Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/qeVR6Y0Vn10liar0P8ZD-sAkjM0.roa
File:                     qeVR6Y0Vn10liar0P8ZD-sAkjM0.roa (raw, json)
Hash identifier:          goRKBZZpQ7OPVKsJGI9xwhehMqzYudaQXTJjFjlZgpk=
Subject key identifier:   A9:E5:51:E9:8D:15:9F:5D:25:89:AA:F4:3F:C6:43:FA:C0:24:8C:CD
Certificate issuer:       /CN=efd250f341ffcc3613b599ea96e0d19c2e6fe350
Certificate serial:       018CC2DAC34329A23A57065259823C572709
Authority key identifier: EF:D2:50:F3:41:FF:CC:36:13:B5:99:EA:96:E0:D1:9C:2E:6F:E3:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/79JQ80H_zDYTtZnqluDRnC5v41A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/qeVR6Y0Vn10liar0P8ZD-sAkjM0.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13054
IP address blocks:        213.164.64.0/19 maxlen: 24
                          2a03:3500::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/79JQ80H_zDYTtZnqluDRnC5v41A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/79JQ80H_zDYTtZnqluDRnC5v41A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/79JQ80H_zDYTtZnqluDRnC5v41A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c3:43:29:a2:3a:57:06:52:59:82:3c:57:27:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efd250f341ffcc3613b599ea96e0d19c2e6fe350
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9e551e98d159f5d2589aaf43fc643fac0248ccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b3:43:af:de:90:b5:3e:1b:b8:38:2a:43:4c:
                    eb:e8:59:48:d8:34:7f:12:60:31:af:24:a6:4d:78:
                    7c:26:85:08:c5:f5:e1:2f:aa:d8:8a:44:2f:9d:75:
                    30:3a:46:4d:b1:41:2f:2d:19:0d:24:d7:51:4a:8c:
                    66:85:8f:4b:7e:6f:e8:67:ba:6e:51:d0:08:81:fb:
                    22:cf:4c:72:1b:e1:9d:f2:db:7d:d5:7c:d0:69:34:
                    cf:5b:5b:2b:49:af:0d:1d:d8:31:35:88:79:4e:13:
                    78:50:ea:10:ce:ac:1e:5c:1e:e3:e3:b2:05:08:59:
                    48:a5:d2:88:7d:cd:8f:6b:a8:11:80:f8:7f:85:64:
                    91:2e:89:91:65:3d:f0:29:eb:c2:1a:37:30:1f:26:
                    15:f0:ad:cd:5f:3f:3e:05:d4:64:f2:11:05:18:6a:
                    33:da:a4:d3:91:4d:c3:68:02:fc:87:be:bc:20:7e:
                    38:79:b0:02:0f:bb:bb:57:6f:e5:cd:67:86:42:d2:
                    b7:48:0d:4d:23:a2:ef:a0:1d:e2:a5:c2:f8:60:d2:
                    bd:27:eb:d0:37:9a:d3:c3:9e:6b:ee:a7:5a:2f:ca:
                    10:8d:ed:1c:14:02:e7:a9:5f:c4:d7:67:fa:a5:1b:
                    b8:65:9f:c1:89:3a:d5:2d:cc:0d:91:0e:ab:83:83:
                    0a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E5:51:E9:8D:15:9F:5D:25:89:AA:F4:3F:C6:43:FA:C0:24:8C:CD
            X509v3 Authority Key Identifier:
                keyid:EF:D2:50:F3:41:FF:CC:36:13:B5:99:EA:96:E0:D1:9C:2E:6F:E3:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/79JQ80H_zDYTtZnqluDRnC5v41A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/qeVR6Y0Vn10liar0P8ZD-sAkjM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11df3c-c42a-49cc-956b-2a72176d0abf/1/79JQ80H_zDYTtZnqluDRnC5v41A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.164.64.0/19
                IPv6:
                  2a03:3500::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:eb:85:ce:08:aa:08:84:43:5a:6c:ce:f4:f6:91:17:78:54:
         11:a9:6c:95:33:70:f8:a5:23:25:cb:d3:16:9f:a9:ec:36:14:
         ca:9c:d6:23:c7:57:93:42:01:74:8c:56:d0:50:a2:7c:8c:78:
         6e:17:8a:4a:00:2c:21:f9:b1:50:1e:d2:71:68:4d:62:ca:25:
         cc:32:12:dc:8e:0e:d3:db:35:18:80:6d:da:2c:55:5c:30:d2:
         d9:78:58:80:38:8e:23:b9:25:34:2b:3f:b1:4d:e7:6d:2e:72:
         d2:5b:f6:65:f2:11:37:9f:fc:0a:1e:ed:06:3f:63:56:78:fd:
         94:d1:2d:04:87:03:4c:5c:a2:52:a4:b2:cf:a7:26:7b:e4:57:
         50:02:b2:61:2e:92:a9:a1:c4:06:56:ae:0f:26:7d:81:57:d3:
         62:25:20:12:1b:8e:57:86:ca:dc:bd:94:9d:80:e7:7f:85:bb:
         0d:0f:cc:4d:59:27:14:68:41:24:70:e4:0f:ae:98:46:a5:ee:
         8e:66:81:cb:cb:13:be:62:71:73:36:14:0b:35:1b:2b:7c:0e:
         89:c1:0a:ad:97:72:fb:54:3f:9c:cb:46:8b:df:7c:5d:11:98:
         66:9b:4b:43:b4:5f:a1:de:c4:b0:4a:ac:09:8a:84:d7:d8:a3:
         f1:f5:a8:dc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2sNDKaI6VwZSWYI8VycJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZDI1MGYzNDFmZmNjMzYxM2I1OTllYTk2ZTBkMTljMmU2
ZmUzNTAwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWU1NTFlOThkMTU5ZjVkMjU4OWFhZjQzZmM2NDNmYWMwMjQ4Y2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLNDr96QtT4buDgqQ0zr6FlI2DR/
EmAxrySmTXh8JoUIxfXhL6rYikQvnXUwOkZNsUEvLRkNJNdRSoxmhY9Lfm/oZ7pu
UdAIgfsiz0xyG+Gd8tt91XzQaTTPW1srSa8NHdgxNYh5ThN4UOoQzqweXB7j47IF
CFlIpdKIfc2Pa6gRgPh/hWSRLomRZT3wKevCGjcwHyYV8K3NXz8+BdRk8hEFGGoz
2qTTkU3DaAL8h768IH44ebACD7u7V2/lzWeGQtK3SA1NI6LvoB3ipcL4YNK9J+vQ
N5rTw55r7qdaL8oQje0cFALnqV/E12f6pRu4ZZ/BiTrVLcwNkQ6rg4MKGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKnlUemNFZ9dJYmq9D/GQ/rAJIzNMB8GA1UdIwQY
MBaAFO/SUPNB/8w2E7WZ6pbg0Zwub+NQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzlKUTgwSF96RFlUdFpucWx1RFJuQzV2NDFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWRmM2MtYzQyYS00OWNjLTk1NmIt
MmE3MjE3NmQwYWJmLzEvcWVWUjZZMFZuMTBsaWFyMFA4WkQtc0Frak0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWRmM2MtYzQyYS00OWNjLTk1NmItMmE3MjE3NmQwYWJm
LzEvNzlKUTgwSF96RFlUdFpucWx1RFJuQzV2NDFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1aRAMA0E
AgACMAcDBQAqAzUAMA0GCSqGSIb3DQEBCwUAA4IBAQC064XOCKoIhENabM709pEX
eFQRqWyVM3D4pSMly9MWn6nsNhTKnNYjx1eTQgF0jFbQUKJ8jHhuF4pKACwh+bFQ
HtJxaE1iyiXMMhLcjg7T2zUYgG3aLFVcMNLZeFiAOI4juSU0Kz+xTedtLnLSW/Zl
8hE3n/wKHu0GP2NWeP2U0S0EhwNMXKJSpLLPpyZ75FdQArJhLpKpocQGVq4PJn2B
V9NiJSASG45XhsrcvZSdgOd/hbsND8xNWScUaEEkcOQPrphGpe6OZoHLyxO+YnFz
NhQLNRsrfA6JwQqtl3L7VD+cy0aL33xdEZhmm0tDtF+h3sSwSqwJioTX2KPx9ajc
-----END CERTIFICATE-----