Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/kP7-2BrCdrR1vflyzN6bCG-bC4Y.roa
File:                     kP7-2BrCdrR1vflyzN6bCG-bC4Y.roa (raw, json)
Hash identifier:          uhNV7zf/NfCBx0RNf+uccZmVPDDvd1bgU3gAxdkEF5g=
Subject key identifier:   90:FE:FE:D8:1A:C2:76:B4:75:BD:F9:72:CC:DE:9B:08:6F:9B:0B:86
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       01944BCD63499D05F2A8460E2C7CA4D1F588
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/kP7-2BrCdrR1vflyzN6bCG-bC4Y.roa
Signing time:             Thu 09 Jan 2025 16:02:19 +0000
ROA not before:           Thu 09 Jan 2025 16:02:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207957
IP address blocks:        213.21.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4b:cd:63:49:9d:05:f2:a8:46:0e:2c:7c:a4:d1:f5:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jan  9 16:02:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90fefed81ac276b475bdf972ccde9b086f9b0b86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:0b:8e:e6:c7:73:3a:72:e6:68:01:15:b8:41:
                    e1:2b:2b:5a:8a:dc:1e:e8:91:a9:25:e3:5d:f1:87:
                    e9:ba:f4:35:4d:3e:bb:9a:61:df:f9:36:60:cf:d9:
                    48:8d:2d:f6:56:39:da:0f:02:c3:ed:2b:92:07:00:
                    86:0c:27:29:d4:2d:fa:c0:ee:dc:35:63:93:19:ba:
                    c1:14:b4:f1:c3:5f:de:63:dc:10:9d:85:d4:4b:2b:
                    9d:2e:20:9e:ab:4d:c5:a5:04:9a:e2:f9:b5:9d:b5:
                    30:2b:71:5e:a8:e3:52:4c:bf:7e:39:61:2e:f4:58:
                    f1:9a:d2:3a:39:f8:98:8f:ca:a0:44:f5:1b:af:f8:
                    3b:ef:85:9f:9e:1e:1d:c5:bf:3f:cc:a7:32:28:02:
                    dd:dd:cf:8e:ab:26:5e:03:27:ae:fd:98:f0:82:15:
                    f3:9f:75:0e:d7:09:1f:36:8f:88:33:8c:9f:52:bc:
                    07:de:31:37:bb:5f:bf:28:7c:b7:ab:95:d9:4c:a3:
                    09:2d:54:b7:ca:1b:fe:38:1e:dc:85:3f:44:41:07:
                    9c:3d:ce:55:33:27:18:55:b7:82:67:fc:d0:bf:60:
                    18:53:6e:27:c4:8b:35:8d:e1:c0:91:70:10:f1:f9:
                    6c:7d:e9:06:d9:ef:bf:00:5b:df:47:80:ab:08:99:
                    22:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:FE:FE:D8:1A:C2:76:B4:75:BD:F9:72:CC:DE:9B:08:6F:9B:0B:86
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/kP7-2BrCdrR1vflyzN6bCG-bC4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ea:cb:e5:1b:22:7e:5c:28:f0:03:e3:fa:91:fa:ef:f5:d2:
         86:76:98:a9:7f:d3:40:06:9b:8c:5a:94:bf:68:22:9f:e9:c1:
         b9:62:06:38:a6:e7:d7:0d:2e:e6:09:70:00:30:e9:4f:db:56:
         ef:d7:7f:26:9b:cd:c4:20:e2:c3:82:7c:38:99:7c:d9:03:fa:
         5e:89:4d:d3:66:14:e5:58:3b:69:11:e7:37:0a:04:fc:0b:81:
         5f:d7:66:dd:6e:da:46:b2:f4:9e:47:0c:b6:58:21:02:95:96:
         bc:9a:a8:58:e0:87:9e:16:c6:12:79:56:fd:f0:cc:d1:8e:99:
         40:06:d9:41:60:66:1e:54:b3:8d:e2:be:e8:46:27:9c:5b:34:
         1d:71:3d:a1:f9:99:e6:d8:ac:52:0f:63:2e:c2:bb:52:d9:4f:
         b7:cf:81:89:da:10:c4:23:9d:69:1c:0f:8a:f4:69:8d:39:14:
         4f:d8:da:b9:63:aa:14:40:c5:81:10:d8:d5:a7:9f:98:14:b0:
         23:f8:de:12:ea:a2:6f:d7:14:53:e0:68:f2:db:da:c9:54:58:
         69:dc:87:61:5a:5b:2c:95:b0:7c:d1:d7:81:dd:cf:ad:7f:fa:
         60:12:b6:6a:40:d8:49:43:3f:e0:8c:3e:4e:ed:7f:dc:42:77:
         d3:b9:e4:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRLzWNJnQXyqEYOLHyk0fWIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUwMTA5MTYwMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGZlZmVkODFhYzI3NmI0NzViZGY5NzJjY2RlOWIwODZmOWIwYjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5guO5sdzOnLmaAEVuEHhKytaitwe
6JGpJeNd8YfpuvQ1TT67mmHf+TZgz9lIjS32VjnaDwLD7SuSBwCGDCcp1C36wO7c
NWOTGbrBFLTxw1/eY9wQnYXUSyudLiCeq03FpQSa4vm1nbUwK3FeqONSTL9+OWEu
9FjxmtI6OfiYj8qgRPUbr/g774Wfnh4dxb8/zKcyKALd3c+OqyZeAyeu/ZjwghXz
n3UO1wkfNo+IM4yfUrwH3jE3u1+/KHy3q5XZTKMJLVS3yhv+OB7chT9EQQecPc5V
MycYVbeCZ/zQv2AYU24nxIs1jeHAkXAQ8flsfekG2e+/AFvfR4CrCJkiQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJD+/tgawna0db35cszemwhvmwuGMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEva1A3LTJCckNkclIxdmZseXpONmJDRy1iQzRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RXtMA0G
CSqGSIb3DQEBCwUAA4IBAQBb6svlGyJ+XCjwA+P6kfrv9dKGdpipf9NABpuMWpS/
aCKf6cG5YgY4pufXDS7mCXAAMOlP21bv138mm83EIOLDgnw4mXzZA/peiU3TZhTl
WDtpEec3CgT8C4Ff12bdbtpGsvSeRwy2WCEClZa8mqhY4IeeFsYSeVb98MzRjplA
BtlBYGYeVLON4r7oRiecWzQdcT2h+Znm2KxSD2MuwrtS2U+3z4GJ2hDEI51pHA+K
9GmNORRP2Nq5Y6oUQMWBENjVp5+YFLAj+N4S6qJv1xRT4Gjy29rJVFhp3IdhWlss
lbB80deB3c+tf/pgErZqQNhJQz/gjD5O7X/cQnfTueSI
-----END CERTIFICATE-----