Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/29ikNcyfMGJL8GmtQRltXvPSJH0.roa
File:                     29ikNcyfMGJL8GmtQRltXvPSJH0.roa (raw, json)
Hash identifier:          BJoxt45VcYC1d4HxRIXGzQxe4CqrzBpZAtsTGyB580A=
Subject key identifier:   DB:D8:A4:35:CC:9F:30:62:4B:F0:69:AD:41:19:6D:5E:F3:D2:24:7D
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       019330522548AA9F046D64DAD9158F7FBF6B
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/29ikNcyfMGJL8GmtQRltXvPSJH0.roa
Signing time:             Fri 15 Nov 2024 14:55:10 +0000
ROA not before:           Fri 15 Nov 2024 14:55:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        213.21.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:30:52:25:48:aa:9f:04:6d:64:da:d9:15:8f:7f:bf:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Nov 15 14:55:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbd8a435cc9f30624bf069ad41196d5ef3d2247d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5f:73:cc:e7:22:a8:ff:5b:c0:03:1b:4d:1d:
                    41:3c:c4:7e:68:27:ee:77:fe:6b:41:66:06:de:01:
                    fa:2d:51:5e:44:6d:86:e0:3a:a7:ef:46:14:2b:ce:
                    0c:8f:c9:7a:c6:33:61:c2:a3:17:0f:87:9f:11:bc:
                    43:83:c3:46:1c:5d:ea:e7:dd:36:2f:a6:6a:35:96:
                    a8:1f:ac:7c:12:52:5e:9c:79:fc:2f:dd:44:d7:60:
                    6c:85:1e:ea:d8:74:63:50:b9:3e:a7:20:5a:0b:5a:
                    d7:5e:95:cd:5f:ed:40:65:26:d1:8d:51:de:99:5f:
                    33:e3:bd:a7:83:17:ca:c3:b0:ee:4d:65:40:c6:c4:
                    f3:a1:0a:52:49:41:13:75:e8:1e:10:bf:19:d8:fb:
                    18:66:c4:bd:82:78:34:b6:4a:46:45:4b:65:56:af:
                    41:4c:d2:58:42:14:24:ec:6d:91:4b:23:d5:c4:88:
                    7b:92:a0:71:43:fd:fe:ce:41:4e:fd:b1:24:21:b5:
                    32:2b:67:b6:3e:58:40:fe:ef:68:71:5f:f9:8b:e6:
                    53:d9:b5:c7:db:8f:fa:63:17:ed:d2:31:f8:51:3c:
                    17:00:30:8d:86:5d:ab:11:cb:01:c2:1a:02:b3:7d:
                    4f:a0:6a:ba:f1:cd:61:49:ec:4a:88:8f:a7:74:e1:
                    7a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D8:A4:35:CC:9F:30:62:4B:F0:69:AD:41:19:6D:5E:F3:D2:24:7D
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/29ikNcyfMGJL8GmtQRltXvPSJH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:fc:22:66:58:f2:83:cd:9b:4d:0e:f4:c0:28:7a:ea:7f:88:
         4d:35:b7:32:64:14:12:cf:07:ae:94:22:cd:1a:7c:b0:b4:8b:
         cc:e0:72:56:f1:ec:ae:e4:e7:c1:13:0e:dd:ae:71:32:fa:16:
         1d:ec:f6:7c:9f:ed:3b:99:4a:4d:f8:8a:67:35:b0:62:68:e0:
         72:d9:5b:69:f8:82:3e:73:9e:97:ae:31:e0:f6:ce:9d:e8:3e:
         a0:91:17:0a:17:63:b7:1a:28:f9:28:fe:84:64:be:31:6b:31:
         91:75:20:99:de:33:1f:e0:58:67:78:c8:cb:c4:2c:b3:1e:3c:
         25:71:c4:f1:8c:16:95:7a:62:41:e5:13:0d:c7:b1:a5:b1:4a:
         f2:e9:9d:d7:31:c1:f8:d3:94:35:0c:0d:1c:28:02:3a:23:1b:
         a8:d6:53:04:05:d8:e8:51:12:d6:2c:7d:6e:16:85:ee:14:cb:
         8d:aa:59:cc:36:98:f4:39:74:0a:e4:59:1a:fe:5c:17:b2:9d:
         27:49:de:b6:d8:fd:a1:79:5c:86:55:0c:73:6e:b9:b8:82:c2:
         51:3d:1c:96:d9:ad:ff:20:f0:26:82:d2:b5:39:01:1a:f7:29:
         64:05:f2:90:b0:a8:c6:9d:7e:32:33:d8:1a:6b:11:79:cd:79:
         fb:5b:38:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMwUiVIqp8EbWTa2RWPf79rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjQxMTE1MTQ1NTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQ4YTQzNWNjOWYzMDYyNGJmMDY5YWQ0MTE5NmQ1ZWYzZDIyNDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyV9zzOciqP9bwAMbTR1BPMR+aCfu
d/5rQWYG3gH6LVFeRG2G4Dqn70YUK84Mj8l6xjNhwqMXD4efEbxDg8NGHF3q5902
L6ZqNZaoH6x8ElJenHn8L91E12BshR7q2HRjULk+pyBaC1rXXpXNX+1AZSbRjVHe
mV8z472ngxfKw7DuTWVAxsTzoQpSSUETdegeEL8Z2PsYZsS9gng0tkpGRUtlVq9B
TNJYQhQk7G2RSyPVxIh7kqBxQ/3+zkFO/bEkIbUyK2e2PlhA/u9ocV/5i+ZT2bXH
24/6Yxft0jH4UTwXADCNhl2rEcsBwhoCs31PoGq68c1hSexKiI+ndOF67wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvYpDXMnzBiS/BprUEZbV7z0iR9MB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvMjlpa05jeWZNR0pMOEdtdFFSbHRYdlBTSkgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RX8MA0G
CSqGSIb3DQEBCwUAA4IBAQA8/CJmWPKDzZtNDvTAKHrqf4hNNbcyZBQSzweulCLN
GnywtIvM4HJW8eyu5OfBEw7drnEy+hYd7PZ8n+07mUpN+IpnNbBiaOBy2Vtp+II+
c56XrjHg9s6d6D6gkRcKF2O3Gij5KP6EZL4xazGRdSCZ3jMf4FhneMjLxCyzHjwl
ccTxjBaVemJB5RMNx7GlsUry6Z3XMcH405Q1DA0cKAI6Ixuo1lMEBdjoURLWLH1u
FoXuFMuNqlnMNpj0OXQK5Fka/lwXsp0nSd622P2heVyGVQxzbrm4gsJRPRyW2a3/
IPAmgtK1OQEa9ylkBfKQsKjGnX4yM9gaaxF5zXn7Wzgw
-----END CERTIFICATE-----