Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/w-8z7LxGmSb5aP79seidJrrR-Gw.roa
File:                     w-8z7LxGmSb5aP79seidJrrR-Gw.roa (raw, json)
Hash identifier:          2OPuL4KzaLYhHLJ41CZTTKObRY5g17cjBdRjCM7eDcA=
Subject key identifier:   C3:EF:33:EC:BC:46:99:26:F9:68:FE:FD:B1:E8:9D:26:BA:D1:F8:6C
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       0193070CD40F45FEE1E6FA5BCF92DCAE8559
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/w-8z7LxGmSb5aP79seidJrrR-Gw.roa
Signing time:             Thu 07 Nov 2024 14:35:01 +0000
ROA not before:           Thu 07 Nov 2024 14:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213951
IP address blocks:        212.20.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:07:0c:d4:0f:45:fe:e1:e6:fa:5b:cf:92:dc:ae:85:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Nov  7 14:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3ef33ecbc469926f968fefdb1e89d26bad1f86c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:50:d6:6a:cd:96:6e:6b:33:7f:77:63:84:25:
                    55:68:50:78:2b:62:18:ff:b1:f6:28:6b:92:8a:4e:
                    39:05:6d:95:39:7a:0a:36:1b:0a:12:c1:aa:23:80:
                    81:67:18:8e:65:8e:21:19:c8:10:ba:3f:a5:37:de:
                    0a:cd:4f:d7:3f:fd:8e:91:52:0c:2e:19:b1:64:6c:
                    da:76:5a:c3:c0:23:a3:c8:f2:50:cc:fd:eb:30:b4:
                    2e:ea:24:3f:80:c9:11:5d:70:89:42:18:65:e6:23:
                    42:d9:22:f1:d4:f3:88:70:85:89:cc:fc:9a:35:6a:
                    cc:d7:03:95:5f:87:c4:f4:a4:1a:46:26:f1:c6:d4:
                    0f:57:a8:c1:90:0d:a7:2c:6c:fa:34:ca:4d:e8:c5:
                    9b:2e:69:7a:9c:33:5e:8c:c8:3e:73:4e:d7:a7:e2:
                    c7:3e:db:5c:c5:90:70:89:07:17:4d:9a:47:84:5b:
                    fe:ff:91:2f:44:67:5d:65:db:d3:4c:4c:80:5a:7f:
                    1c:27:19:e2:35:fd:44:fb:e2:12:1d:38:f2:5a:a8:
                    a3:75:6e:45:bc:b3:9c:e5:ce:94:37:65:01:01:fc:
                    53:34:68:b5:0d:c9:6b:ca:10:1f:67:7e:a3:ec:56:
                    45:15:8c:c8:0e:01:b8:c5:1c:5b:f9:26:0b:65:03:
                    17:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:EF:33:EC:BC:46:99:26:F9:68:FE:FD:B1:E8:9D:26:BA:D1:F8:6C
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/w-8z7LxGmSb5aP79seidJrrR-Gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.20.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ac:3d:89:7a:69:97:26:37:0c:70:55:1a:a2:d4:77:96:6f:
         04:44:da:78:eb:90:02:8f:e7:0b:da:9e:72:40:89:99:be:e3:
         b4:bc:34:68:ac:57:09:73:51:7d:e9:a1:8d:07:c9:26:0d:2d:
         29:15:a3:c5:60:16:3c:6b:0a:4b:b1:80:6a:49:1d:da:af:43:
         84:d0:20:d2:95:52:42:c8:15:0e:bb:fd:f7:eb:3a:8d:97:51:
         7f:59:ef:c9:77:b0:84:61:4c:e1:23:20:a6:36:37:6d:10:3b:
         c5:40:c7:fe:6e:51:cf:47:8d:39:02:00:29:f0:df:d7:88:88:
         c1:d3:e7:0b:d5:d1:ce:c2:7d:5a:a7:98:d2:bf:51:8d:49:63:
         38:a3:56:71:bc:1a:56:e3:fe:6c:9f:4e:6b:36:53:0d:ef:63:
         be:0e:9f:d4:d8:af:3e:1a:9b:d2:3d:b2:b4:51:26:7f:7a:05:
         63:18:7c:ae:53:5e:c5:d6:d6:0e:b4:da:e4:cb:ee:39:19:ea:
         17:67:a8:11:b8:8a:a3:d1:08:da:63:50:4d:d8:00:d9:ba:e5:
         32:66:7e:78:f2:41:68:d3:09:1c:1d:71:2e:38:30:1e:0d:a1:
         9f:32:13:2a:90:e1:4a:7f:a1:50:b6:26:1f:24:10:07:10:a7:
         4e:5c:1c:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMHDNQPRf7h5vpbz5LcroVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjQxMTA3MTQzNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2VmMzNlY2JjNDY5OTI2Zjk2OGZlZmRiMWU4OWQyNmJhZDFmODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1DWas2Wbmszf3djhCVVaFB4K2IY
/7H2KGuSik45BW2VOXoKNhsKEsGqI4CBZxiOZY4hGcgQuj+lN94KzU/XP/2OkVIM
LhmxZGzadlrDwCOjyPJQzP3rMLQu6iQ/gMkRXXCJQhhl5iNC2SLx1POIcIWJzPya
NWrM1wOVX4fE9KQaRibxxtQPV6jBkA2nLGz6NMpN6MWbLml6nDNejMg+c07Xp+LH
PttcxZBwiQcXTZpHhFv+/5EvRGddZdvTTEyAWn8cJxniNf1E++ISHTjyWqijdW5F
vLOc5c6UN2UBAfxTNGi1DclryhAfZ36j7FZFFYzIDgG4xRxb+SYLZQMXoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPvM+y8Rpkm+Wj+/bHonSa60fhsMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvdy04ejdMeEdtU2I1YVA3OXNlaWRKcnJSLUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BSXMA0G
CSqGSIb3DQEBCwUAA4IBAQBrrD2JemmXJjcMcFUaotR3lm8ERNp465ACj+cL2p5y
QImZvuO0vDRorFcJc1F96aGNB8kmDS0pFaPFYBY8awpLsYBqSR3ar0OE0CDSlVJC
yBUOu/336zqNl1F/We/Jd7CEYUzhIyCmNjdtEDvFQMf+blHPR405AgAp8N/XiIjB
0+cL1dHOwn1ap5jSv1GNSWM4o1ZxvBpW4/5sn05rNlMN72O+Dp/U2K8+GpvSPbK0
USZ/egVjGHyuU17F1tYOtNrky+45GeoXZ6gRuIqj0QjaY1BN2ADZuuUyZn548kFo
0wkcHXEuODAeDaGfMhMqkOFKf6FQtiYfJBAHEKdOXBwx
-----END CERTIFICATE-----