Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/w5y2MTSdQypOX17VhFunAbCXy80.roa
File:                     w5y2MTSdQypOX17VhFunAbCXy80.roa (raw, json)
Hash identifier:          7ukuMQG16arqv6mqEmEuPo+qhaVPdgY1vF5Kh03tYMg=
Subject key identifier:   C3:9C:B6:31:34:9D:43:2A:4E:5F:5E:D5:84:5B:A7:01:B0:97:CB:CD
Certificate issuer:       /CN=cc215f58159ec576a2022776ea64f61c5bb00194
Certificate serial:       019424B3AC891415254D975A0D9B8BD184FB
Authority key identifier: CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/w5y2MTSdQypOX17VhFunAbCXy80.roa
Signing time:             Thu 02 Jan 2025 01:49:02 +0000
ROA not before:           Thu 02 Jan 2025 01:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        212.122.164.0/24 maxlen: 24
                          212.122.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ac:89:14:15:25:4d:97:5a:0d:9b:8b:d1:84:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc215f58159ec576a2022776ea64f61c5bb00194
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c39cb631349d432a4e5f5ed5845ba701b097cbcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c2:57:72:19:f9:73:5d:22:b7:14:68:ff:86:
                    22:98:af:ec:cb:b4:20:da:9d:c2:c6:7c:7d:26:4b:
                    05:cb:fa:f8:85:15:e4:66:16:60:fb:95:32:cc:2a:
                    7b:81:06:ba:1d:45:d9:c2:51:a2:f0:df:4b:10:ad:
                    cb:70:65:2b:91:d8:3c:51:37:bf:22:d5:0a:17:41:
                    9e:2b:8c:03:20:3d:01:a0:c0:48:af:43:26:e7:27:
                    57:3c:2e:45:66:24:26:75:e5:8c:51:c6:e9:0e:50:
                    de:77:2e:61:92:21:7a:4e:b2:83:cb:da:39:55:9a:
                    14:d9:61:dd:d1:71:34:f9:b6:c5:ca:a0:56:08:86:
                    85:ad:fd:31:e0:0e:b3:4a:dd:02:00:bd:de:bd:9c:
                    be:9a:df:42:0e:e8:e9:e6:15:21:73:59:01:20:6e:
                    93:1f:7e:f5:83:25:00:51:47:aa:82:d0:15:48:83:
                    1c:10:e7:c0:7c:c9:9d:22:cd:94:71:fb:41:26:60:
                    fe:49:f0:5c:78:a4:cc:ba:be:8e:61:a8:44:c5:21:
                    01:2d:72:62:85:ea:e5:c0:69:f0:4a:c9:df:70:15:
                    a3:90:b3:e3:77:53:6a:e4:d7:f1:9e:60:f3:56:5c:
                    23:9d:85:d7:8e:36:37:74:f8:f6:df:66:bc:00:28:
                    65:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:9C:B6:31:34:9D:43:2A:4E:5F:5E:D5:84:5B:A7:01:B0:97:CB:CD
            X509v3 Authority Key Identifier:
                keyid:CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/w5y2MTSdQypOX17VhFunAbCXy80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.122.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:a4:1c:f4:ef:a3:9e:f5:71:0c:d0:7c:5a:73:14:be:18:29:
         7e:17:b7:e9:a9:82:c0:8b:b0:63:73:0a:ec:0b:b0:d1:cf:b1:
         71:88:c8:20:62:c1:82:06:c4:e4:ca:af:29:06:97:03:dd:60:
         22:08:ab:db:99:a8:1e:50:a0:3b:74:d5:63:a8:fc:90:55:0c:
         d2:55:86:8b:7f:fc:4c:30:1f:1d:ee:62:77:c6:99:69:7d:1e:
         ba:aa:77:37:e2:36:8b:bc:92:95:d4:3f:5e:fb:26:61:98:1b:
         bb:22:61:86:0e:37:bd:25:5c:89:29:19:ac:3a:60:a7:fc:75:
         52:74:ce:75:a3:7b:b8:6c:b6:1d:10:5f:25:d6:e7:e5:ad:00:
         a8:f7:c4:7e:5e:85:e5:7a:6b:63:7c:63:b5:28:74:86:24:9e:
         ae:3d:c0:66:cc:71:5d:5a:43:4d:2c:b5:7c:3a:01:be:6d:63:
         e5:24:38:30:db:52:53:d7:12:90:a5:a4:c9:0b:79:cd:c5:9a:
         78:38:3f:75:03:bf:1e:dd:fc:b3:b6:d8:27:ed:04:79:c1:28:
         d3:2f:c6:46:c9:06:83:77:7b:ed:5d:9f:85:65:1f:79:cc:6a:
         b6:3a:67:7f:98:5d:ab:8e:4d:bd:2a:c7:4f:79:fc:21:10:e9:
         74:35:fd:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6yJFBUlTZdaDZuL0YT7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMjE1ZjU4MTU5ZWM1NzZhMjAyMjc3NmVhNjRmNjFjNWJi
MDAxOTQwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzljYjYzMTM0OWQ0MzJhNGU1ZjVlZDU4NDViYTcwMWIwOTdjYmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMJXchn5c10itxRo/4YimK/sy7Qg
2p3Cxnx9JksFy/r4hRXkZhZg+5UyzCp7gQa6HUXZwlGi8N9LEK3LcGUrkdg8UTe/
ItUKF0GeK4wDID0BoMBIr0Mm5ydXPC5FZiQmdeWMUcbpDlDedy5hkiF6TrKDy9o5
VZoU2WHd0XE0+bbFyqBWCIaFrf0x4A6zSt0CAL3evZy+mt9CDujp5hUhc1kBIG6T
H371gyUAUUeqgtAVSIMcEOfAfMmdIs2UcftBJmD+SfBceKTMur6OYahExSEBLXJi
herlwGnwSsnfcBWjkLPjd1Nq5NfxnmDzVlwjnYXXjjY3dPj232a8AChltQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMOctjE0nUMqTl9e1YRbpwGwl8vNMB8GA1UdIwQY
MBaAFMwhX1gVnsV2ogIndupk9hxbsAGUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekNGZldCV2V4WGFpQWlkMjZtVDJIRnV3QVpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9lYmM3NDgtNjgyNi00MTQwLWE4ZTAt
ODQzZWVlZTBhMjYwLzEvdzV5Mk1UU2RReXBPWDE3VmhGdW5BYkNYeTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9lYmM3NDgtNjgyNi00MTQwLWE4ZTAtODQzZWVlZTBhMjYw
LzEvekNGZldCV2V4WGFpQWlkMjZtVDJIRnV3QVpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HqkMA0G
CSqGSIb3DQEBCwUAA4IBAQBGpBz076Oe9XEM0HxacxS+GCl+F7fpqYLAi7Bjcwrs
C7DRz7FxiMggYsGCBsTkyq8pBpcD3WAiCKvbmageUKA7dNVjqPyQVQzSVYaLf/xM
MB8d7mJ3xplpfR66qnc34jaLvJKV1D9e+yZhmBu7ImGGDje9JVyJKRmsOmCn/HVS
dM51o3u4bLYdEF8l1uflrQCo98R+XoXlemtjfGO1KHSGJJ6uPcBmzHFdWkNNLLV8
OgG+bWPlJDgw21JT1xKQpaTJC3nNxZp4OD91A78e3fyzttgn7QR5wSjTL8ZGyQaD
d3vtXZ+FZR95zGq2Omd/mF2rjk29KsdPefwhEOl0Nf2C
-----END CERTIFICATE-----