Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/iQCDbqW9VFW6BdpoRJbdec9wp0U.roa
File:                     iQCDbqW9VFW6BdpoRJbdec9wp0U.roa (raw, json)
Hash identifier:          Z49pQqYiReoZE+sjW9mgWrRKUgxyLFTxxOWowRMUaQg=
Subject key identifier:   89:00:83:6E:A5:BD:54:55:BA:05:DA:68:44:96:DD:79:CF:70:A7:45
Certificate issuer:       /CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
Certificate serial:       0191E13C93F808A750FF8464059F825D3E50
Authority key identifier: C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/iQCDbqW9VFW6BdpoRJbdec9wp0U.roa
Signing time:             Wed 11 Sep 2024 13:18:49 +0000
ROA not before:           Wed 11 Sep 2024 13:18:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212730
IP address blocks:        212.110.133.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:3c:93:f8:08:a7:50:ff:84:64:05:9f:82:5d:3e:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
        Validity
            Not Before: Sep 11 13:18:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8900836ea5bd5455ba05da684496dd79cf70a745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b6:a0:b4:68:91:fc:b4:17:91:1b:09:b1:8d:
                    23:d6:0c:68:9d:8f:5c:51:f8:8a:d3:78:ae:da:62:
                    9f:ed:a1:ce:97:f5:14:86:9a:7c:85:a0:6d:71:b2:
                    71:30:2a:c6:f4:fa:4d:1a:64:da:48:88:39:3b:42:
                    48:44:d9:df:d6:15:a8:46:e1:ea:eb:54:5b:dd:d0:
                    60:d3:ba:dd:fb:12:b4:97:08:9a:f8:08:1e:bc:ee:
                    17:2b:66:30:47:28:a5:2d:4b:70:e9:d9:6c:9c:38:
                    02:8f:00:98:2d:e3:09:6d:3e:0b:9e:d0:08:c6:b2:
                    8d:32:92:d9:c9:51:42:38:31:ec:32:e4:a3:10:a8:
                    78:e8:e2:13:a7:50:e7:36:3e:4a:7b:61:9d:8f:98:
                    f7:a0:61:0c:3f:78:bc:3a:b4:f7:dc:08:5b:cc:12:
                    61:07:a7:e5:d0:e0:24:e6:ed:2c:70:26:65:09:3e:
                    5f:8b:a3:3f:32:20:e9:bb:5f:5e:40:18:68:81:31:
                    41:86:48:48:70:d3:4a:cc:29:34:c1:7b:7e:c2:20:
                    c4:6c:1b:04:f9:33:a1:a0:eb:04:e5:34:3c:76:a3:
                    d5:e4:bf:db:44:a0:dc:95:85:4f:0e:91:cf:3b:65:
                    1c:64:19:a1:78:67:06:72:11:f7:e5:1d:68:2c:f2:
                    8f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:00:83:6E:A5:BD:54:55:BA:05:DA:68:44:96:DD:79:CF:70:A7:45
            X509v3 Authority Key Identifier:
                keyid:C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/iQCDbqW9VFW6BdpoRJbdec9wp0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.110.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:c1:8a:62:f0:4b:69:62:fc:b9:19:34:2e:7a:79:c4:81:f6:
         e6:ea:db:bd:ba:0f:22:9c:0e:68:66:00:fe:44:e4:14:40:e7:
         b6:c0:c1:11:d7:da:e0:4f:d9:78:7f:53:da:95:66:9e:fb:33:
         22:38:d0:9c:9f:57:dd:d7:fe:f0:df:21:a5:ae:18:86:d7:67:
         ce:51:bf:54:14:d6:53:fa:34:c1:24:91:4c:e3:96:6c:5f:6d:
         98:c7:c1:38:10:8a:25:c9:b0:79:6e:ee:e7:b0:7a:67:85:6d:
         d0:ce:68:8a:81:a0:2d:43:d6:cc:f9:23:d2:0c:47:89:eb:b3:
         02:ab:ff:ed:6f:0d:2e:db:52:74:3a:ff:83:b7:e1:98:b2:7e:
         8e:7a:af:79:20:fa:03:da:45:91:fc:15:11:72:a1:97:da:c2:
         24:cf:7f:f9:75:ee:b8:5d:24:c3:e9:ba:3b:7e:3b:28:ac:f8:
         11:0b:a9:49:4e:c0:c7:ad:a1:24:4f:b3:51:8b:37:8d:b6:d3:
         3c:7a:0d:13:3f:ef:b6:d2:6d:c3:e5:8a:c9:fe:16:5f:4d:f6:
         1a:e6:e2:b7:96:d7:e0:26:cb:f0:f5:b9:f1:09:e3:66:76:6f:
         5f:c0:81:f4:4b:91:c5:72:3b:bc:5d:7e:c3:9b:bb:b0:ab:af:
         8c:0c:b2:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHhPJP4CKdQ/4RkBZ+CXT5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTk1M2MwODk4MGFkYzk0ZjJmYTNhM2MxYmE5NWM0MGQy
MWU3ZDMwHhcNMjQwOTExMTMxODQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTAwODM2ZWE1YmQ1NDU1YmEwNWRhNjg0NDk2ZGQ3OWNmNzBhNzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybagtGiR/LQXkRsJsY0j1gxonY9c
UfiK03iu2mKf7aHOl/UUhpp8haBtcbJxMCrG9PpNGmTaSIg5O0JIRNnf1hWoRuHq
61Rb3dBg07rd+xK0lwia+AgevO4XK2YwRyilLUtw6dlsnDgCjwCYLeMJbT4LntAI
xrKNMpLZyVFCODHsMuSjEKh46OITp1DnNj5Ke2Gdj5j3oGEMP3i8OrT33AhbzBJh
B6fl0OAk5u0scCZlCT5fi6M/MiDpu19eQBhogTFBhkhIcNNKzCk0wXt+wiDEbBsE
+TOhoOsE5TQ8dqPV5L/bRKDclYVPDpHPO2UcZBmheGcGchH35R1oLPKPDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkAg26lvVRVugXaaESW3XnPcKdFMB8GA1UdIwQY
MBaAFMYZU8CJgK3JTy+jo8G6lcQNIefTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYt
NjI1MjQ1YTAwYWJmLzEvaVFDRGJxVzlWRlc2QmRwb1JKYmRlYzl3cDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYtNjI1MjQ1YTAwYWJm
LzEveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G6FMA0G
CSqGSIb3DQEBCwUAA4IBAQBFwYpi8EtpYvy5GTQuennEgfbm6tu9ug8inA5oZgD+
ROQUQOe2wMER19rgT9l4f1PalWae+zMiONCcn1fd1/7w3yGlrhiG12fOUb9UFNZT
+jTBJJFM45ZsX22Yx8E4EIolybB5bu7nsHpnhW3QzmiKgaAtQ9bM+SPSDEeJ67MC
q//tbw0u21J0Ov+Dt+GYsn6Oeq95IPoD2kWR/BURcqGX2sIkz3/5de64XSTD6bo7
fjsorPgRC6lJTsDHraEkT7NRizeNttM8eg0TP++20m3D5YrJ/hZfTfYa5uK3ltfg
Jsvw9bnxCeNmdm9fwIH0S5HFcju8XX7Dm7uwq6+MDLIL
-----END CERTIFICATE-----