Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/iSYRSPpcAZI4HlO_8f8zyXqwRfU.roa
File:                     iSYRSPpcAZI4HlO_8f8zyXqwRfU.roa (raw, json)
Hash identifier:          Rffjak1bf7qc3jU2Dh/aWsQts3P+fNc9Xobd/iqNqxc=
Subject key identifier:   89:26:11:48:FA:5C:01:92:38:1E:53:BF:F1:FF:33:C9:7A:B0:45:F5
Certificate issuer:       /CN=ec9c685cf6671cc656f92e764557a38378f2827c
Certificate serial:       018CC8DED17548ABF0A7B66F0333C19D03BB
Authority key identifier: EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/iSYRSPpcAZI4HlO_8f8zyXqwRfU.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30823
IP address blocks:        212.114.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 03:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d1:75:48:ab:f0:a7:b6:6f:03:33:c1:9d:03:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec9c685cf6671cc656f92e764557a38378f2827c
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89261148fa5c0192381e53bff1ff33c97ab045f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ed:f8:46:27:7a:2e:4f:8a:9c:d4:6a:26:e6:
                    09:44:37:59:9b:da:bd:3c:0b:ac:68:e0:40:85:8d:
                    36:09:42:fe:36:45:6c:a7:98:0b:55:eb:38:00:cf:
                    c6:9d:f2:24:ac:4c:9a:2e:23:f1:d5:b1:2e:f6:22:
                    8a:b7:d0:50:75:49:02:72:07:c8:f3:e0:c6:13:6a:
                    34:b7:31:3f:a2:3e:da:93:b7:aa:cf:56:74:58:80:
                    38:16:33:04:3c:95:d1:a5:89:35:46:9b:4c:07:57:
                    2a:2d:d5:6f:f4:4d:5f:af:e1:e9:eb:d1:3c:be:fb:
                    f6:6b:d3:b7:46:f1:82:c8:53:8d:15:ff:52:a7:5e:
                    28:9e:09:cf:93:2b:8c:f2:ef:ed:4a:64:bb:ca:6b:
                    6f:4b:f0:f8:2b:eb:79:91:05:91:91:fd:19:2c:56:
                    88:b1:63:5c:79:59:1b:a1:95:d9:47:a0:61:d3:8b:
                    41:c6:ed:9b:46:18:01:19:b0:d2:fc:08:0d:9a:5b:
                    f9:60:4e:6e:8e:d6:33:b3:92:f6:cc:98:ec:71:49:
                    0a:23:5a:35:b5:4d:35:58:93:1f:41:b0:bb:b3:b9:
                    ad:dc:d0:7b:0f:33:88:6b:cb:76:33:ed:11:8d:a5:
                    6d:fc:16:88:75:7e:e9:ea:95:42:89:5c:77:b0:ee:
                    25:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:26:11:48:FA:5C:01:92:38:1E:53:BF:F1:FF:33:C9:7A:B0:45:F5
            X509v3 Authority Key Identifier:
                keyid:EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/iSYRSPpcAZI4HlO_8f8zyXqwRfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.114.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:de:b9:ce:d3:d9:79:ef:d8:f8:0a:ba:ca:c3:be:b8:e3:96:
         7e:c4:fc:43:97:98:2a:c8:2b:99:da:a7:69:09:9c:6a:a8:6c:
         99:ee:24:28:2a:f4:c5:1a:c4:28:b1:fb:6d:0e:e2:41:af:81:
         ef:21:2d:d3:86:63:06:65:75:b4:d5:8e:b7:28:f6:ba:ae:0a:
         11:14:b1:a2:97:e1:24:b6:4d:d7:de:ef:17:76:6b:94:af:53:
         f2:1a:a4:fe:f2:41:d6:06:14:8f:d5:20:4a:8c:a7:59:7f:7c:
         42:2c:4f:29:62:3e:4d:1b:56:27:a2:42:b6:bf:a0:ae:68:73:
         da:51:05:29:26:0e:12:b1:95:c2:e2:44:3e:28:63:fd:ec:b1:
         86:ff:a2:dd:b7:20:fd:de:04:ec:89:0b:9f:f0:13:44:22:b6:
         63:14:15:35:1a:99:05:76:74:94:5a:a8:08:e1:07:6b:06:ed:
         1e:02:3e:17:7a:fc:f8:a6:88:db:2e:13:2e:17:e5:de:ae:bd:
         23:7e:9b:95:88:39:48:83:b9:35:58:03:f0:29:db:b0:77:2b:
         8d:11:d2:a0:8d:0e:6e:78:05:ba:12:93:48:34:67:a2:49:76:
         09:5e:b3:39:c5:4b:9c:15:26:52:80:8c:1f:aa:5c:23:d8:6b:
         c3:56:1c:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tF1SKvwp7ZvAzPBnQO7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWM2ODVjZjY2NzFjYzY1NmY5MmU3NjQ1NTdhMzgzNzhm
MjgyN2MwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTI2MTE0OGZhNWMwMTkyMzgxZTUzYmZmMWZmMzNjOTdhYjA0NWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+34Rid6Lk+KnNRqJuYJRDdZm9q9
PAusaOBAhY02CUL+NkVsp5gLVes4AM/GnfIkrEyaLiPx1bEu9iKKt9BQdUkCcgfI
8+DGE2o0tzE/oj7ak7eqz1Z0WIA4FjMEPJXRpYk1RptMB1cqLdVv9E1fr+Hp69E8
vvv2a9O3RvGCyFONFf9Sp14ongnPkyuM8u/tSmS7ymtvS/D4K+t5kQWRkf0ZLFaI
sWNceVkboZXZR6Bh04tBxu2bRhgBGbDS/AgNmlv5YE5ujtYzs5L2zJjscUkKI1o1
tU01WJMfQbC7s7mt3NB7DzOIa8t2M+0RjaVt/BaIdX7p6pVCiVx3sO4lPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkmEUj6XAGSOB5Tv/H/M8l6sEX1MB8GA1UdIwQY
MBaAFOycaFz2ZxzGVvkudkVXo4N48oJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUt
YmFiNDhkYWI0Y2Q2LzEvaVNZUlNQcGNBWkk0SGxPXzhmOHp5WHF3UmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUtYmFiNDhkYWI0Y2Q2
LzEvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HI0MA0G
CSqGSIb3DQEBCwUAA4IBAQBp3rnO09l579j4CrrKw76445Z+xPxDl5gqyCuZ2qdp
CZxqqGyZ7iQoKvTFGsQosfttDuJBr4HvIS3ThmMGZXW01Y63KPa6rgoRFLGil+Ek
tk3X3u8XdmuUr1PyGqT+8kHWBhSP1SBKjKdZf3xCLE8pYj5NG1YnokK2v6CuaHPa
UQUpJg4SsZXC4kQ+KGP97LGG/6LdtyD93gTsiQuf8BNEIrZjFBU1GpkFdnSUWqgI
4QdrBu0eAj4Xevz4pojbLhMuF+Xerr0jfpuViDlIg7k1WAPwKduwdyuNEdKgjQ5u
eAW6EpNINGeiSXYJXrM5xUucFSZSgIwfqlwj2GvDVhzb
-----END CERTIFICATE-----