Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/b4M2RVAScTVc0rLcQWS2TUKBQVg.roa
File:                     b4M2RVAScTVc0rLcQWS2TUKBQVg.roa (raw, json)
Hash identifier:          JAXZVAloSHKdDJuVLx42Yx5DyOaYH17Fr5xV9qxOaFU=
Subject key identifier:   6F:83:36:45:50:12:71:35:5C:D2:B2:DC:41:64:B6:4D:42:81:41:58
Certificate issuer:       /CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Certificate serial:       019426D9F7727ABB934CCFEFB357F3FFA4AC
Authority key identifier: 5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/b4M2RVAScTVc0rLcQWS2TUKBQVg.roa
Signing time:             Thu 02 Jan 2025 11:50:06 +0000
ROA not before:           Thu 02 Jan 2025 11:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12536
IP address blocks:        212.121.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f7:72:7a:bb:93:4c:cf:ef:b3:57:f3:ff:a4:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e400ac2396ae228d2b2e56f4b06739969379e44
        Validity
            Not Before: Jan  2 11:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f833645501271355cd2b2dc4164b64d42814158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ce:c7:3f:34:36:e7:80:40:a5:26:1b:94:ce:
                    2d:cb:37:40:3a:eb:14:7d:30:59:ec:ba:ae:95:f9:
                    4d:da:37:66:f9:64:7b:31:a0:67:dd:b3:2a:99:ab:
                    0b:5a:7a:eb:aa:55:4b:60:7a:08:e1:ec:80:aa:d6:
                    e5:8c:98:1a:3a:6c:c5:fb:ea:e2:39:9a:29:f3:07:
                    22:fe:7b:e0:a8:76:78:9a:6c:2a:1a:2a:e9:46:96:
                    65:b1:65:49:18:20:25:28:13:f5:10:b1:1f:35:2e:
                    61:8b:76:c4:c8:ec:06:57:94:7a:4c:7d:36:27:69:
                    04:84:9f:35:4d:90:dd:c0:8f:eb:ec:e6:df:4b:38:
                    3f:7c:35:55:43:fc:06:94:30:22:55:2c:aa:f2:fc:
                    64:4d:7d:6d:9b:09:5c:54:36:52:86:61:fc:a8:95:
                    d5:2a:66:78:1f:34:6a:bc:30:58:c5:8e:a9:ae:f0:
                    2f:7c:c2:21:d0:c8:23:8d:0d:d1:9b:84:ed:d3:cf:
                    9e:6f:4c:aa:a7:5c:70:dd:04:41:84:d9:e2:5f:58:
                    44:ea:21:94:17:32:c3:68:88:b3:19:fb:cd:a5:c1:
                    e4:d4:78:6f:9f:9f:a8:c4:2d:f4:79:2b:12:48:96:
                    b2:1e:ca:02:e9:2d:52:fd:94:ff:1b:2e:35:6c:ed:
                    f2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:83:36:45:50:12:71:35:5C:D2:B2:DC:41:64:B6:4D:42:81:41:58
            X509v3 Authority Key Identifier:
                keyid:5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/b4M2RVAScTVc0rLcQWS2TUKBQVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.121.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         63:c7:f4:19:ff:2f:57:c9:bf:13:33:3c:c1:da:fd:d2:19:6c:
         51:4e:2a:6a:2c:a3:5d:6b:d0:41:3a:b3:5d:ea:2f:60:10:25:
         2c:9d:37:33:1d:2b:dc:b2:19:db:8e:36:6b:b7:27:e5:ff:1c:
         b5:40:cb:df:6f:b9:72:ec:db:99:6b:c0:1c:c8:ef:e5:9a:2b:
         9e:a3:a7:a1:a3:ac:9b:37:a5:3c:3b:06:ab:33:5d:f4:66:b0:
         62:72:bd:9c:b4:36:fb:cf:24:89:ca:27:31:5d:65:4e:1c:d2:
         91:0c:aa:fb:97:04:9c:78:c0:19:29:c0:a6:41:2c:f0:f6:61:
         96:7a:2a:77:1f:0c:53:71:68:7d:96:00:2b:1c:6d:7e:e1:b8:
         4d:a2:88:f5:9d:55:41:a8:5e:96:e7:9a:a2:88:23:0f:31:6a:
         17:63:54:d5:25:87:bc:ba:4f:28:ba:72:dd:2d:bf:d2:49:57:
         05:0b:c4:da:7e:13:9a:3f:6f:28:77:8c:62:53:b0:de:63:84:
         59:aa:a2:5f:25:aa:e8:df:dc:54:c7:3f:f8:51:ee:4d:4e:43:
         7e:f2:ed:5a:53:70:13:a9:9d:fc:01:ae:6f:dc:99:93:d4:72:
         f4:b8:78:e3:16:fa:a9:2e:63:20:42:c4:33:91:6c:f5:f4:be:
         90:97:fb:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2fdyeruTTM/vs1fz/6SsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDAwYWMyMzk2YWUyMjhkMmIyZTU2ZjRiMDY3Mzk5Njkz
NzllNDQwHhcNMjUwMTAyMTE1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjgzMzY0NTUwMTI3MTM1NWNkMmIyZGM0MTY0YjY0ZDQyODE0MTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt87HPzQ254BApSYblM4tyzdAOusU
fTBZ7LqulflN2jdm+WR7MaBn3bMqmasLWnrrqlVLYHoI4eyAqtbljJgaOmzF++ri
OZop8wci/nvgqHZ4mmwqGirpRpZlsWVJGCAlKBP1ELEfNS5hi3bEyOwGV5R6TH02
J2kEhJ81TZDdwI/r7ObfSzg/fDVVQ/wGlDAiVSyq8vxkTX1tmwlcVDZShmH8qJXV
KmZ4HzRqvDBYxY6prvAvfMIh0MgjjQ3Rm4Tt08+eb0yqp1xw3QRBhNniX1hE6iGU
FzLDaIizGfvNpcHk1Hhvn5+oxC30eSsSSJayHsoC6S1S/ZT/Gy41bO3yIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+DNkVQEnE1XNKy3EFktk1CgUFYMB8GA1UdIwQY
MBaAFF5ACsI5auIo0rLlb0sGc5lpN55EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYt
ZGZlZDEyZjFhMDFlLzEvYjRNMlJWQVNjVFZjMHJMY1FXUzJUVUtCUVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYtZGZlZDEyZjFhMDFl
LzEvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1HkgMA0G
CSqGSIb3DQEBCwUAA4IBAQBjx/QZ/y9Xyb8TMzzB2v3SGWxRTipqLKNda9BBOrNd
6i9gECUsnTczHSvcshnbjjZrtyfl/xy1QMvfb7ly7NuZa8AcyO/lmiueo6eho6yb
N6U8OwarM130ZrBicr2ctDb7zySJyicxXWVOHNKRDKr7lwSceMAZKcCmQSzw9mGW
eip3HwxTcWh9lgArHG1+4bhNooj1nVVBqF6W55qiiCMPMWoXY1TVJYe8uk8ounLd
Lb/SSVcFC8TafhOaP28od4xiU7DeY4RZqqJfJaro39xUxz/4Ue5NTkN+8u1aU3AT
qZ38Aa5v3JmT1HL0uHjjFvqpLmMgQsQzkWz19L6Ql/si
-----END CERTIFICATE-----