Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/o7aaJIA1Lgq0zCdQCsOjEWzmMK0.roa
File:                     o7aaJIA1Lgq0zCdQCsOjEWzmMK0.roa (raw, json)
Hash identifier:          WUPkYWF0I4A0srltNNQaHCMFjlD7ESqkAZxhm9FU4mI=
Subject key identifier:   A3:B6:9A:24:80:35:2E:0A:B4:CC:27:50:0A:C3:A3:11:6C:E6:30:AD
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       019427B579EEED27F93D59F35118E0E7B81C
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/o7aaJIA1Lgq0zCdQCsOjEWzmMK0.roa
Signing time:             Thu 02 Jan 2025 15:49:52 +0000
ROA not before:           Thu 02 Jan 2025 15:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        195.206.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:79:ee:ed:27:f9:3d:59:f3:51:18:e0:e7:b8:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Jan  2 15:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3b69a2480352e0ab4cc27500ac3a3116ce630ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:87:c5:53:f7:92:09:e1:68:11:af:bf:f9:b0:
                    65:ad:e1:7d:55:ea:db:9c:09:45:79:61:fa:4a:93:
                    ae:72:8d:a7:b0:28:e6:c5:ad:19:88:66:6b:81:5d:
                    fe:75:95:74:47:39:0c:33:89:0d:ae:d0:e1:38:eb:
                    ef:32:19:1f:6a:95:85:1c:af:db:8c:53:56:b1:60:
                    d1:a5:ce:3c:09:ff:b8:c3:69:73:d3:dd:54:35:b4:
                    20:08:9f:52:d1:a6:8a:87:8a:b0:62:2f:26:92:9b:
                    a0:2c:02:0d:fa:30:82:ad:97:34:cb:27:62:73:7b:
                    f7:35:b8:43:48:d3:a8:86:59:41:05:e2:22:4b:bf:
                    3f:c3:ca:02:73:96:a7:fe:e3:95:d5:31:68:14:90:
                    b9:87:b5:c1:1e:15:be:50:7b:a6:50:7f:d7:a3:6a:
                    c9:22:a0:ba:c8:73:b2:a1:76:f0:27:40:9d:d4:ad:
                    25:f5:0c:79:06:cd:28:2f:6f:1b:f6:06:86:8f:f8:
                    3d:cf:da:6b:2c:6b:b9:8c:b5:d4:a0:34:9e:02:30:
                    37:9b:6a:5c:c3:67:cf:08:da:4e:e2:8c:f8:bc:f1:
                    f8:d0:30:68:fa:5a:2c:df:c9:2b:85:7c:a6:38:68:
                    78:17:c9:ea:d2:cf:23:e1:c4:1e:d5:13:d9:d3:27:
                    1c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:B6:9A:24:80:35:2E:0A:B4:CC:27:50:0A:C3:A3:11:6C:E6:30:AD
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/o7aaJIA1Lgq0zCdQCsOjEWzmMK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:4d:95:22:1d:ec:f8:8b:5e:96:9d:b1:de:02:5d:30:7c:4f:
         8c:2c:f7:29:2b:a9:f5:a8:6c:a2:df:9b:e4:07:f7:62:5d:db:
         05:3b:56:b0:7a:01:a7:dc:7a:6b:8d:4c:4a:a2:8a:af:6a:f1:
         88:dd:84:9f:fb:e3:08:08:88:79:52:01:37:36:86:2d:e5:16:
         57:fb:20:f1:43:6c:07:6a:16:1e:cc:0b:25:91:e4:ec:df:b2:
         05:3f:4d:a7:d5:7a:df:d3:73:b7:7c:a4:10:da:f9:c4:fe:19:
         f4:ef:1c:90:a1:6b:c0:b6:c0:a8:b6:66:8b:11:6a:51:02:47:
         dd:e9:ac:ba:e1:91:2d:e6:b6:13:a9:99:d5:10:1c:b4:89:c9:
         13:fa:b3:36:42:63:04:78:10:6f:08:40:64:93:45:f8:68:fb:
         ea:d4:d1:c8:ff:73:44:af:6c:14:d3:e2:3e:86:28:a0:05:0f:
         37:c2:dc:2a:12:d8:5c:d1:24:28:49:53:83:2a:5c:99:dc:31:
         71:42:8c:37:34:42:c4:a1:29:03:ff:90:06:84:d4:82:d0:55:
         93:0c:c5:2f:d7:e8:24:6c:f3:79:8b:c8:05:60:9c:38:92:0c:
         f6:a8:8d:05:ee:ff:78:f1:c6:73:83:75:4d:49:03:30:2d:d5:
         b2:76:fd:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntXnu7Sf5PVnzURjg57gcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjUwMTAyMTU0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2I2OWEyNDgwMzUyZTBhYjRjYzI3NTAwYWMzYTMxMTZjZTYzMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYfFU/eSCeFoEa+/+bBlreF9Verb
nAlFeWH6SpOuco2nsCjmxa0ZiGZrgV3+dZV0RzkMM4kNrtDhOOvvMhkfapWFHK/b
jFNWsWDRpc48Cf+4w2lz091UNbQgCJ9S0aaKh4qwYi8mkpugLAIN+jCCrZc0yydi
c3v3NbhDSNOohllBBeIiS78/w8oCc5an/uOV1TFoFJC5h7XBHhW+UHumUH/Xo2rJ
IqC6yHOyoXbwJ0Cd1K0l9Qx5Bs0oL28b9gaGj/g9z9prLGu5jLXUoDSeAjA3m2pc
w2fPCNpO4oz4vPH40DBo+los38krhXymOGh4F8nq0s8j4cQe1RPZ0yccAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKO2miSANS4KtMwnUArDoxFs5jCtMB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvbzdhYUpJQTFMZ3EwekNkUUNzT2pFV3ptTUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw85vMA0G
CSqGSIb3DQEBCwUAA4IBAQCxTZUiHez4i16WnbHeAl0wfE+MLPcpK6n1qGyi35vk
B/diXdsFO1awegGn3HprjUxKooqvavGI3YSf++MICIh5UgE3NoYt5RZX+yDxQ2wH
ahYezAslkeTs37IFP02n1Xrf03O3fKQQ2vnE/hn07xyQoWvAtsCotmaLEWpRAkfd
6ay64ZEt5rYTqZnVEBy0ickT+rM2QmMEeBBvCEBkk0X4aPvq1NHI/3NEr2wU0+I+
hiigBQ83wtwqEthc0SQoSVODKlyZ3DFxQow3NELEoSkD/5AGhNSC0FWTDMUv1+gk
bPN5i8gFYJw4kgz2qI0F7v948cZzg3VNSQMwLdWydv1X
-----END CERTIFICATE-----