Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/kOukvIYqFIgB7q0RgJGUC1Q3P9w.roa
File:                     kOukvIYqFIgB7q0RgJGUC1Q3P9w.roa (raw, json)
Hash identifier:          s6L6moudXWQHRwxJMdqSMpZXP3TaLXKNPp2DXdm15z8=
Subject key identifier:   90:EB:A4:BC:86:2A:14:88:01:EE:AD:11:80:91:94:0B:54:37:3F:DC
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       0192392D63A6FAB21E580103D10A0827ABEC
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/kOukvIYqFIgB7q0RgJGUC1Q3P9w.roa
Signing time:             Sat 28 Sep 2024 15:08:48 +0000
ROA not before:           Sat 28 Sep 2024 15:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207459
IP address blocks:        212.64.193.0/24 maxlen: 24
                          212.64.223.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:39:2d:63:a6:fa:b2:1e:58:01:03:d1:0a:08:27:ab:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Sep 28 15:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90eba4bc862a148801eead118091940b54373fdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d7:a7:00:d1:c2:8e:f7:74:78:86:1c:87:10:
                    1f:3a:a5:98:9e:25:46:5c:0f:23:7e:8b:29:a0:bf:
                    79:03:4c:74:09:e4:98:14:12:e6:7d:8a:a3:e1:cc:
                    1e:59:e7:f1:49:0f:af:71:c3:65:ed:df:0f:92:93:
                    0c:09:54:1e:f5:45:ee:82:3e:d3:5c:b9:7b:ea:0b:
                    9c:08:37:96:c0:65:41:bf:a3:51:e8:27:26:41:bd:
                    1f:17:a8:63:7f:68:f3:39:5a:3c:8c:6a:a1:20:95:
                    64:e1:f5:28:30:0c:6b:29:59:04:db:47:bb:57:81:
                    26:a9:56:83:28:95:58:08:0c:99:06:6b:32:b5:79:
                    8c:67:df:53:eb:1b:8e:44:2a:fd:d4:1c:49:d7:93:
                    e6:3c:aa:79:27:cd:d1:73:fd:f7:53:18:52:06:83:
                    de:eb:a1:3b:19:fe:03:66:28:6b:08:c7:b8:19:bf:
                    e7:fd:d4:2e:9c:38:2b:3e:8f:ee:18:44:94:ab:e8:
                    88:15:ee:aa:4f:3c:14:2a:1c:7c:13:87:96:60:8c:
                    ce:7f:b8:2a:e9:02:a4:89:95:2c:82:b5:d4:2d:9b:
                    95:05:d0:0c:b0:5c:94:ff:94:02:00:e9:53:f7:a3:
                    43:e4:cf:a4:db:2c:42:0e:8f:5d:72:53:50:98:84:
                    21:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:EB:A4:BC:86:2A:14:88:01:EE:AD:11:80:91:94:0B:54:37:3F:DC
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/kOukvIYqFIgB7q0RgJGUC1Q3P9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.193.0/24
                  212.64.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:4d:4f:cc:96:52:34:bc:42:de:e1:2c:0c:ac:09:39:71:19:
         04:31:6a:96:27:89:26:47:e3:78:30:e0:e6:33:82:18:65:a7:
         e5:e9:fc:ce:d2:6e:f4:37:62:2e:a4:68:5c:0a:11:82:db:d3:
         53:8e:04:6f:0d:5e:71:c7:02:eb:f0:78:6e:7c:eb:c6:94:6b:
         a2:38:3f:ff:11:d1:c6:bd:5d:fc:3d:86:69:43:34:a3:4a:d4:
         57:93:2a:82:08:62:81:0d:62:8d:b6:1d:d5:e4:75:0d:53:a6:
         b6:5e:17:3d:89:b7:b9:c5:74:3a:f5:a6:32:e4:2d:64:ab:af:
         a9:00:45:26:66:3f:75:21:50:f0:70:25:d7:f7:bf:57:4a:df:
         05:d1:9e:74:5d:9a:2a:9d:95:dc:68:33:81:03:9c:03:48:cb:
         cd:a8:63:83:81:d4:72:0b:6c:ae:ca:f5:56:a4:a0:8e:92:26:
         f8:e3:08:0d:ac:e4:a9:49:cc:f8:6d:17:e3:8d:32:f3:70:fe:
         63:ec:fc:9d:fd:aa:f3:ec:8d:0e:4c:7b:3c:70:c6:59:91:1c:
         f8:d7:58:eb:13:05:3d:5f:23:c9:42:2f:90:af:9d:b8:86:2d:
         8c:9e:c3:e9:c2:4d:26:8b:36:cc:08:0a:5d:ac:23:31:4e:16:
         a8:6a:b2:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZI5LWOm+rIeWAED0QoIJ6vsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjQwOTI4MTUwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGViYTRiYzg2MmExNDg4MDFlZWFkMTE4MDkxOTQwYjU0MzczZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNenANHCjvd0eIYchxAfOqWYniVG
XA8jfospoL95A0x0CeSYFBLmfYqj4cweWefxSQ+vccNl7d8PkpMMCVQe9UXugj7T
XLl76gucCDeWwGVBv6NR6CcmQb0fF6hjf2jzOVo8jGqhIJVk4fUoMAxrKVkE20e7
V4EmqVaDKJVYCAyZBmsytXmMZ99T6xuORCr91BxJ15PmPKp5J83Rc/33UxhSBoPe
66E7Gf4DZihrCMe4Gb/n/dQunDgrPo/uGESUq+iIFe6qTzwUKhx8E4eWYIzOf7gq
6QKkiZUsgrXULZuVBdAMsFyU/5QCAOlT96ND5M+k2yxCDo9dclNQmIQhywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJDrpLyGKhSIAe6tEYCRlAtUNz/cMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEva091a3ZJWXFGSWdCN3EwUmdKR1VDMVEzUDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1EDBAwQA
1EDfMA0GCSqGSIb3DQEBCwUAA4IBAQBPTU/MllI0vELe4SwMrAk5cRkEMWqWJ4km
R+N4MODmM4IYZafl6fzO0m70N2IupGhcChGC29NTjgRvDV5xxwLr8HhufOvGlGui
OD//EdHGvV38PYZpQzSjStRXkyqCCGKBDWKNth3V5HUNU6a2Xhc9ibe5xXQ69aYy
5C1kq6+pAEUmZj91IVDwcCXX979XSt8F0Z50XZoqnZXcaDOBA5wDSMvNqGODgdRy
C2yuyvVWpKCOkib44wgNrOSpScz4bRfjjTLzcP5j7Pyd/arz7I0OTHs8cMZZkRz4
11jrEwU9XyPJQi+Qr524hi2MnsPpwk0mizbMCApdrCMxThaoarJD
-----END CERTIFICATE-----