Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/6lwxLrN65MFR2ZJIhwRQWmo7rcI.roa
File:                     6lwxLrN65MFR2ZJIhwRQWmo7rcI.roa (raw, json)
Hash identifier:          J2Te4fV9ob5tFSXM6rAhWsK7WOBaDle0ihkJlIQ+C80=
Subject key identifier:   EA:5C:31:2E:B3:7A:E4:C1:51:D9:92:48:87:04:50:5A:6A:3B:AD:C2
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       0193305225A3159C3693BC15D6AEEEBE5544
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/6lwxLrN65MFR2ZJIhwRQWmo7rcI.roa
Signing time:             Fri 15 Nov 2024 14:55:10 +0000
ROA not before:           Fri 15 Nov 2024 14:55:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32181
IP address blocks:        213.21.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:30:52:25:a3:15:9c:36:93:bc:15:d6:ae:ee:be:55:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Nov 15 14:55:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea5c312eb37ae4c151d992488704505a6a3badc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:cd:47:85:73:3f:c3:15:7e:35:79:09:72:cf:
                    82:9a:f0:cd:70:d8:a4:39:d9:fe:f6:df:be:42:ab:
                    ec:ad:d5:eb:64:88:0c:9a:56:e5:3f:35:7c:5a:47:
                    f3:b5:ce:17:f9:f5:1e:41:10:b6:ea:34:34:1e:a7:
                    c1:4f:8d:e4:23:e9:b4:79:1e:4f:72:3f:d1:50:dd:
                    5e:17:4e:60:ae:a4:87:c7:ce:e8:53:4d:81:53:76:
                    bf:b3:6a:c7:75:bf:c4:2d:df:ae:44:75:94:a1:b2:
                    b8:d0:ae:76:6c:ba:56:70:a6:e7:67:10:4f:38:f8:
                    44:b1:bb:f5:9f:dc:a7:25:e4:a2:72:d8:23:71:90:
                    21:06:27:33:fa:f4:32:b4:ea:0e:2d:0d:d0:2b:5b:
                    4b:1f:bc:52:e8:60:d1:1c:20:d9:51:46:a0:99:a8:
                    fe:f9:79:97:60:4b:4c:34:0a:7a:11:d1:d1:11:c8:
                    5d:12:a9:c8:46:18:4e:91:93:44:38:ca:27:dd:f3:
                    c5:47:9c:dc:6e:7a:55:0c:44:ab:f5:37:24:42:5a:
                    98:09:9e:13:18:f2:cd:96:78:98:3b:99:55:06:c2:
                    02:51:b7:71:c8:23:de:d8:f6:e6:18:20:09:9f:3e:
                    81:bd:53:8c:01:7f:3b:ce:8f:a6:c2:ec:46:1a:f1:
                    66:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:5C:31:2E:B3:7A:E4:C1:51:D9:92:48:87:04:50:5A:6A:3B:AD:C2
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/6lwxLrN65MFR2ZJIhwRQWmo7rcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:16:b9:02:a5:f6:e7:df:cb:63:a6:f0:51:94:77:da:ea:d2:
         fb:d5:e7:36:6d:85:8c:3c:3f:b4:99:78:73:c8:a7:6e:f5:ee:
         2d:48:c4:90:91:dc:21:29:1c:5a:c0:96:e5:05:6d:a6:79:89:
         c4:14:8a:8c:0a:47:cc:e4:f5:ee:d4:3f:f4:be:e0:62:c5:2b:
         09:9d:0f:e4:96:3c:24:6d:1c:6d:ad:b4:dd:28:fe:8d:ea:6f:
         76:3b:56:b6:77:a3:83:07:8d:04:1a:2f:69:cb:7d:3a:ab:cb:
         d3:bd:c4:d7:cc:c7:75:5b:95:af:8a:83:23:02:26:f1:41:ef:
         f9:1e:13:de:7c:69:31:c2:63:b1:db:88:67:a8:3c:bf:59:8b:
         bb:34:bd:a6:78:ad:70:4a:3e:cf:63:bb:8b:1c:46:9f:e9:51:
         39:61:93:0f:28:92:fd:76:64:4a:09:e7:b0:61:38:bd:1f:9b:
         fb:b4:a5:bc:3d:b4:7b:52:8e:14:ae:dc:d2:72:00:5c:28:17:
         6b:46:52:ec:e9:00:11:e1:ba:dd:f5:20:1a:70:10:43:01:fc:
         b7:12:5d:2b:4d:35:f0:ed:d4:fe:eb:8e:c6:af:4f:3b:b8:f3:
         7d:be:82:73:75:2e:2d:f0:02:6f:7f:73:6c:94:32:fa:df:c1:
         2b:c7:0c:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMwUiWjFZw2k7wV1q7uvlVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjQxMTE1MTQ1NTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTVjMzEyZWIzN2FlNGMxNTFkOTkyNDg4NzA0NTA1YTZhM2JhZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvc1HhXM/wxV+NXkJcs+CmvDNcNik
Odn+9t++QqvsrdXrZIgMmlblPzV8Wkfztc4X+fUeQRC26jQ0HqfBT43kI+m0eR5P
cj/RUN1eF05grqSHx87oU02BU3a/s2rHdb/ELd+uRHWUobK40K52bLpWcKbnZxBP
OPhEsbv1n9ynJeSictgjcZAhBicz+vQytOoOLQ3QK1tLH7xS6GDRHCDZUUagmaj+
+XmXYEtMNAp6EdHREchdEqnIRhhOkZNEOMon3fPFR5zcbnpVDESr9TckQlqYCZ4T
GPLNlniYO5lVBsICUbdxyCPe2PbmGCAJnz6BvVOMAX87zo+mwuxGGvFm9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpcMS6zeuTBUdmSSIcEUFpqO63CMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvNmx3eExyTjY1TUZSMlpKSWh3UlFXbW83cmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RXrMA0G
CSqGSIb3DQEBCwUAA4IBAQBnFrkCpfbn38tjpvBRlHfa6tL71ec2bYWMPD+0mXhz
yKdu9e4tSMSQkdwhKRxawJblBW2meYnEFIqMCkfM5PXu1D/0vuBixSsJnQ/kljwk
bRxtrbTdKP6N6m92O1a2d6ODB40EGi9py306q8vTvcTXzMd1W5WvioMjAibxQe/5
HhPefGkxwmOx24hnqDy/WYu7NL2meK1wSj7PY7uLHEaf6VE5YZMPKJL9dmRKCeew
YTi9H5v7tKW8PbR7Uo4UrtzScgBcKBdrRlLs6QAR4brd9SAacBBDAfy3El0rTTXw
7dT+647Gr087uPN9voJzdS4t8AJvf3NslDL638ErxwzM
-----END CERTIFICATE-----