Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/sOABMeqqwZ1G0D1ULMJHO8KxxxQ.roa
File:                     sOABMeqqwZ1G0D1ULMJHO8KxxxQ.roa (raw, json)
Hash identifier:          aqn/2HV1SWgZFD22dyBslfrAfJPMn4unQ/xtd1gPhfA=
Subject key identifier:   B0:E0:01:31:EA:AA:C1:9D:46:D0:3D:54:2C:C2:47:3B:C2:B1:C7:14
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       0194282335F6B3CE35E1370F3CF4A5922D06
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/sOABMeqqwZ1G0D1ULMJHO8KxxxQ.roa
Signing time:             Thu 02 Jan 2025 17:49:43 +0000
ROA not before:           Thu 02 Jan 2025 17:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216127
IP address blocks:        212.113.107.0/24 maxlen: 24
                          212.113.109.0/24 maxlen: 24
                          212.113.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:35:f6:b3:ce:35:e1:37:0f:3c:f4:a5:92:2d:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  2 17:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0e00131eaaac19d46d03d542cc2473bc2b1c714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7b:d6:18:f1:5e:77:eb:98:62:d1:78:5e:bc:
                    e0:4d:bc:0a:dd:36:20:89:0d:dc:41:bd:d1:9c:9c:
                    7b:21:f1:82:2b:69:e4:02:41:8e:0b:d6:f8:b2:2f:
                    66:09:9f:18:bf:d9:5e:e7:11:de:c9:79:20:15:60:
                    eb:e1:8a:e4:ec:e8:82:95:45:ac:48:8e:84:ef:de:
                    6a:d5:dd:82:01:e9:e1:03:96:4f:ee:33:52:92:81:
                    ff:dc:39:fb:cb:2f:86:74:84:f9:02:c1:78:09:39:
                    e9:e3:fc:55:27:10:e4:50:63:63:d8:54:d6:de:13:
                    82:bc:e4:28:d5:22:c6:c6:79:fb:fa:b7:bd:56:b5:
                    db:dd:eb:b3:9a:81:8b:b0:86:39:ff:91:0b:c6:95:
                    b3:43:39:31:19:17:ec:b3:38:3c:04:4e:8c:e7:00:
                    0e:33:e0:23:95:c9:3b:c7:65:8b:60:5a:f5:89:24:
                    d0:c1:87:f3:50:ab:dd:bb:c1:9c:10:a5:e1:ab:a5:
                    46:99:cf:a8:4b:16:02:51:05:db:d6:bb:cc:d6:e4:
                    5e:c6:b4:b7:af:6e:80:eb:59:f8:c3:2d:ee:04:9d:
                    3b:fb:7f:84:ce:81:91:1a:e4:d0:cc:ee:ef:f6:9b:
                    05:1a:5c:d8:cf:f4:4a:ff:6c:80:bc:86:51:e9:04:
                    36:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:E0:01:31:EA:AA:C1:9D:46:D0:3D:54:2C:C2:47:3B:C2:B1:C7:14
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/sOABMeqqwZ1G0D1ULMJHO8KxxxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.107.0/24
                  212.113.109.0/24
                  212.113.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:9f:40:49:94:79:b0:8a:0a:41:5f:0b:38:a9:d2:bd:e0:ed:
         f3:63:ba:f1:0f:39:14:2e:fb:63:a0:bd:f5:c8:f4:d6:85:82:
         95:f2:52:a2:75:7a:42:f8:fb:4d:f5:b8:96:39:92:c6:94:4b:
         f8:c1:85:ef:05:fe:14:04:d4:15:1e:b2:6d:12:ea:b7:d4:17:
         7c:10:23:7b:e5:e4:96:c5:60:70:86:66:a9:be:98:d9:43:14:
         c4:68:f6:45:26:1a:a8:65:1c:17:18:b1:70:7c:9f:a8:05:e1:
         da:bd:82:94:da:32:f5:4e:4b:7d:1a:83:22:20:57:8f:df:16:
         3e:8c:c2:b8:45:45:fc:97:e0:ff:90:95:cb:97:22:fb:2b:5d:
         85:85:9c:94:43:54:ba:0c:01:cc:b6:8e:fd:af:e2:c9:54:a2:
         57:16:f8:ce:c5:fc:bf:42:0c:00:21:87:07:95:ae:d3:ea:b1:
         77:51:78:42:32:9a:cc:8b:14:51:e4:29:18:8b:b4:2d:3d:1b:
         b0:9e:3f:be:e6:f2:3e:9f:53:e8:53:71:ba:0e:65:cb:44:16:
         9c:85:a8:61:f0:2a:63:fa:8f:ca:0b:64:44:85:97:89:e1:9e:
         d4:95:af:c7:13:56:9d:a6:ef:66:40:c7:a2:e4:a2:35:4d:12:
         54:d6:5c:04
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoIzX2s8414TcPPPSlki0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjUwMTAyMTc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGUwMDEzMWVhYWFjMTlkNDZkMDNkNTQyY2MyNDczYmMyYjFjNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3vWGPFed+uYYtF4XrzgTbwK3TYg
iQ3cQb3RnJx7IfGCK2nkAkGOC9b4si9mCZ8Yv9le5xHeyXkgFWDr4Yrk7OiClUWs
SI6E795q1d2CAenhA5ZP7jNSkoH/3Dn7yy+GdIT5AsF4CTnp4/xVJxDkUGNj2FTW
3hOCvOQo1SLGxnn7+re9VrXb3euzmoGLsIY5/5ELxpWzQzkxGRfsszg8BE6M5wAO
M+Ajlck7x2WLYFr1iSTQwYfzUKvdu8GcEKXhq6VGmc+oSxYCUQXb1rvM1uRexrS3
r26A61n4wy3uBJ07+3+EzoGRGuTQzO7v9psFGlzYz/RK/2yAvIZR6QQ2lQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLDgATHqqsGdRtA9VCzCRzvCsccUMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvc09BQk1lcXF3WjFHMEQxVUxNSkhPOEt4eHhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1HFrAwQA
1HFtAwQA1HFwMA0GCSqGSIb3DQEBCwUAA4IBAQB2n0BJlHmwigpBXws4qdK94O3z
Y7rxDzkULvtjoL31yPTWhYKV8lKidXpC+PtN9biWOZLGlEv4wYXvBf4UBNQVHrJt
Euq31Bd8ECN75eSWxWBwhmapvpjZQxTEaPZFJhqoZRwXGLFwfJ+oBeHavYKU2jL1
Tkt9GoMiIFeP3xY+jMK4RUX8l+D/kJXLlyL7K12FhZyUQ1S6DAHMto79r+LJVKJX
FvjOxfy/QgwAIYcHla7T6rF3UXhCMprMixRR5CkYi7QtPRuwnj++5vI+n1PoU3G6
DmXLRBachahh8Cpj+o/KC2REhZeJ4Z7Ula/HE1adpu9mQMei5KI1TRJU1lwE
-----END CERTIFICATE-----