Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/V04OCx0o1Bg0TgD8MO6kNsFMhog.roa
File:                     V04OCx0o1Bg0TgD8MO6kNsFMhog.roa (raw, json)
Hash identifier:          3a02UAIxWYHpz8tUKE7mHvONTRM/Wnqwu/RQszMGhpw=
Subject key identifier:   57:4E:0E:0B:1D:28:D4:18:34:4E:00:FC:30:EE:A4:36:C1:4C:86:88
Certificate issuer:       /CN=208de3ad18dd0ae14362d0e84dec043d379cc242
Certificate serial:       01942067DE4E0DF6CB7686436D227D56622A
Authority key identifier: 20:8D:E3:AD:18:DD:0A:E1:43:62:D0:E8:4D:EC:04:3D:37:9C:C2:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/II3jrRjdCuFDYtDoTewEPTecwkI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/V04OCx0o1Bg0TgD8MO6kNsFMhog.roa
Signing time:             Wed 01 Jan 2025 05:47:45 +0000
ROA not before:           Wed 01 Jan 2025 05:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        212.127.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/II3jrRjdCuFDYtDoTewEPTecwkI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/II3jrRjdCuFDYtDoTewEPTecwkI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/II3jrRjdCuFDYtDoTewEPTecwkI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:de:4e:0d:f6:cb:76:86:43:6d:22:7d:56:62:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=208de3ad18dd0ae14362d0e84dec043d379cc242
        Validity
            Not Before: Jan  1 05:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=574e0e0b1d28d418344e00fc30eea436c14c8688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:73:f3:35:aa:5d:ce:2e:13:f1:1f:fb:4f:8f:
                    b6:52:93:a9:cc:21:83:e7:34:4e:cd:6b:ff:61:df:
                    52:08:18:78:07:20:36:11:53:55:fa:7c:65:48:2d:
                    28:39:b0:36:7a:8b:4c:d1:75:e7:5b:60:68:49:ba:
                    2b:1b:56:bb:00:d5:7b:57:b2:24:a1:d5:4a:fd:f4:
                    70:b3:5d:a0:eb:c3:04:c0:de:8a:ec:e9:d0:dc:0b:
                    fd:ff:65:1c:b1:70:90:33:35:b9:04:e6:21:83:10:
                    8f:de:18:46:91:c7:2d:b9:e1:dd:6e:99:dc:c0:cf:
                    04:fe:07:3e:09:70:f5:70:76:29:68:fd:50:25:cb:
                    18:03:cd:0e:3f:ee:73:e2:ca:06:68:fc:c8:cc:9a:
                    06:1b:d0:be:e9:4e:72:ce:84:c2:ad:29:79:8f:e8:
                    6c:2f:4c:46:ee:5a:d1:71:4e:d8:88:93:23:d0:05:
                    11:19:bd:27:f8:ba:78:92:62:e7:17:09:c1:71:5a:
                    d1:81:a4:1d:a4:35:9d:67:39:84:64:38:fe:53:3d:
                    a5:f7:e2:ba:7c:67:4e:0e:72:4c:77:f8:87:2f:e9:
                    59:85:a7:5c:7a:8b:77:fa:94:cf:61:fe:64:2d:e9:
                    7a:fa:8d:db:27:55:6e:01:8d:17:67:eb:79:77:92:
                    3d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:4E:0E:0B:1D:28:D4:18:34:4E:00:FC:30:EE:A4:36:C1:4C:86:88
            X509v3 Authority Key Identifier:
                keyid:20:8D:E3:AD:18:DD:0A:E1:43:62:D0:E8:4D:EC:04:3D:37:9C:C2:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/II3jrRjdCuFDYtDoTewEPTecwkI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/V04OCx0o1Bg0TgD8MO6kNsFMhog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/61094a-9469-4299-89f2-bdf6e4294c2e/1/II3jrRjdCuFDYtDoTewEPTecwkI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.127.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         83:31:ec:82:2e:ca:5a:58:7c:08:7f:6e:ba:85:1b:77:b6:5a:
         bd:0e:94:36:a9:42:e1:0f:fc:a2:ca:70:e9:77:11:0d:13:17:
         26:1e:8c:ed:38:e7:18:dd:d5:53:85:c3:ac:49:f6:5b:23:2b:
         0d:e7:30:27:fa:88:fe:d2:60:68:16:6d:ff:d6:f0:96:73:68:
         2f:48:e8:d1:8f:fb:16:a9:37:2f:67:87:d5:26:33:9b:d5:af:
         73:f4:86:d5:e7:5d:c3:19:43:1f:c4:18:88:da:b0:12:02:c6:
         79:7e:49:0e:f0:24:bf:c0:f6:6a:f1:47:0d:d4:32:46:c1:18:
         18:26:e6:b5:0e:d8:4a:6f:4e:fb:fc:af:ac:d7:03:07:99:a6:
         05:ec:50:40:31:9c:86:ae:ca:d0:1b:52:20:c1:eb:b2:18:5a:
         9b:0b:7c:e2:41:32:eb:bd:29:7b:36:8b:a3:25:65:08:34:f7:
         79:f5:2c:ca:97:5e:dc:89:1a:d3:5d:6d:49:26:95:c2:f7:89:
         ae:91:84:e8:55:44:d0:ac:8e:ef:7c:16:93:84:2f:c9:bb:69:
         ff:b5:dd:ae:df:1a:b8:c7:00:7b:90:30:40:5d:6e:9f:90:62:
         88:6e:a6:d9:4c:3e:ef:74:85:3f:7c:ae:46:84:b9:50:64:0e:
         c3:76:45:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ95ODfbLdoZDbSJ9VmIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwOGRlM2FkMThkZDBhZTE0MzYyZDBlODRkZWMwNDNkMzc5
Y2MyNDIwHhcNMjUwMTAxMDU0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzRlMGUwYjFkMjhkNDE4MzQ0ZTAwZmMzMGVlYTQzNmMxNGM4Njg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXPzNapdzi4T8R/7T4+2UpOpzCGD
5zROzWv/Yd9SCBh4ByA2EVNV+nxlSC0oObA2eotM0XXnW2BoSborG1a7ANV7V7Ik
odVK/fRws12g68MEwN6K7OnQ3Av9/2UcsXCQMzW5BOYhgxCP3hhGkcctueHdbpnc
wM8E/gc+CXD1cHYpaP1QJcsYA80OP+5z4soGaPzIzJoGG9C+6U5yzoTCrSl5j+hs
L0xG7lrRcU7YiJMj0AURGb0n+Lp4kmLnFwnBcVrRgaQdpDWdZzmEZDj+Uz2l9+K6
fGdODnJMd/iHL+lZhadceot3+pTPYf5kLel6+o3bJ1VuAY0XZ+t5d5I9/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdODgsdKNQYNE4A/DDupDbBTIaIMB8GA1UdIwQY
MBaAFCCN460Y3QrhQ2LQ6E3sBD03nMJCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUkzanJSamRDdUZEWXREb1Rld0VQVGVjd2tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS82MTA5NGEtOTQ2OS00Mjk5LTg5ZjIt
YmRmNmU0Mjk0YzJlLzEvVjA0T0N4MG8xQmcwVGdEOE1PNmtOc0ZNaG9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS82MTA5NGEtOTQ2OS00Mjk5LTg5ZjItYmRmNmU0Mjk0YzJl
LzEvSUkzanJSamRDdUZEWXREb1Rld0VQVGVjd2tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1H9gMA0G
CSqGSIb3DQEBCwUAA4IBAQCDMeyCLspaWHwIf266hRt3tlq9DpQ2qULhD/yiynDp
dxENExcmHoztOOcY3dVThcOsSfZbIysN5zAn+oj+0mBoFm3/1vCWc2gvSOjRj/sW
qTcvZ4fVJjOb1a9z9IbV513DGUMfxBiI2rASAsZ5fkkO8CS/wPZq8UcN1DJGwRgY
Jua1DthKb077/K+s1wMHmaYF7FBAMZyGrsrQG1IgweuyGFqbC3ziQTLrvSl7Nouj
JWUINPd59SzKl17ciRrTXW1JJpXC94mukYToVUTQrI7vfBaThC/Ju2n/td2u3xq4
xwB7kDBAXW6fkGKIbqbZTD7vdIU/fK5GhLlQZA7DdkWN
-----END CERTIFICATE-----