Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/cnpi4jaApnO9jCVHo6nvGluYR7k.roa
File:                     cnpi4jaApnO9jCVHo6nvGluYR7k.roa (raw, json)
Hash identifier:          JqZUvq9b67Z1VpE1zuOGgdeQTMQXj11C11YZVoqlh4Q=
Subject key identifier:   72:7A:62:E2:36:80:A6:73:BD:8C:25:47:A3:A9:EF:1A:5B:98:47:B9
Certificate issuer:       /CN=2457027e3a087b65f968b535e415f67432695876
Certificate serial:       01905E4ACCAF12EA87518E48A176CA6AF326
Authority key identifier: 24:57:02:7E:3A:08:7B:65:F9:68:B5:35:E4:15:F6:74:32:69:58:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFcCfjoIe2X5aLU15BX2dDJpWHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/cnpi4jaApnO9jCVHo6nvGluYR7k.roa
Signing time:             Fri 28 Jun 2024 10:01:18 +0000
ROA not before:           Fri 28 Jun 2024 10:01:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20546
IP address blocks:        213.216.11.0/24 maxlen: 24
                          213.216.13.0/24 maxlen: 24
                          213.216.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/JFcCfjoIe2X5aLU15BX2dDJpWHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/JFcCfjoIe2X5aLU15BX2dDJpWHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFcCfjoIe2X5aLU15BX2dDJpWHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5e:4a:cc:af:12:ea:87:51:8e:48:a1:76:ca:6a:f3:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2457027e3a087b65f968b535e415f67432695876
        Validity
            Not Before: Jun 28 10:01:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=727a62e23680a673bd8c2547a3a9ef1a5b9847b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:71:2e:3e:63:2c:60:9b:f8:c9:fc:6c:81:d2:
                    1b:ab:0a:67:e6:91:f5:47:62:6b:97:5c:15:f0:9d:
                    f6:74:68:71:3d:e9:72:b1:43:f2:c6:17:16:08:38:
                    53:62:b9:d8:fb:da:12:cc:6e:be:67:b2:9e:13:69:
                    d3:17:04:b6:25:1a:ad:af:09:95:8a:6f:c3:0d:29:
                    47:c2:3a:c7:79:a9:1c:db:97:5c:22:a1:d4:52:5c:
                    3c:f0:fa:9c:61:e6:31:b8:7c:5d:95:3c:af:7d:ed:
                    15:4a:93:85:4b:39:44:9a:3c:21:df:3a:f2:4b:30:
                    ef:9f:0e:7d:22:b2:62:25:ad:d8:29:8e:6c:a7:a9:
                    75:cf:81:33:f0:bd:d4:61:73:43:44:35:be:de:fb:
                    c0:1c:e3:4e:f7:6a:b7:37:22:6f:3e:01:e3:ce:fb:
                    03:b7:f1:ca:fa:f9:83:97:7e:6f:35:6e:94:cd:62:
                    87:97:66:ba:aa:6d:f4:01:51:1e:73:e7:f8:4b:06:
                    28:d0:e2:eb:df:4d:d6:cd:17:4d:61:65:35:8f:42:
                    55:1a:14:55:f4:34:b4:6a:4d:5f:e3:18:9e:b0:db:
                    07:a5:85:bb:4d:f9:4f:e2:d1:7a:56:a4:d5:5c:70:
                    22:60:ed:f8:5a:b1:2e:10:9a:2e:9f:9b:65:30:14:
                    3c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:7A:62:E2:36:80:A6:73:BD:8C:25:47:A3:A9:EF:1A:5B:98:47:B9
            X509v3 Authority Key Identifier:
                keyid:24:57:02:7E:3A:08:7B:65:F9:68:B5:35:E4:15:F6:74:32:69:58:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFcCfjoIe2X5aLU15BX2dDJpWHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/cnpi4jaApnO9jCVHo6nvGluYR7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/JFcCfjoIe2X5aLU15BX2dDJpWHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.216.11.0/24
                  213.216.13.0/24
                  213.216.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:05:8b:24:2f:e4:f1:38:b6:23:f5:83:c3:db:a6:3e:ec:5b:
         73:e7:a9:6a:7b:70:86:b6:32:6a:e5:5e:21:32:40:e2:1e:d5:
         89:17:3d:7f:e1:00:68:cd:ff:58:42:da:32:91:3f:2b:b0:a2:
         98:d3:4b:2a:e2:a3:df:d5:6e:4b:0b:db:69:d2:c2:08:41:48:
         ef:bd:22:af:27:aa:4e:03:96:81:f9:6f:9d:1b:0e:e4:c1:17:
         0d:ca:79:e6:8f:b8:5d:a6:06:dd:35:e4:42:4a:52:52:ad:42:
         6b:9e:94:20:b9:61:d3:bc:b7:45:a9:f0:db:71:aa:9b:aa:25:
         af:b1:c3:2b:70:bc:5b:87:4f:20:67:22:c1:23:49:a3:dc:fb:
         bc:55:1e:eb:f5:10:37:84:c6:67:91:d5:e4:01:9f:28:3f:31:
         44:df:23:db:b3:63:83:50:19:7d:2b:74:16:cb:a0:c9:4f:dd:
         d1:b8:ed:4f:b7:a9:1f:4a:11:07:be:22:3f:f6:14:fa:fb:91:
         6c:25:54:cd:68:33:07:30:49:27:08:d0:c4:70:98:36:b8:1b:
         f6:66:8a:b7:00:b2:22:2c:52:1a:38:73:ab:62:62:12:ce:c1:
         29:3c:f3:8e:c6:50:51:ec:c2:16:e5:5f:2a:83:7a:31:6a:45:
         b4:d0:83:f4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZBeSsyvEuqHUY5IoXbKavMmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTcwMjdlM2EwODdiNjVmOTY4YjUzNWU0MTVmNjc0MzI2
OTU4NzYwHhcNMjQwNjI4MTAwMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjdhNjJlMjM2ODBhNjczYmQ4YzI1NDdhM2E5ZWYxYTViOTg0N2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXEuPmMsYJv4yfxsgdIbqwpn5pH1
R2Jrl1wV8J32dGhxPelysUPyxhcWCDhTYrnY+9oSzG6+Z7KeE2nTFwS2JRqtrwmV
im/DDSlHwjrHeakc25dcIqHUUlw88PqcYeYxuHxdlTyvfe0VSpOFSzlEmjwh3zry
SzDvnw59IrJiJa3YKY5sp6l1z4Ez8L3UYXNDRDW+3vvAHONO92q3NyJvPgHjzvsD
t/HK+vmDl35vNW6UzWKHl2a6qm30AVEec+f4SwYo0OLr303WzRdNYWU1j0JVGhRV
9DS0ak1f4xiesNsHpYW7TflP4tF6VqTVXHAiYO34WrEuEJoun5tlMBQ8owIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHJ6YuI2gKZzvYwlR6Op7xpbmEe5MB8GA1UdIwQY
MBaAFCRXAn46CHtl+Wi1NeQV9nQyaVh2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZjQ2Zqb0llMlg1YUxVMTVCWDJkREpwV0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy85NWYzMjAtYzdkMy00MWRkLWIxMjUt
Yjc5ZDA4ZmExNzQ3LzEvY25waTRqYUFwbk85akNWSG82bnZHbHVZUjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy85NWYzMjAtYzdkMy00MWRkLWIxMjUtYjc5ZDA4ZmExNzQ3
LzEvSkZjQ2Zqb0llMlg1YUxVMTVCWDJkREpwV0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1dgLAwQA
1dgNAwQA1dgRMA0GCSqGSIb3DQEBCwUAA4IBAQAkBYskL+TxOLYj9YPD26Y+7Ftz
56lqe3CGtjJq5V4hMkDiHtWJFz1/4QBozf9YQtoykT8rsKKY00sq4qPf1W5LC9tp
0sIIQUjvvSKvJ6pOA5aB+W+dGw7kwRcNynnmj7hdpgbdNeRCSlJSrUJrnpQguWHT
vLdFqfDbcaqbqiWvscMrcLxbh08gZyLBI0mj3Pu8VR7r9RA3hMZnkdXkAZ8oPzFE
3yPbs2ODUBl9K3QWy6DJT93RuO1Pt6kfShEHviI/9hT6+5FsJVTNaDMHMEknCNDE
cJg2uBv2Zoq3ALIiLFIaOHOrYmISzsEpPPOOxlBR7MIW5V8qg3oxakW00IP0
-----END CERTIFICATE-----