Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/o4w3hLIRzpGbIJPYIf4uvRU0t4o.roa
File:                     o4w3hLIRzpGbIJPYIf4uvRU0t4o.roa (raw, json)
Hash identifier:          a5oMGQM7iGRQYbZtjSoZT4IRPvSllrw3VZphU1gzyY4=
Subject key identifier:   A3:8C:37:84:B2:11:CE:91:9B:20:93:D8:21:FE:2E:BD:15:34:B7:8A
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       018DBBBB2B7A28E77BAEFF0A7DA44853AE57
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/o4w3hLIRzpGbIJPYIf4uvRU0t4o.roa
Signing time:             Sun 18 Feb 2024 10:20:22 +0000
ROA not before:           Sun 18 Feb 2024 10:20:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        212.52.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bb:bb:2b:7a:28:e7:7b:ae:ff:0a:7d:a4:48:53:ae:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Feb 18 10:20:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a38c3784b211ce919b2093d821fe2ebd1534b78a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1e:74:8f:b1:cd:a7:e8:a9:86:cf:e6:bd:e2:
                    2e:92:b8:33:92:65:6d:ac:7d:9d:0d:ff:e1:3b:44:
                    bf:47:b4:e7:80:e9:b9:5e:85:e4:e8:76:44:18:f2:
                    bc:63:b0:d5:be:b8:35:d7:06:b9:3e:74:81:97:82:
                    67:fc:c1:a9:9f:f4:c6:54:64:b3:d0:e4:e4:ff:03:
                    7d:f8:57:30:86:44:5e:b5:ad:02:70:e0:98:3c:a2:
                    f3:50:aa:07:64:e8:ef:4c:2c:d2:70:9b:45:d7:ce:
                    d7:3d:5d:a7:ae:3b:29:55:ec:c6:4d:4d:8c:1a:7e:
                    59:5b:cb:e4:1f:c6:08:d5:6a:d9:a6:0b:fe:f9:62:
                    50:f3:56:c0:f8:6d:59:8c:46:30:c9:bd:cd:ac:d5:
                    72:ce:39:02:e7:e0:27:e6:89:7f:43:c1:f3:0c:35:
                    38:d4:40:df:be:ff:82:ef:c2:e5:f3:b5:03:d2:87:
                    d8:a3:ba:12:95:4c:7e:e8:7d:2c:ac:fe:31:55:30:
                    80:4a:ad:a3:5f:72:cd:57:5e:65:0f:a2:8f:72:ab:
                    49:2a:c9:c1:55:cb:08:0a:27:c6:af:1e:7a:fa:80:
                    7c:81:e8:bc:3a:4c:05:13:4b:9f:99:84:c9:5d:4d:
                    c3:04:a4:90:aa:e0:82:87:d2:2b:e6:1d:9b:4e:66:
                    fb:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:8C:37:84:B2:11:CE:91:9B:20:93:D8:21:FE:2E:BD:15:34:B7:8A
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/o4w3hLIRzpGbIJPYIf4uvRU0t4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.52.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:f8:46:2b:81:55:49:f8:43:39:d6:71:26:3f:4d:75:3c:22:
         4e:bf:eb:3e:b9:0b:44:43:e8:43:b4:ec:61:c8:6f:94:1a:da:
         f0:22:c5:f0:cf:6d:b7:12:85:5b:62:e6:99:bc:5e:96:13:e9:
         5d:c0:cf:14:52:bd:94:12:9d:eb:e8:fd:00:0f:79:cd:31:da:
         ca:75:b2:d4:5f:f7:c8:d0:06:6a:bf:a5:c8:80:41:6e:d0:4b:
         b8:b3:14:08:03:6d:20:e1:53:ed:d6:cd:98:d7:79:dc:d3:dd:
         fe:1e:c0:7c:94:44:f7:a0:bc:22:6f:f1:57:31:5e:52:e0:e5:
         48:6f:d3:1f:f7:e8:f0:68:6d:ed:0f:74:0c:45:62:2a:c8:53:
         ff:8a:37:36:26:d4:39:36:0b:14:7f:99:18:a0:62:5b:b7:e1:
         a0:56:7e:e9:a1:ba:05:11:fa:3e:dd:61:a2:41:de:7d:c0:e9:
         9a:07:af:2e:66:24:eb:27:d0:67:08:54:a8:4c:e3:d0:93:20:
         26:92:a3:4b:3e:a8:53:b1:dc:3a:f6:80:fb:1c:c9:75:7d:87:
         1b:21:88:34:51:dc:ec:1c:d4:14:31:84:86:b7:56:65:97:42:
         af:9e:ca:6a:6d:83:1e:60:6c:f9:8d:5c:90:88:cd:cd:49:a1:
         34:93:c0:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY27uyt6KOd7rv8KfaRIU65XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjQwMjE4MTAyMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzhjMzc4NGIyMTFjZTkxOWIyMDkzZDgyMWZlMmViZDE1MzRiNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqR50j7HNp+iphs/mveIukrgzkmVt
rH2dDf/hO0S/R7TngOm5XoXk6HZEGPK8Y7DVvrg11wa5PnSBl4Jn/MGpn/TGVGSz
0OTk/wN9+FcwhkReta0CcOCYPKLzUKoHZOjvTCzScJtF187XPV2nrjspVezGTU2M
Gn5ZW8vkH8YI1WrZpgv++WJQ81bA+G1ZjEYwyb3NrNVyzjkC5+An5ol/Q8HzDDU4
1EDfvv+C78Ll87UD0ofYo7oSlUx+6H0srP4xVTCASq2jX3LNV15lD6KPcqtJKsnB
VcsICifGrx56+oB8gei8OkwFE0ufmYTJXU3DBKSQquCCh9Ir5h2bTmb7HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOMN4SyEc6RmyCT2CH+Lr0VNLeKMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvbzR3M2hMSVJ6cEdiSUpQWUlmNHV2UlUwdDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DQGMA0G
CSqGSIb3DQEBCwUAA4IBAQCC+EYrgVVJ+EM51nEmP011PCJOv+s+uQtEQ+hDtOxh
yG+UGtrwIsXwz223EoVbYuaZvF6WE+ldwM8UUr2UEp3r6P0AD3nNMdrKdbLUX/fI
0AZqv6XIgEFu0Eu4sxQIA20g4VPt1s2Y13nc093+HsB8lET3oLwib/FXMV5S4OVI
b9Mf9+jwaG3tD3QMRWIqyFP/ijc2JtQ5NgsUf5kYoGJbt+GgVn7poboFEfo+3WGi
Qd59wOmaB68uZiTrJ9BnCFSoTOPQkyAmkqNLPqhTsdw69oD7HMl1fYcbIYg0Udzs
HNQUMYSGt1Zll0KvnspqbYMeYGz5jVyQiM3NSaE0k8CP
-----END CERTIFICATE-----