Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/CElCJSw-W2kVI2MjSAGMnSEF7C0.roa
File:                     CElCJSw-W2kVI2MjSAGMnSEF7C0.roa (raw, json)
Hash identifier:          KruhnqAlNx/S083StbP1UHllzU4Ylb73fh0HEKlmqzQ=
Subject key identifier:   08:49:42:25:2C:3E:5B:69:15:23:63:23:48:01:8C:9D:21:05:EC:2D
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       019349287B1154A03243279DDA84F34A9F29
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/CElCJSw-W2kVI2MjSAGMnSEF7C0.roa
Signing time:             Wed 20 Nov 2024 10:40:09 +0000
ROA not before:           Wed 20 Nov 2024 10:40:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        213.232.236.0/24 maxlen: 24
                          2a06:2840::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:49:28:7b:11:54:a0:32:43:27:9d:da:84:f3:4a:9f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Nov 20 10:40:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=084942252c3e5b691523632348018c9d2105ec2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:93:ef:98:93:c3:14:05:83:76:0c:66:d4:12:
                    79:2c:9f:33:13:43:fd:03:a4:46:20:84:61:72:2b:
                    39:8e:8e:28:f7:ea:de:82:8b:e2:bc:32:a6:a4:7a:
                    1c:71:5c:29:01:af:ea:8a:d1:1a:5b:2e:fc:bc:5b:
                    e7:fb:e6:60:ef:c7:55:0f:ba:57:a1:cb:7d:48:e8:
                    11:c2:90:b2:b1:24:3f:7d:da:0d:41:0f:fd:5c:dc:
                    99:76:04:44:32:dd:29:36:f4:15:2b:60:c5:f7:69:
                    9f:d7:e9:ce:88:93:69:ba:0c:97:b9:f6:d6:52:7d:
                    e0:18:50:96:10:c1:f9:d3:bd:b6:76:b8:bb:cd:bf:
                    3f:c9:9a:66:6d:b1:83:b7:b3:ba:ca:ca:bf:5e:12:
                    2a:49:d3:86:bf:25:bc:56:5f:05:83:08:18:52:6a:
                    f7:2c:08:94:1d:33:8a:27:5e:69:37:bd:fd:65:81:
                    3c:49:37:02:9b:2a:e6:95:4b:70:04:7a:b4:f7:84:
                    5c:f0:5c:4d:64:54:31:8c:74:f7:bf:a4:eb:6b:13:
                    b4:19:ee:56:da:ea:3d:ba:ca:5e:84:75:c8:53:01:
                    14:19:cb:96:e9:6d:c2:aa:cb:d0:34:8a:0e:9d:d7:
                    c2:91:b8:7d:5a:80:40:35:96:a9:68:62:63:3b:c8:
                    b0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:49:42:25:2C:3E:5B:69:15:23:63:23:48:01:8C:9D:21:05:EC:2D
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/CElCJSw-W2kVI2MjSAGMnSEF7C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.236.0/24
                IPv6:
                  2a06:2840::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:fe:b3:f4:42:6b:bb:24:cf:31:b4:26:48:3d:a6:b4:d7:f6:
         42:f4:59:5c:69:be:12:d3:0b:34:f6:12:4d:f4:3b:68:75:d1:
         23:7c:f4:d5:cd:16:e0:8c:27:f1:45:9f:bb:0c:c2:0d:90:17:
         ee:e1:5b:26:98:4d:61:cb:d8:bf:a1:79:ae:3e:9c:ec:e0:22:
         c7:88:85:20:90:9f:cb:30:a0:01:b8:cd:fc:c7:3d:72:02:66:
         6f:70:8e:00:1b:25:d3:a4:39:fe:66:85:20:bc:b2:e9:28:3c:
         38:d7:de:bc:b1:9b:ec:cc:ec:40:37:3a:b9:76:93:8b:14:27:
         b6:36:50:18:0e:ac:25:77:2d:ce:3b:98:93:3f:11:1b:2d:c1:
         e5:a4:4d:80:cf:d1:ce:d0:d9:60:c4:37:2b:ce:f3:32:a6:30:
         31:35:b1:60:c6:70:75:a9:47:2c:5b:c4:84:fb:97:99:a9:7b:
         24:26:fb:c1:05:fd:29:6b:68:fa:1e:de:a7:d0:77:7d:70:bb:
         a6:9f:69:27:6a:05:d8:ab:f0:24:de:f4:e5:4c:5d:d6:95:80:
         26:0e:2f:f1:af:be:d2:fb:1b:1c:0f:25:2f:13:c2:c2:7a:1d:
         6f:97:71:84:f0:8a:36:22:77:29:52:5d:79:51:67:d8:42:7f:
         84:37:1c:12
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZNJKHsRVKAyQyed2oTzSp8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjQxMTIwMTA0MDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODQ5NDIyNTJjM2U1YjY5MTUyMzYzMjM0ODAxOGM5ZDIxMDVlYzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJPvmJPDFAWDdgxm1BJ5LJ8zE0P9
A6RGIIRhcis5jo4o9+regovivDKmpHoccVwpAa/qitEaWy78vFvn++Zg78dVD7pX
oct9SOgRwpCysSQ/fdoNQQ/9XNyZdgREMt0pNvQVK2DF92mf1+nOiJNpugyXufbW
Un3gGFCWEMH50722dri7zb8/yZpmbbGDt7O6ysq/XhIqSdOGvyW8Vl8FgwgYUmr3
LAiUHTOKJ15pN739ZYE8STcCmyrmlUtwBHq094Rc8FxNZFQxjHT3v6TraxO0Ge5W
2uo9uspehHXIUwEUGcuW6W3CqsvQNIoOndfCkbh9WoBANZapaGJjO8iwkwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAhJQiUsPltpFSNjI0gBjJ0hBewtMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvQ0VsQ0pTdy1XMmtWSTJNalNBR01uU0VGN0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1ejsMA8E
AgACMAkDBwAqBihAAAAwDQYJKoZIhvcNAQELBQADggEBAAD+s/RCa7skzzG0Jkg9
prTX9kL0WVxpvhLTCzT2Ek30O2h10SN89NXNFuCMJ/FFn7sMwg2QF+7hWyaYTWHL
2L+hea4+nOzgIseIhSCQn8swoAG4zfzHPXICZm9wjgAbJdOkOf5mhSC8sukoPDjX
3ryxm+zM7EA3Orl2k4sUJ7Y2UBgOrCV3Lc47mJM/ERstweWkTYDP0c7Q2WDENyvO
8zKmMDE1sWDGcHWpRyxbxIT7l5mpeyQm+8EF/SlraPoe3qfQd31wu6afaSdqBdir
8CTe9OVMXdaVgCYOL/GvvtL7GxwPJS8TwsJ6HW+XcYTwijYidylSXXlRZ9hCf4Q3
HBI=
-----END CERTIFICATE-----