Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/a41h9AJ8mtxfKJY0Pm5MsRxOIS0.roa
File:                     a41h9AJ8mtxfKJY0Pm5MsRxOIS0.roa (raw, json)
Hash identifier:          NyATootWTJqFuMZ28UTKjrT6EG+sSRgdEBwOFkWDKdQ=
Subject key identifier:   6B:8D:61:F4:02:7C:9A:DC:5F:28:96:34:3E:6E:4C:B1:1C:4E:21:2D
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       01951C2F16EC0582B23041A69180AEBDDBA6
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/a41h9AJ8mtxfKJY0Pm5MsRxOIS0.roa
Signing time:             Wed 19 Feb 2025 03:10:02 +0000
ROA not before:           Wed 19 Feb 2025 03:10:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        212.116.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1c:2f:16:ec:05:82:b2:30:41:a6:91:80:ae:bd:db:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Feb 19 03:10:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b8d61f4027c9adc5f2896343e6e4cb11c4e212d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:13:65:ce:25:ce:b4:02:1c:87:ea:9d:3c:40:
                    0f:ae:b8:d1:d5:f3:ab:ac:8f:79:aa:75:31:97:57:
                    d6:e2:78:6a:04:8a:d5:c1:b8:0c:d4:a8:d1:b3:82:
                    fa:84:d4:ce:c1:6f:4f:a0:7c:10:04:db:d0:46:d9:
                    88:6f:6a:0d:c0:e7:8d:a2:82:1a:3e:47:f3:32:43:
                    e4:95:de:eb:f3:f5:8a:d8:8a:f8:8b:b9:ca:da:aa:
                    ba:07:7c:30:c2:ab:2e:33:59:e7:63:14:30:32:3a:
                    5f:82:e7:39:67:2c:a1:a0:c9:e8:c5:3a:9d:de:8f:
                    9e:0a:61:62:f1:cf:4d:74:6c:16:e1:d9:20:c0:a6:
                    ea:95:17:48:49:75:bd:74:90:6c:57:9d:c4:86:d3:
                    bb:5d:db:d0:66:b5:b1:ec:d8:74:91:75:ae:11:3f:
                    4c:e1:52:69:57:54:e8:76:fd:20:df:4d:74:d1:9d:
                    71:1c:c7:9a:34:18:c5:77:22:a3:a8:8a:f1:ef:0b:
                    05:ff:ed:ab:5f:30:cc:25:88:97:e5:11:67:8e:c6:
                    43:99:ee:0e:63:bd:6b:85:55:44:af:f0:a7:36:d9:
                    ee:b7:a6:2d:cb:69:15:35:9d:4e:e5:35:5b:17:3d:
                    61:50:47:42:5d:46:7b:4a:3c:b4:5b:82:41:b7:3c:
                    96:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:8D:61:F4:02:7C:9A:DC:5F:28:96:34:3E:6E:4C:B1:1C:4E:21:2D
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/a41h9AJ8mtxfKJY0Pm5MsRxOIS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:9b:50:c8:71:c3:50:a4:13:e8:da:a7:39:df:e6:0f:56:0c:
         27:13:58:09:48:54:68:5b:be:b5:5e:74:b0:67:0c:af:0b:81:
         f9:0a:b8:21:22:60:ff:df:0d:23:da:21:db:0a:88:b1:86:5e:
         30:dd:e1:43:6f:8f:bb:f0:6e:82:83:ba:a0:f0:41:e0:5e:3d:
         d4:be:58:fd:b2:e8:e3:da:83:b6:d6:ee:8c:67:33:35:8f:36:
         b5:0d:17:47:e6:a4:0f:c2:88:c2:8b:61:09:ae:0f:cf:51:23:
         25:05:9f:7b:a0:c3:c6:5a:5d:a0:b3:66:56:55:ea:25:c2:c7:
         4b:a7:20:2a:7e:5e:56:9b:30:a3:81:c2:81:e5:93:70:1d:b8:
         e6:d0:31:10:bd:45:ec:7b:ed:e3:b9:e2:27:e4:62:ea:b0:58:
         12:56:ca:ab:bc:69:c0:93:9f:bf:28:97:1c:00:16:6d:71:60:
         7e:80:cc:11:72:4e:6e:55:a0:05:c8:9a:81:eb:09:5a:64:3e:
         28:9c:b5:3e:95:26:37:1a:4f:b5:41:0d:d3:18:7b:4d:07:0a:
         25:d1:81:97:4d:b8:9d:5f:19:31:d4:17:04:43:ed:02:6d:b7:
         9b:ec:40:ab:76:c9:04:c3:d9:f1:38:d5:48:e7:19:ac:e5:69:
         b3:66:f5:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUcLxbsBYKyMEGmkYCuvdumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwMjE5MDMxMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjhkNjFmNDAyN2M5YWRjNWYyODk2MzQzZTZlNGNiMTFjNGUyMTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hNlziXOtAIch+qdPEAPrrjR1fOr
rI95qnUxl1fW4nhqBIrVwbgM1KjRs4L6hNTOwW9PoHwQBNvQRtmIb2oNwOeNooIa
PkfzMkPkld7r8/WK2Ir4i7nK2qq6B3wwwqsuM1nnYxQwMjpfguc5ZyyhoMnoxTqd
3o+eCmFi8c9NdGwW4dkgwKbqlRdISXW9dJBsV53EhtO7XdvQZrWx7Nh0kXWuET9M
4VJpV1Todv0g30100Z1xHMeaNBjFdyKjqIrx7wsF/+2rXzDMJYiX5RFnjsZDme4O
Y71rhVVEr/CnNtnut6Yty2kVNZ1O5TVbFz1hUEdCXUZ7Sjy0W4JBtzyWSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuNYfQCfJrcXyiWND5uTLEcTiEtMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvYTQxaDlBSjhtdHhmS0pZMFBtNU1zUnhPSVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HTsMA0G
CSqGSIb3DQEBCwUAA4IBAQDGm1DIccNQpBPo2qc53+YPVgwnE1gJSFRoW761XnSw
ZwyvC4H5CrghImD/3w0j2iHbCoixhl4w3eFDb4+78G6Cg7qg8EHgXj3Uvlj9sujj
2oO21u6MZzM1jza1DRdH5qQPwojCi2EJrg/PUSMlBZ97oMPGWl2gs2ZWVeolwsdL
pyAqfl5WmzCjgcKB5ZNwHbjm0DEQvUXse+3jueIn5GLqsFgSVsqrvGnAk5+/KJcc
ABZtcWB+gMwRck5uVaAFyJqB6wlaZD4onLU+lSY3Gk+1QQ3TGHtNBwol0YGXTbid
Xxkx1BcEQ+0Cbbeb7ECrdskEw9nxONVI5xms5WmzZvW8
-----END CERTIFICATE-----