Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/a54f90-c8d8-42fa-b0df-950f090e522f/1/f72opBQ7BBXwUUFEZtlYCnAzD94.roa
File:                     f72opBQ7BBXwUUFEZtlYCnAzD94.roa (raw, json)
Hash identifier:          V3GuSlt91uKF/dybz8AtOutUmUsw/cXrNF7UH1YVTYw=
Subject key identifier:   7F:BD:A8:A4:14:3B:04:15:F0:51:41:44:66:D9:58:0A:70:33:0F:DE
Certificate issuer:       /CN=39db03ef27cdace7783a0ea3834d970af38acbe2
Certificate serial:       018EF599919749E21927095F3338990C2C01
Authority key identifier: 39:DB:03:EF:27:CD:AC:E7:78:3A:0E:A3:83:4D:97:0A:F3:8A:CB:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OdsD7yfNrOd4Og6jg02XCvOKy-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/a54f90-c8d8-42fa-b0df-950f090e522f/1/f72opBQ7BBXwUUFEZtlYCnAzD94.roa
Signing time:             Fri 19 Apr 2024 09:04:25 +0000
ROA not before:           Fri 19 Apr 2024 09:04:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201948
IP address blocks:        212.46.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/a54f90-c8d8-42fa-b0df-950f090e522f/1/OdsD7yfNrOd4Og6jg02XCvOKy-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/a54f90-c8d8-42fa-b0df-950f090e522f/1/OdsD7yfNrOd4Og6jg02XCvOKy-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OdsD7yfNrOd4Og6jg02XCvOKy-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f5:99:91:97:49:e2:19:27:09:5f:33:38:99:0c:2c:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39db03ef27cdace7783a0ea3834d970af38acbe2
        Validity
            Not Before: Apr 19 09:04:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fbda8a4143b0415f051414466d9580a70330fde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:57:fd:67:f9:8d:d4:91:bf:a9:43:40:8e:0c:
                    b7:f9:24:f8:f6:2e:09:11:98:5d:ff:7d:93:4c:a5:
                    de:94:13:96:25:10:28:7a:58:33:93:63:53:be:22:
                    1d:5f:a9:e1:b2:83:bf:99:ba:91:0e:5e:87:ed:1c:
                    f4:e4:71:26:ad:44:60:01:89:98:ec:5e:c8:0b:07:
                    ef:e6:70:88:31:f7:d0:a6:bc:28:27:29:d8:19:90:
                    7a:0b:65:f8:eb:a7:12:e9:b7:67:af:42:e0:f7:99:
                    a3:a3:be:3e:ac:58:0f:7d:c7:8e:85:63:e6:62:01:
                    bc:f3:c0:60:bc:0e:d3:c4:4c:3a:87:b7:62:47:ac:
                    29:85:ba:4d:51:96:62:a0:37:1c:ad:4b:d3:00:95:
                    94:83:96:d2:19:87:f6:c0:d9:c1:41:ca:75:2b:82:
                    bc:c1:2c:c3:f6:c7:ab:60:23:09:02:d7:b1:59:45:
                    59:b3:7d:5f:96:e0:a2:43:df:bb:dc:51:5c:a6:a6:
                    e2:12:64:da:b5:08:41:67:b0:9f:cd:2b:12:9d:c9:
                    36:95:a4:5d:73:e0:e3:fb:ab:09:33:ec:03:81:1e:
                    96:cc:59:11:fe:5b:93:b3:36:f8:af:7f:fb:ab:16:
                    17:d8:4b:96:3a:af:93:8c:2b:50:0d:39:24:e2:14:
                    8a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:BD:A8:A4:14:3B:04:15:F0:51:41:44:66:D9:58:0A:70:33:0F:DE
            X509v3 Authority Key Identifier:
                keyid:39:DB:03:EF:27:CD:AC:E7:78:3A:0E:A3:83:4D:97:0A:F3:8A:CB:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OdsD7yfNrOd4Og6jg02XCvOKy-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/a54f90-c8d8-42fa-b0df-950f090e522f/1/f72opBQ7BBXwUUFEZtlYCnAzD94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/a54f90-c8d8-42fa-b0df-950f090e522f/1/OdsD7yfNrOd4Og6jg02XCvOKy-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:e3:b6:b5:d7:c8:7a:aa:da:77:65:dd:9d:71:ff:df:12:d6:
         ab:30:c9:d3:e5:8d:59:2a:a8:35:19:75:04:3c:0e:37:a3:0a:
         12:36:67:ba:f5:2f:12:b5:4f:b5:d5:52:68:19:57:4d:55:7d:
         dc:2e:66:18:f5:22:51:3e:46:4f:1c:ff:87:d4:2c:a1:35:ee:
         ff:d4:d7:ec:83:d8:45:1a:cd:fc:ac:08:a0:2a:96:d2:3c:ef:
         69:0b:74:cf:e1:27:d6:bc:9e:d6:e3:b7:61:29:d8:29:8a:a6:
         78:ab:39:89:6c:ff:43:0c:25:bc:d2:5e:68:eb:f5:65:91:05:
         f9:39:6b:87:68:78:6e:05:e5:91:26:a4:6c:31:ad:bf:26:53:
         35:c5:f5:48:51:97:1b:3f:04:41:e6:b9:83:80:46:11:ee:13:
         61:c7:eb:37:fc:82:70:e0:8f:fe:d9:07:b0:c0:5b:99:35:8a:
         45:f3:a0:01:83:c6:21:52:b4:6f:45:b5:83:cc:78:98:a3:60:
         a3:d0:44:a3:15:4f:79:0f:5d:c5:fa:a0:63:80:9c:9a:b4:8a:
         f8:8e:15:18:3f:22:a5:07:2f:57:7c:60:88:78:19:c1:c2:9c:
         a1:03:a7:f6:90:de:4a:36:36:a5:de:ef:bc:6b:a9:f4:aa:1e:
         1c:c5:42:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY71mZGXSeIZJwlfMziZDCwBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ZGIwM2VmMjdjZGFjZTc3ODNhMGVhMzgzNGQ5NzBhZjM4
YWNiZTIwHhcNMjQwNDE5MDkwNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmJkYThhNDE0M2IwNDE1ZjA1MTQxNDQ2NmQ5NTgwYTcwMzMwZmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFf9Z/mN1JG/qUNAjgy3+ST49i4J
EZhd/32TTKXelBOWJRAoelgzk2NTviIdX6nhsoO/mbqRDl6H7Rz05HEmrURgAYmY
7F7ICwfv5nCIMffQprwoJynYGZB6C2X466cS6bdnr0Lg95mjo74+rFgPfceOhWPm
YgG888BgvA7TxEw6h7diR6wphbpNUZZioDccrUvTAJWUg5bSGYf2wNnBQcp1K4K8
wSzD9serYCMJAtexWUVZs31fluCiQ9+73FFcpqbiEmTatQhBZ7CfzSsSnck2laRd
c+Dj+6sJM+wDgR6WzFkR/luTszb4r3/7qxYX2EuWOq+TjCtQDTkk4hSKbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+9qKQUOwQV8FFBRGbZWApwMw/eMB8GA1UdIwQY
MBaAFDnbA+8nzazneDoOo4NNlwrzisviMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2RzRDd5Zk5yT2Q0T2c2amcwMlhDdk9LeS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hNTRmOTAtYzhkOC00MmZhLWIwZGYt
OTUwZjA5MGU1MjJmLzEvZjcyb3BCUTdCQlh3VVVGRVp0bFlDbkF6RDk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hNTRmOTAtYzhkOC00MmZhLWIwZGYtOTUwZjA5MGU1MjJm
LzEvT2RzRDd5Zk5yT2Q0T2c2amcwMlhDdk9LeS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1C4pMA0G
CSqGSIb3DQEBCwUAA4IBAQC847a118h6qtp3Zd2dcf/fEtarMMnT5Y1ZKqg1GXUE
PA43owoSNme69S8StU+11VJoGVdNVX3cLmYY9SJRPkZPHP+H1CyhNe7/1Nfsg9hF
Gs38rAigKpbSPO9pC3TP4SfWvJ7W47dhKdgpiqZ4qzmJbP9DDCW80l5o6/VlkQX5
OWuHaHhuBeWRJqRsMa2/JlM1xfVIUZcbPwRB5rmDgEYR7hNhx+s3/IJw4I/+2Qew
wFuZNYpF86ABg8YhUrRvRbWDzHiYo2Cj0ESjFU95D13F+qBjgJyatIr4jhUYPyKl
By9XfGCIeBnBwpyhA6f2kN5KNjal3u+8a6n0qh4cxULw
-----END CERTIFICATE-----