Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/1wrmzG8kmHTEu12xzRLuu8ra80I.roa
File:                     1wrmzG8kmHTEu12xzRLuu8ra80I.roa (raw, json)
Hash identifier:          9m8Zy/qea1cvB7wZZ6FL+4apCQU2vA1vbBwqJEE2WcE=
Subject key identifier:   D7:0A:E6:CC:6F:24:98:74:C4:BB:5D:B1:CD:12:EE:BB:CA:DA:F3:42
Certificate issuer:       /CN=c2eafaa30b340ecf810a4cb9af3b51c702566598
Certificate serial:       01942067CEF6E80B2F246FEE435594164421
Authority key identifier: C2:EA:FA:A3:0B:34:0E:CF:81:0A:4C:B9:AF:3B:51:C7:02:56:65:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wur6ows0Ds-BCky5rztRxwJWZZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/1wrmzG8kmHTEu12xzRLuu8ra80I.roa
Signing time:             Wed 01 Jan 2025 05:47:41 +0000
ROA not before:           Wed 01 Jan 2025 05:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48347
IP address blocks:        212.15.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/wur6ows0Ds-BCky5rztRxwJWZZg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/wur6ows0Ds-BCky5rztRxwJWZZg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wur6ows0Ds-BCky5rztRxwJWZZg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ce:f6:e8:0b:2f:24:6f:ee:43:55:94:16:44:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2eafaa30b340ecf810a4cb9af3b51c702566598
        Validity
            Not Before: Jan  1 05:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d70ae6cc6f249874c4bb5db1cd12eebbcadaf342
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:49:1f:c2:0f:4f:a8:e5:57:68:35:f1:8f:e7:
                    75:6b:93:7f:0c:d5:ba:ef:50:43:8c:af:f5:4e:5d:
                    a4:20:00:25:8b:ab:19:42:20:36:6a:fd:6a:f2:69:
                    a7:7d:c8:d9:aa:16:f5:e4:8e:99:06:50:74:24:df:
                    fa:7e:78:9a:91:1f:f0:b1:e8:d6:69:1e:39:f2:07:
                    a3:4b:bf:1b:82:2a:49:a5:d0:6a:5c:26:ed:52:3c:
                    1d:96:02:84:19:d1:9e:bc:1d:51:4d:b2:38:fd:41:
                    c8:7a:f3:92:af:47:2a:6f:3a:4d:9c:72:87:cf:99:
                    81:09:df:c3:17:4e:f9:ca:43:9d:b1:b3:98:f9:df:
                    b5:e1:b6:85:d3:96:af:ec:c4:0c:02:80:f1:6a:7d:
                    8d:6f:5f:d9:2b:0c:d2:57:a9:a5:ab:c5:67:eb:37:
                    cc:f4:f6:c9:40:cb:fd:d4:27:dd:ce:11:6b:02:64:
                    26:86:ae:88:27:55:15:60:4f:50:23:bf:fb:37:68:
                    fe:b6:f2:74:f1:80:7f:ee:69:b9:51:0d:cc:5f:bc:
                    36:ae:4d:b1:f5:18:5a:20:b5:70:cd:a6:32:22:c3:
                    24:1d:7f:80:b4:7f:56:b1:94:ad:e8:e6:91:17:1f:
                    8f:68:9c:bc:93:cb:f1:06:70:b0:d3:79:3c:61:a2:
                    3c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:0A:E6:CC:6F:24:98:74:C4:BB:5D:B1:CD:12:EE:BB:CA:DA:F3:42
            X509v3 Authority Key Identifier:
                keyid:C2:EA:FA:A3:0B:34:0E:CF:81:0A:4C:B9:AF:3B:51:C7:02:56:65:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wur6ows0Ds-BCky5rztRxwJWZZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/1wrmzG8kmHTEu12xzRLuu8ra80I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/wur6ows0Ds-BCky5rztRxwJWZZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.15.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:fe:d8:c6:02:74:d7:41:00:a0:97:c2:cc:6f:2f:43:de:0f:
         e0:2a:4e:6a:bd:51:1b:a8:f7:3a:58:ef:c5:43:b1:41:14:1b:
         c9:8e:ff:eb:ce:9c:d0:fd:b7:9e:b5:27:45:85:85:a5:e4:3a:
         ac:57:68:8a:b4:66:60:1a:6a:5a:52:1e:50:58:f1:a2:64:4b:
         a2:ad:88:96:ae:15:e0:66:01:d3:6d:d2:fe:97:aa:3c:74:75:
         fd:be:7d:f4:ed:47:7c:a4:0c:07:c3:1e:44:ff:9a:01:2f:5f:
         a7:67:4d:7a:f1:35:dd:85:05:7f:9e:95:f6:8b:c9:61:2a:f5:
         fb:7b:04:71:a5:14:56:a4:bd:8a:53:a6:b4:3e:22:ef:5e:8a:
         5e:31:f6:74:75:7f:45:fc:39:37:a6:76:aa:fb:56:f4:15:a0:
         36:0a:6d:4f:1f:f0:91:db:d9:f5:30:23:aa:1d:60:46:f3:0f:
         f0:0b:5d:b7:a4:59:26:c9:69:74:b3:5a:61:54:9e:e1:09:e6:
         d4:90:2e:38:fa:29:c6:44:de:b5:de:9b:d8:2a:0d:a7:dc:80:
         a4:88:86:66:f3:f8:9c:0d:6f:ee:23:96:b3:b3:6c:e8:40:d7:
         67:85:38:fb:43:f9:53:dd:cd:b7:f6:74:18:52:d0:1b:09:23:
         00:99:ee:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8726AsvJG/uQ1WUFkQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWFmYWEzMGIzNDBlY2Y4MTBhNGNiOWFmM2I1MWM3MDI1
NjY1OTgwHhcNMjUwMTAxMDU0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzBhZTZjYzZmMjQ5ODc0YzRiYjVkYjFjZDEyZWViYmNhZGFmMzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kkfwg9PqOVXaDXxj+d1a5N/DNW6
71BDjK/1Tl2kIAAli6sZQiA2av1q8mmnfcjZqhb15I6ZBlB0JN/6fniakR/wsejW
aR458gejS78bgipJpdBqXCbtUjwdlgKEGdGevB1RTbI4/UHIevOSr0cqbzpNnHKH
z5mBCd/DF075ykOdsbOY+d+14baF05av7MQMAoDxan2Nb1/ZKwzSV6mlq8Vn6zfM
9PbJQMv91CfdzhFrAmQmhq6IJ1UVYE9QI7/7N2j+tvJ08YB/7mm5UQ3MX7w2rk2x
9RhaILVwzaYyIsMkHX+AtH9WsZSt6OaRFx+PaJy8k8vxBnCw03k8YaI8ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcK5sxvJJh0xLtdsc0S7rvK2vNCMB8GA1UdIwQY
MBaAFMLq+qMLNA7PgQpMua87UccCVmWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3VyNm93czBEcy1CQ2t5NXJ6dFJ4d0pXWlpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9hMzRhMTYtZjg4MC00ODczLTg2OGIt
NWVjYWZkYTQ3MWY3LzEvMXdybXpHOGttSFRFdTEyeHpSTHV1OHJhODBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9hMzRhMTYtZjg4MC00ODczLTg2OGItNWVjYWZkYTQ3MWY3
LzEvd3VyNm93czBEcy1CQ2t5NXJ6dFJ4d0pXWlpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1A8xMA0G
CSqGSIb3DQEBCwUAA4IBAQAw/tjGAnTXQQCgl8LMby9D3g/gKk5qvVEbqPc6WO/F
Q7FBFBvJjv/rzpzQ/beetSdFhYWl5DqsV2iKtGZgGmpaUh5QWPGiZEuirYiWrhXg
ZgHTbdL+l6o8dHX9vn307Ud8pAwHwx5E/5oBL1+nZ0168TXdhQV/npX2i8lhKvX7
ewRxpRRWpL2KU6a0PiLvXopeMfZ0dX9F/Dk3pnaq+1b0FaA2Cm1PH/CR29n1MCOq
HWBG8w/wC123pFkmyWl0s1phVJ7hCebUkC44+inGRN613pvYKg2n3ICkiIZm8/ic
DW/uI5azs2zoQNdnhTj7Q/lT3c239nQYUtAbCSMAme7u
-----END CERTIFICATE-----