Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/bKDzGVLS3_6865mtln3Kw5WmywQ.roa
File:                     bKDzGVLS3_6865mtln3Kw5WmywQ.roa (raw, json)
Hash identifier:          1z8bJ9Dv0gvS7Kzr3By8Hyv6gfSz5rRy8bS1g5sgkAA=
Subject key identifier:   6C:A0:F3:19:52:D2:DF:FE:BC:EB:99:AD:96:7D:CA:C3:95:A6:CB:04
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       0194228E02373B22DCC8D54A86D2D480F294
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/bKDzGVLS3_6865mtln3Kw5WmywQ.roa
Signing time:             Wed 01 Jan 2025 15:48:39 +0000
ROA not before:           Wed 01 Jan 2025 15:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215590
IP address blocks:        213.21.236.0/24 maxlen: 24
                          213.21.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:02:37:3b:22:dc:c8:d5:4a:86:d2:d4:80:f2:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jan  1 15:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ca0f31952d2dffebceb99ad967dcac395a6cb04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a6:ac:3e:f4:7f:e6:f5:8d:ab:42:24:86:34:
                    c7:a7:4c:19:ba:23:85:65:4a:04:bf:14:47:cb:c2:
                    17:b4:41:5b:77:ed:3f:ed:a7:a0:cf:c0:26:e9:a7:
                    c1:2d:6b:33:1c:cc:d3:a1:aa:19:af:a3:b5:14:8f:
                    7e:b8:3c:2a:b2:b0:94:b2:a4:67:70:17:a1:ab:ec:
                    86:70:ce:14:44:1a:f9:78:45:7e:ba:bb:d9:79:47:
                    e3:40:a2:ab:81:98:18:dc:19:5f:e1:98:ee:06:b0:
                    f9:86:28:61:77:a1:13:37:f3:a0:e2:a6:e7:0b:17:
                    3e:d2:51:5e:98:86:fb:3d:25:fb:52:a6:12:b0:02:
                    1d:0f:de:62:c2:ef:05:f0:83:f6:95:8a:d8:b2:bd:
                    07:1a:76:25:9c:6e:c9:78:eb:4c:65:f2:9e:86:72:
                    90:96:8c:d2:07:55:c3:11:c0:6c:2e:14:f5:e7:ca:
                    73:5b:ae:4e:49:33:45:5d:36:3a:c8:31:91:ce:74:
                    10:d5:8f:8f:6f:d0:e9:f9:8b:08:f3:f1:58:59:17:
                    fb:7f:e7:49:d8:9d:d4:ac:c8:91:24:02:d9:d1:8f:
                    67:3e:9b:56:64:43:71:9b:f5:31:16:b0:cd:08:d1:
                    c3:fc:e5:08:f3:90:37:19:64:59:02:8a:e0:42:88:
                    38:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A0:F3:19:52:D2:DF:FE:BC:EB:99:AD:96:7D:CA:C3:95:A6:CB:04
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/bKDzGVLS3_6865mtln3Kw5WmywQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.236.0/24
                  213.21.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:1c:e6:ea:97:90:0e:b8:86:88:24:56:b7:ff:0f:f1:5f:07:
         0f:9b:a7:89:e1:02:a7:97:17:9e:be:40:49:0f:45:9b:e4:06:
         90:5c:53:47:9b:d4:7f:b4:74:1e:fa:4c:0b:1a:6f:2f:73:07:
         7e:13:0c:01:91:52:10:ec:1d:76:00:9a:3d:83:5e:c2:68:f1:
         8e:1b:33:d6:ef:66:e0:13:91:b9:39:74:79:ff:2a:40:86:34:
         d1:cc:18:57:3c:08:61:d7:65:57:7a:70:f4:1f:11:77:67:2f:
         34:cc:36:21:56:6f:79:4f:50:73:7b:3f:8b:02:c2:bd:47:62:
         73:d7:1e:30:3f:fe:c7:28:2c:3b:c1:ec:72:1b:d3:4e:1a:02:
         25:13:71:b7:97:84:9a:a4:37:41:9f:49:33:7c:e9:52:bc:f5:
         46:50:d5:af:47:dd:68:c6:26:3e:40:4a:65:a0:fc:4f:8a:3e:
         c4:e7:78:ad:4b:2e:d8:01:a2:9b:2a:06:1f:ff:01:71:10:d7:
         4b:d7:65:81:f3:85:43:52:c6:08:87:6e:22:5f:29:d4:7c:65:
         9c:8f:3d:3f:15:36:11:ef:af:e8:95:33:7b:39:b5:9d:6f:af:
         e7:8b:2b:e8:e2:d5:19:99:ec:ab:72:f8:ee:06:54:83:cd:c1:
         56:81:5e:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijgI3OyLcyNVKhtLUgPKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUwMTAxMTU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2EwZjMxOTUyZDJkZmZlYmNlYjk5YWQ5NjdkY2FjMzk1YTZjYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraasPvR/5vWNq0IkhjTHp0wZuiOF
ZUoEvxRHy8IXtEFbd+0/7aegz8Am6afBLWszHMzToaoZr6O1FI9+uDwqsrCUsqRn
cBehq+yGcM4URBr5eEV+urvZeUfjQKKrgZgY3Blf4ZjuBrD5hihhd6ETN/Og4qbn
Cxc+0lFemIb7PSX7UqYSsAIdD95iwu8F8IP2lYrYsr0HGnYlnG7JeOtMZfKehnKQ
lozSB1XDEcBsLhT158pzW65OSTNFXTY6yDGRznQQ1Y+Pb9Dp+YsI8/FYWRf7f+dJ
2J3UrMiRJALZ0Y9nPptWZENxm/UxFrDNCNHD/OUI85A3GWRZAorgQog45wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGyg8xlS0t/+vOuZrZZ9ysOVpssEMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvYktEekdWTFMzXzY4NjVtdGxuM0t3NVdteXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1RXsAwQA
1RX9MA0GCSqGSIb3DQEBCwUAA4IBAQBeHObql5AOuIaIJFa3/w/xXwcPm6eJ4QKn
lxeevkBJD0Wb5AaQXFNHm9R/tHQe+kwLGm8vcwd+EwwBkVIQ7B12AJo9g17CaPGO
GzPW72bgE5G5OXR5/ypAhjTRzBhXPAhh12VXenD0HxF3Zy80zDYhVm95T1Bzez+L
AsK9R2Jz1x4wP/7HKCw7wexyG9NOGgIlE3G3l4SapDdBn0kzfOlSvPVGUNWvR91o
xiY+QEploPxPij7E53itSy7YAaKbKgYf/wFxENdL12WB84VDUsYIh24iXynUfGWc
jz0/FTYR76/olTN7ObWdb6/niyvo4tUZmeyrcvjuBlSDzcFWgV6q
-----END CERTIFICATE-----