Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/U1oTjq-0GQ4DzEkNnVQ2nb1gonY.roa
File:                     U1oTjq-0GQ4DzEkNnVQ2nb1gonY.roa (raw, json)
Hash identifier:          Yfy6PvEl0WkVGyxI7OgQMvD3LnFL+JPaW1hLYYGsBRg=
Subject key identifier:   53:5A:13:8E:AF:B4:19:0E:03:CC:49:0D:9D:54:36:9D:BD:60:A2:76
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0194228D9F8FE99742FEB829533A96AEE864
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/U1oTjq-0GQ4DzEkNnVQ2nb1gonY.roa
Signing time:             Wed 01 Jan 2025 15:48:14 +0000
ROA not before:           Wed 01 Jan 2025 15:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212097
IP address blocks:        212.115.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:9f:8f:e9:97:42:fe:b8:29:53:3a:96:ae:e8:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  1 15:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=535a138eafb4190e03cc490d9d54369dbd60a276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bc:4d:39:22:2e:1c:2f:3d:9c:d7:87:5c:e6:
                    a7:e3:8c:28:42:b3:fa:55:67:51:da:b5:5e:e9:0f:
                    1b:cd:dc:d3:6c:51:91:10:1d:2e:5d:43:96:a3:9d:
                    51:2c:19:e4:7f:7b:dc:71:95:85:e1:3e:0b:09:a8:
                    30:be:bc:de:31:61:f8:5d:c8:56:df:c6:38:d6:e3:
                    9f:92:bb:30:52:12:19:05:55:6a:2e:2c:c8:66:92:
                    9a:d1:e2:7e:2f:7e:41:cc:f7:a8:cc:b5:00:ea:51:
                    ec:f3:58:b9:0e:ce:e0:e9:2e:22:b8:ff:79:06:45:
                    7d:5c:91:2b:ee:35:f9:ca:73:47:ad:e3:f3:10:22:
                    50:5e:ba:f1:bb:1b:39:9d:38:20:fd:80:92:98:c4:
                    85:ae:80:8e:42:87:35:6d:ff:63:5f:e8:83:c1:08:
                    c2:41:7c:b1:1d:5e:6d:fc:b3:be:9c:83:13:7f:fc:
                    bf:60:0a:cd:b1:08:1d:0a:a8:01:b0:3f:eb:01:7c:
                    a2:b1:d1:6b:7a:04:27:46:78:e6:d2:42:0f:d2:b6:
                    73:02:ec:a9:fa:c4:8b:d8:b5:bf:fb:9e:a8:e6:d1:
                    01:7a:22:85:71:28:da:43:d2:d3:90:74:47:9b:47:
                    8e:91:e3:05:34:28:e8:f5:16:55:e2:3e:7e:c1:54:
                    b9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:5A:13:8E:AF:B4:19:0E:03:CC:49:0D:9D:54:36:9D:BD:60:A2:76
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/U1oTjq-0GQ4DzEkNnVQ2nb1gonY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.115.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:07:e8:11:5f:c2:b2:15:60:cf:9d:0f:bc:d5:7a:fe:65:b9:
         b8:ca:90:85:a0:a8:f5:f6:80:db:90:2a:1d:7b:53:4f:96:3f:
         2e:19:5b:5c:fb:ed:55:f8:f0:c7:63:36:bd:a9:36:26:f6:e1:
         70:3d:d0:39:de:d2:6e:2a:07:94:72:4d:f5:3d:7e:fe:f1:50:
         4d:51:0a:c5:df:42:50:59:1c:52:d8:a7:b5:9b:6d:43:45:7f:
         b9:d7:ed:8a:66:03:7c:12:b7:1a:da:73:3c:23:9d:55:fb:e1:
         80:59:6f:f0:14:d8:cd:2c:89:dc:49:2f:a0:76:6c:e5:74:ba:
         1d:d7:ca:85:fd:87:15:09:7c:54:95:71:d7:0b:54:be:5b:9a:
         0a:15:c4:40:b1:7a:fa:b4:f4:0d:f8:53:ff:ba:06:71:0b:4b:
         6e:de:84:86:6a:3d:a4:d2:28:b7:15:6f:05:87:c8:f8:34:dd:
         77:76:cc:aa:49:8c:7f:fc:8e:38:93:d4:cb:8e:c0:0e:b5:b0:
         1c:a6:38:82:1b:92:d9:86:1e:27:d9:88:18:c2:f6:f6:98:4c:
         e8:bd:c1:56:b1:e1:90:91:8e:9d:36:17:bd:e7:63:b8:57:80:
         db:0b:df:52:9c:d7:33:49:2f:d7:6f:4b:2a:26:95:66:8e:c6:
         f4:a8:d7:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZ+P6ZdC/rgpUzqWruhkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTAxMTU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzVhMTM4ZWFmYjQxOTBlMDNjYzQ5MGQ5ZDU0MzY5ZGJkNjBhMjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbxNOSIuHC89nNeHXOan44woQrP6
VWdR2rVe6Q8bzdzTbFGREB0uXUOWo51RLBnkf3vccZWF4T4LCagwvrzeMWH4XchW
38Y41uOfkrswUhIZBVVqLizIZpKa0eJ+L35BzPeozLUA6lHs81i5Ds7g6S4iuP95
BkV9XJEr7jX5ynNHrePzECJQXrrxuxs5nTgg/YCSmMSFroCOQoc1bf9jX+iDwQjC
QXyxHV5t/LO+nIMTf/y/YArNsQgdCqgBsD/rAXyisdFregQnRnjm0kIP0rZzAuyp
+sSL2LW/+56o5tEBeiKFcSjaQ9LTkHRHm0eOkeMFNCjo9RZV4j5+wVS5ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNaE46vtBkOA8xJDZ1UNp29YKJ2MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvVTFvVGpxLTBHUTREekVrTm5WUTJuYjFnb25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HOCMA0G
CSqGSIb3DQEBCwUAA4IBAQClB+gRX8KyFWDPnQ+81Xr+Zbm4ypCFoKj19oDbkCod
e1NPlj8uGVtc++1V+PDHYza9qTYm9uFwPdA53tJuKgeUck31PX7+8VBNUQrF30JQ
WRxS2Ke1m21DRX+51+2KZgN8Erca2nM8I51V++GAWW/wFNjNLIncSS+gdmzldLod
18qF/YcVCXxUlXHXC1S+W5oKFcRAsXr6tPQN+FP/ugZxC0tu3oSGaj2k0ii3FW8F
h8j4NN13dsyqSYx//I44k9TLjsAOtbAcpjiCG5LZhh4n2YgYwvb2mEzovcFWseGQ
kY6dNhe952O4V4DbC99SnNczSS/Xb0sqJpVmjsb0qNfe
-----END CERTIFICATE-----