Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/ro7x5tBi5pz3qKIPLgpN5cezxqA.roa
File:                     ro7x5tBi5pz3qKIPLgpN5cezxqA.roa (raw, json)
Hash identifier:          5qgWdLvv6h/u7ssCLQ9odiZwNdNNYlXCXXprQdKkz2k=
Subject key identifier:   AE:8E:F1:E6:D0:62:E6:9C:F7:A8:A2:0F:2E:0A:4D:E5:C7:B3:C6:A0
Certificate issuer:       /CN=52b9b9e256580c4344bb241445b4d52e54fdd50b
Certificate serial:       019425220AAFB1DE823157A2D4C3B546479B
Authority key identifier: 52:B9:B9:E2:56:58:0C:43:44:BB:24:14:45:B4:D5:2E:54:FD:D5:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Urm54lZYDENEuyQURbTVLlT91Qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/ro7x5tBi5pz3qKIPLgpN5cezxqA.roa
Signing time:             Thu 02 Jan 2025 03:49:35 +0000
ROA not before:           Thu 02 Jan 2025 03:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25210
IP address blocks:        212.82.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/Urm54lZYDENEuyQURbTVLlT91Qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/Urm54lZYDENEuyQURbTVLlT91Qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Urm54lZYDENEuyQURbTVLlT91Qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0a:af:b1:de:82:31:57:a2:d4:c3:b5:46:47:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52b9b9e256580c4344bb241445b4d52e54fdd50b
        Validity
            Not Before: Jan  2 03:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae8ef1e6d062e69cf7a8a20f2e0a4de5c7b3c6a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:29:64:03:f5:1d:dc:2a:8a:db:6b:24:97:24:
                    18:20:34:c5:95:74:f0:e7:df:5c:86:89:e2:86:a3:
                    c9:2f:52:80:14:84:f8:bc:27:e4:b7:56:45:02:20:
                    9a:f3:bf:d3:8a:db:73:ef:a0:53:74:86:9c:ca:ba:
                    31:44:2a:3a:d3:34:33:be:f5:88:2e:ed:39:90:0a:
                    c7:af:5c:25:c6:e8:d8:66:bc:da:a1:8b:d8:b2:c0:
                    7f:48:d2:27:c1:df:36:ea:10:6b:55:7a:ca:81:fb:
                    b5:15:39:bd:43:65:e8:0d:d1:2e:93:ba:37:57:f7:
                    e0:5a:c2:f4:44:31:c6:81:1e:a6:b1:79:2f:6a:96:
                    2a:cd:b6:aa:e4:ca:0e:e9:48:fb:18:9f:80:bb:b0:
                    2e:cb:54:cf:4e:f7:56:e2:03:b4:54:99:81:88:96:
                    a6:86:39:ee:b7:62:09:06:3f:a3:45:06:54:40:95:
                    bb:81:a6:d0:59:c3:fe:84:25:93:a7:26:e7:8c:12:
                    6c:6b:cf:f6:9b:16:93:50:aa:5f:c5:9b:68:31:0e:
                    9c:76:8c:47:41:0b:9d:8b:11:c3:b9:50:3b:af:8b:
                    ba:50:8d:5f:33:f6:e5:c1:25:1d:f1:33:3d:14:be:
                    e4:55:cf:96:bb:4f:02:be:22:33:ee:a1:ec:91:88:
                    4d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:8E:F1:E6:D0:62:E6:9C:F7:A8:A2:0F:2E:0A:4D:E5:C7:B3:C6:A0
            X509v3 Authority Key Identifier:
                keyid:52:B9:B9:E2:56:58:0C:43:44:BB:24:14:45:B4:D5:2E:54:FD:D5:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Urm54lZYDENEuyQURbTVLlT91Qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/ro7x5tBi5pz3qKIPLgpN5cezxqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/Urm54lZYDENEuyQURbTVLlT91Qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.82.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:cc:b0:bd:0a:85:c4:5a:92:03:e8:05:ba:e3:78:b2:72:59:
         6b:04:15:b3:98:05:dc:01:a1:4a:37:23:3c:ff:94:20:4f:76:
         bd:d5:f2:79:9a:97:d1:4c:cf:bf:a7:44:35:64:a1:2e:11:30:
         6a:bf:c3:64:82:8f:c6:b1:42:5d:bc:60:c1:6b:aa:63:25:37:
         05:3a:6a:e4:f3:91:56:bc:64:79:04:50:1a:e5:1f:7c:0c:99:
         cf:60:c1:2f:9b:04:60:62:45:09:45:50:f3:be:e2:e4:58:7a:
         e5:b1:4b:6f:0c:77:5a:9b:be:f6:79:96:92:e8:10:e9:06:1d:
         fa:e7:ea:8c:61:f1:af:c5:a0:7c:b1:e2:95:4c:e0:aa:d6:dd:
         c3:8a:d9:8a:ed:70:94:05:38:81:a4:24:8a:36:72:b3:aa:c2:
         07:2f:45:92:ea:76:bf:c9:aa:62:c5:11:56:e0:91:95:58:a4:
         7f:19:40:2e:75:4d:61:c0:b7:1b:93:7c:5c:71:7a:c9:de:12:
         15:19:e5:1e:bb:b4:05:1a:05:99:03:d3:8a:7e:d0:dd:3c:2e:
         76:31:12:fd:94:96:61:c0:39:59:5a:95:16:40:c3:05:bd:ee:
         10:cd:20:7e:96:aa:29:17:2b:0a:57:d3:99:58:d1:96:70:19:
         0e:4f:1f:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIgqvsd6CMVei1MO1RkebMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYjliOWUyNTY1ODBjNDM0NGJiMjQxNDQ1YjRkNTJlNTRm
ZGQ1MGIwHhcNMjUwMTAyMDM0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZThlZjFlNmQwNjJlNjljZjdhOGEyMGYyZTBhNGRlNWM3YjNjNmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwClkA/Ud3CqK22sklyQYIDTFlXTw
599chonihqPJL1KAFIT4vCfkt1ZFAiCa87/Tittz76BTdIacyroxRCo60zQzvvWI
Lu05kArHr1wlxujYZrzaoYvYssB/SNInwd826hBrVXrKgfu1FTm9Q2XoDdEuk7o3
V/fgWsL0RDHGgR6msXkvapYqzbaq5MoO6Uj7GJ+Au7Auy1TPTvdW4gO0VJmBiJam
hjnut2IJBj+jRQZUQJW7gabQWcP+hCWTpybnjBJsa8/2mxaTUKpfxZtoMQ6cdoxH
QQudixHDuVA7r4u6UI1fM/blwSUd8TM9FL7kVc+Wu08CviIz7qHskYhN8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6O8ebQYuac96iiDy4KTeXHs8agMB8GA1UdIwQY
MBaAFFK5ueJWWAxDRLskFEW01S5U/dULMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXJtNTRsWllERU5FdXlRVVJiVFZMbFQ5MVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lYWY4MWQtYTlkZi00YTZhLWI2MTAt
ZGUwNWM1NDA0NWJiLzEvcm83eDV0Qmk1cHozcUtJUExncE41Y2V6eHFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lYWY4MWQtYTlkZi00YTZhLWI2MTAtZGUwNWM1NDA0NWJi
LzEvVXJtNTRsWllERU5FdXlRVVJiVFZMbFQ5MVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FLZMA0G
CSqGSIb3DQEBCwUAA4IBAQBvzLC9CoXEWpID6AW643iycllrBBWzmAXcAaFKNyM8
/5QgT3a91fJ5mpfRTM+/p0Q1ZKEuETBqv8Nkgo/GsUJdvGDBa6pjJTcFOmrk85FW
vGR5BFAa5R98DJnPYMEvmwRgYkUJRVDzvuLkWHrlsUtvDHdam772eZaS6BDpBh36
5+qMYfGvxaB8seKVTOCq1t3DitmK7XCUBTiBpCSKNnKzqsIHL0WS6na/yapixRFW
4JGVWKR/GUAudU1hwLcbk3xccXrJ3hIVGeUeu7QFGgWZA9OKftDdPC52MRL9lJZh
wDlZWpUWQMMFve4QzSB+lqopFysKV9OZWNGWcBkOTx8h
-----END CERTIFICATE-----