Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/byPULx-h0hDBMwlrWP0NSIqmxag.roa
File:                     byPULx-h0hDBMwlrWP0NSIqmxag.roa (raw, json)
Hash identifier:          1EZ8C9VkIwAtkCaaPnQH3FhfJCpQmAnDvnOwml2odog=
Subject key identifier:   6F:23:D4:2F:1F:A1:D2:10:C1:33:09:6B:58:FD:0D:48:8A:A6:C5:A8
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB69BB1625091148FA9FFA238FE885
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/byPULx-h0hDBMwlrWP0NSIqmxag.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216202
IP address blocks:        213.109.98.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:69:bb:16:25:09:11:48:fa:9f:fa:23:8f:e8:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f23d42f1fa1d210c133096b58fd0d488aa6c5a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:db:22:4b:d7:19:1e:03:e3:b8:d9:98:cc:35:
                    1e:52:fd:1d:86:a4:fe:ae:6b:d9:37:e8:0b:1a:3a:
                    ad:75:cf:69:0a:c2:d2:d0:e5:04:66:30:75:05:fc:
                    d7:eb:f0:fe:76:1a:85:23:dc:42:c5:f2:12:57:4f:
                    5f:89:88:da:c8:d4:bd:e9:8a:a4:d8:20:14:9e:b6:
                    4d:48:23:a7:5d:cd:6a:68:ea:c2:bb:c3:33:af:d4:
                    69:75:aa:72:1b:9a:d4:a1:69:04:a5:07:52:64:56:
                    9b:08:b5:a8:c5:b0:f8:3c:a9:8a:dd:3b:c7:f4:0f:
                    c7:e6:57:6a:e4:c9:bf:13:64:48:22:4c:a5:b4:e1:
                    e1:4b:c1:27:60:52:60:65:28:39:60:e6:82:a2:2b:
                    3d:78:ce:2f:7b:9a:ee:76:51:1b:c4:02:2e:22:7c:
                    2f:39:b0:6f:74:cf:be:4e:65:7f:a4:0d:0d:17:af:
                    e6:41:d3:7f:7c:90:a6:a8:db:08:24:55:26:f6:5c:
                    1d:76:c2:11:4e:3a:fd:8a:93:32:54:8a:83:78:ba:
                    cd:2c:2b:18:ec:ea:54:d0:31:28:e1:5e:e4:17:0e:
                    01:b1:40:f9:5e:b3:f0:89:06:7d:38:44:71:d0:b3:
                    ae:e4:99:5a:64:d2:f5:93:78:88:9d:30:7d:64:4b:
                    cd:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:23:D4:2F:1F:A1:D2:10:C1:33:09:6B:58:FD:0D:48:8A:A6:C5:A8
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/byPULx-h0hDBMwlrWP0NSIqmxag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:e8:d1:fc:bf:62:37:00:b8:50:01:23:46:6a:0c:cf:54:d4:
         0f:96:a2:27:a8:04:2d:85:2c:36:1e:77:0b:1a:35:40:fe:e4:
         7b:f6:72:54:f6:1e:1b:33:81:a8:6f:99:89:db:e0:52:0b:d6:
         b6:9a:77:d2:4b:26:96:d8:21:bd:4b:b7:e4:67:22:f5:89:a4:
         5e:4c:9a:d8:d9:b4:51:76:f3:d7:44:e6:50:55:d0:42:b9:ef:
         43:ed:a6:42:bb:79:ff:36:7e:84:6c:6f:66:d5:e2:44:2c:f5:
         09:47:9b:6e:52:0c:ce:3f:d7:73:30:c7:f9:a1:5d:c8:7c:38:
         54:56:e6:7a:dc:82:d4:62:d0:30:e6:78:79:02:bb:e6:d4:69:
         ba:2e:c4:d8:dc:be:74:b0:28:81:08:49:c6:5c:63:74:a7:8b:
         28:bf:4d:e1:a0:ce:1b:0b:4e:a6:24:56:e8:39:23:4a:b7:d1:
         c9:81:8c:70:36:79:d6:c0:4f:a1:c1:1f:ab:4a:4c:70:d0:f9:
         f2:65:ab:52:9a:40:fe:9c:26:20:81:a1:1a:de:cf:88:07:6b:
         58:b4:05:85:12:00:92:a6:db:22:4e:29:07:df:89:4b:c5:9c:
         6c:89:88:47:e5:ab:57:d4:f3:44:92:c6:83:c4:8c:39:8a:e2:
         3a:9e:ad:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22m7FiUJEUj6n/ojj+iFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjIzZDQyZjFmYTFkMjEwYzEzMzA5NmI1OGZkMGQ0ODhhYTZjNWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNsiS9cZHgPjuNmYzDUeUv0dhqT+
rmvZN+gLGjqtdc9pCsLS0OUEZjB1BfzX6/D+dhqFI9xCxfISV09fiYjayNS96Yqk
2CAUnrZNSCOnXc1qaOrCu8Mzr9RpdapyG5rUoWkEpQdSZFabCLWoxbD4PKmK3TvH
9A/H5ldq5Mm/E2RIIkyltOHhS8EnYFJgZSg5YOaCois9eM4ve5rudlEbxAIuInwv
ObBvdM++TmV/pA0NF6/mQdN/fJCmqNsIJFUm9lwddsIRTjr9ipMyVIqDeLrNLCsY
7OpU0DEo4V7kFw4BsUD5XrPwiQZ9OERx0LOu5JlaZNL1k3iInTB9ZEvNsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8j1C8fodIQwTMJa1j9DUiKpsWoMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvYnlQVUx4LWgwaERCTXdscldQME5TSXFteGFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1W1iMA0G
CSqGSIb3DQEBCwUAA4IBAQAB6NH8v2I3ALhQASNGagzPVNQPlqInqAQthSw2HncL
GjVA/uR79nJU9h4bM4Gob5mJ2+BSC9a2mnfSSyaW2CG9S7fkZyL1iaReTJrY2bRR
dvPXROZQVdBCue9D7aZCu3n/Nn6EbG9m1eJELPUJR5tuUgzOP9dzMMf5oV3IfDhU
VuZ63ILUYtAw5nh5Arvm1Gm6LsTY3L50sCiBCEnGXGN0p4sov03hoM4bC06mJFbo
OSNKt9HJgYxwNnnWwE+hwR+rSkxw0PnyZatSmkD+nCYggaEa3s+IB2tYtAWFEgCS
ptsiTikH34lLxZxsiYhH5atX1PNEksaDxIw5iuI6nq3l
-----END CERTIFICATE-----