Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/5Y3Jwmte8A-d_YlOn8cgBr_VO4M.roa
File:                     5Y3Jwmte8A-d_YlOn8cgBr_VO4M.roa (raw, json)
Hash identifier:          vSY895Pgffq53GRNLVm1t6+gWyyWT9dNx713Rvp80xY=
Subject key identifier:   E5:8D:C9:C2:6B:5E:F0:0F:9D:FD:89:4E:9F:C7:20:06:BF:D5:3B:83
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       0194FAD6B51DF094A78A81CF46B104BB6413
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/5Y3Jwmte8A-d_YlOn8cgBr_VO4M.roa
Signing time:             Wed 12 Feb 2025 15:46:02 +0000
ROA not before:           Wed 12 Feb 2025 15:46:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212027
IP address blocks:        213.232.236.0/24 maxlen: 24
                          2a06:2840::/48 maxlen: 48
                          2a12:7b40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fa:d6:b5:1d:f0:94:a7:8a:81:cf:46:b1:04:bb:64:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Feb 12 15:46:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e58dc9c26b5ef00f9dfd894e9fc72006bfd53b83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:94:a3:bb:6f:08:96:41:cb:5d:fd:49:9b:2b:
                    09:9c:d7:96:8c:e8:4d:d6:79:39:7b:6b:a2:8f:d2:
                    41:dc:be:44:ca:14:af:ce:f8:7d:e1:b5:4f:3c:4d:
                    72:0e:02:ff:b8:e3:55:01:52:3b:73:e1:59:94:9e:
                    26:b8:92:87:df:05:9a:ad:87:95:9e:c7:65:06:25:
                    60:e8:3e:a7:f2:d5:41:10:40:b0:91:9f:51:b6:3e:
                    cb:6e:ef:48:f8:b2:f6:9e:42:b6:a7:98:06:11:d5:
                    11:bd:e3:d8:e3:c0:db:3e:7f:3d:36:ba:cd:02:37:
                    26:d1:68:bf:ae:f9:4f:9e:86:98:3b:5b:42:41:4a:
                    fa:fe:e8:8e:f5:45:be:f4:35:be:a5:72:8e:fa:b8:
                    1a:0d:2e:e6:b4:db:25:76:b8:ec:71:c7:60:0f:6b:
                    a5:8c:ee:56:c8:f6:66:de:0f:f8:18:b3:d1:8e:df:
                    34:2c:3e:a6:4f:c3:d7:93:95:da:2c:2c:ba:24:5d:
                    41:65:82:d1:d4:be:38:1b:59:4d:3e:93:4c:00:a9:
                    07:37:b7:b9:36:d2:16:c0:a4:8c:09:50:23:42:e2:
                    55:7d:a8:f5:ac:da:60:f0:f2:dd:6b:b1:d9:25:10:
                    ce:09:90:4a:fe:ae:08:f7:23:39:cc:53:90:bd:e2:
                    db:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:8D:C9:C2:6B:5E:F0:0F:9D:FD:89:4E:9F:C7:20:06:BF:D5:3B:83
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/5Y3Jwmte8A-d_YlOn8cgBr_VO4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.236.0/24
                IPv6:
                  2a06:2840::/48
                  2a12:7b40::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:f4:05:cc:ce:fa:6e:a0:9e:a0:07:55:71:b0:5e:ad:20:b8:
         61:7b:7f:95:8b:12:ed:2e:34:cf:bd:a9:5d:b7:63:60:d1:49:
         39:70:6c:48:a9:a6:74:21:09:07:c2:8a:f2:28:4b:93:82:6d:
         bb:82:a6:e9:76:47:d3:10:ac:c1:83:f1:48:4f:36:8b:f2:15:
         33:6d:f6:c2:d3:e1:40:b0:96:bc:0e:e3:fd:84:6e:3d:f6:f2:
         4d:49:8d:49:12:e3:a0:5b:ee:0a:5b:b7:c0:0c:ff:82:e5:80:
         af:dd:34:10:5a:18:3c:5e:49:f2:82:df:06:7c:90:c0:24:1e:
         18:4d:1b:77:32:7e:0e:4f:20:7b:5a:a7:f9:01:ea:82:21:05:
         7b:65:31:ca:87:46:78:1d:ef:2d:78:4d:f4:37:85:cb:04:5b:
         7a:4d:12:f9:97:26:1b:fa:d2:25:42:92:dd:5e:af:c1:9f:c3:
         77:50:18:8d:53:bb:42:bb:6e:c8:3c:b7:68:63:ce:e2:e8:db:
         a9:e1:9b:49:a5:80:13:5c:54:25:79:47:5a:af:9c:10:d5:da:
         28:f4:52:50:49:2e:cd:99:8b:59:cc:95:1b:3d:dc:7e:5c:5b:
         ae:cc:db:a5:da:5b:ca:7a:20:24:3c:83:8b:36:7e:9b:c9:46:
         49:1f:88:40
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZT61rUd8JSnioHPRrEEu2QTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjUwMjEyMTU0NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNThkYzljMjZiNWVmMDBmOWRmZDg5NGU5ZmM3MjAwNmJmZDUzYjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpSju28IlkHLXf1JmysJnNeWjOhN
1nk5e2uij9JB3L5EyhSvzvh94bVPPE1yDgL/uONVAVI7c+FZlJ4muJKH3wWarYeV
nsdlBiVg6D6n8tVBEECwkZ9Rtj7Lbu9I+LL2nkK2p5gGEdURvePY48DbPn89NrrN
Ajcm0Wi/rvlPnoaYO1tCQUr6/uiO9UW+9DW+pXKO+rgaDS7mtNsldrjsccdgD2ul
jO5WyPZm3g/4GLPRjt80LD6mT8PXk5XaLCy6JF1BZYLR1L44G1lNPpNMAKkHN7e5
NtIWwKSMCVAjQuJVfaj1rNpg8PLda7HZJRDOCZBK/q4I9yM5zFOQveLbuQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOWNycJrXvAPnf2JTp/HIAa/1TuDMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvNVkzSndtdGU4QS1kX1lsT244Y2dCcl9WTzRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQA1ejsMBgE
AgACMBIDBwAqBihAAAADBwAqEntAAAAwDQYJKoZIhvcNAQELBQADggEBAK70BczO
+m6gnqAHVXGwXq0guGF7f5WLEu0uNM+9qV23Y2DRSTlwbEippnQhCQfCivIoS5OC
bbuCpul2R9MQrMGD8UhPNovyFTNt9sLT4UCwlrwO4/2Ebj328k1JjUkS46Bb7gpb
t8AM/4LlgK/dNBBaGDxeSfKC3wZ8kMAkHhhNG3cyfg5PIHtap/kB6oIhBXtlMcqH
Rngd7y14TfQ3hcsEW3pNEvmXJhv60iVCkt1er8Gfw3dQGI1Tu0K7bsg8t2hjzuLo
26nhm0mlgBNcVCV5R1qvnBDV2ij0UlBJLs2Zi1nMlRs93H5cW67M26XaW8p6ICQ8
g4s2fpvJRkkfiEA=
-----END CERTIFICATE-----