Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/vbTBxrwzB75awQdnuHxvUmGSxrI.roa
File:                     vbTBxrwzB75awQdnuHxvUmGSxrI.roa (raw, json)
Hash identifier:          BNvntPsh9Cs3tqn2zXlS+7ZhQF3J782Zk6D2d5jtV8U=
Subject key identifier:   BD:B4:C1:C6:BC:33:07:BE:5A:C1:07:67:B8:7C:6F:52:61:92:C6:B2
Certificate issuer:       /CN=7299ce64a0f1624d7bb2d2969e5c11adbaa5485c
Certificate serial:       019425FBFBF18103FE2CAF0EB1B9E2F46826
Authority key identifier: 72:99:CE:64:A0:F1:62:4D:7B:B2:D2:96:9E:5C:11:AD:BA:A5:48:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cpnOZKDxYk17stKWnlwRrbqlSFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/vbTBxrwzB75awQdnuHxvUmGSxrI.roa
Signing time:             Thu 02 Jan 2025 07:47:38 +0000
ROA not before:           Thu 02 Jan 2025 07:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214499
IP address blocks:        212.232.20.0/23 maxlen: 23
                          2001:67c:21f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/cpnOZKDxYk17stKWnlwRrbqlSFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/cpnOZKDxYk17stKWnlwRrbqlSFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cpnOZKDxYk17stKWnlwRrbqlSFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fb:fb:f1:81:03:fe:2c:af:0e:b1:b9:e2:f4:68:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7299ce64a0f1624d7bb2d2969e5c11adbaa5485c
        Validity
            Not Before: Jan  2 07:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdb4c1c6bc3307be5ac10767b87c6f526192c6b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:92:55:42:d4:89:68:f3:5f:c8:4a:6d:c5:a9:
                    f3:b4:7b:25:99:ff:c2:d8:8f:43:39:32:1c:62:f6:
                    c6:5c:69:0a:9f:b1:11:03:10:1b:e0:91:15:2f:58:
                    94:05:36:c5:22:30:ca:6c:dc:31:30:3f:18:4c:dd:
                    48:30:8a:29:25:b9:08:71:7f:08:c2:d3:72:39:6b:
                    ed:0c:35:61:c7:e5:01:b6:e9:4d:4b:7e:8f:53:bb:
                    23:f8:97:49:3e:6f:08:bd:6e:bb:3d:dc:5a:ce:22:
                    71:13:96:9e:88:75:7b:d7:37:ce:06:08:21:8b:b8:
                    0e:8d:ac:06:97:f6:6e:80:16:2e:2d:c4:b9:76:46:
                    a5:8e:83:e7:7d:4f:ab:bc:17:7b:eb:3b:b6:0f:ce:
                    20:f4:18:56:67:47:12:c6:ec:da:af:82:07:e8:a0:
                    22:1b:fa:9a:d3:04:63:58:cc:0f:97:b1:f7:bc:b8:
                    a4:51:32:ba:f8:f9:70:8b:21:78:df:cc:ae:63:42:
                    c3:41:88:53:c1:eb:0b:0f:13:cf:0b:dd:f1:f6:c4:
                    02:6a:d9:f9:87:60:ff:48:59:1a:b9:12:38:ae:77:
                    ec:5c:94:77:bf:8c:58:27:6a:4b:16:f3:3c:9e:92:
                    2d:c9:c6:7e:d9:85:cf:fb:d2:c1:6e:31:75:4b:d7:
                    58:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:B4:C1:C6:BC:33:07:BE:5A:C1:07:67:B8:7C:6F:52:61:92:C6:B2
            X509v3 Authority Key Identifier:
                keyid:72:99:CE:64:A0:F1:62:4D:7B:B2:D2:96:9E:5C:11:AD:BA:A5:48:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cpnOZKDxYk17stKWnlwRrbqlSFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/vbTBxrwzB75awQdnuHxvUmGSxrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c20fba-5b67-438c-ab00-c7eb34e2dca6/1/cpnOZKDxYk17stKWnlwRrbqlSFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.232.20.0/23
                IPv6:
                  2001:67c:21f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:a5:99:14:04:91:ba:3e:3a:17:05:d6:b4:f6:84:e9:6a:5f:
         1c:4f:d9:e9:54:cf:75:2d:7d:5c:c9:83:9b:12:69:a4:9f:bf:
         74:7a:a1:ac:fd:6d:8c:b4:09:f4:b5:14:7b:02:be:6a:9c:f5:
         c0:dd:c9:06:4a:f9:90:02:01:d9:09:f4:27:fd:3f:e9:c8:86:
         42:24:52:3c:fd:82:f5:12:e7:30:ff:0b:62:5c:a3:92:bb:59:
         ab:d7:65:db:9a:d6:bb:35:e7:37:ff:a5:2b:4a:bd:f3:a0:e8:
         90:0f:94:4c:e7:ed:54:9a:f7:3f:92:38:d7:84:d0:49:44:b8:
         98:4e:cc:fe:94:75:90:f3:28:8b:40:aa:ba:42:88:fb:76:ce:
         e6:a6:9d:e1:72:dd:68:1b:02:b5:0d:7a:57:d1:00:22:82:79:
         f9:68:a2:08:09:55:9b:2a:4e:36:f1:50:86:71:2b:51:ff:91:
         41:e0:2c:be:5e:5c:1f:80:a6:92:20:cb:5a:39:aa:f8:ae:2f:
         62:c0:b9:c2:1e:79:c3:8b:53:ab:49:64:84:1e:c5:17:16:0e:
         1a:62:3b:2d:34:fa:72:1b:71:6f:3e:15:db:f3:41:12:02:c0:
         63:ae:7b:40:88:5d:7f:4e:7e:54:bd:b0:29:a0:30:ba:31:8c:
         7b:9a:a4:e6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQl+/vxgQP+LK8Osbni9GgmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOTljZTY0YTBmMTYyNGQ3YmIyZDI5NjllNWMxMWFkYmFh
NTQ4NWMwHhcNMjUwMTAyMDc0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGI0YzFjNmJjMzMwN2JlNWFjMTA3NjdiODdjNmY1MjYxOTJjNmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpJVQtSJaPNfyEptxanztHslmf/C
2I9DOTIcYvbGXGkKn7ERAxAb4JEVL1iUBTbFIjDKbNwxMD8YTN1IMIopJbkIcX8I
wtNyOWvtDDVhx+UBtulNS36PU7sj+JdJPm8IvW67PdxaziJxE5aeiHV71zfOBggh
i7gOjawGl/ZugBYuLcS5dkaljoPnfU+rvBd76zu2D84g9BhWZ0cSxuzar4IH6KAi
G/qa0wRjWMwPl7H3vLikUTK6+PlwiyF438yuY0LDQYhTwesLDxPPC93x9sQCatn5
h2D/SFkauRI4rnfsXJR3v4xYJ2pLFvM8npItycZ+2YXP+9LBbjF1S9dYwwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL20wca8Mwe+WsEHZ7h8b1JhksayMB8GA1UdIwQY
MBaAFHKZzmSg8WJNe7LSlp5cEa26pUhcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3BuT1pLRHhZazE3c3RLV25sd1JyYnFsU0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9jMjBmYmEtNWI2Ny00MzhjLWFiMDAt
YzdlYjM0ZTJkY2E2LzEvdmJUQnhyd3pCNzVhd1FkbnVIeHZVbUdTeHJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9jMjBmYmEtNWI2Ny00MzhjLWFiMDAtYzdlYjM0ZTJkY2E2
LzEvY3BuT1pLRHhZazE3c3RLV25sd1JyYnFsU0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQB1OgUMA8E
AgACMAkDBwAgAQZ8IfQwDQYJKoZIhvcNAQELBQADggEBADClmRQEkbo+OhcF1rT2
hOlqXxxP2elUz3UtfVzJg5sSaaSfv3R6oaz9bYy0CfS1FHsCvmqc9cDdyQZK+ZAC
AdkJ9Cf9P+nIhkIkUjz9gvUS5zD/C2Jco5K7WavXZdua1rs15zf/pStKvfOg6JAP
lEzn7VSa9z+SONeE0ElEuJhOzP6UdZDzKItAqrpCiPt2zuamneFy3WgbArUNelfR
ACKCeflooggJVZsqTjbxUIZxK1H/kUHgLL5eXB+AppIgy1o5qviuL2LAucIeecOL
U6tJZIQexRcWDhpiOy00+nIbcW8+FdvzQRICwGOue0CIXX9OflS9sCmgMLoxjHua
pOY=
-----END CERTIFICATE-----