Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/A8kvmU8mAkaJxiKEyTXgwsEm7XM.roa
File:                     A8kvmU8mAkaJxiKEyTXgwsEm7XM.roa (raw, json)
Hash identifier:          D8+3fx4gYQaNHQapnvOFft5PFT5iwq9PguobVpgPBm8=
Subject key identifier:   03:C9:2F:99:4F:26:02:46:89:C6:22:84:C9:35:E0:C2:C1:26:ED:73
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       0194282671DB5C7FFEF4CBE036D643D11078
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/A8kvmU8mAkaJxiKEyTXgwsEm7XM.roa
Signing time:             Thu 02 Jan 2025 17:53:15 +0000
ROA not before:           Thu 02 Jan 2025 17:53:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59538
IP address blocks:        212.42.208.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:71:db:5c:7f:fe:f4:cb:e0:36:d6:43:d1:10:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03c92f994f26024689c62284c935e0c2c126ed73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:05:0a:62:89:f6:6c:1a:63:dd:8e:69:87:cc:
                    57:33:4c:be:34:17:a9:4f:b4:cb:b8:eb:84:de:60:
                    94:53:b7:4d:40:58:25:57:f6:7e:6e:86:cf:ae:d2:
                    6d:29:04:b8:b3:02:0c:a3:11:45:b4:dc:1b:e0:69:
                    4a:4e:68:e3:4f:5f:ca:eb:f5:50:4e:84:ef:ec:39:
                    45:a7:78:29:6c:3a:98:a3:b1:9e:56:61:8c:51:fc:
                    0b:6f:66:30:e9:6a:21:14:b0:f5:bb:b5:21:6d:51:
                    a9:46:4d:32:85:76:22:9a:bb:f1:18:6d:08:d2:7e:
                    9b:f0:f9:c6:e0:f7:9c:8d:b9:a9:8f:91:cf:7e:8c:
                    ad:c8:95:f9:c4:e5:65:f5:10:4f:02:7d:28:65:03:
                    7f:41:f8:8d:c9:8e:c7:9b:b7:4a:ba:97:9a:9e:2f:
                    c6:f1:d3:c5:58:a8:28:9b:9c:3b:0a:9e:a7:47:34:
                    15:e0:49:57:62:4a:bc:61:54:23:4a:31:18:19:b2:
                    e2:0e:a9:33:b5:5e:dc:ab:79:9f:dd:39:1d:7b:b7:
                    a4:fe:0e:de:a6:aa:8c:9f:62:39:b1:fd:28:45:a9:
                    f7:da:de:04:54:b9:67:9c:14:7e:df:3d:db:b2:6e:
                    78:73:9c:94:c9:11:e9:24:0a:e0:19:f2:05:cc:92:
                    03:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:C9:2F:99:4F:26:02:46:89:C6:22:84:C9:35:E0:C2:C1:26:ED:73
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/A8kvmU8mAkaJxiKEyTXgwsEm7XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.42.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b8:5e:ce:17:85:5a:d3:41:90:ef:a8:6c:bc:30:d5:43:e1:ee:
         b3:c8:ad:a0:ef:12:34:3e:00:94:d7:bc:0a:cd:b0:b2:a6:a9:
         ec:73:a3:ba:13:61:70:a5:a4:81:c9:6d:06:f1:da:1b:79:2d:
         b2:55:6d:c1:32:74:31:7b:ca:13:65:b6:34:37:be:76:bc:f3:
         48:95:de:c1:b8:9e:3b:47:82:8c:ae:7f:39:53:02:ac:40:da:
         5b:ca:dd:7a:2e:81:21:8b:59:8f:8e:5d:25:95:4b:3b:a5:10:
         fb:ac:c8:9c:13:f5:19:6c:49:ea:60:29:e1:bd:f5:e1:f4:b6:
         27:05:4a:2b:5c:6d:85:0d:ef:81:4b:ef:d6:8f:0f:59:47:87:
         52:e4:6a:41:b5:4c:64:09:d9:3d:31:b6:58:ec:03:bb:08:b4:
         d1:00:6e:54:8f:ce:86:34:62:8f:54:ad:1d:e3:3c:d5:36:c0:
         18:c9:9c:9b:10:17:d1:14:84:11:05:7f:36:9e:00:6b:89:ea:
         4f:8d:d8:c6:d5:52:8a:81:f6:23:22:f0:eb:12:dd:ce:1a:74:
         ca:1c:39:a1:27:e3:44:5a:a4:1c:0a:bf:ae:a5:3e:c3:f2:55:
         06:4a:bf:f5:3d:f3:d7:7f:c8:43:3f:8c:bc:10:34:26:15:97:
         0b:f0:94:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJnHbXH/+9MvgNtZD0RB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2M5MmY5OTRmMjYwMjQ2ODljNjIyODRjOTM1ZTBjMmMxMjZlZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygUKYon2bBpj3Y5ph8xXM0y+NBep
T7TLuOuE3mCUU7dNQFglV/Z+bobPrtJtKQS4swIMoxFFtNwb4GlKTmjjT1/K6/VQ
ToTv7DlFp3gpbDqYo7GeVmGMUfwLb2Yw6WohFLD1u7UhbVGpRk0yhXYimrvxGG0I
0n6b8PnG4Pecjbmpj5HPfoytyJX5xOVl9RBPAn0oZQN/QfiNyY7Hm7dKupeani/G
8dPFWKgom5w7Cp6nRzQV4ElXYkq8YVQjSjEYGbLiDqkztV7cq3mf3Tkde7ek/g7e
pqqMn2I5sf0oRan32t4EVLlnnBR+3z3bsm54c5yUyRHpJArgGfIFzJIDuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPJL5lPJgJGicYihMk14MLBJu1zMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvQThrdm1VOG1Ba2FKeGlLRXlUWGd3c0VtN1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1CrQMA0G
CSqGSIb3DQEBCwUAA4IBAQC4Xs4XhVrTQZDvqGy8MNVD4e6zyK2g7xI0PgCU17wK
zbCypqnsc6O6E2FwpaSByW0G8dobeS2yVW3BMnQxe8oTZbY0N752vPNIld7BuJ47
R4KMrn85UwKsQNpbyt16LoEhi1mPjl0llUs7pRD7rMicE/UZbEnqYCnhvfXh9LYn
BUorXG2FDe+BS+/Wjw9ZR4dS5GpBtUxkCdk9MbZY7AO7CLTRAG5Uj86GNGKPVK0d
4zzVNsAYyZybEBfRFIQRBX82ngBriepPjdjG1VKKgfYjIvDrEt3OGnTKHDmhJ+NE
WqQcCr+upT7D8lUGSr/1PfPXf8hDP4y8EDQmFZcL8JQc
-----END CERTIFICATE-----