCwUAA4IBAQASagp9m8qGcbTE7vGp8Id4zwkQC/zpYKovrHkeVl5n
hWN0oWl0BF/TwYm7cgXZJdt85rqPJIUlVJbvCCAn39/jzY4KdC2gsyJZT3da7VY7
U6ZzyfQg9Y429/sWSB9kY5Amp5Qmxy66nODXwpDcHESFl+o7RJ0Efij7oI6FX6TE
hP7kKXgzN0JmUUt4NTO06cEBq7rxIuP2+i05JT3wUbC4lo4+N32GWrX22llsAK9r
vMp0Up6R2YbqOGQHkvfRE5jXkGLH/8l2LXRLcq6RTYwnuAMQifFTTUDrTeWmzqJZ
4lr177MqT4QaOLkIcxkmpoYH5/SDbGaw1VumseJVTjIE
-----END CERTIFICATE-----