Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/vzNzMSJYF1aB7qNEyvluvBLQ9CM.roa
File:                     vzNzMSJYF1aB7qNEyvluvBLQ9CM.roa (raw, json)
Hash identifier:          my1+opEEgerVxghIYv97t5S9RM6CN3JHmVxctED7TvA=
Subject key identifier:   BF:33:73:31:22:58:17:56:81:EE:A3:44:CA:F9:6E:BC:12:D0:F4:23
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       018CC3B6A3D50B586E1589246D87FBA91F41
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/vzNzMSJYF1aB7qNEyvluvBLQ9CM.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197450
IP address blocks:        212.64.199.0/24 maxlen: 24
                          212.64.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a3:d5:0b:58:6e:15:89:24:6d:87:fb:a9:1f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf3373312258175681eea344caf96ebc12d0f423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:31:20:f5:a8:4d:d2:44:a7:27:7f:54:44:97:
                    3b:59:43:b6:7e:c7:bb:0f:09:56:d5:04:b9:94:21:
                    4d:3f:b2:6f:19:dd:18:fd:5f:e0:f3:c2:cc:3b:27:
                    5d:fe:52:fa:3a:d6:ef:01:f7:78:9e:14:58:48:15:
                    55:3c:d0:19:64:db:8e:44:d9:76:9b:b7:a1:b1:d0:
                    ee:9a:11:be:fd:0e:3b:74:33:aa:da:fc:71:6f:1e:
                    49:59:3e:9a:1e:af:d7:97:e5:83:4c:82:20:30:b3:
                    38:8f:f7:af:5d:31:a7:db:d7:b8:ab:49:ba:0b:80:
                    60:39:f8:d7:d5:5f:9b:12:0a:2d:14:ce:3f:9c:bf:
                    46:a9:43:ba:5e:d0:0c:09:f5:d2:5c:59:19:2e:70:
                    b0:41:c0:20:d9:af:5d:09:28:b3:63:50:fe:72:06:
                    e3:d4:65:de:2e:2b:8c:d1:92:7b:3f:48:2c:d7:ed:
                    00:4c:8c:0a:3a:c9:8b:81:e5:5c:e8:ac:d4:27:84:
                    a9:fe:39:37:04:10:1d:ba:9d:42:0f:50:2f:ec:4c:
                    53:33:c8:9d:0e:16:55:c3:73:05:9e:0e:a0:61:ba:
                    c9:88:57:9a:4a:17:7d:1f:91:ca:cf:de:36:b0:1d:
                    1d:ab:7a:41:2a:82:28:e8:17:d4:45:8f:80:72:aa:
                    41:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:33:73:31:22:58:17:56:81:EE:A3:44:CA:F9:6E:BC:12:D0:F4:23
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/vzNzMSJYF1aB7qNEyvluvBLQ9CM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.199.0/24
                  212.64.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:9b:6c:73:f0:46:cf:f7:39:ef:f8:db:fb:36:10:fc:9b:d0:
         17:70:1c:71:2c:70:48:88:f4:99:08:c3:cd:d5:1a:96:a9:33:
         2d:c4:0d:ac:ff:da:26:e3:8a:02:96:89:4e:c0:1d:46:4b:fc:
         30:f9:45:19:9c:fb:11:4d:47:6e:22:2a:c8:41:7e:c8:1f:92:
         06:bb:87:c5:b8:38:85:9a:8e:e0:51:c9:2f:bb:e7:85:cb:94:
         0d:11:a7:b4:62:3d:15:d4:83:66:1d:6f:bb:5a:6b:ba:ae:f4:
         c3:69:0c:ec:64:c7:29:01:80:18:7a:09:75:a5:a9:e7:93:92:
         f9:36:c2:d7:4f:34:09:ac:b5:9b:01:0c:82:7c:8c:40:6f:c4:
         7e:69:5d:f2:dc:c9:63:39:36:e3:ee:78:66:25:b5:18:ff:34:
         a5:41:1b:be:f2:86:4c:b7:28:e5:dc:22:8a:4b:b5:37:af:70:
         ba:f1:93:4c:78:b4:aa:97:3a:36:a6:7b:7e:82:c8:d3:89:e8:
         bb:40:48:4e:ff:72:b9:28:21:4f:85:59:36:9c:1e:73:93:23:
         af:b9:8b:d9:51:37:63:59:6e:ff:64:4d:7a:09:1c:ca:81:98:
         2d:05:e0:f0:a7:60:d9:1d:58:c7:41:da:29:e2:c8:65:b7:65:
         c7:01:fc:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtqPVC1huFYkkbYf7qR9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjMzNzMzMTIyNTgxNzU2ODFlZWEzNDRjYWY5NmViYzEyZDBmNDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTEg9ahN0kSnJ39URJc7WUO2fse7
DwlW1QS5lCFNP7JvGd0Y/V/g88LMOydd/lL6OtbvAfd4nhRYSBVVPNAZZNuORNl2
m7ehsdDumhG+/Q47dDOq2vxxbx5JWT6aHq/Xl+WDTIIgMLM4j/evXTGn29e4q0m6
C4BgOfjX1V+bEgotFM4/nL9GqUO6XtAMCfXSXFkZLnCwQcAg2a9dCSizY1D+cgbj
1GXeLiuM0ZJ7P0gs1+0ATIwKOsmLgeVc6KzUJ4Sp/jk3BBAdup1CD1Av7ExTM8id
DhZVw3MFng6gYbrJiFeaShd9H5HKz942sB0dq3pBKoIo6BfURY+AcqpB6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL8zczEiWBdWge6jRMr5brwS0PQjMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvdnpOek1TSllGMWFCN3FORXl2bHV2QkxROUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1EDHAwQA
1EDXMA0GCSqGSIb3DQEBCwUAA4IBAQAam2xz8EbP9znv+Nv7NhD8m9AXcBxxLHBI
iPSZCMPN1RqWqTMtxA2s/9om44oClolOwB1GS/ww+UUZnPsRTUduIirIQX7IH5IG
u4fFuDiFmo7gUckvu+eFy5QNEae0Yj0V1INmHW+7Wmu6rvTDaQzsZMcpAYAYegl1
pannk5L5NsLXTzQJrLWbAQyCfIxAb8R+aV3y3MljOTbj7nhmJbUY/zSlQRu+8oZM
tyjl3CKKS7U3r3C68ZNMeLSqlzo2pnt+gsjTiei7QEhO/3K5KCFPhVk2nB5zkyOv
uYvZUTdjWW7/ZE16CRzKgZgtBeDwp2DZHVjHQdop4shlt2XHAfxj
-----END CERTIFICATE-----