Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/gNpvThMgL6xEAvEpyTKcV-Ozrh4.roa
File:                     gNpvThMgL6xEAvEpyTKcV-Ozrh4.roa (raw, json)
Hash identifier:          jjcLUmUpKFM1bHOItpI9x815JZiM1yE8LjuR0Ezk8Fc=
Subject key identifier:   80:DA:6F:4E:13:20:2F:AC:44:02:F1:29:C9:32:9C:57:E3:B3:AE:1E
Certificate issuer:       /CN=3b13bf822592bd1b54b77cc2c1cc42b28ccf1669
Certificate serial:       018DAC039B9B7236E33451A8C999ACB7F6B0
Authority key identifier: 3B:13:BF:82:25:92:BD:1B:54:B7:7C:C2:C1:CC:42:B2:8C:CF:16:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OxO_giWSvRtUt3zCwcxCsozPFmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/gNpvThMgL6xEAvEpyTKcV-Ozrh4.roa
Signing time:             Thu 15 Feb 2024 09:05:33 +0000
ROA not before:           Thu 15 Feb 2024 09:05:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        213.178.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/OxO_giWSvRtUt3zCwcxCsozPFmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/OxO_giWSvRtUt3zCwcxCsozPFmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OxO_giWSvRtUt3zCwcxCsozPFmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:03:9b:9b:72:36:e3:34:51:a8:c9:99:ac:b7:f6:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b13bf822592bd1b54b77cc2c1cc42b28ccf1669
        Validity
            Not Before: Feb 15 09:05:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80da6f4e13202fac4402f129c9329c57e3b3ae1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d0:81:c9:9a:aa:0b:a4:98:f5:59:e2:36:cf:
                    42:c7:b2:88:05:64:67:f3:2d:12:c3:6a:ce:3e:3c:
                    63:bc:43:0a:b9:39:e1:9a:2f:26:3c:db:95:51:5e:
                    85:ec:38:35:0d:77:47:bf:08:18:16:59:40:7e:8e:
                    64:28:f9:3e:2f:47:bc:4c:19:80:90:d7:b3:ab:b5:
                    25:cb:d8:75:25:d9:b8:77:c9:da:e7:4b:1c:8d:81:
                    d4:35:32:6f:69:1d:95:73:a4:7f:97:af:c8:ec:bf:
                    6f:ba:8c:34:f4:bf:cd:56:b2:fc:21:cb:5b:2e:e7:
                    93:ea:e6:61:77:34:29:e3:63:9c:37:27:2a:52:2b:
                    a1:2b:32:a3:3a:d2:8d:fc:e6:cf:63:41:2b:be:79:
                    11:70:8d:b2:f2:df:c6:00:1f:96:e5:6e:44:99:98:
                    a5:8a:5e:5a:60:29:6b:6a:d4:14:7a:8c:04:91:fc:
                    55:3a:93:ee:57:b2:ab:1d:9e:87:f1:8f:cf:08:66:
                    f8:3b:c8:32:f1:2d:b3:65:65:c2:22:6e:a2:71:e9:
                    eb:80:41:4a:44:41:3a:2b:71:41:d1:8d:88:4b:84:
                    ff:01:56:9a:a8:78:da:84:d4:d4:6d:4f:5f:49:a0:
                    22:d1:5b:34:a6:b6:e3:36:d9:ca:24:72:ea:3c:0d:
                    70:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:DA:6F:4E:13:20:2F:AC:44:02:F1:29:C9:32:9C:57:E3:B3:AE:1E
            X509v3 Authority Key Identifier:
                keyid:3B:13:BF:82:25:92:BD:1B:54:B7:7C:C2:C1:CC:42:B2:8C:CF:16:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OxO_giWSvRtUt3zCwcxCsozPFmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/gNpvThMgL6xEAvEpyTKcV-Ozrh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/a64061-52c9-43dc-9ee0-5afde294d1c2/1/OxO_giWSvRtUt3zCwcxCsozPFmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:8c:79:ef:28:5d:ed:10:17:a0:12:45:45:aa:02:fb:ea:eb:
         6a:b4:51:27:87:2e:9a:ec:38:ec:d3:4e:16:3e:22:c0:73:5a:
         68:81:66:0c:d9:b2:58:ff:ea:36:e5:ca:df:c4:80:a4:a1:53:
         40:f6:f5:7b:3c:41:d1:a3:be:bd:b4:77:ec:0f:55:cf:ae:f1:
         6f:2d:e9:bc:d4:c5:4b:01:a3:a8:c1:1b:fa:37:dd:c9:04:b0:
         86:f2:3f:30:42:c9:ba:60:61:89:53:db:39:3f:17:e5:5b:2a:
         64:09:62:88:91:04:84:e6:e3:ea:44:28:c9:8b:05:b4:a7:a5:
         a3:d8:29:3d:f1:ac:5b:ab:dd:98:4f:b3:bd:07:e1:a7:df:de:
         1f:62:0e:32:f7:4e:c0:b9:85:56:47:8b:f6:cf:59:26:90:64:
         56:ae:4b:be:26:2f:43:8d:55:42:ae:5f:02:3d:ae:30:6a:c5:
         18:89:a1:63:9c:9b:ca:cf:b6:30:1c:73:f7:98:5a:e4:5d:37:
         8a:9c:8e:c1:e1:06:49:eb:54:4c:a7:d2:48:ee:16:c3:81:56:
         2f:0d:26:da:d4:8e:ef:b7:cc:2e:ba:c4:64:11:03:e4:5c:b2:
         9f:c3:56:56:fa:11:90:72:f8:55:71:db:a4:c2:f7:48:22:50:
         13:ef:45:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2sA5ubcjbjNFGoyZmst/awMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMTNiZjgyMjU5MmJkMWI1NGI3N2NjMmMxY2M0MmIyOGNj
ZjE2NjkwHhcNMjQwMjE1MDkwNTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGRhNmY0ZTEzMjAyZmFjNDQwMmYxMjljOTMyOWM1N2UzYjNhZTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9CByZqqC6SY9VniNs9Cx7KIBWRn
8y0Sw2rOPjxjvEMKuTnhmi8mPNuVUV6F7Dg1DXdHvwgYFllAfo5kKPk+L0e8TBmA
kNezq7Uly9h1Jdm4d8na50scjYHUNTJvaR2Vc6R/l6/I7L9vuow09L/NVrL8Ictb
LueT6uZhdzQp42OcNycqUiuhKzKjOtKN/ObPY0ErvnkRcI2y8t/GAB+W5W5EmZil
il5aYClratQUeowEkfxVOpPuV7KrHZ6H8Y/PCGb4O8gy8S2zZWXCIm6icenrgEFK
REE6K3FB0Y2IS4T/AVaaqHjahNTUbU9fSaAi0Vs0prbjNtnKJHLqPA1wzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDab04TIC+sRALxKckynFfjs64eMB8GA1UdIwQY
MBaAFDsTv4Ilkr0bVLd8wsHMQrKMzxZpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3hPX2dpV1N2UnRVdDN6Q3djeENzb3pQRm1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9hNjQwNjEtNTJjOS00M2RjLTllZTAt
NWFmZGUyOTRkMWMyLzEvZ05wdlRoTWdMNnhFQXZFcHlUS2NWLU96cmg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9hNjQwNjEtNTJjOS00M2RjLTllZTAtNWFmZGUyOTRkMWMy
LzEvT3hPX2dpV1N2UnRVdDN6Q3djeENzb3pQRm1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bKOMA0G
CSqGSIb3DQEBCwUAA4IBAQCPjHnvKF3tEBegEkVFqgL76utqtFEnhy6a7Djs004W
PiLAc1pogWYM2bJY/+o25crfxICkoVNA9vV7PEHRo769tHfsD1XPrvFvLem81MVL
AaOowRv6N93JBLCG8j8wQsm6YGGJU9s5PxflWypkCWKIkQSE5uPqRCjJiwW0p6Wj
2Ck98axbq92YT7O9B+Gn394fYg4y907AuYVWR4v2z1kmkGRWrku+Ji9DjVVCrl8C
Pa4wasUYiaFjnJvKz7YwHHP3mFrkXTeKnI7B4QZJ61RMp9JI7hbDgVYvDSba1I7v
t8wuusRkEQPkXLKfw1ZW+hGQcvhVcdukwvdIIlAT70XF
-----END CERTIFICATE-----