Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/tGPITckhqUHPOkHzgAni-AbvlNI.roa
File:                     tGPITckhqUHPOkHzgAni-AbvlNI.roa (raw, json)
Hash identifier:          qEohIke4JeavcOYOo8llKmu+TpPqL6th6J2m5d4WghA=
Subject key identifier:   B4:63:C8:4D:C9:21:A9:41:CF:3A:41:F3:80:09:E2:F8:06:EF:94:D2
Certificate issuer:       /CN=e50c22c66b85fac98de83d761ef4243437ab0393
Certificate serial:       019344FECE6666BFB576345194FC15B1D896
Authority key identifier: E5:0C:22:C6:6B:85:FA:C9:8D:E8:3D:76:1E:F4:24:34:37:AB:03:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/tGPITckhqUHPOkHzgAni-AbvlNI.roa
Signing time:             Tue 19 Nov 2024 15:16:09 +0000
ROA not before:           Tue 19 Nov 2024 15:16:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13170
IP address blocks:        213.255.163.0/24 maxlen: 24
                          213.255.164.0/24 maxlen: 24
                          213.255.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/5QwixmuF-smN6D12HvQkNDerA5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/5QwixmuF-smN6D12HvQkNDerA5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:fe:ce:66:66:bf:b5:76:34:51:94:fc:15:b1:d8:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e50c22c66b85fac98de83d761ef4243437ab0393
        Validity
            Not Before: Nov 19 15:16:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b463c84dc921a941cf3a41f38009e2f806ef94d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:45:b9:87:b1:73:12:cf:20:e0:d6:ee:ae:9a:
                    13:3a:3c:99:12:ba:3b:36:d0:62:27:40:db:3d:42:
                    8c:d5:55:28:f7:c3:8e:7c:c4:49:75:99:6a:e5:f6:
                    3d:06:4d:4f:de:e8:d7:51:0a:cc:c8:b0:2c:a7:a2:
                    e4:0e:ca:a2:6b:6f:a7:51:79:1a:ce:21:30:2f:67:
                    c2:68:c1:46:1d:d6:bc:30:c4:cb:5b:5e:c8:c6:3b:
                    d1:b1:d3:40:ca:a1:b2:25:0a:96:b4:e7:f0:4d:a8:
                    30:cb:d4:bb:af:ff:42:04:2d:5f:70:69:ce:77:18:
                    65:51:43:3b:9d:96:ee:7f:4b:fa:4d:09:cb:5d:1e:
                    05:63:69:c1:db:f3:8a:9f:c6:60:0b:ca:de:66:cd:
                    73:95:89:b7:e5:ff:f4:0a:52:29:cf:8a:34:9d:e3:
                    44:3d:89:1f:d9:aa:e0:d3:6a:05:59:c8:3e:53:c1:
                    eb:0d:1a:5a:a5:a2:1a:b5:21:21:a2:3f:da:d6:9d:
                    58:6d:59:89:6f:b3:05:bf:60:df:72:c0:1d:d7:af:
                    0c:2c:a8:ed:14:11:a2:42:30:f7:1b:40:67:53:31:
                    ff:23:96:61:08:29:bc:c1:cd:0b:5b:6a:ee:14:14:
                    e8:d6:d0:72:fa:3a:fa:85:36:89:66:27:e7:40:2b:
                    37:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:63:C8:4D:C9:21:A9:41:CF:3A:41:F3:80:09:E2:F8:06:EF:94:D2
            X509v3 Authority Key Identifier:
                keyid:E5:0C:22:C6:6B:85:FA:C9:8D:E8:3D:76:1E:F4:24:34:37:AB:03:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/tGPITckhqUHPOkHzgAni-AbvlNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/5QwixmuF-smN6D12HvQkNDerA5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.255.163.0-213.255.164.255
                  213.255.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2f:48:bc:c7:d3:e6:b0:06:b5:d1:8b:1e:56:75:fc:ee:61:
         ff:be:25:b1:7f:3c:52:a7:47:64:f5:75:ee:81:2a:de:8a:ca:
         06:79:44:fd:1f:70:a7:9c:e0:1c:1e:8e:c8:b9:2c:42:a2:ac:
         b5:5b:1d:c0:75:e3:58:93:1b:dc:cf:20:89:f5:64:df:43:bb:
         b9:40:57:27:8b:21:2d:78:df:13:b5:dc:15:7c:cd:ae:c8:1f:
         8f:1c:84:78:ab:68:74:1a:09:0b:5d:6b:f3:07:5b:b1:86:f8:
         9f:07:a6:9c:56:26:98:92:c6:50:19:43:92:40:d3:f9:a6:e0:
         d8:d5:c1:ee:dd:cb:2f:c2:97:8c:04:d4:55:7f:21:cf:3a:3c:
         5d:24:a3:88:f5:4b:d9:9c:ef:dd:d4:a7:51:42:86:85:78:ce:
         a2:50:82:4b:d9:39:d9:30:1f:1f:30:6e:a4:3f:8f:13:e0:a9:
         49:32:f8:13:56:83:86:16:06:a5:55:69:83:9c:7b:17:be:1c:
         12:27:55:45:ff:81:18:5c:f1:ff:11:35:8a:45:2b:fb:a2:b2:
         87:17:11:54:ef:db:32:26:32:55:5d:f6:b3:8c:88:1b:93:50:
         b7:6f:73:32:d5:b3:0b:46:a7:bc:ad:4b:dd:bb:d5:2b:e3:39:
         ca:b1:bf:22
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZNE/s5mZr+1djRRlPwVsdiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MGMyMmM2NmI4NWZhYzk4ZGU4M2Q3NjFlZjQyNDM0Mzdh
YjAzOTMwHhcNMjQxMTE5MTUxNjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDYzYzg0ZGM5MjFhOTQxY2YzYTQxZjM4MDA5ZTJmODA2ZWY5NGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6kW5h7FzEs8g4NburpoTOjyZEro7
NtBiJ0DbPUKM1VUo98OOfMRJdZlq5fY9Bk1P3ujXUQrMyLAsp6LkDsqia2+nUXka
ziEwL2fCaMFGHda8MMTLW17IxjvRsdNAyqGyJQqWtOfwTagwy9S7r/9CBC1fcGnO
dxhlUUM7nZbuf0v6TQnLXR4FY2nB2/OKn8ZgC8reZs1zlYm35f/0ClIpz4o0neNE
PYkf2arg02oFWcg+U8HrDRpapaIatSEhoj/a1p1YbVmJb7MFv2DfcsAd168MLKjt
FBGiQjD3G0BnUzH/I5ZhCCm8wc0LW2ruFBTo1tBy+jr6hTaJZifnQCs3KQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLRjyE3JIalBzzpB84AJ4vgG75TSMB8GA1UdIwQY
MBaAFOUMIsZrhfrJjeg9dh70JDQ3qwOTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVF3aXhtdUYtc21ONkQxMkh2UWtORGVyQTVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yYjdmZTktMmE4Ny00YzU3LWIxMDgt
OTIxNDI3ODEwOGE4LzEvdEdQSVRja2hxVUhQT2tIemdBbmktQWJ2bE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yYjdmZTktMmE4Ny00YzU3LWIxMDgtOTIxNDI3ODEwOGE4
LzEvNVF3aXhtdUYtc21ONkQxMkh2UWtORGVyQTVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADV/6MD
BADV/6QDBADV/7gwDQYJKoZIhvcNAQELBQADggEBABAvSLzH0+awBrXRix5Wdfzu
Yf++JbF/PFKnR2T1de6BKt6KygZ5RP0fcKec4Bwejsi5LEKirLVbHcB141iTG9zP
IIn1ZN9Du7lAVyeLIS143xO13BV8za7IH48chHiraHQaCQtda/MHW7GG+J8HppxW
JpiSxlAZQ5JA0/mm4NjVwe7dyy/Cl4wE1FV/Ic86PF0ko4j1S9mc793Up1FChoV4
zqJQgkvZOdkwHx8wbqQ/jxPgqUky+BNWg4YWBqVVaYOcexe+HBInVUX/gRhc8f8R
NYpFK/uisocXEVTv2zImMlVd9rOMiBuTULdvczLVswtGp7ytS9271SvjOcqxvyI=
-----END CERTIFICATE-----