Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/4eleNmX005n7wlXVlehMTBHp9tw.roa
File:                     4eleNmX005n7wlXVlehMTBHp9tw.roa (raw, json)
Hash identifier:          5tRtBlf42R6PXZYfZGr+HDlBaIQdiVh4BjlyfhjnVHE=
Subject key identifier:   E1:E9:5E:36:65:F4:D3:99:FB:C2:55:D5:95:E8:4C:4C:11:E9:F6:DC
Certificate issuer:       /CN=3b13bf822592bd1b54b77cc2c1cc42b28ccf1669
Certificate serial:       018CC56EE541B742F7389E04EC7B1F4DD34C
Authority key identifier: 3B:13:BF:82:25:92:BD:1B:54:B7:7C:C2:C1:CC:42:B2:8C:CF:16:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OxO_giWSvRtUt3zCwcxCsozPFmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/4eleNmX005n7wlXVlehMTBHp9tw.roa
Signing time:             Mon 01 Jan 2024 14:30:28 +0000
ROA not before:           Mon 01 Jan 2024 14:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22773
IP address blocks:        213.178.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/OxO_giWSvRtUt3zCwcxCsozPFmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/OxO_giWSvRtUt3zCwcxCsozPFmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OxO_giWSvRtUt3zCwcxCsozPFmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e5:41:b7:42:f7:38:9e:04:ec:7b:1f:4d:d3:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b13bf822592bd1b54b77cc2c1cc42b28ccf1669
        Validity
            Not Before: Jan  1 14:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1e95e3665f4d399fbc255d595e84c4c11e9f6dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cf:89:40:ed:f8:46:7e:37:2b:b8:da:de:98:
                    4e:d1:38:81:69:15:7b:ab:af:78:8c:74:65:72:1e:
                    52:a8:48:ba:d5:c4:39:32:74:e8:33:25:af:c4:a0:
                    df:98:9b:61:70:22:57:43:ef:54:7f:f7:f3:29:97:
                    39:31:5b:cd:fd:a0:73:c8:bd:fa:d0:ec:dd:13:e6:
                    80:cb:99:3a:8a:08:bc:9d:1a:10:16:85:0b:78:0e:
                    fb:55:fd:c8:59:a1:4b:04:bf:12:3e:f1:ac:de:be:
                    db:6f:3c:09:c2:cb:d4:6d:8a:9b:63:db:32:9d:d1:
                    e2:05:a5:a5:25:5f:7d:10:fc:99:99:f4:c1:5d:9d:
                    73:49:c6:e2:1b:ba:8c:48:d5:ed:26:1f:6e:3e:39:
                    6b:2f:6e:8b:ff:83:ad:45:03:23:37:ce:66:bd:13:
                    d1:c8:a7:bf:14:4b:99:63:79:77:56:b6:11:0b:f1:
                    aa:a9:76:ed:09:b6:20:50:c7:3e:6c:2a:42:a1:2f:
                    c2:91:bd:dc:54:17:41:99:12:ff:0e:49:e5:6e:b7:
                    61:0e:41:f2:f9:9b:21:b9:51:14:1d:1f:0e:6c:db:
                    17:d5:3c:42:3d:bf:04:47:f2:8b:f9:38:65:da:b6:
                    81:e4:fe:24:e9:69:85:e3:48:f3:58:47:81:34:d7:
                    72:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:E9:5E:36:65:F4:D3:99:FB:C2:55:D5:95:E8:4C:4C:11:E9:F6:DC
            X509v3 Authority Key Identifier:
                keyid:3B:13:BF:82:25:92:BD:1B:54:B7:7C:C2:C1:CC:42:B2:8C:CF:16:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OxO_giWSvRtUt3zCwcxCsozPFmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/4eleNmX005n7wlXVlehMTBHp9tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/OxO_giWSvRtUt3zCwcxCsozPFmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:9e:f0:be:19:cd:f3:25:b9:01:90:e2:c1:94:0a:ca:c5:12:
         3d:4d:cf:c8:b5:ae:61:7c:96:ea:41:52:ec:77:e9:77:5e:90:
         f2:bb:58:de:25:af:b6:90:2c:d9:94:df:46:56:84:40:72:18:
         fd:ac:23:9c:48:d4:6d:94:55:b4:08:f6:57:cc:79:ef:04:83:
         fe:07:90:46:34:cf:af:9c:da:5b:f8:65:16:8a:bf:f0:f0:1d:
         aa:ed:6b:9b:64:c1:3d:38:cd:19:82:7b:b9:70:f4:a7:20:18:
         8d:7c:2d:2f:09:50:dd:30:72:60:b2:d0:81:94:41:3f:d8:ef:
         2a:e9:cb:f5:fd:ad:39:56:9a:2f:d3:2b:b6:c8:fd:81:f3:f8:
         6d:a0:60:db:ef:0a:77:a7:66:17:0e:cf:11:36:35:14:51:9b:
         cd:9b:38:87:e7:e5:0d:e1:12:27:6c:23:4f:33:5e:be:df:56:
         9a:a1:30:f4:74:c4:1a:d7:eb:3e:df:25:74:f9:ff:8a:c5:d5:
         fc:88:60:ff:c5:c7:14:ff:98:9f:29:02:34:e8:d3:80:10:e2:
         04:ce:af:37:74:ac:6a:da:0c:a1:51:88:24:9b:78:d6:ee:63:
         f8:0a:2e:b7:2d:3e:4a:f1:6c:c4:c6:48:12:60:47:08:b3:ff:
         a1:8b:d3:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuVBt0L3OJ4E7HsfTdNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMTNiZjgyMjU5MmJkMWI1NGI3N2NjMmMxY2M0MmIyOGNj
ZjE2NjkwHhcNMjQwMTAxMTQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWU5NWUzNjY1ZjRkMzk5ZmJjMjU1ZDU5NWU4NGM0YzExZTlmNmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArc+JQO34Rn43K7ja3phO0TiBaRV7
q694jHRlch5SqEi61cQ5MnToMyWvxKDfmJthcCJXQ+9Uf/fzKZc5MVvN/aBzyL36
0OzdE+aAy5k6igi8nRoQFoULeA77Vf3IWaFLBL8SPvGs3r7bbzwJwsvUbYqbY9sy
ndHiBaWlJV99EPyZmfTBXZ1zScbiG7qMSNXtJh9uPjlrL26L/4OtRQMjN85mvRPR
yKe/FEuZY3l3VrYRC/GqqXbtCbYgUMc+bCpCoS/Ckb3cVBdBmRL/DknlbrdhDkHy
+ZshuVEUHR8ObNsX1TxCPb8ER/KL+Thl2raB5P4k6WmF40jzWEeBNNdy6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHpXjZl9NOZ+8JV1ZXoTEwR6fbcMB8GA1UdIwQY
MBaAFDsTv4Ilkr0bVLd8wsHMQrKMzxZpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3hPX2dpV1N2UnRVdDN6Q3djeENzb3pQRm1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9hNjQwNjEtNTJjOS00M2RjLTllZTAt
NWFmZGUyOTRkMWMyLzEvNGVsZU5tWDAwNW43d2xYVmxlaE1UQkhwOXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9hNjQwNjEtNTJjOS00M2RjLTllZTAtNWFmZGUyOTRkMWMy
LzEvT3hPX2dpV1N2UnRVdDN6Q3djeENzb3pQRm1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bKPMA0G
CSqGSIb3DQEBCwUAA4IBAQCJnvC+Gc3zJbkBkOLBlArKxRI9Tc/Ita5hfJbqQVLs
d+l3XpDyu1jeJa+2kCzZlN9GVoRAchj9rCOcSNRtlFW0CPZXzHnvBIP+B5BGNM+v
nNpb+GUWir/w8B2q7WubZME9OM0Zgnu5cPSnIBiNfC0vCVDdMHJgstCBlEE/2O8q
6cv1/a05Vpov0yu2yP2B8/htoGDb7wp3p2YXDs8RNjUUUZvNmziH5+UN4RInbCNP
M16+31aaoTD0dMQa1+s+3yV0+f+KxdX8iGD/xccU/5ifKQI06NOAEOIEzq83dKxq
2gyhUYgkm3jW7mP4Ci63LT5K8WzExkgSYEcIs/+hi9Mm
-----END CERTIFICATE-----