Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/5u0Sr516XwF5libgJlnVHr-LCO8.roa
File:                     5u0Sr516XwF5libgJlnVHr-LCO8.roa (raw, json)
Hash identifier:          Nl31VrcS+bSo2yDG5XN31CZZS1/Ov2ugB1vJk2AVOy8=
Subject key identifier:   E6:ED:12:AF:9D:7A:5F:01:79:96:26:E0:26:59:D5:1E:BF:8B:08:EF
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       0195DAF69C78AE429086A4924E265220D06A
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/5u0Sr516XwF5libgJlnVHr-LCO8.roa
Signing time:             Fri 28 Mar 2025 04:15:49 +0000
ROA not before:           Fri 28 Mar 2025 04:15:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215224
IP address blocks:        212.116.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:da:f6:9c:78:ae:42:90:86:a4:92:4e:26:52:20:d0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Mar 28 04:15:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6ed12af9d7a5f01799626e02659d51ebf8b08ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:29:4c:1a:62:5c:49:ac:44:2f:38:7b:2a:4e:
                    16:ea:10:65:17:a4:76:1b:a3:ba:d2:ee:e9:2d:c7:
                    86:bc:60:83:9f:0b:35:ae:1d:7c:00:69:9b:8f:f4:
                    88:96:f3:e8:69:95:7c:35:83:91:cd:4f:96:1f:e3:
                    6f:71:1f:6b:23:5d:80:6e:93:87:f4:52:34:3f:23:
                    75:43:c8:59:a7:f7:70:c5:89:cf:60:29:cb:3c:dc:
                    94:bd:5d:25:b1:b5:f4:dc:e2:4e:82:6c:84:23:75:
                    a0:fa:5c:f5:3c:a3:da:f9:1c:d2:b1:03:27:11:0b:
                    ce:04:d5:ab:5a:08:3f:bf:4c:d9:28:11:af:cf:a8:
                    de:5c:84:8e:ed:dc:27:32:31:bf:db:c8:5f:45:4e:
                    f1:af:e1:0d:10:2f:b2:52:da:e1:5e:b7:18:78:e9:
                    9e:69:d8:28:84:99:ba:f8:83:4f:b6:dc:97:0f:03:
                    73:29:0f:83:9f:a2:78:2e:d7:5d:39:73:6a:be:ef:
                    2c:13:bb:af:ee:ff:ec:25:95:cb:56:db:67:17:89:
                    47:ff:5e:c9:85:cf:e0:9c:07:2b:53:30:ab:d4:6b:
                    4f:a1:df:59:2a:7a:a2:b5:ea:de:00:74:d6:dd:7f:
                    37:68:c0:c9:f2:ee:05:c2:91:21:0c:1c:a6:0b:c3:
                    59:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:ED:12:AF:9D:7A:5F:01:79:96:26:E0:26:59:D5:1E:BF:8B:08:EF
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/5u0Sr516XwF5libgJlnVHr-LCO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:49:21:42:b0:67:02:9e:2a:07:80:5a:d2:a9:ca:ed:db:de:
         bb:31:60:65:32:24:b5:27:c1:47:5b:49:3d:1a:57:b2:55:18:
         5e:22:89:da:b4:5b:aa:63:97:9e:68:80:36:0e:0c:2c:d6:6f:
         2f:8c:89:b7:06:27:5d:a6:d4:43:14:d6:ce:32:e6:21:81:99:
         0b:d2:be:73:cb:ec:6a:cd:78:5b:bb:a4:e7:0c:bc:11:5c:0d:
         fe:23:8c:7d:11:ec:3b:06:f4:f3:78:5f:b5:81:e5:98:f5:82:
         fc:28:71:2a:bc:2d:7d:13:59:24:fb:da:1f:18:e6:5e:ad:c1:
         4d:10:40:d7:ac:48:f3:c1:15:11:16:67:06:f2:20:3b:39:9b:
         f0:f8:10:77:75:cc:ad:b0:d8:ec:61:df:0f:53:b5:56:ba:63:
         db:52:6c:1b:e1:e4:56:de:40:99:c6:40:a2:31:ba:99:55:81:
         cd:94:d1:8f:1a:22:3e:be:7d:f6:26:5a:e2:f5:ed:cb:78:b7:
         59:f8:4d:4b:bb:34:bc:95:a3:b6:be:7b:83:2e:0a:c1:bc:c4:
         b9:81:42:3c:ee:b0:0f:2b:50:c9:9b:ba:d6:00:bc:7b:91:a8:
         38:ac:2f:f9:68:f4:19:83:e5:b0:c9:eb:e5:16:01:d7:01:59:
         50:ea:ab:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXa9px4rkKQhqSSTiZSINBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwMzI4MDQxNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmVkMTJhZjlkN2E1ZjAxNzk5NjI2ZTAyNjU5ZDUxZWJmOGIwOGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7SlMGmJcSaxELzh7Kk4W6hBlF6R2
G6O60u7pLceGvGCDnws1rh18AGmbj/SIlvPoaZV8NYORzU+WH+NvcR9rI12AbpOH
9FI0PyN1Q8hZp/dwxYnPYCnLPNyUvV0lsbX03OJOgmyEI3Wg+lz1PKPa+RzSsQMn
EQvOBNWrWgg/v0zZKBGvz6jeXISO7dwnMjG/28hfRU7xr+ENEC+yUtrhXrcYeOme
adgohJm6+INPttyXDwNzKQ+Dn6J4LtddOXNqvu8sE7uv7v/sJZXLVttnF4lH/17J
hc/gnAcrUzCr1GtPod9ZKnqitereAHTW3X83aMDJ8u4FwpEhDBymC8NZsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObtEq+del8BeZYm4CZZ1R6/iwjvMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvNXUwU3I1MTZYd0Y1bGliZ0psblZIci1MQ084LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HT0MA0G
CSqGSIb3DQEBCwUAA4IBAQCnSSFCsGcCnioHgFrSqcrt2967MWBlMiS1J8FHW0k9
GleyVRheIonatFuqY5eeaIA2Dgws1m8vjIm3BiddptRDFNbOMuYhgZkL0r5zy+xq
zXhbu6TnDLwRXA3+I4x9Eew7BvTzeF+1geWY9YL8KHEqvC19E1kk+9ofGOZercFN
EEDXrEjzwRURFmcG8iA7OZvw+BB3dcytsNjsYd8PU7VWumPbUmwb4eRW3kCZxkCi
MbqZVYHNlNGPGiI+vn32Jlri9e3LeLdZ+E1LuzS8laO2vnuDLgrBvMS5gUI87rAP
K1DJm7rWALx7kag4rC/5aPQZg+WwyevlFgHXAVlQ6quB
-----END CERTIFICATE-----