Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_OqqmXCTdKfAjrsP4IR5WXPqBug.roa
File:                     _OqqmXCTdKfAjrsP4IR5WXPqBug.roa (raw, json)
Hash identifier:          eoEs6qrPeUQSmaMBL5i3PmSdkifq82OQz00utxJfrnY=
Subject key identifier:   FC:EA:AA:99:70:93:74:A7:C0:8E:BB:0F:E0:84:79:59:73:EA:06:E8
Certificate issuer:       /CN=fd261d45319e8375187436da44bf5b9adb044a7f
Certificate serial:       018CC42528617721F51378173D61682264B7
Authority key identifier: FD:26:1D:45:31:9E:83:75:18:74:36:DA:44:BF:5B:9A:DB:04:4A:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_SYdRTGeg3UYdDbaRL9bmtsESn8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_OqqmXCTdKfAjrsP4IR5WXPqBug.roa
Signing time:             Mon 01 Jan 2024 08:30:18 +0000
ROA not before:           Mon 01 Jan 2024 08:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206492
IP address blocks:        212.25.7.64/28 maxlen: 28

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_SYdRTGeg3UYdDbaRL9bmtsESn8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_SYdRTGeg3UYdDbaRL9bmtsESn8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_SYdRTGeg3UYdDbaRL9bmtsESn8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:28:61:77:21:f5:13:78:17:3d:61:68:22:64:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd261d45319e8375187436da44bf5b9adb044a7f
        Validity
            Not Before: Jan  1 08:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fceaaa99709374a7c08ebb0fe084795973ea06e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5d:fa:46:39:97:14:e1:76:f1:ea:91:fb:2b:
                    93:64:82:cf:c8:c8:ca:3a:4d:fa:d9:ca:9e:29:23:
                    d8:a2:ea:4f:b8:e3:83:b6:44:bd:66:69:ed:68:18:
                    51:f5:a0:a8:ec:a1:6a:d7:ce:28:2a:74:4f:0a:84:
                    8f:d5:d2:76:57:f5:5d:b7:2b:b0:2b:25:d1:90:79:
                    0d:32:21:a4:8b:3f:81:f7:43:6a:59:6e:51:6b:d0:
                    bc:c9:81:37:6f:b4:2b:f4:35:b9:53:d3:2a:58:79:
                    56:cc:ec:44:7f:1a:2f:e3:d8:f2:ca:8d:22:04:d0:
                    9a:de:3f:9b:5e:bb:d2:22:ea:6d:ba:dd:1d:6c:c7:
                    2f:a8:15:84:fa:e9:82:1a:f4:71:83:76:3d:f8:7e:
                    ca:96:06:95:49:fa:78:48:80:ee:23:4b:ae:30:74:
                    dc:e2:c6:99:de:0f:fb:e3:15:f5:43:44:2b:71:36:
                    c3:f5:af:41:37:5a:2e:69:c9:51:d3:bb:8d:c9:9a:
                    4e:bd:8c:17:ed:56:15:03:0b:09:95:dd:50:46:26:
                    da:07:fb:0b:31:d5:5b:ba:54:4a:48:2a:99:d7:97:
                    8a:f9:a2:d9:f3:4e:fd:28:af:55:3b:40:bc:a7:2a:
                    51:59:69:a8:3f:45:62:3e:d6:05:19:d1:52:74:ff:
                    1b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:EA:AA:99:70:93:74:A7:C0:8E:BB:0F:E0:84:79:59:73:EA:06:E8
            X509v3 Authority Key Identifier:
                keyid:FD:26:1D:45:31:9E:83:75:18:74:36:DA:44:BF:5B:9A:DB:04:4A:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_SYdRTGeg3UYdDbaRL9bmtsESn8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_OqqmXCTdKfAjrsP4IR5WXPqBug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_SYdRTGeg3UYdDbaRL9bmtsESn8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.25.7.64/28

    Signature Algorithm: sha256WithRSAEncryption
         5c:51:36:7e:ee:b8:46:86:c9:f3:01:37:31:8c:02:6d:36:af:
         7a:ce:c9:8e:30:a5:13:80:0f:3a:06:f8:67:f2:c4:38:19:3d:
         d3:34:23:b2:8a:56:1b:45:47:24:86:6a:aa:46:e5:64:49:47:
         40:e8:78:34:f2:53:18:2a:22:f4:68:80:20:3c:67:61:cc:19:
         e6:b7:78:d1:05:32:f8:96:08:14:32:9e:c0:41:58:cf:48:62:
         45:2d:5c:8e:c8:26:90:4d:79:e0:bd:c7:69:3a:cf:23:3a:9c:
         1e:35:5e:1a:ad:81:ab:cd:ea:6a:d0:f5:b2:f2:c5:9e:1d:b4:
         b0:e3:4c:57:f3:18:e0:6b:b3:ce:43:b7:d8:29:e3:b3:66:35:
         5e:2c:1b:a6:bc:99:47:9d:a4:11:97:c1:c4:d0:15:4d:f4:a5:
         f8:74:a4:e5:f1:e9:fd:a5:dc:67:d9:95:40:bd:ea:05:d5:64:
         36:ed:30:3f:6b:10:52:55:e3:07:9b:29:39:e7:e5:44:db:fd:
         d4:84:6c:01:c1:9b:e2:bc:5c:8f:cc:9a:8c:d9:a7:4d:97:64:
         ab:7e:c8:6e:be:15:a5:9f:23:d0:72:21:8c:6c:52:22:1b:69:
         22:40:41:b0:98:40:1e:ed:ce:d3:bd:75:66:1b:02:e8:68:59:
         a1:d3:6a:dd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJShhdyH1E3gXPWFoImS3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMjYxZDQ1MzE5ZTgzNzUxODc0MzZkYTQ0YmY1YjlhZGIw
NDRhN2YwHhcNMjQwMTAxMDgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2VhYWE5OTcwOTM3NGE3YzA4ZWJiMGZlMDg0Nzk1OTczZWEwNmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjV36RjmXFOF28eqR+yuTZILPyMjK
Ok362cqeKSPYoupPuOODtkS9ZmntaBhR9aCo7KFq184oKnRPCoSP1dJ2V/Vdtyuw
KyXRkHkNMiGkiz+B90NqWW5Ra9C8yYE3b7Qr9DW5U9MqWHlWzOxEfxov49jyyo0i
BNCa3j+bXrvSIuptut0dbMcvqBWE+umCGvRxg3Y9+H7KlgaVSfp4SIDuI0uuMHTc
4saZ3g/74xX1Q0QrcTbD9a9BN1ouaclR07uNyZpOvYwX7VYVAwsJld1QRibaB/sL
MdVbulRKSCqZ15eK+aLZ8079KK9VO0C8pypRWWmoP0ViPtYFGdFSdP8bsQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPzqqplwk3SnwI67D+CEeVlz6gboMB8GA1UdIwQY
MBaAFP0mHUUxnoN1GHQ22kS/W5rbBEp/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1NZZFJUR2VnM1VZZERiYVJMOWJtdHNFU244LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS81ODJiMTctZjQ2Zi00MWViLThmZDQt
ZWI1MDkzYjIzMWMxLzEvX09xcW1YQ1RkS2ZBanJzUDRJUjVXWFBxQnVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS81ODJiMTctZjQ2Zi00MWViLThmZDQtZWI1MDkzYjIzMWMx
LzEvX1NZZFJUR2VnM1VZZERiYVJMOWJtdHNFU244LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUE1BkHQDAN
BgkqhkiG9w0BAQsFAAOCAQEAXFE2fu64RobJ8wE3MYwCbTaves7JjjClE4APOgb4
Z/LEOBk90zQjsopWG0VHJIZqqkblZElHQOh4NPJTGCoi9GiAIDxnYcwZ5rd40QUy
+JYIFDKewEFYz0hiRS1cjsgmkE154L3HaTrPIzqcHjVeGq2Bq83qatD1svLFnh20
sONMV/MY4GuzzkO32Cnjs2Y1XiwbpryZR52kEZfBxNAVTfSl+HSk5fHp/aXcZ9mV
QL3qBdVkNu0wP2sQUlXjB5spOeflRNv91IRsAcGb4rxcj8yajNmnTZdkq37Ibr4V
pZ8j0HIhjGxSIhtpIkBBsJhAHu3O0711ZhsC6GhZodNq3Q==
-----END CERTIFICATE-----