Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/1-U546Wnv3X2dlqBwiPgmgD5rG0Q.roa
File:                     1-U546Wnv3X2dlqBwiPgmgD5rG0Q.roa (raw, json)
Hash identifier:          UYLMoDLmtnbaqveYEw4e1FYtKG5Xz2eS50cYOB7habA=
Subject key identifier:   F9:4E:78:E9:69:EF:DD:7D:9D:96:A0:70:88:F8:26:80:3E:6B:1B:44
Certificate issuer:       /CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
Certificate serial:       019420D64DECC90D607B66B23DF582B89EA7
Authority key identifier: E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/1-U546Wnv3X2dlqBwiPgmgD5rG0Q.roa
Signing time:             Wed 01 Jan 2025 07:48:22 +0000
ROA not before:           Wed 01 Jan 2025 07:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51424
IP address blocks:        212.4.132.0/24 maxlen: 24
                          212.96.184.0/24 maxlen: 24
                          213.211.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:4d:ec:c9:0d:60:7b:66:b2:3d:f5:82:b8:9e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
        Validity
            Not Before: Jan  1 07:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f94e78e969efdd7d9d96a07088f826803e6b1b44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1c:32:a1:19:45:77:48:d2:35:87:c5:11:c2:
                    86:1a:bb:bb:24:4d:84:e7:a1:fe:01:a1:98:85:fe:
                    9b:9b:d8:d2:db:b6:7c:19:da:5a:0c:02:c3:20:a3:
                    36:48:6a:8f:b5:13:4e:57:30:2c:f0:0e:f0:e0:61:
                    2a:da:d4:a3:10:63:18:45:52:0b:9c:48:ea:5e:c1:
                    58:bf:f2:4c:5b:3c:ae:89:8b:1a:86:d8:c5:59:10:
                    1a:5d:f1:9e:c8:f6:33:c3:4a:08:dc:57:46:84:2f:
                    45:36:aa:fb:d2:dc:4a:45:25:43:ab:d0:85:c6:37:
                    3b:71:ce:80:74:17:dc:23:05:94:3d:13:0b:a5:a5:
                    04:8f:bf:1a:88:0b:5c:c0:54:02:3f:dc:b6:ae:e6:
                    c6:48:19:8c:23:c2:37:d9:0c:f9:01:8b:17:fd:1e:
                    18:2b:28:48:4f:1b:91:9a:64:98:6d:32:0b:78:96:
                    c8:14:e8:0d:ca:1a:89:58:1c:fe:89:8d:b6:cf:98:
                    cc:6e:db:f0:bf:a9:89:3e:a3:2a:eb:ab:18:77:e3:
                    77:23:a7:e1:69:b7:fa:2b:9a:b7:6f:e7:66:3a:59:
                    5c:9c:ee:2c:da:ec:64:73:93:c0:d8:2d:41:cc:82:
                    89:5f:b2:bf:40:c7:f9:ec:78:45:f6:2b:2a:12:19:
                    b8:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:4E:78:E9:69:EF:DD:7D:9D:96:A0:70:88:F8:26:80:3E:6B:1B:44
            X509v3 Authority Key Identifier:
                keyid:E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/1-U546Wnv3X2dlqBwiPgmgD5rG0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.4.132.0/24
                  212.96.184.0/24
                  213.211.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:bd:5c:51:bb:a2:c1:89:ca:ba:8c:e0:68:d7:e8:35:34:9b:
         53:53:b3:02:70:f8:fd:39:11:fc:89:28:5a:23:e7:10:10:1e:
         ea:e6:0a:fa:81:e2:08:1d:e6:21:ba:f1:c8:7d:1b:0e:7f:99:
         f2:f6:04:99:cb:7c:52:4a:7b:ac:40:de:26:77:f5:94:cb:83:
         0c:0d:35:26:dc:4e:8a:94:91:96:27:7e:3f:1c:8d:2f:45:6c:
         d3:2c:d0:88:c7:07:06:ce:62:5d:2a:94:ad:41:3b:f9:56:0c:
         a1:8c:73:86:1e:5f:dd:f3:3d:77:1d:53:a9:39:95:67:2c:c5:
         88:71:a4:ca:fb:f4:e2:09:f5:65:e5:bd:f7:9f:98:6f:0f:bb:
         26:d9:ad:c4:17:14:66:cd:ef:11:04:bb:4f:eb:95:ba:7c:ca:
         e9:8f:b1:9a:5a:a2:dc:ce:19:ab:4e:23:e6:80:ad:99:fd:a0:
         83:d3:a8:42:72:81:e8:1a:e4:81:af:3d:f1:c7:5a:a8:74:72:
         50:e4:f3:e3:25:f0:7d:a7:72:dd:f6:c1:25:0b:c1:68:98:12:
         25:4d:15:e1:9c:9e:bd:89:79:13:85:09:30:9b:a4:f8:68:ea:
         6b:79:80:3a:d2:17:61:80:2b:ca:1b:bc:98:90:73:2a:bd:d5:
         a7:3c:12:72
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZQg1k3syQ1ge2ayPfWCuJ6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZDZjNmU4YmNlZDQwYmQwMzJkMTc3MThjMWIxZTM5YWU4
NDFhZTgwHhcNMjUwMTAxMDc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTRlNzhlOTY5ZWZkZDdkOWQ5NmEwNzA4OGY4MjY4MDNlNmIxYjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxwyoRlFd0jSNYfFEcKGGru7JE2E
56H+AaGYhf6bm9jS27Z8GdpaDALDIKM2SGqPtRNOVzAs8A7w4GEq2tSjEGMYRVIL
nEjqXsFYv/JMWzyuiYsahtjFWRAaXfGeyPYzw0oI3FdGhC9FNqr70txKRSVDq9CF
xjc7cc6AdBfcIwWUPRMLpaUEj78aiAtcwFQCP9y2rubGSBmMI8I32Qz5AYsX/R4Y
KyhITxuRmmSYbTILeJbIFOgNyhqJWBz+iY22z5jMbtvwv6mJPqMq66sYd+N3I6fh
abf6K5q3b+dmOllcnO4s2uxkc5PA2C1BzIKJX7K/QMf57HhF9isqEhm4SQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPlOeOlp7919nZagcIj4JoA+axtEMB8GA1UdIwQY
MBaAFOXWxui87UC9Ay0XcYwbHjmuhBroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQt
YmQyNDliNjI1Nzk3LzEvMS1VNTQ2V252M1gyZGxxQndpUGdtZ0Q1ckcwUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzAvMDg5NGY3LWUyNGQtNDcyOC04Y2FkLWJkMjQ5YjYyNTc5
Ny8xLzVkYkc2THp0UUwwRExSZHhqQnNlT2E2RUd1Zy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEANQEhAME
ANRguAMEANXTJDANBgkqhkiG9w0BAQsFAAOCAQEAJ71cUbuiwYnKuozgaNfoNTSb
U1OzAnD4/TkR/IkoWiPnEBAe6uYK+oHiCB3mIbrxyH0bDn+Z8vYEmct8Ukp7rEDe
Jnf1lMuDDA01JtxOipSRlid+PxyNL0Vs0yzQiMcHBs5iXSqUrUE7+VYMoYxzhh5f
3fM9dx1TqTmVZyzFiHGkyvv04gn1ZeW995+Ybw+7JtmtxBcUZs3vEQS7T+uVunzK
6Y+xmlqi3M4Zq04j5oCtmf2gg9OoQnKB6Brkga898cdaqHRyUOTz4yXwfady3fbB
JQvBaJgSJU0V4ZyevYl5E4UJMJuk+Gjqa3mAOtIXYYAryhu8mJBzKr3VpzwScg==
-----END CERTIFICATE-----