Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/mG5omuPUOFauaHPsCSmaAg6kpSM.roa
File:                     mG5omuPUOFauaHPsCSmaAg6kpSM.roa (raw, json)
Hash identifier:          HsO7KVC2uvy+Oy8dW1FUd8y73AVep+8199e1bZS75zY=
Subject key identifier:   98:6E:68:9A:E3:D4:38:56:AE:68:73:EC:09:29:9A:02:0E:A4:A5:23
Certificate issuer:       /CN=52b9b9e256580c4344bb241445b4d52e54fdd50b
Certificate serial:       018CC5DBE9A42C6AB96FD3900595E4B9B74D
Authority key identifier: 52:B9:B9:E2:56:58:0C:43:44:BB:24:14:45:B4:D5:2E:54:FD:D5:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Urm54lZYDENEuyQURbTVLlT91Qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/mG5omuPUOFauaHPsCSmaAg6kpSM.roa
Signing time:             Mon 01 Jan 2024 16:29:32 +0000
ROA not before:           Mon 01 Jan 2024 16:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25210
IP address blocks:        212.82.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/Urm54lZYDENEuyQURbTVLlT91Qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/Urm54lZYDENEuyQURbTVLlT91Qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Urm54lZYDENEuyQURbTVLlT91Qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e9:a4:2c:6a:b9:6f:d3:90:05:95:e4:b9:b7:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52b9b9e256580c4344bb241445b4d52e54fdd50b
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=986e689ae3d43856ae6873ec09299a020ea4a523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:28:93:3a:57:b3:9c:86:b7:54:1f:a6:ef:f3:
                    93:39:f7:8b:4d:c7:a8:af:2e:06:6e:94:a7:dc:93:
                    dd:f1:1b:58:23:cc:cc:96:46:01:dd:85:9c:53:9e:
                    e1:0b:43:77:5d:02:88:ad:50:8e:b0:18:fb:11:8f:
                    a3:e1:b7:66:b9:46:3c:48:50:84:d3:91:e7:ba:43:
                    74:53:fa:35:b6:dc:f9:f4:f9:5e:d3:dd:92:c8:e4:
                    a3:2a:f7:43:74:28:df:d0:16:63:80:91:12:da:fd:
                    67:85:6d:6a:19:79:c0:98:48:26:5b:f5:1f:c2:6e:
                    b0:6c:ba:54:03:6a:75:16:7c:26:14:a8:8e:41:be:
                    8b:9f:45:d0:cb:7a:3f:88:28:f5:19:8c:6e:df:17:
                    bc:a2:55:24:91:05:84:2c:a5:34:4f:58:08:31:8b:
                    d5:4b:c3:47:6e:a6:38:b3:9c:fc:c1:d4:1b:2c:5e:
                    53:7a:26:2c:a1:39:a7:57:25:92:2f:14:3f:da:03:
                    1e:c7:2a:95:79:b7:a5:69:e2:9c:a1:5a:11:fd:61:
                    50:72:38:b1:66:6d:f9:6b:d4:6c:aa:ee:09:e1:30:
                    a6:b4:6a:ac:8e:bc:aa:28:57:e5:a9:63:eb:90:f9:
                    95:10:a8:ad:1a:60:6e:a8:c8:6b:5f:28:ba:72:da:
                    56:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:6E:68:9A:E3:D4:38:56:AE:68:73:EC:09:29:9A:02:0E:A4:A5:23
            X509v3 Authority Key Identifier:
                keyid:52:B9:B9:E2:56:58:0C:43:44:BB:24:14:45:B4:D5:2E:54:FD:D5:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Urm54lZYDENEuyQURbTVLlT91Qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/mG5omuPUOFauaHPsCSmaAg6kpSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/Urm54lZYDENEuyQURbTVLlT91Qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.82.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:47:d5:9a:eb:cc:61:58:f8:e3:09:59:57:06:7b:e2:f9:33:
         8a:62:26:5e:c1:9a:65:67:72:c0:8c:29:8f:c7:fe:30:36:4f:
         d3:18:03:bc:e6:0b:1e:35:48:96:d2:35:63:4c:4e:74:a3:89:
         65:95:e3:ea:e1:9f:c7:8a:8f:4b:a1:6a:76:44:7f:00:79:3e:
         67:af:96:e0:77:67:76:72:0a:51:e5:75:cc:c7:76:30:ec:6f:
         8b:34:fe:f6:31:6c:75:c0:30:f4:ce:9e:33:c7:d5:38:48:c1:
         67:66:86:63:0d:48:a8:a3:d7:d9:3f:70:3a:83:f0:5b:60:0a:
         da:96:f1:72:59:63:8d:64:c6:20:b5:74:0c:34:a5:b4:2c:76:
         78:ba:10:63:54:fb:03:0d:0f:33:80:2f:a2:8e:13:9c:3c:d5:
         c0:30:78:c3:da:2d:f5:1d:e8:b2:86:bb:3e:f1:19:eb:91:41:
         bd:ed:0a:ad:bf:6f:3c:19:3b:46:7a:2c:08:73:7a:65:02:5d:
         05:ca:e5:55:0a:e0:48:9e:80:7f:30:27:1f:1e:0d:14:5a:80:
         63:46:cd:55:82:43:56:29:d9:fd:09:8b:0c:44:57:08:2b:2b:
         52:fc:28:c9:3e:04:84:12:43:cf:f3:e7:af:26:a5:ce:1a:60:
         52:37:2f:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+mkLGq5b9OQBZXkubdNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYjliOWUyNTY1ODBjNDM0NGJiMjQxNDQ1YjRkNTJlNTRm
ZGQ1MGIwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODZlNjg5YWUzZDQzODU2YWU2ODczZWMwOTI5OWEwMjBlYTRhNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyiTOleznIa3VB+m7/OTOfeLTceo
ry4GbpSn3JPd8RtYI8zMlkYB3YWcU57hC0N3XQKIrVCOsBj7EY+j4bdmuUY8SFCE
05HnukN0U/o1ttz59Ple092SyOSjKvdDdCjf0BZjgJES2v1nhW1qGXnAmEgmW/Uf
wm6wbLpUA2p1FnwmFKiOQb6Ln0XQy3o/iCj1GYxu3xe8olUkkQWELKU0T1gIMYvV
S8NHbqY4s5z8wdQbLF5TeiYsoTmnVyWSLxQ/2gMexyqVebelaeKcoVoR/WFQcjix
Zm35a9Rsqu4J4TCmtGqsjryqKFflqWPrkPmVEKitGmBuqMhrXyi6ctpWowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhuaJrj1DhWrmhz7AkpmgIOpKUjMB8GA1UdIwQY
MBaAFFK5ueJWWAxDRLskFEW01S5U/dULMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXJtNTRsWllERU5FdXlRVVJiVFZMbFQ5MVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lYWY4MWQtYTlkZi00YTZhLWI2MTAt
ZGUwNWM1NDA0NWJiLzEvbUc1b211UFVPRmF1YUhQc0NTbWFBZzZrcFNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lYWY4MWQtYTlkZi00YTZhLWI2MTAtZGUwNWM1NDA0NWJi
LzEvVXJtNTRsWllERU5FdXlRVVJiVFZMbFQ5MVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FLZMA0G
CSqGSIb3DQEBCwUAA4IBAQB1R9Wa68xhWPjjCVlXBnvi+TOKYiZewZplZ3LAjCmP
x/4wNk/TGAO85gseNUiW0jVjTE50o4lllePq4Z/Hio9LoWp2RH8AeT5nr5bgd2d2
cgpR5XXMx3Yw7G+LNP72MWx1wDD0zp4zx9U4SMFnZoZjDUioo9fZP3A6g/BbYAra
lvFyWWONZMYgtXQMNKW0LHZ4uhBjVPsDDQ8zgC+ijhOcPNXAMHjD2i31Heiyhrs+
8RnrkUG97Qqtv288GTtGeiwIc3plAl0FyuVVCuBInoB/MCcfHg0UWoBjRs1VgkNW
Kdn9CYsMRFcIKytS/CjJPgSEEkPP8+evJqXOGmBSNy/7
-----END CERTIFICATE-----