Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/RcgrvTOWPd1pGIqb0DoqAPUJaaY.roa
File:                     RcgrvTOWPd1pGIqb0DoqAPUJaaY.roa (raw, json)
Hash identifier:          EQDCDjMEJHNBuO1g3JF/DW+Al//KXr+Q7efPSCkiyxQ=
Subject key identifier:   45:C8:2B:BD:33:96:3D:DD:69:18:8A:9B:D0:3A:2A:00:F5:09:69:A6
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       018CC3B6A4E81ABB0BD6CEA25C0087339954
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/RcgrvTOWPd1pGIqb0DoqAPUJaaY.roa
Signing time:             Mon 01 Jan 2024 06:29:36 +0000
ROA not before:           Mon 01 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207459
IP address blocks:        212.64.193.0/24 maxlen: 24
                          212.64.214.0/24 maxlen: 32
                          212.64.223.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a4:e8:1a:bb:0b:d6:ce:a2:5c:00:87:33:99:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Jan  1 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45c82bbd33963ddd69188a9bd03a2a00f50969a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:0f:62:b5:41:16:2f:ac:b9:8e:e1:5f:31:d1:
                    a6:9e:f3:a0:ea:df:36:82:46:ea:a9:f4:ff:77:21:
                    43:54:35:6a:ab:38:8a:09:96:0d:15:a2:3d:0d:9f:
                    46:df:9d:bf:ab:fc:17:f8:98:63:04:42:4d:8e:45:
                    54:b8:46:4a:60:d5:5e:c7:87:4c:db:29:3d:22:cc:
                    28:bf:4c:32:2f:b8:cc:49:28:ff:36:4c:81:5f:13:
                    0e:f0:31:fe:f5:4d:22:91:a9:a4:a9:9a:cc:c5:b9:
                    59:9c:88:d9:9e:b1:75:76:65:b7:b8:a3:03:e8:c8:
                    c3:3a:40:f7:cb:1e:0e:ba:dd:ce:e6:5e:00:4d:6e:
                    b4:cf:c6:26:99:4b:1d:c4:cf:cb:bf:81:ee:a2:db:
                    8d:60:15:5a:5e:ae:6e:ad:c6:93:4f:94:6e:1e:d3:
                    d8:bf:72:5d:f3:cf:99:36:bf:30:b6:87:9b:63:7c:
                    7d:c9:67:c8:ae:b3:2d:73:65:4c:30:ae:89:9b:56:
                    d4:b5:72:e1:b4:2a:8b:2f:d7:76:bd:a5:d2:0e:75:
                    22:c4:b8:8a:f2:ea:1b:58:19:32:2d:96:78:59:b0:
                    34:c9:8b:ff:14:3c:e4:24:93:1c:a6:70:70:e3:7a:
                    cf:e8:ba:86:31:68:a0:b7:43:bc:ac:9e:ea:ce:73:
                    7b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:C8:2B:BD:33:96:3D:DD:69:18:8A:9B:D0:3A:2A:00:F5:09:69:A6
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/RcgrvTOWPd1pGIqb0DoqAPUJaaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.193.0/24
                  212.64.214.0/24
                  212.64.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:a0:b3:b5:c2:25:3c:dd:2d:b8:f1:65:be:ce:7e:7f:99:5c:
         2f:23:5f:27:db:16:01:63:fc:c0:37:9a:d9:1c:5e:ed:2e:f3:
         ae:43:80:a7:50:e1:30:f7:73:b4:c4:2c:58:7c:c9:3a:42:e7:
         93:0d:9a:f7:94:f4:31:a1:a1:ba:2d:69:24:62:72:f8:b9:da:
         fa:3e:ed:15:f7:eb:ae:a6:dc:a0:9e:b5:69:75:e5:13:ad:1c:
         9f:67:15:42:42:f3:c7:cf:62:c4:70:80:c7:e9:bf:ac:e9:00:
         eb:2c:75:e1:1b:c7:41:f8:f6:b0:0e:00:3f:19:75:a2:aa:5b:
         43:33:1e:00:88:df:64:64:16:c7:35:c0:11:41:52:fa:e1:3f:
         04:3d:ee:81:10:50:c8:fc:63:7d:af:13:d0:72:cd:d3:b1:d5:
         62:09:c8:8d:d6:e4:e5:20:8b:89:53:26:26:c7:5d:7a:02:0f:
         3d:6f:a5:8e:f8:cf:1c:a4:27:ed:ed:fb:e0:ff:a4:6b:c8:3b:
         40:7d:01:32:70:56:93:c9:69:7a:87:55:61:d4:da:0a:89:a7:
         a7:58:cc:0a:31:f8:0d:ac:d1:56:66:77:f7:fb:be:6e:fe:5f:
         68:7c:96:04:74:e2:23:8d:e2:4e:e1:ce:ae:1f:78:6b:31:21:
         45:b2:18:a5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtqToGrsL1s6iXACHM5lUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjQwMTAxMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWM4MmJiZDMzOTYzZGRkNjkxODhhOWJkMDNhMmEwMGY1MDk2OWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQ9itUEWL6y5juFfMdGmnvOg6t82
gkbqqfT/dyFDVDVqqziKCZYNFaI9DZ9G352/q/wX+JhjBEJNjkVUuEZKYNVex4dM
2yk9Iswov0wyL7jMSSj/NkyBXxMO8DH+9U0ikamkqZrMxblZnIjZnrF1dmW3uKMD
6MjDOkD3yx4Out3O5l4ATW60z8YmmUsdxM/Lv4HuotuNYBVaXq5urcaTT5RuHtPY
v3Jd88+ZNr8wtoebY3x9yWfIrrMtc2VMMK6Jm1bUtXLhtCqLL9d2vaXSDnUixLiK
8uobWBkyLZZ4WbA0yYv/FDzkJJMcpnBw43rP6LqGMWigt0O8rJ7qznN7ZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEXIK70zlj3daRiKm9A6KgD1CWmmMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvUmNncnZUT1dQZDFwR0lxYjBEb3FBUFVKYWFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1EDBAwQA
1EDWAwQA1EDfMA0GCSqGSIb3DQEBCwUAA4IBAQB7oLO1wiU83S248WW+zn5/mVwv
I18n2xYBY/zAN5rZHF7tLvOuQ4CnUOEw93O0xCxYfMk6QueTDZr3lPQxoaG6LWkk
YnL4udr6Pu0V9+uuptygnrVpdeUTrRyfZxVCQvPHz2LEcIDH6b+s6QDrLHXhG8dB
+PawDgA/GXWiqltDMx4AiN9kZBbHNcARQVL64T8EPe6BEFDI/GN9rxPQcs3TsdVi
CciN1uTlIIuJUyYmx116Ag89b6WO+M8cpCft7fvg/6RryDtAfQEycFaTyWl6h1Vh
1NoKiaenWMwKMfgNrNFWZnf3+75u/l9ofJYEdOIjjeJO4c6uH3hrMSFFshil
-----END CERTIFICATE-----