Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/UFNUYByppkWKqISnCSdGrerzpqQ.roa
File:                     UFNUYByppkWKqISnCSdGrerzpqQ.roa (raw, json)
Hash identifier:          zee1PBdYS22IpyOBlmtwZo7lvxDow3yCYRKsMvl/xEA=
Subject key identifier:   50:53:54:60:1C:A9:A6:45:8A:A8:84:A7:09:27:46:AD:EA:F3:A6:A4
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       018CC4934ED23BAEC80338693B7A7ACFECD6
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/UFNUYByppkWKqISnCSdGrerzpqQ.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        213.21.230.0/24 maxlen: 24
                          213.21.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4e:d2:3b:ae:c8:03:38:69:3b:7a:7a:cf:ec:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=505354601ca9a6458aa884a7092746adeaf3a6a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:80:f5:81:f0:45:52:dc:5a:d1:0f:88:f6:c1:
                    6d:e9:70:39:65:f0:cf:b9:c7:31:0b:13:a7:c5:13:
                    72:58:87:79:33:e1:de:2a:33:96:11:f1:40:e2:39:
                    2e:0e:2a:ff:be:18:4e:82:33:9e:f8:30:cc:5d:b4:
                    64:5a:66:3d:ba:8f:02:c3:7f:28:01:d6:10:91:5a:
                    29:77:59:cd:d4:fe:c6:48:83:7b:8e:06:04:02:1e:
                    d4:2e:dd:04:af:0b:fd:b2:70:85:9c:c0:10:90:be:
                    fa:89:d2:5f:3d:08:87:d2:41:b3:3a:44:87:97:33:
                    67:8d:a8:87:a3:bc:ee:0e:ea:96:43:56:a5:e9:9f:
                    15:00:8c:0d:ef:83:44:f7:35:59:d0:2b:2f:07:35:
                    8e:87:fa:bf:df:d1:8c:58:6c:31:20:00:3b:42:47:
                    82:0f:fe:0d:6d:c0:be:be:59:b9:2a:ac:7b:7f:41:
                    e5:b6:6c:2f:db:02:a7:06:c6:cc:45:9d:70:05:55:
                    39:e9:4e:41:3c:8a:39:b4:6e:d8:68:f0:6e:72:04:
                    b6:e3:5b:e7:d0:55:ea:1f:3e:44:b9:e6:45:27:e6:
                    79:09:c5:4e:d6:ad:11:44:f9:62:49:7e:d1:83:41:
                    2b:62:cf:b6:14:69:65:ad:f6:46:af:ff:bc:83:24:
                    0b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:53:54:60:1C:A9:A6:45:8A:A8:84:A7:09:27:46:AD:EA:F3:A6:A4
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/UFNUYByppkWKqISnCSdGrerzpqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.230.0/24
                  213.21.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:75:25:51:b2:94:9e:a3:80:cb:d4:f8:97:e1:38:e3:75:64:
         83:18:38:9e:12:60:10:0b:66:c2:7f:db:6e:2b:21:03:63:45:
         a7:f8:f9:b7:2c:27:e0:b3:1d:2f:89:7f:a2:6b:38:17:b9:5d:
         d7:67:11:e3:2d:55:d7:fe:05:e7:bd:a5:fb:37:ee:ca:54:ba:
         6b:2b:c1:0c:a1:89:c5:91:84:80:03:0c:71:fe:ae:88:9b:52:
         79:a4:bb:25:cf:ef:36:02:a3:86:22:b6:ee:36:91:7e:4d:04:
         7c:73:30:45:90:41:e0:25:bc:3f:1d:e0:36:b8:57:a8:ce:23:
         16:05:4b:7c:a7:b9:fb:68:1d:76:dd:fd:7b:eb:72:c7:a1:4b:
         e7:dc:10:b5:5c:31:82:27:99:99:52:5f:c3:6e:56:be:f7:02:
         d6:22:c7:6b:e6:ef:96:f7:76:67:2e:45:d7:8a:e8:88:58:68:
         1d:d5:0d:80:d9:79:d6:71:2c:54:4e:c6:57:3e:6e:37:07:e9:
         b1:84:21:52:50:33:01:fd:5d:95:e2:a2:44:aa:28:3f:44:4c:
         7a:59:aa:49:96:3c:af:ef:ff:cc:49:28:df:df:17:e3:46:6a:
         f7:1d:33:d9:83:61:ce:d6:09:22:3d:7f:ee:bb:2c:7e:84:78:
         2f:66:2a:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk07SO67IAzhpO3p6z+zWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDUzNTQ2MDFjYTlhNjQ1OGFhODg0YTcwOTI3NDZhZGVhZjNhNmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14D1gfBFUtxa0Q+I9sFt6XA5ZfDP
uccxCxOnxRNyWId5M+HeKjOWEfFA4jkuDir/vhhOgjOe+DDMXbRkWmY9uo8Cw38o
AdYQkVopd1nN1P7GSIN7jgYEAh7ULt0Erwv9snCFnMAQkL76idJfPQiH0kGzOkSH
lzNnjaiHo7zuDuqWQ1al6Z8VAIwN74NE9zVZ0CsvBzWOh/q/39GMWGwxIAA7QkeC
D/4NbcC+vlm5Kqx7f0Hltmwv2wKnBsbMRZ1wBVU56U5BPIo5tG7YaPBucgS241vn
0FXqHz5EueZFJ+Z5CcVO1q0RRPliSX7Rg0ErYs+2FGllrfZGr/+8gyQLfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFBTVGAcqaZFiqiEpwknRq3q86akMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvVUZOVVlCeXBwa1dLcUlTbkNTZEdyZXJ6cHFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1RXmAwQA
1RXqMA0GCSqGSIb3DQEBCwUAA4IBAQAAdSVRspSeo4DL1PiX4TjjdWSDGDieEmAQ
C2bCf9tuKyEDY0Wn+Pm3LCfgsx0viX+iazgXuV3XZxHjLVXX/gXnvaX7N+7KVLpr
K8EMoYnFkYSAAwxx/q6Im1J5pLslz+82AqOGIrbuNpF+TQR8czBFkEHgJbw/HeA2
uFeoziMWBUt8p7n7aB123f1763LHoUvn3BC1XDGCJ5mZUl/Dbla+9wLWIsdr5u+W
93ZnLkXXiuiIWGgd1Q2A2XnWcSxUTsZXPm43B+mxhCFSUDMB/V2V4qJEqig/REx6
WapJljyv7//MSSjf3xfjRmr3HTPZg2HO1gkiPX/uuyx+hHgvZipj
-----END CERTIFICATE-----