Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/tDwZNAS7Gk158CffL_JDZkwaTiE.roa
File:                     tDwZNAS7Gk158CffL_JDZkwaTiE.roa (raw, json)
Hash identifier:          u+7eWiPuO+xvGSv+UMVQPvErzgQbJNun7bd/GCZtqhs=
Subject key identifier:   B4:3C:19:34:04:BB:1A:4D:79:F0:27:DF:2F:F2:43:66:4C:1A:4E:21
Certificate issuer:       /CN=65516ddc7331e2e269dc57d9c7632f25de7d0c6e
Certificate serial:       018CC6B84F6229C6A3B3F47E19393DED9654
Authority key identifier: 65:51:6D:DC:73:31:E2:E2:69:DC:57:D9:C7:63:2F:25:DE:7D:0C:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZVFt3HMx4uJp3FfZx2MvJd59DG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/tDwZNAS7Gk158CffL_JDZkwaTiE.roa
Signing time:             Mon 01 Jan 2024 20:30:16 +0000
ROA not before:           Mon 01 Jan 2024 20:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8999
IP address blocks:        193.7.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ZVFt3HMx4uJp3FfZx2MvJd59DG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ZVFt3HMx4uJp3FfZx2MvJd59DG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZVFt3HMx4uJp3FfZx2MvJd59DG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:4f:62:29:c6:a3:b3:f4:7e:19:39:3d:ed:96:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65516ddc7331e2e269dc57d9c7632f25de7d0c6e
        Validity
            Not Before: Jan  1 20:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b43c193404bb1a4d79f027df2ff243664c1a4e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1e:e6:90:7a:19:45:ae:8a:c7:75:0e:3a:5d:
                    2a:1a:a3:91:b8:0c:41:aa:e0:82:99:84:e0:54:a8:
                    ef:ad:b3:53:29:5a:ba:4a:a0:30:b7:7a:61:b1:15:
                    fb:45:cb:ea:57:d8:65:45:97:8a:56:bf:5b:85:9c:
                    c9:8a:70:11:d7:fd:eb:1c:16:02:ba:f6:9a:fc:e1:
                    05:44:4b:7f:b3:c6:43:a7:ba:05:70:2c:17:4f:03:
                    53:b1:b4:c8:c9:7b:ee:65:59:52:f8:b4:ae:56:e9:
                    e1:a6:d5:9b:c9:49:18:5e:52:26:da:83:5d:df:5d:
                    ef:ff:da:59:27:45:b3:2e:cf:49:36:21:63:f8:dc:
                    de:a8:23:d2:38:a4:57:65:51:ed:01:2c:d2:c2:15:
                    ec:77:3e:ba:28:a6:16:35:7a:99:4b:cd:3d:e2:64:
                    1c:ae:4c:25:06:ac:1b:0f:2a:72:85:1f:2f:59:65:
                    c7:50:34:44:e2:14:ba:59:25:b7:e8:45:35:e6:02:
                    91:c7:16:66:a2:da:31:f1:78:ff:53:b6:c7:35:10:
                    e4:e9:48:14:35:ae:d2:be:70:22:74:64:59:c8:c5:
                    8c:df:55:41:e7:44:cb:1c:a4:14:c4:c5:b0:57:27:
                    18:33:0e:d5:3f:19:46:6b:75:da:f5:9e:b6:85:fd:
                    e9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:3C:19:34:04:BB:1A:4D:79:F0:27:DF:2F:F2:43:66:4C:1A:4E:21
            X509v3 Authority Key Identifier:
                keyid:65:51:6D:DC:73:31:E2:E2:69:DC:57:D9:C7:63:2F:25:DE:7D:0C:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZVFt3HMx4uJp3FfZx2MvJd59DG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/tDwZNAS7Gk158CffL_JDZkwaTiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ZVFt3HMx4uJp3FfZx2MvJd59DG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:08:aa:e4:a2:96:6b:af:7e:9e:76:bf:ff:d0:42:a4:f2:3e:
         df:00:c9:49:ec:c4:73:40:30:a8:fa:8c:fe:f5:3b:a4:77:54:
         d0:35:61:41:1e:49:3c:96:7f:9d:67:ca:60:51:aa:2b:02:35:
         78:2e:c5:eb:04:6f:91:43:66:db:5f:46:39:9f:54:b2:b0:15:
         ec:53:31:a3:16:77:9f:60:5c:76:81:8d:22:70:37:28:d9:e1:
         b9:d8:62:2c:b2:f9:59:96:15:98:3c:b9:39:b2:1f:84:43:d5:
         e8:ef:c2:5c:cb:3e:80:02:0e:f3:37:93:41:f5:f7:38:90:80:
         9a:12:85:71:96:ea:d0:a5:40:f5:4d:52:9c:47:ec:3b:0e:49:
         00:3f:d1:85:b5:9d:5a:a0:26:f0:0e:32:49:ed:dd:f6:ee:28:
         e0:f8:b1:8b:be:a8:29:74:14:5e:5a:ca:78:16:97:e7:03:63:
         20:2f:9b:fc:9e:4d:be:e1:7d:33:fe:00:43:07:65:cd:76:25:
         b0:04:49:ba:03:f3:af:ea:a7:2d:75:a5:7a:f6:59:d4:66:e1:
         13:86:40:b6:cb:1d:7f:14:dc:b7:75:86:91:e9:cf:8b:d5:c6:
         b4:7d:5f:7e:da:00:39:91:b0:9a:fb:10:74:41:8e:b9:af:2a:
         6d:74:74:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuE9iKcajs/R+GTk97ZZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NTE2ZGRjNzMzMWUyZTI2OWRjNTdkOWM3NjMyZjI1ZGU3
ZDBjNmUwHhcNMjQwMTAxMjAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDNjMTkzNDA0YmIxYTRkNzlmMDI3ZGYyZmYyNDM2NjRjMWE0ZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxR7mkHoZRa6Kx3UOOl0qGqORuAxB
quCCmYTgVKjvrbNTKVq6SqAwt3phsRX7RcvqV9hlRZeKVr9bhZzJinAR1/3rHBYC
uvaa/OEFREt/s8ZDp7oFcCwXTwNTsbTIyXvuZVlS+LSuVunhptWbyUkYXlIm2oNd
313v/9pZJ0WzLs9JNiFj+NzeqCPSOKRXZVHtASzSwhXsdz66KKYWNXqZS8094mQc
rkwlBqwbDypyhR8vWWXHUDRE4hS6WSW36EU15gKRxxZmotox8Xj/U7bHNRDk6UgU
Na7SvnAidGRZyMWM31VB50TLHKQUxMWwVycYMw7VPxlGa3Xa9Z62hf3pdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQ8GTQEuxpNefAn3y/yQ2ZMGk4hMB8GA1UdIwQY
MBaAFGVRbdxzMeLiadxX2cdjLyXefQxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlZGdDNITXg0dUpwM0ZmWngyTXZKZDU5REc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi84ZGVmMTItODk3ZS00ZTIyLWFhOGIt
ODM0YjljMTBiZjQ4LzEvdER3Wk5BUzdHazE1OENmZkxfSkRaa3dhVGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi84ZGVmMTItODk3ZS00ZTIyLWFhOGItODM0YjljMTBiZjQ4
LzEvWlZGdDNITXg0dUpwM0ZmWngyTXZKZDU5REc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwQfUMA0G
CSqGSIb3DQEBCwUAA4IBAQBTCKrkopZrr36edr//0EKk8j7fAMlJ7MRzQDCo+oz+
9Tukd1TQNWFBHkk8ln+dZ8pgUaorAjV4LsXrBG+RQ2bbX0Y5n1SysBXsUzGjFnef
YFx2gY0icDco2eG52GIssvlZlhWYPLk5sh+EQ9Xo78Jcyz6AAg7zN5NB9fc4kICa
EoVxlurQpUD1TVKcR+w7DkkAP9GFtZ1aoCbwDjJJ7d327ijg+LGLvqgpdBReWsp4
FpfnA2MgL5v8nk2+4X0z/gBDB2XNdiWwBEm6A/Ov6qctdaV69lnUZuEThkC2yx1/
FNy3dYaR6c+L1ca0fV9+2gA5kbCa+xB0QY65ryptdHTG
-----END CERTIFICATE-----