Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/hYAqnLW6U53mBu3CSfGfdUJjqys.roa
File:                     hYAqnLW6U53mBu3CSfGfdUJjqys.roa (raw, json)
Hash identifier:          N4i8jCqrsmU+pN9OaMIzQm+U6nmg5rt3k6YBGRQqVv0=
Subject key identifier:   85:80:2A:9C:B5:BA:53:9D:E6:06:ED:C2:49:F1:9F:75:42:63:AB:2B
Certificate issuer:       /CN=efd250f341ffcc3613b599ea96e0d19c2e6fe350
Certificate serial:       018CC2DAC3985BAD92F83A90B9F2B60D3699
Authority key identifier: EF:D2:50:F3:41:FF:CC:36:13:B5:99:EA:96:E0:D1:9C:2E:6F:E3:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/79JQ80H_zDYTtZnqluDRnC5v41A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/hYAqnLW6U53mBu3CSfGfdUJjqys.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        213.164.64.0/19 maxlen: 24
                          213.164.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/79JQ80H_zDYTtZnqluDRnC5v41A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/79JQ80H_zDYTtZnqluDRnC5v41A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/79JQ80H_zDYTtZnqluDRnC5v41A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c3:98:5b:ad:92:f8:3a:90:b9:f2:b6:0d:36:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efd250f341ffcc3613b599ea96e0d19c2e6fe350
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85802a9cb5ba539de606edc249f19f754263ab2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:77:bb:07:c1:af:37:d2:5b:ea:26:99:aa:7d:
                    51:ad:cb:48:45:d7:99:f4:e7:01:d5:48:6a:da:53:
                    67:88:b5:06:75:ef:36:59:de:fa:97:0d:6e:17:4d:
                    2d:07:26:71:5d:22:fb:3e:ea:e2:21:c6:47:6c:d3:
                    81:5e:c3:b6:1c:ed:4c:a3:24:84:b1:e4:12:82:41:
                    41:02:ba:e1:f7:e9:ad:a5:96:ee:34:a1:cc:55:14:
                    7d:30:e9:1f:54:c3:16:c3:15:3d:48:4c:f9:16:af:
                    a1:75:04:fd:3c:10:64:a7:29:ef:e6:b2:ce:45:7a:
                    a6:83:64:61:f7:a7:37:cb:c7:f3:56:c1:d8:20:63:
                    f2:c7:30:33:83:6d:37:10:64:14:47:e8:6d:0b:e3:
                    50:05:2b:36:99:c7:f3:84:8f:40:6b:41:5e:b6:bc:
                    08:38:c2:fc:b7:50:66:a1:74:fa:57:c6:36:55:d3:
                    90:ac:96:8e:0b:2c:2d:22:a0:99:59:53:35:9f:2f:
                    af:99:1e:3d:5c:c9:21:ff:81:88:67:fb:a7:4d:67:
                    99:c7:6e:a4:3f:e0:54:18:11:35:97:be:f6:b0:58:
                    35:9c:2f:29:3e:a4:43:41:11:fa:36:50:38:a6:8d:
                    02:d6:db:6d:14:11:a1:9e:07:94:2a:b7:f3:e3:0c:
                    13:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:80:2A:9C:B5:BA:53:9D:E6:06:ED:C2:49:F1:9F:75:42:63:AB:2B
            X509v3 Authority Key Identifier:
                keyid:EF:D2:50:F3:41:FF:CC:36:13:B5:99:EA:96:E0:D1:9C:2E:6F:E3:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/79JQ80H_zDYTtZnqluDRnC5v41A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/hYAqnLW6U53mBu3CSfGfdUJjqys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/79JQ80H_zDYTtZnqluDRnC5v41A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.164.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         31:61:8e:23:62:80:7e:93:f4:35:a5:4f:8e:4d:d4:eb:d0:9f:
         6a:ab:ce:4e:c0:20:d8:9b:fe:78:7b:6b:de:cb:67:0a:05:74:
         39:d7:6f:c5:c3:26:2f:cf:c4:85:1d:53:64:78:79:b2:db:c8:
         70:84:20:4c:98:04:fa:19:da:ae:27:0e:4c:2c:6b:00:89:9e:
         7e:c7:0e:4e:6e:59:1e:be:24:d5:94:ff:10:38:99:3b:4f:43:
         12:f0:ed:04:7a:0e:68:f8:ed:0f:3b:d7:db:f2:8f:44:ec:46:
         c9:42:87:81:fa:a7:2d:0f:10:b6:bc:b8:cd:77:0a:c7:ca:3b:
         aa:a2:b2:e6:e1:0f:83:7e:49:2a:a1:41:39:d1:40:21:43:ae:
         85:e1:24:93:dd:95:64:18:10:61:ba:84:6f:f2:72:55:74:94:
         d8:de:36:52:06:11:e8:55:fa:bf:09:62:1e:25:53:f9:d8:b4:
         72:7d:8c:d6:33:bc:d5:46:8a:38:cf:b6:80:86:e7:c8:c5:33:
         ba:fe:87:8d:de:c3:77:8a:2b:c5:06:60:42:aa:bf:bb:d8:c2:
         45:e9:8f:3a:b2:41:eb:0f:37:dd:19:6d:46:d1:a5:59:3f:aa:
         80:75:97:00:8b:45:7f:02:c4:4a:5e:84:66:95:ea:16:d3:13:
         df:fa:29:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sOYW62S+DqQufK2DTaZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZDI1MGYzNDFmZmNjMzYxM2I1OTllYTk2ZTBkMTljMmU2
ZmUzNTAwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTgwMmE5Y2I1YmE1MzlkZTYwNmVkYzI0OWYxOWY3NTQyNjNhYjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3e7B8GvN9Jb6iaZqn1RrctIRdeZ
9OcB1Uhq2lNniLUGde82Wd76lw1uF00tByZxXSL7PuriIcZHbNOBXsO2HO1MoySE
seQSgkFBArrh9+mtpZbuNKHMVRR9MOkfVMMWwxU9SEz5Fq+hdQT9PBBkpynv5rLO
RXqmg2Rh96c3y8fzVsHYIGPyxzAzg203EGQUR+htC+NQBSs2mcfzhI9Aa0FetrwI
OML8t1BmoXT6V8Y2VdOQrJaOCywtIqCZWVM1ny+vmR49XMkh/4GIZ/unTWeZx26k
P+BUGBE1l772sFg1nC8pPqRDQRH6NlA4po0C1tttFBGhngeUKrfz4wwTFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWAKpy1ulOd5gbtwknxn3VCY6srMB8GA1UdIwQY
MBaAFO/SUPNB/8w2E7WZ6pbg0Zwub+NQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzlKUTgwSF96RFlUdFpucWx1RFJuQzV2NDFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWRmM2MtYzQyYS00OWNjLTk1NmIt
MmE3MjE3NmQwYWJmLzEvaFlBcW5MVzZVNTNtQnUzQ1NmR2ZkVUpqcXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWRmM2MtYzQyYS00OWNjLTk1NmItMmE3MjE3NmQwYWJm
LzEvNzlKUTgwSF96RFlUdFpucWx1RFJuQzV2NDFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1aRAMA0G
CSqGSIb3DQEBCwUAA4IBAQAxYY4jYoB+k/Q1pU+OTdTr0J9qq85OwCDYm/54e2ve
y2cKBXQ512/FwyYvz8SFHVNkeHmy28hwhCBMmAT6GdquJw5MLGsAiZ5+xw5Oblke
viTVlP8QOJk7T0MS8O0Eeg5o+O0PO9fb8o9E7EbJQoeB+qctDxC2vLjNdwrHyjuq
orLm4Q+DfkkqoUE50UAhQ66F4SST3ZVkGBBhuoRv8nJVdJTY3jZSBhHoVfq/CWIe
JVP52LRyfYzWM7zVRoo4z7aAhufIxTO6/oeN3sN3iivFBmBCqr+72MJF6Y86skHr
DzfdGW1G0aVZP6qAdZcAi0V/AsRKXoRmleoW0xPf+inz
-----END CERTIFICATE-----