Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/P1aEjNsd0SJfPVikfoYHI7ubFMI.roa
File:                     P1aEjNsd0SJfPVikfoYHI7ubFMI.roa (raw, json)
Hash identifier:          DuGgYnJ4n5Dj5BJqboFm/1FmaNs0vaXsoWw3QLn5rAo=
Subject key identifier:   3F:56:84:8C:DB:1D:D1:22:5F:3D:58:A4:7E:86:07:23:BB:9B:14:C2
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019424B3B1D4ABCE43A79FEAB8F1F3252C22
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/P1aEjNsd0SJfPVikfoYHI7ubFMI.roa
Signing time:             Thu 02 Jan 2025 01:49:03 +0000
ROA not before:           Thu 02 Jan 2025 01:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57960
IP address blocks:        212.86.116.0/22 maxlen: 22
                          212.86.120.0/22 maxlen: 22
                          212.86.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b1:d4:ab:ce:43:a7:9f:ea:b8:f1:f3:25:2c:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  2 01:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f56848cdb1dd1225f3d58a47e860723bb9b14c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a1:3c:f8:55:79:3e:c4:9e:5d:16:2a:ef:0d:
                    84:ec:e0:6f:cd:52:ac:20:ed:7b:d0:a5:9e:61:68:
                    1c:ed:8c:94:2d:76:34:5a:a9:ba:d9:ae:dc:98:07:
                    e9:78:12:25:f3:e6:9e:d9:c4:52:27:26:0d:87:2a:
                    00:c5:90:9b:80:c3:47:f6:3e:3c:ed:fe:b4:33:9d:
                    8d:2e:59:5a:c3:4e:90:5a:db:1c:78:5a:7b:6c:30:
                    75:43:f3:e1:4f:ee:92:22:2a:d0:c3:a2:f3:9f:4f:
                    67:5b:9f:40:2c:d8:88:f8:89:37:12:19:fb:4d:4b:
                    86:5a:48:df:6b:c6:f7:0b:48:b5:06:41:95:22:5d:
                    53:d2:3b:d5:cc:9d:3e:84:d5:36:d4:72:ba:6a:3e:
                    ce:2c:88:c8:9f:02:09:b9:aa:50:17:a7:d1:bd:c0:
                    43:ee:17:ea:30:2a:f3:07:0c:14:cf:d6:94:5f:92:
                    55:f6:e4:1c:16:a2:79:8c:8b:76:4a:19:ae:db:c8:
                    67:9c:1e:7f:a9:f1:af:70:ba:1a:ce:62:37:18:4b:
                    0f:1b:fe:aa:01:16:90:24:23:6d:b4:a2:9c:ee:40:
                    bd:3c:c7:b1:57:f8:8b:f1:62:ca:7b:34:de:84:a1:
                    95:13:aa:ea:e5:01:1e:7b:ec:4b:76:26:9a:cd:63:
                    8e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:56:84:8C:DB:1D:D1:22:5F:3D:58:A4:7E:86:07:23:BB:9B:14:C2
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/P1aEjNsd0SJfPVikfoYHI7ubFMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.86.116.0-212.86.127.255

    Signature Algorithm: sha256WithRSAEncryption
         98:4b:6c:57:ad:81:b0:23:10:68:2f:3a:64:54:d5:c1:2c:73:
         8c:ac:62:d7:c4:73:4a:e0:73:0b:11:60:c6:17:a2:c6:52:10:
         ee:ec:13:67:9f:6b:8f:1d:0d:4b:61:f1:fd:6c:46:46:3e:71:
         98:4b:de:73:0f:9c:6d:be:58:f8:b5:69:c5:a2:06:05:00:97:
         7f:99:a2:1d:05:1c:bd:cf:35:92:bd:5a:7a:46:68:de:44:19:
         f1:28:4c:05:f8:3a:47:69:9a:c1:f8:9f:06:b7:7c:2f:55:64:
         a8:81:02:86:92:af:64:71:f6:64:4b:a2:08:33:14:1d:6e:53:
         f6:90:ca:38:b1:16:81:3a:18:58:7a:67:f2:79:20:01:50:11:
         81:f3:12:82:6e:1e:02:30:23:44:1f:8a:fa:ca:2a:6a:bb:f2:
         4a:39:80:a8:a3:6c:3c:08:19:dd:1a:ce:c9:d4:ec:8f:2b:be:
         a2:64:74:6f:11:29:d6:38:57:47:44:33:94:c9:9a:26:f0:61:
         c5:ed:e0:ef:22:9d:47:9b:72:6a:5f:1d:97:45:d2:21:7d:0a:
         f4:3f:cf:a1:c2:d9:fe:39:06:08:44:63:81:b1:6a:01:2c:30:
         31:ee:4e:14:31:5b:52:a9:0b:a0:a6:58:b0:7c:0a:e9:36:1c:
         16:b4:2b:69
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQks7HUq85Dp5/quPHzJSwiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjU2ODQ4Y2RiMWRkMTIyNWYzZDU4YTQ3ZTg2MDcyM2JiOWIxNGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKE8+FV5PsSeXRYq7w2E7OBvzVKs
IO170KWeYWgc7YyULXY0Wqm62a7cmAfpeBIl8+ae2cRSJyYNhyoAxZCbgMNH9j48
7f60M52NLllaw06QWtsceFp7bDB1Q/PhT+6SIirQw6Lzn09nW59ALNiI+Ik3Ehn7
TUuGWkjfa8b3C0i1BkGVIl1T0jvVzJ0+hNU21HK6aj7OLIjInwIJuapQF6fRvcBD
7hfqMCrzBwwUz9aUX5JV9uQcFqJ5jIt2Shmu28hnnB5/qfGvcLoazmI3GEsPG/6q
ARaQJCNttKKc7kC9PMexV/iL8WLKezTehKGVE6rq5QEee+xLdiaazWOO/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD9WhIzbHdEiXz1YpH6GByO7mxTCMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvUDFhRWpOc2QwU0pmUFZpa2ZvWUhJN3ViRk1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALUVnQD
BAfUVgAwDQYJKoZIhvcNAQELBQADggEBAJhLbFetgbAjEGgvOmRU1cEsc4ysYtfE
c0rgcwsRYMYXosZSEO7sE2efa48dDUth8f1sRkY+cZhL3nMPnG2+WPi1acWiBgUA
l3+Zoh0FHL3PNZK9WnpGaN5EGfEoTAX4OkdpmsH4nwa3fC9VZKiBAoaSr2Rx9mRL
oggzFB1uU/aQyjixFoE6GFh6Z/J5IAFQEYHzEoJuHgIwI0QfivrKKmq78ko5gKij
bDwIGd0azsnU7I8rvqJkdG8RKdY4V0dEM5TJmibwYcXt4O8inUebcmpfHZdF0iF9
CvQ/z6HC2f45BghEY4GxagEsMDHuThQxW1KpC6CmWLB8Cuk2HBa0K2k=
-----END CERTIFICATE-----