Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/D7SIjoevgqy6r7A7o_EsE7ihoeU.roa
File:                     D7SIjoevgqy6r7A7o_EsE7ihoeU.roa (raw, json)
Hash identifier:          2Ig3X49ui6Q/Ywbm1UfFbQRONRZPViruwYhxnOMXSmo=
Subject key identifier:   0F:B4:88:8E:87:AF:82:AC:BA:AF:B0:3B:A3:F1:2C:13:B8:A1:A1:E5
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019156A28FD0FAB72F91E1E95916B8D74FC7
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/D7SIjoevgqy6r7A7o_EsE7ihoeU.roa
Signing time:             Thu 15 Aug 2024 15:22:59 +0000
ROA not before:           Thu 15 Aug 2024 15:22:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        213.108.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:56:a2:8f:d0:fa:b7:2f:91:e1:e9:59:16:b8:d7:4f:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Aug 15 15:22:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fb4888e87af82acbaafb03ba3f12c13b8a1a1e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d6:a9:ca:28:04:86:9e:34:4e:ff:07:38:e1:
                    b0:eb:0c:da:ee:34:0a:21:7c:99:67:73:a0:47:cb:
                    c2:af:a5:9d:6a:4f:c3:9c:89:86:99:b7:83:91:ad:
                    25:ef:95:9b:cf:32:46:b5:bd:65:fe:c8:bf:c5:20:
                    a0:26:c2:7e:ea:7e:c2:7b:b3:05:0b:62:d4:fe:ff:
                    56:b3:a2:5e:86:9c:ab:0b:a7:af:ff:e0:70:53:51:
                    5b:36:e9:44:d8:60:04:86:34:98:dd:ec:b4:ca:e9:
                    85:7e:9a:99:fd:dd:1b:aa:e3:0d:94:f9:12:6e:7b:
                    6e:99:23:3e:93:3a:be:99:23:fa:43:bf:32:a0:88:
                    85:65:f5:e4:23:3f:e1:2a:67:97:6f:7f:93:ca:66:
                    91:6f:26:7d:e4:c9:94:f5:d1:bf:21:31:a8:a6:24:
                    a4:25:cc:8d:24:ec:74:a0:0e:ca:05:0b:3e:f1:94:
                    93:35:88:29:d3:d7:2f:ee:7f:5c:a9:3c:f4:67:5b:
                    1d:dd:0f:ac:e8:2a:c1:14:e5:87:52:bd:a9:4a:61:
                    4f:f9:cf:13:d8:b8:b4:13:10:45:63:e4:b8:fd:cc:
                    f5:73:4a:fe:53:29:fc:67:f2:78:58:cf:b2:73:04:
                    b2:fb:a5:e2:32:41:1c:d5:3d:1c:0d:ba:47:57:38:
                    0d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:B4:88:8E:87:AF:82:AC:BA:AF:B0:3B:A3:F1:2C:13:B8:A1:A1:E5
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/D7SIjoevgqy6r7A7o_EsE7ihoeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:5a:a5:ef:de:49:86:25:96:bd:2f:e6:f1:ce:72:f1:07:c3:
         e8:46:05:7f:fe:33:f5:3e:30:e6:57:e5:84:4e:31:70:11:4e:
         c1:b0:e5:69:96:0f:e7:41:c5:10:db:7f:26:6a:a6:eb:fc:53:
         0b:fb:97:55:52:7d:76:01:44:54:4a:50:f8:f9:16:25:01:d2:
         6e:a8:28:3b:55:64:3a:da:ae:bf:db:34:f2:9d:90:e0:c2:18:
         0f:90:7d:71:12:44:12:94:79:33:a1:7a:8a:39:24:cc:5d:e1:
         c0:38:11:70:57:53:30:e3:38:96:4b:46:5b:90:d1:95:2f:4e:
         8d:2b:17:c6:2b:55:08:61:db:0b:2b:dc:91:51:d1:14:2b:86:
         11:f8:b6:98:8a:28:13:74:ef:56:53:f5:dd:90:06:c5:d5:18:
         4e:c0:60:cb:9c:28:df:38:cc:2c:3d:98:e0:08:ba:1e:8f:ba:
         67:0d:9e:60:22:47:30:c9:ac:47:bb:7c:4d:e3:24:a5:1f:3c:
         02:df:f3:0a:af:ca:c3:3e:6b:e3:24:ad:d4:08:57:32:12:76:
         8a:3a:19:7e:5f:a8:c2:de:60:43:61:b8:f5:a0:19:44:6b:69:
         0a:90:4f:f9:1b:3a:f3:bc:1f:3f:05:1a:66:f0:b9:24:9f:48:
         6d:73:8b:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFWoo/Q+rcvkeHpWRa410/HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwODE1MTUyMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmI0ODg4ZTg3YWY4MmFjYmFhZmIwM2JhM2YxMmMxM2I4YTFhMWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNapyigEhp40Tv8HOOGw6wza7jQK
IXyZZ3OgR8vCr6Wdak/DnImGmbeDka0l75WbzzJGtb1l/si/xSCgJsJ+6n7Ce7MF
C2LU/v9Ws6JehpyrC6ev/+BwU1FbNulE2GAEhjSY3ey0yumFfpqZ/d0bquMNlPkS
bntumSM+kzq+mSP6Q78yoIiFZfXkIz/hKmeXb3+TymaRbyZ95MmU9dG/ITGopiSk
JcyNJOx0oA7KBQs+8ZSTNYgp09cv7n9cqTz0Z1sd3Q+s6CrBFOWHUr2pSmFP+c8T
2Li0ExBFY+S4/cz1c0r+Uyn8Z/J4WM+ycwSy+6XiMkEc1T0cDbpHVzgNdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+0iI6Hr4Ksuq+wO6PxLBO4oaHlMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvRDdTSWpvZXZncXk2cjdBN29fRXNFN2lob2VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WzHMA0G
CSqGSIb3DQEBCwUAA4IBAQCjWqXv3kmGJZa9L+bxznLxB8PoRgV//jP1PjDmV+WE
TjFwEU7BsOVplg/nQcUQ238maqbr/FML+5dVUn12AURUSlD4+RYlAdJuqCg7VWQ6
2q6/2zTynZDgwhgPkH1xEkQSlHkzoXqKOSTMXeHAOBFwV1Mw4ziWS0ZbkNGVL06N
KxfGK1UIYdsLK9yRUdEUK4YR+LaYiigTdO9WU/XdkAbF1RhOwGDLnCjfOMwsPZjg
CLoej7pnDZ5gIkcwyaxHu3xN4ySlHzwC3/MKr8rDPmvjJK3UCFcyEnaKOhl+X6jC
3mBDYbj1oBlEa2kKkE/5GzrzvB8/BRpm8Lkkn0htc4vB
-----END CERTIFICATE-----