Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/gibppeWkb6BcMnYYfYpspwaMuYM.roa
File:                     gibppeWkb6BcMnYYfYpspwaMuYM.roa (raw, json)
Hash identifier:          LciJpsRZ8YWZUY6sBz6Y+XqWdD5HGkLo1waPJ+t14bY=
Subject key identifier:   82:26:E9:A5:E5:A4:6F:A0:5C:32:76:18:7D:8A:6C:A7:06:8C:B9:83
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       018CC4934D1E457DAD70ACC206AC8E6BA0B9
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/gibppeWkb6BcMnYYfYpspwaMuYM.roa
Signing time:             Mon 01 Jan 2024 10:30:36 +0000
ROA not before:           Mon 01 Jan 2024 10:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29066
IP address blocks:        213.21.228.0/24 maxlen: 24
                          213.21.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4d:1e:45:7d:ad:70:ac:c2:06:ac:8e:6b:a0:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jan  1 10:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8226e9a5e5a46fa05c3276187d8a6ca7068cb983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0a:45:5f:d8:72:d3:a3:eb:b8:47:49:2f:db:
                    fa:45:2a:6e:e0:be:79:d3:9d:04:40:4a:c1:bc:0a:
                    18:01:11:52:8d:10:98:0a:77:d6:af:a3:53:f0:2a:
                    fe:7d:1e:c8:69:32:40:0f:30:ab:a2:b7:94:00:1e:
                    0a:8e:af:9b:b3:e8:16:12:46:ac:a8:b5:45:87:81:
                    78:19:d8:c1:e8:20:20:0d:2c:4a:4e:f1:41:70:84:
                    13:05:39:e4:a8:6f:21:b3:06:cc:85:39:f8:e9:f5:
                    f7:38:68:7d:38:06:eb:7d:3f:60:a3:6b:aa:7e:9d:
                    fb:08:6c:dc:7e:bd:cf:43:e3:e0:2b:6b:14:ea:0a:
                    78:1f:f3:a5:c2:73:2c:77:55:42:89:d8:92:40:41:
                    13:6b:6f:9d:90:6a:99:73:ba:fc:d3:76:19:45:dd:
                    87:1a:73:c8:f6:2c:66:1f:91:72:56:85:36:2c:19:
                    34:bf:38:38:58:d7:d1:99:d4:8f:58:9a:57:85:f8:
                    32:e0:5a:06:83:ea:ab:0b:01:a4:3e:65:bd:a5:2c:
                    9e:4c:5d:e7:5f:80:1c:55:be:56:17:0b:65:b7:3f:
                    85:12:be:40:38:fc:8c:49:2c:b1:cb:fa:48:1f:dc:
                    55:ee:49:c2:d4:b4:d6:c3:31:39:42:09:e2:1a:f6:
                    db:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:26:E9:A5:E5:A4:6F:A0:5C:32:76:18:7D:8A:6C:A7:06:8C:B9:83
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/gibppeWkb6BcMnYYfYpspwaMuYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.228.0/24
                  213.21.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:f6:60:79:e9:ed:34:a3:2a:17:61:57:80:9f:3c:47:96:c7:
         e1:21:90:48:a6:94:b1:8e:27:05:e5:46:de:3c:5a:90:2c:5c:
         45:55:55:0f:75:51:9c:7e:67:9d:76:3e:8d:99:5f:4e:f4:3c:
         b8:dc:2a:d2:73:b4:be:2f:0d:69:bc:9b:09:9e:7f:ca:cb:01:
         20:8c:cd:55:5c:ce:ce:23:db:a0:62:6d:48:6d:5a:b4:5a:75:
         6c:e5:6f:49:8d:e6:bb:b0:3c:22:44:d1:b2:86:76:47:ab:bf:
         1c:12:e5:af:ad:4b:93:fc:4f:b8:c2:5d:4a:83:4a:26:7b:7f:
         d0:06:81:a3:f0:ea:5c:b7:8b:38:ac:97:8f:4b:25:e8:89:ce:
         8d:6f:99:fc:56:20:fc:1f:b4:5f:d8:88:89:dc:02:6e:f5:95:
         fd:e7:87:c9:2e:e5:ea:1a:0b:00:bb:22:2c:d5:31:38:3a:87:
         03:cc:3b:6c:f3:70:96:33:e3:c0:4c:5f:36:59:6d:07:a9:f6:
         07:28:1a:47:da:c6:bb:14:e1:79:a1:91:2e:c2:1e:75:1b:c9:
         a1:e8:14:db:e5:b7:0e:cb:dd:3c:09:37:5c:df:39:0b:8c:81:
         4e:35:50:84:f8:9d:68:5f:9a:d9:f8:ca:93:67:e5:40:9f:5e:
         58:f1:dc:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk00eRX2tcKzCBqyOa6C5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjQwMTAxMTAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjI2ZTlhNWU1YTQ2ZmEwNWMzMjc2MTg3ZDhhNmNhNzA2OGNiOTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQpFX9hy06PruEdJL9v6RSpu4L55
050EQErBvAoYARFSjRCYCnfWr6NT8Cr+fR7IaTJADzCroreUAB4Kjq+bs+gWEkas
qLVFh4F4GdjB6CAgDSxKTvFBcIQTBTnkqG8hswbMhTn46fX3OGh9OAbrfT9go2uq
fp37CGzcfr3PQ+PgK2sU6gp4H/OlwnMsd1VCidiSQEETa2+dkGqZc7r803YZRd2H
GnPI9ixmH5FyVoU2LBk0vzg4WNfRmdSPWJpXhfgy4FoGg+qrCwGkPmW9pSyeTF3n
X4AcVb5WFwtltz+FEr5AOPyMSSyxy/pIH9xV7knC1LTWwzE5QgniGvbbewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIIm6aXlpG+gXDJ2GH2KbKcGjLmDMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvZ2licHBlV2tiNkJjTW5ZWWZZcHNwd2FNdVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1RXkAwQA
1RXyMA0GCSqGSIb3DQEBCwUAA4IBAQAh9mB56e00oyoXYVeAnzxHlsfhIZBIppSx
jicF5UbePFqQLFxFVVUPdVGcfmeddj6NmV9O9Dy43CrSc7S+Lw1pvJsJnn/KywEg
jM1VXM7OI9ugYm1IbVq0WnVs5W9Jjea7sDwiRNGyhnZHq78cEuWvrUuT/E+4wl1K
g0ome3/QBoGj8Opct4s4rJePSyXoic6Nb5n8ViD8H7Rf2IiJ3AJu9ZX954fJLuXq
GgsAuyIs1TE4OocDzDts83CWM+PATF82WW0HqfYHKBpH2sa7FOF5oZEuwh51G8mh
6BTb5bcOy908CTdc3zkLjIFONVCE+J1oX5rZ+MqTZ+VAn15Y8dwK
-----END CERTIFICATE-----