Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/knIR7TiOanL5_UuiRkjg6PExYPA.roa
File:                     knIR7TiOanL5_UuiRkjg6PExYPA.roa (raw, json)
Hash identifier:          ERYy0uVVdjAIjaG9rMyUI8jUIPoDAHs5rghe95okyd0=
Subject key identifier:   92:72:11:ED:38:8E:6A:72:F9:FD:4B:A2:46:48:E0:E8:F1:31:60:F0
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019423D70B07226D7DAEC19584E3991435FC
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/knIR7TiOanL5_UuiRkjg6PExYPA.roa
Signing time:             Wed 01 Jan 2025 21:48:03 +0000
ROA not before:           Wed 01 Jan 2025 21:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200456
IP address blocks:        213.238.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:0b:07:22:6d:7d:ae:c1:95:84:e3:99:14:35:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 21:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=927211ed388e6a72f9fd4ba24648e0e8f13160f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:95:00:d5:77:4d:19:a0:bc:5d:9a:3f:1f:57:
                    f6:0b:e3:be:ef:d6:d7:cf:bf:8e:3d:28:ca:46:70:
                    29:ff:a5:00:8b:68:f3:54:db:41:e2:15:dc:56:ca:
                    ed:68:dd:f4:c8:31:d0:10:7b:9d:f4:62:5b:3b:58:
                    cc:8d:2c:e6:01:d2:04:7f:ef:20:e4:e5:d3:58:c5:
                    01:a5:da:c4:a0:9b:10:f5:90:0c:fe:70:49:a7:99:
                    8a:2b:91:b2:a1:6f:21:4b:ae:05:c5:c0:c3:ae:60:
                    1a:89:28:23:88:c9:93:7e:26:ed:18:98:5d:7e:1c:
                    a6:f9:37:9d:5c:be:08:33:98:ec:00:cc:8d:41:1d:
                    c0:c7:5a:ff:8c:68:04:57:3f:64:ac:ab:eb:99:a0:
                    8c:fc:c1:f6:8a:49:95:f8:5e:1b:d0:bb:b3:44:e7:
                    f6:f4:a3:67:ba:55:be:82:86:a7:19:3e:d4:23:ab:
                    84:c7:91:e1:22:b2:ff:2f:9f:8b:3c:b2:d8:cf:97:
                    e8:6b:61:3d:be:a8:6e:e2:a4:7f:e5:11:04:d4:9c:
                    50:92:8e:a9:78:a3:1a:19:98:11:6d:3a:c1:d3:61:
                    42:4f:1b:02:d3:8d:47:75:23:86:ad:25:3c:e2:62:
                    46:24:7b:ee:4f:a2:82:c0:31:ca:a1:c4:68:0a:39:
                    cd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:72:11:ED:38:8E:6A:72:F9:FD:4B:A2:46:48:E0:E8:F1:31:60:F0
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/knIR7TiOanL5_UuiRkjg6PExYPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:86:38:50:7d:8b:a5:ea:71:da:0d:b9:2f:3a:6f:c8:39:fa:
         24:d2:a0:13:3c:32:b7:ea:ee:26:4f:79:eb:19:cd:fd:ef:53:
         dc:9e:2b:ff:2e:81:7d:c4:9f:fd:0a:e2:b0:9c:a5:27:4d:6b:
         99:95:60:b5:34:47:95:33:b1:e1:1b:53:0e:4a:70:71:dd:87:
         5a:4e:91:d2:7d:d7:94:87:e8:7d:b1:bf:77:51:ce:0f:f3:6d:
         84:23:c4:8d:34:cd:75:ed:9d:ce:b6:5a:af:29:81:cc:da:2f:
         e3:a7:1d:3f:0f:07:d2:79:19:20:bd:f9:35:c4:20:db:df:23:
         0e:15:b6:23:d2:39:07:2b:ef:14:8c:89:8f:34:cd:81:d1:8e:
         69:e1:a1:44:6b:04:22:4d:56:96:8d:d6:32:38:03:39:30:8e:
         ad:c6:92:fe:55:83:77:5b:dd:d2:64:1b:24:ce:3c:fa:26:90:
         23:d8:c1:83:11:c5:15:3f:1b:98:db:89:ab:c8:20:a3:71:82:
         04:4e:db:09:23:c8:90:df:e8:5c:c4:01:5c:e6:07:92:74:d2:
         3e:80:a7:09:f6:e6:65:e6:cb:70:a7:4a:9c:0e:1b:29:c7:aa:
         1a:ce:c9:12:09:03:24:97:d1:bc:24:e0:0a:fe:eb:2b:03:59:
         da:02:22:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1wsHIm19rsGVhOOZFDX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjUwMTAxMjE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjcyMTFlZDM4OGU2YTcyZjlmZDRiYTI0NjQ4ZTBlOGYxMzE2MGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05UA1XdNGaC8XZo/H1f2C+O+79bX
z7+OPSjKRnAp/6UAi2jzVNtB4hXcVsrtaN30yDHQEHud9GJbO1jMjSzmAdIEf+8g
5OXTWMUBpdrEoJsQ9ZAM/nBJp5mKK5GyoW8hS64FxcDDrmAaiSgjiMmTfibtGJhd
fhym+TedXL4IM5jsAMyNQR3Ax1r/jGgEVz9krKvrmaCM/MH2ikmV+F4b0LuzROf2
9KNnulW+goanGT7UI6uEx5HhIrL/L5+LPLLYz5foa2E9vqhu4qR/5REE1JxQko6p
eKMaGZgRbTrB02FCTxsC041HdSOGrSU84mJGJHvuT6KCwDHKocRoCjnNCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJyEe04jmpy+f1LokZI4OjxMWDwMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEva25JUjdUaU9hbkw1X1V1aVJramc2UEV4WVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6rMA0G
CSqGSIb3DQEBCwUAA4IBAQCWhjhQfYul6nHaDbkvOm/IOfok0qATPDK36u4mT3nr
Gc3971Pcniv/LoF9xJ/9CuKwnKUnTWuZlWC1NEeVM7HhG1MOSnBx3YdaTpHSfdeU
h+h9sb93Uc4P822EI8SNNM117Z3OtlqvKYHM2i/jpx0/DwfSeRkgvfk1xCDb3yMO
FbYj0jkHK+8UjImPNM2B0Y5p4aFEawQiTVaWjdYyOAM5MI6txpL+VYN3W93SZBsk
zjz6JpAj2MGDEcUVPxuY24mryCCjcYIETtsJI8iQ3+hcxAFc5geSdNI+gKcJ9uZl
5stwp0qcDhspx6oazskSCQMkl9G8JOAK/usrA1naAiL4
-----END CERTIFICATE-----