Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/7AXFe4yxIHvF0jtzsP_F-wLpTyo.roa
File:                     7AXFe4yxIHvF0jtzsP_F-wLpTyo.roa (raw, json)
Hash identifier:          fz447Zdcr7iuvJ9YqYhhlssvYnd7PF5Z4bBFuoyFksI=
Subject key identifier:   EC:05:C5:7B:8C:B1:20:7B:C5:D2:3B:73:B0:FF:C5:FB:02:E9:4F:2A
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01942747A6979DFEB44607F5974ADBA747CC
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/7AXFe4yxIHvF0jtzsP_F-wLpTyo.roa
Signing time:             Thu 02 Jan 2025 13:49:54 +0000
ROA not before:           Thu 02 Jan 2025 13:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12886
IP address blocks:        213.209.128.0/24 maxlen: 24
                          213.209.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a6:97:9d:fe:b4:46:07:f5:97:4a:db:a7:47:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 13:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec05c57b8cb1207bc5d23b73b0ffc5fb02e94f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4b:e7:fb:bc:fa:fc:10:67:1d:9e:83:68:62:
                    20:8c:f8:fc:4c:49:94:3c:40:fd:92:89:07:09:0f:
                    37:d2:1e:f8:1d:d3:fb:62:6b:23:ea:04:d2:70:d9:
                    e0:9d:44:30:bd:bf:6d:86:ae:5f:2b:91:b5:75:84:
                    cb:2b:aa:f8:ad:1b:27:5f:39:9d:8a:bb:41:3a:52:
                    2f:67:9e:a1:53:60:d6:4c:22:38:38:19:05:34:7c:
                    8f:a3:ad:53:73:3c:76:c0:72:cb:46:62:4d:ed:8d:
                    35:7c:82:5a:30:ed:90:9a:a4:52:ba:bd:ab:d4:65:
                    e6:77:cf:a5:18:dc:ae:bc:dd:34:4f:96:46:07:c5:
                    7d:16:2a:ba:a5:3a:4f:de:db:15:5e:d8:46:cc:3e:
                    57:4f:42:35:42:f2:73:a1:ee:b1:57:4a:6c:24:b8:
                    c5:d8:06:21:f7:2c:dd:c3:d9:54:9c:25:ca:16:3f:
                    c8:df:35:c8:83:ae:fd:f5:18:0c:32:e9:fe:31:c4:
                    aa:1f:e4:87:38:b5:a1:79:84:26:8a:44:a4:ae:5f:
                    ce:53:c1:a7:d1:a0:dc:8c:2d:13:80:6a:48:de:84:
                    c1:6a:b8:d1:0f:61:8f:06:62:c6:a0:3c:4e:15:e0:
                    bf:43:96:5f:f0:47:c8:f9:92:82:08:57:c7:af:7f:
                    b6:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:05:C5:7B:8C:B1:20:7B:C5:D2:3B:73:B0:FF:C5:FB:02:E9:4F:2A
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/7AXFe4yxIHvF0jtzsP_F-wLpTyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.128.0/24
                  213.209.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:40:60:08:b4:8f:17:33:3b:fd:76:19:d9:ea:81:6f:e7:0d:
         4f:ff:f9:5c:b5:28:3b:75:de:89:58:49:d4:cc:d9:c4:31:cf:
         4d:a7:ba:69:a2:47:32:0b:43:0f:0c:d6:27:eb:81:c5:f7:63:
         01:98:7d:06:75:0b:cb:1e:a5:fb:7c:7e:08:f9:ab:af:fb:6a:
         82:13:65:48:12:33:4c:39:eb:17:27:74:34:1e:3e:2b:92:d9:
         f6:96:91:a2:28:24:59:9b:88:b6:e3:fd:6c:25:0b:92:e6:b2:
         3c:80:16:67:1e:d9:62:ed:68:9d:2e:bd:c0:1b:e2:8a:eb:b9:
         5f:87:57:71:a1:30:05:97:61:dc:fd:d7:5e:b9:51:60:89:db:
         6a:43:b5:02:26:35:10:b7:8f:36:76:8b:85:92:f5:f9:54:2c:
         05:a4:20:8f:67:47:d1:56:d5:b7:1c:ea:30:49:ac:0f:49:0a:
         df:61:f6:e6:72:65:16:19:c6:63:52:64:c7:9e:3f:d9:80:b6:
         51:ac:42:b8:08:be:d0:5b:6f:ff:0e:ac:63:8c:33:08:49:37:
         57:b2:f1:64:3b:8b:73:5a:92:f4:ad:29:eb:07:92:51:f0:41:
         c1:39:c6:b9:03:5c:8d:14:56:a5:d4:f4:c8:fb:75:b2:14:6b:
         c8:5c:e5:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR6aXnf60Rgf1l0rbp0fMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUwMTAyMTM0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzA1YzU3YjhjYjEyMDdiYzVkMjNiNzNiMGZmYzVmYjAyZTk0ZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEvn+7z6/BBnHZ6DaGIgjPj8TEmU
PED9kokHCQ830h74HdP7Ymsj6gTScNngnUQwvb9thq5fK5G1dYTLK6r4rRsnXzmd
irtBOlIvZ56hU2DWTCI4OBkFNHyPo61Tczx2wHLLRmJN7Y01fIJaMO2QmqRSur2r
1GXmd8+lGNyuvN00T5ZGB8V9Fiq6pTpP3tsVXthGzD5XT0I1QvJzoe6xV0psJLjF
2AYh9yzdw9lUnCXKFj/I3zXIg6799RgMMun+McSqH+SHOLWheYQmikSkrl/OU8Gn
0aDcjC0TgGpI3oTBarjRD2GPBmLGoDxOFeC/Q5Zf8EfI+ZKCCFfHr3+2twIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOwFxXuMsSB7xdI7c7D/xfsC6U8qMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvN0FYRmU0eXhJSHZGMGp0enNQX0Ytd0xwVHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1dGAAwQA
1dGOMA0GCSqGSIb3DQEBCwUAA4IBAQBWQGAItI8XMzv9dhnZ6oFv5w1P//lctSg7
dd6JWEnUzNnEMc9Np7ppokcyC0MPDNYn64HF92MBmH0GdQvLHqX7fH4I+auv+2qC
E2VIEjNMOesXJ3Q0Hj4rktn2lpGiKCRZm4i24/1sJQuS5rI8gBZnHtli7WidLr3A
G+KK67lfh1dxoTAFl2Hc/ddeuVFgidtqQ7UCJjUQt482douFkvX5VCwFpCCPZ0fR
VtW3HOowSawPSQrfYfbmcmUWGcZjUmTHnj/ZgLZRrEK4CL7QW2//DqxjjDMISTdX
svFkO4tzWpL0rSnrB5JR8EHBOca5A1yNFFal1PTI+3WyFGvIXOWl
-----END CERTIFICATE-----