Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/wsj837Y1SNFjOezJl4TN0j8mjYI.roa
File:                     wsj837Y1SNFjOezJl4TN0j8mjYI.roa (raw, json)
Hash identifier:          6NuuqxeL3fvf7kCk45DltQJ7ZGod/862RrRP4MTCWSQ=
Subject key identifier:   C2:C8:FC:DF:B6:35:48:D1:63:39:EC:C9:97:84:CD:D2:3F:26:8D:82
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       01934F3A213B542990B5826007662CFE6A78
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/wsj837Y1SNFjOezJl4TN0j8mjYI.roa
Signing time:             Thu 21 Nov 2024 14:57:09 +0000
ROA not before:           Thu 21 Nov 2024 14:57:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51396
IP address blocks:        213.21.232.0/24 maxlen: 24
                          213.21.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4f:3a:21:3b:54:29:90:b5:82:60:07:66:2c:fe:6a:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Nov 21 14:57:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2c8fcdfb63548d16339ecc99784cdd23f268d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:af:19:53:80:3c:b6:08:be:36:0c:52:c4:27:
                    03:92:cd:54:21:0b:23:8c:6c:7a:75:d7:38:bc:78:
                    7a:c3:ff:aa:4f:b0:a7:34:81:63:00:09:ac:c1:c8:
                    73:a7:12:62:72:db:67:39:30:1d:48:94:e4:2a:2e:
                    3d:8e:b2:7c:a0:d1:20:b6:7b:2b:c8:54:ce:2b:fb:
                    09:31:40:4f:72:03:16:df:14:c3:3c:d0:de:bc:1e:
                    f0:5d:2f:6d:8d:b4:90:9b:b7:e0:ef:62:f2:e8:84:
                    22:15:15:5c:f1:70:52:3e:8a:88:8c:45:8a:14:56:
                    d1:d3:b5:3a:50:92:f4:03:73:ec:dd:52:c2:f5:51:
                    04:cb:72:0b:e6:f4:12:bd:8c:4e:83:52:aa:0f:51:
                    26:58:6f:53:cc:46:d4:bd:fa:92:ff:73:00:fb:54:
                    11:cd:0b:ad:a0:7c:37:c8:08:f3:06:3f:95:7f:1d:
                    7e:1e:54:9d:71:40:8e:ce:92:f1:55:b3:fe:40:92:
                    50:82:cb:58:dc:35:f6:f2:ef:31:0b:67:52:8f:c3:
                    d9:9d:51:5e:50:2f:4b:5c:53:6c:7b:d9:07:f3:1c:
                    d5:df:75:16:7b:08:16:54:b3:37:6a:e1:9e:c8:c6:
                    dd:a1:71:bd:2b:88:c6:96:6e:0d:ab:fe:67:4f:3c:
                    b9:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C8:FC:DF:B6:35:48:D1:63:39:EC:C9:97:84:CD:D2:3F:26:8D:82
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/wsj837Y1SNFjOezJl4TN0j8mjYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.232.0/24
                  213.21.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:56:b8:ed:d6:23:df:2c:02:57:f1:25:78:a1:4d:a7:11:8e:
         c1:cd:18:3c:2f:79:06:f1:ef:ee:d3:fb:b1:7f:3a:79:93:38:
         e4:c6:fa:1a:3c:50:23:9a:17:50:d8:27:8e:97:f7:6f:e3:dc:
         70:a8:9a:88:b3:9e:2d:b7:17:22:21:a6:19:6c:70:4a:fc:0e:
         59:5b:b4:a8:a3:03:4d:d9:d1:68:6b:74:02:0d:ce:63:9b:52:
         fc:f1:3b:01:e7:d3:c9:2a:06:6e:98:74:fd:fd:2c:f6:71:57:
         bc:b1:07:d6:aa:7e:fa:a2:83:3d:48:aa:47:fe:fc:3c:0f:7c:
         43:6e:50:0a:14:fc:37:5a:ea:b8:8f:a9:57:99:42:5c:a9:8d:
         26:90:23:5d:ba:30:11:08:13:35:42:63:70:02:d4:dc:b5:b6:
         f9:66:99:66:12:8a:30:b5:b6:17:c7:51:5c:5e:ff:64:6f:ea:
         ac:50:ee:e5:fb:f3:84:5c:78:fa:db:f6:c8:42:16:2c:2a:24:
         cd:68:15:64:43:5a:b3:8d:82:aa:9c:a2:f9:db:47:b1:6c:1b:
         26:b0:a6:77:8b:2e:47:57:dc:e7:01:9e:17:f7:87:4c:77:da:
         d7:e6:9e:c0:4b:d2:7c:4e:52:d2:e7:4f:ab:df:1b:9c:b2:2c:
         37:e6:c3:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNPOiE7VCmQtYJgB2Ys/mp4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjQxMTIxMTQ1NzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmM4ZmNkZmI2MzU0OGQxNjMzOWVjYzk5Nzg0Y2RkMjNmMjY4ZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsK8ZU4A8tgi+NgxSxCcDks1UIQsj
jGx6ddc4vHh6w/+qT7CnNIFjAAmswchzpxJicttnOTAdSJTkKi49jrJ8oNEgtnsr
yFTOK/sJMUBPcgMW3xTDPNDevB7wXS9tjbSQm7fg72Ly6IQiFRVc8XBSPoqIjEWK
FFbR07U6UJL0A3Ps3VLC9VEEy3IL5vQSvYxOg1KqD1EmWG9TzEbUvfqS/3MA+1QR
zQutoHw3yAjzBj+Vfx1+HlSdcUCOzpLxVbP+QJJQgstY3DX28u8xC2dSj8PZnVFe
UC9LXFNse9kH8xzV33UWewgWVLM3auGeyMbdoXG9K4jGlm4Nq/5nTzy5EQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMLI/N+2NUjRYznsyZeEzdI/Jo2CMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvd3NqODM3WTFTTkZqT2V6Smw0VE4wajhtallJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1RXoAwQA
1RXtMA0GCSqGSIb3DQEBCwUAA4IBAQAxVrjt1iPfLAJX8SV4oU2nEY7BzRg8L3kG
8e/u0/uxfzp5kzjkxvoaPFAjmhdQ2CeOl/dv49xwqJqIs54ttxciIaYZbHBK/A5Z
W7SoowNN2dFoa3QCDc5jm1L88TsB59PJKgZumHT9/Sz2cVe8sQfWqn76ooM9SKpH
/vw8D3xDblAKFPw3Wuq4j6lXmUJcqY0mkCNdujARCBM1QmNwAtTctbb5ZplmEoow
tbYXx1FcXv9kb+qsUO7l+/OEXHj62/bIQhYsKiTNaBVkQ1qzjYKqnKL520exbBsm
sKZ3iy5HV9znAZ4X94dMd9rX5p7AS9J8TlLS50+r3xucsiw35sOc
-----END CERTIFICATE-----