Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/6tZMrE3QwmAA_a_zaTRDrm333wA.roa
File:                     6tZMrE3QwmAA_a_zaTRDrm333wA.roa (raw, json)
Hash identifier:          bnemZ/bWDNt6ioLBFR2fxDsCbwzPXU+h6frw08drJ10=
Subject key identifier:   EA:D6:4C:AC:4D:D0:C2:60:00:FD:AF:F3:69:34:43:AE:6D:F7:DF:00
Certificate issuer:       /CN=f57a4812a159ef6a9e92972e7572ad662d72215a
Certificate serial:       018CC2DB52A01F2DA53321386AD54F8550C3
Authority key identifier: F5:7A:48:12:A1:59:EF:6A:9E:92:97:2E:75:72:AD:66:2D:72:21:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9XpIEqFZ72qekpcudXKtZi1yIVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/6tZMrE3QwmAA_a_zaTRDrm333wA.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49029
IP address blocks:        212.23.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/9XpIEqFZ72qekpcudXKtZi1yIVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/9XpIEqFZ72qekpcudXKtZi1yIVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9XpIEqFZ72qekpcudXKtZi1yIVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:52:a0:1f:2d:a5:33:21:38:6a:d5:4f:85:50:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f57a4812a159ef6a9e92972e7572ad662d72215a
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ead64cac4dd0c26000fdaff3693443ae6df7df00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:2c:75:70:0e:74:31:83:43:4b:e1:22:e6:8c:
                    7d:60:4a:5e:f0:3b:76:74:51:33:df:aa:01:3d:91:
                    c4:c8:32:ca:29:f2:c3:82:3a:e4:96:a8:31:c2:8b:
                    7f:43:ff:b6:73:ea:15:58:13:aa:c3:86:e9:e8:a8:
                    e8:5c:2d:3d:63:b9:6c:71:b9:59:4e:8b:1a:96:50:
                    69:86:c8:7c:cd:59:c1:e5:f2:71:19:96:74:4b:48:
                    f3:b8:0b:a5:fd:22:d6:cf:66:1f:0e:05:6f:2a:7f:
                    87:52:d4:fb:13:d5:98:c7:69:2e:3e:6f:68:e9:7b:
                    97:d7:2b:d9:2f:aa:e9:b0:54:2d:d4:e6:e3:cf:45:
                    a2:67:b9:64:53:6d:62:35:3a:a3:02:c2:a0:77:3c:
                    2e:f6:55:35:fb:af:67:c8:b0:74:2a:2b:a9:b4:91:
                    31:ce:8e:46:19:2e:89:35:75:04:f7:a8:0a:2f:7c:
                    32:f0:9c:61:20:99:d8:21:ec:55:b6:d3:48:b6:cc:
                    71:47:65:ed:7b:d7:0b:b2:8b:92:27:e6:3f:4c:cf:
                    d9:bf:cb:3e:be:b7:64:78:0b:d8:89:08:de:dc:ad:
                    bc:b4:1c:a1:b9:6e:6e:c4:01:89:6f:25:e9:7a:f6:
                    17:e7:33:33:6d:a0:32:26:eb:7a:56:d1:2a:0d:52:
                    6b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D6:4C:AC:4D:D0:C2:60:00:FD:AF:F3:69:34:43:AE:6D:F7:DF:00
            X509v3 Authority Key Identifier:
                keyid:F5:7A:48:12:A1:59:EF:6A:9E:92:97:2E:75:72:AD:66:2D:72:21:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9XpIEqFZ72qekpcudXKtZi1yIVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/6tZMrE3QwmAA_a_zaTRDrm333wA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4fbe10-9487-4115-9856-beb70fd415ca/1/9XpIEqFZ72qekpcudXKtZi1yIVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:e1:cf:7d:ac:ed:3e:e1:9a:ab:39:9b:14:c2:70:31:27:88:
         cc:9e:72:0d:a9:09:f2:71:9f:3e:3c:cf:2c:84:b5:b5:70:c4:
         f1:c6:76:4b:9e:93:5a:36:28:8c:43:e5:e4:28:82:f9:fe:c0:
         92:38:5c:c7:0e:56:45:6e:30:1e:b2:71:00:92:28:f2:6f:b7:
         7e:58:72:4a:76:69:51:b8:77:a1:c6:bc:d6:9a:e4:fd:9c:06:
         34:e6:ec:2a:e3:c6:91:56:cd:de:7a:a6:45:d6:67:01:d4:2b:
         f1:21:b5:2e:05:ec:dc:6b:ac:53:84:26:71:18:9b:a1:a4:ae:
         27:27:38:41:4e:a1:86:0b:41:37:a9:ac:6d:20:24:96:dc:59:
         73:e6:9f:96:d3:1c:27:48:1d:2b:ce:1a:4b:ad:13:1d:27:01:
         5d:18:4f:e9:15:e1:2c:d0:93:ae:a6:b4:9a:73:a6:cf:64:6b:
         11:61:ae:b6:bf:d3:90:34:da:1e:ab:9c:d5:5b:7f:85:8c:67:
         1c:eb:02:91:e8:49:1f:4d:06:d5:22:a6:ea:a5:a3:ee:8f:95:
         f5:6e:81:49:ed:20:c4:32:eb:9d:00:be:ee:27:26:f8:48:e9:
         ef:56:b3:e0:78:e1:85:69:0b:9b:2e:18:f7:9b:d7:b5:d3:4a:
         bd:3c:b3:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21KgHy2lMyE4atVPhVDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1N2E0ODEyYTE1OWVmNmE5ZTkyOTcyZTc1NzJhZDY2MmQ3
MjIxNWEwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWQ2NGNhYzRkZDBjMjYwMDBmZGFmZjM2OTM0NDNhZTZkZjdkZjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Sx1cA50MYNDS+Ei5ox9YEpe8Dt2
dFEz36oBPZHEyDLKKfLDgjrklqgxwot/Q/+2c+oVWBOqw4bp6KjoXC09Y7lscblZ
TosallBphsh8zVnB5fJxGZZ0S0jzuAul/SLWz2YfDgVvKn+HUtT7E9WYx2kuPm9o
6XuX1yvZL6rpsFQt1Objz0WiZ7lkU21iNTqjAsKgdzwu9lU1+69nyLB0KiuptJEx
zo5GGS6JNXUE96gKL3wy8JxhIJnYIexVttNItsxxR2Xte9cLsouSJ+Y/TM/Zv8s+
vrdkeAvYiQje3K28tByhuW5uxAGJbyXpevYX5zMzbaAyJut6VtEqDVJr/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrWTKxN0MJgAP2v82k0Q65t998AMB8GA1UdIwQY
MBaAFPV6SBKhWe9qnpKXLnVyrWYtciFaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVhwSUVxRlo3MnFla3BjdWRYS3RaaTF5SVZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80ZmJlMTAtOTQ4Ny00MTE1LTk4NTYt
YmViNzBmZDQxNWNhLzEvNnRaTXJFM1F3bUFBX2FfemFUUkRybTMzM3dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80ZmJlMTAtOTQ4Ny00MTE1LTk4NTYtYmViNzBmZDQxNWNh
LzEvOVhwSUVxRlo3MnFla3BjdWRYS3RaaTF5SVZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfRMA0G
CSqGSIb3DQEBCwUAA4IBAQAb4c99rO0+4ZqrOZsUwnAxJ4jMnnINqQnycZ8+PM8s
hLW1cMTxxnZLnpNaNiiMQ+XkKIL5/sCSOFzHDlZFbjAesnEAkijyb7d+WHJKdmlR
uHehxrzWmuT9nAY05uwq48aRVs3eeqZF1mcB1CvxIbUuBezca6xThCZxGJuhpK4n
JzhBTqGGC0E3qaxtICSW3Flz5p+W0xwnSB0rzhpLrRMdJwFdGE/pFeEs0JOuprSa
c6bPZGsRYa62v9OQNNoeq5zVW3+FjGcc6wKR6EkfTQbVIqbqpaPuj5X1boFJ7SDE
MuudAL7uJyb4SOnvVrPgeOGFaQubLhj3m9e100q9PLN4
-----END CERTIFICATE-----