Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/jCb5K4rKXY7gZRaYsufwa8zDVOI.roa
File:                     jCb5K4rKXY7gZRaYsufwa8zDVOI.roa (raw, json)
Hash identifier:          0NVrHc21i3EYUaHWiz4tDcqWwiCCe+fXAg4h8dOem78=
Subject key identifier:   8C:26:F9:2B:8A:CA:5D:8E:E0:65:16:98:B2:E7:F0:6B:CC:C3:54:E2
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       018CC3B6A58F43D5C5B8B1E11B7DAD254685
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/jCb5K4rKXY7gZRaYsufwa8zDVOI.roa
Signing time:             Mon 01 Jan 2024 06:29:36 +0000
ROA not before:           Mon 01 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207617
IP address blocks:        212.64.213.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a5:8f:43:d5:c5:b8:b1:e1:1b:7d:ad:25:46:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Jan  1 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c26f92b8aca5d8ee0651698b2e7f06bccc354e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4b:25:24:6f:e4:9a:ff:77:ee:12:4b:27:21:
                    81:e6:05:06:9a:3d:c0:d9:1d:fb:46:c7:b8:52:a0:
                    11:84:f4:51:33:d4:2e:02:5a:92:6e:0c:9a:1a:09:
                    25:6c:8a:b4:b0:25:e5:c9:8e:4d:8e:19:70:00:3c:
                    85:da:16:30:85:b8:43:a7:5e:b8:7d:24:24:fc:11:
                    a8:4c:4a:4c:20:39:5d:7e:93:95:80:0a:3e:d2:56:
                    77:18:61:7a:d9:57:51:49:3a:5f:8e:9f:d8:01:93:
                    7c:f1:08:63:d2:b6:39:3d:43:1e:55:51:85:46:63:
                    7a:bf:18:8a:a4:0a:61:43:dd:bf:6a:ec:ed:fc:7f:
                    b4:27:8e:91:41:2b:e5:30:e7:4e:85:93:8d:ff:9d:
                    e6:36:bc:17:77:75:70:f2:54:d4:4b:17:00:ad:1d:
                    93:e4:ef:a5:53:1d:27:1e:ba:3e:4b:5c:76:0c:12:
                    09:8f:06:80:7e:5a:b9:30:12:97:f2:4b:c5:99:e3:
                    bc:23:de:2f:c1:4b:2d:4e:5f:7d:f8:e1:e2:12:75:
                    51:fd:4a:4d:b1:70:26:43:57:63:c3:f9:b5:4e:2f:
                    89:74:7c:4c:86:94:e7:9e:e3:bc:bc:48:53:b7:f7:
                    35:8f:9c:5b:a5:4a:3a:55:08:fb:17:ac:4f:58:9d:
                    a3:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:26:F9:2B:8A:CA:5D:8E:E0:65:16:98:B2:E7:F0:6B:CC:C3:54:E2
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/jCb5K4rKXY7gZRaYsufwa8zDVOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:65:4a:d0:f5:52:b7:f8:8b:0d:d5:e2:07:c6:75:c8:bf:60:
         05:ce:6a:1d:07:30:1c:b4:d3:56:39:5a:75:3f:79:8b:71:b2:
         46:f5:c3:02:c6:7d:b1:54:d6:1f:d0:3e:a1:59:fa:b0:6c:6f:
         fd:ff:c3:97:9e:38:d6:7a:0c:bd:ae:8d:38:04:c7:eb:c7:40:
         28:6f:fb:1f:dc:4c:7d:87:fa:00:7e:1e:a1:39:43:9d:a1:7e:
         05:72:c4:a3:1c:ec:fb:08:0b:16:16:97:f1:26:3b:cb:8a:9c:
         2e:07:ef:fe:9d:aa:26:c1:54:d9:17:a1:d6:9c:de:6b:c2:04:
         09:7e:b6:6e:8d:9a:a2:5c:ae:2c:69:f5:30:53:5a:2c:e2:c5:
         1b:0f:97:5f:e5:6a:61:1f:f7:c0:a4:4e:ad:69:6d:49:22:56:
         58:63:bb:ab:d2:c6:f5:02:0c:ad:c3:43:ad:25:49:5e:de:57:
         00:28:e4:7e:a2:89:89:8a:44:11:5d:09:4c:63:bf:d3:da:69:
         07:ee:fa:9f:9e:0c:e2:87:ca:05:95:12:ee:45:d9:be:ae:ae:
         2d:e6:2b:ba:a9:b2:0e:50:74:2f:05:6b:af:0f:70:d4:e2:f4:
         e2:25:b0:c4:0d:40:db:c7:75:f2:6e:13:33:c6:b9:a9:f4:a7:
         eb:e2:9e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqWPQ9XFuLHhG32tJUaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjQwMTAxMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzI2ZjkyYjhhY2E1ZDhlZTA2NTE2OThiMmU3ZjA2YmNjYzM1NGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUslJG/kmv937hJLJyGB5gUGmj3A
2R37Rse4UqARhPRRM9QuAlqSbgyaGgklbIq0sCXlyY5NjhlwADyF2hYwhbhDp164
fSQk/BGoTEpMIDldfpOVgAo+0lZ3GGF62VdRSTpfjp/YAZN88Qhj0rY5PUMeVVGF
RmN6vxiKpAphQ92/auzt/H+0J46RQSvlMOdOhZON/53mNrwXd3Vw8lTUSxcArR2T
5O+lUx0nHro+S1x2DBIJjwaAflq5MBKX8kvFmeO8I94vwUstTl99+OHiEnVR/UpN
sXAmQ1djw/m1Ti+JdHxMhpTnnuO8vEhTt/c1j5xbpUo6VQj7F6xPWJ2jpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwm+SuKyl2O4GUWmLLn8GvMw1TiMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvakNiNUs0cktYWTdnWlJhWXN1ZndhOHpEVk9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EDVMA0G
CSqGSIb3DQEBCwUAA4IBAQBvZUrQ9VK3+IsN1eIHxnXIv2AFzmodBzActNNWOVp1
P3mLcbJG9cMCxn2xVNYf0D6hWfqwbG/9/8OXnjjWegy9ro04BMfrx0Aob/sf3Ex9
h/oAfh6hOUOdoX4FcsSjHOz7CAsWFpfxJjvLipwuB+/+naomwVTZF6HWnN5rwgQJ
frZujZqiXK4safUwU1os4sUbD5df5WphH/fApE6taW1JIlZYY7ur0sb1Agytw0Ot
JUle3lcAKOR+oomJikQRXQlMY7/T2mkH7vqfngzih8oFlRLuRdm+rq4t5iu6qbIO
UHQvBWuvD3DU4vTiJbDEDUDbx3XybhMzxrmp9Kfr4p6G
-----END CERTIFICATE-----