Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/acYGK8CkxHHJymKvZsvAwTZx534.roa
File:                     acYGK8CkxHHJymKvZsvAwTZx534.roa (raw, json)
Hash identifier:          Bz3iDYD/7IlVHGKnWBEBXkjBCuMDicbNAd5XevNE9Dk=
Subject key identifier:   69:C6:06:2B:C0:A4:C4:71:C9:CA:62:AF:66:CB:C0:C1:36:71:E7:7E
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       0196C708E35C40AEA7CCEAC0A8F4F620F17F
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/acYGK8CkxHHJymKvZsvAwTZx534.roa
Signing time:             Tue 13 May 2025 00:26:10 +0000
ROA not before:           Tue 13 May 2025 00:26:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        212.116.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c7:08:e3:5c:40:ae:a7:cc:ea:c0:a8:f4:f6:20:f1:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: May 13 00:26:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69c6062bc0a4c471c9ca62af66cbc0c13671e77e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e9:f7:df:bd:b7:51:86:75:bb:2e:75:67:68:
                    65:45:19:5b:f0:85:33:e9:87:9d:15:f1:0a:fa:99:
                    9d:0b:7b:8e:05:c6:44:21:dc:33:70:98:92:56:06:
                    27:3f:d2:27:1a:a8:a7:03:b6:a2:76:8d:24:79:1e:
                    a4:b7:55:bf:8c:ff:46:9b:0f:83:7e:67:6b:76:e4:
                    ca:40:85:86:d1:d7:e9:ab:04:72:0c:c0:15:6f:4f:
                    35:fe:cd:18:42:40:61:7d:41:e1:b4:e9:82:a6:25:
                    93:c7:59:8c:71:9a:f5:f2:37:f0:37:4c:16:0a:f9:
                    f3:52:99:b7:f7:1d:82:51:3b:b6:af:89:9a:5e:f5:
                    15:38:c5:7e:38:f8:42:07:42:f0:b6:ad:db:c9:3e:
                    cc:72:63:76:2b:79:f9:02:7d:c4:e6:c9:93:47:f9:
                    7d:ba:a1:a1:d0:36:dc:3c:3e:35:11:96:14:a2:0a:
                    b4:f9:23:70:bb:da:08:ff:dd:1f:6f:a7:a7:50:e7:
                    2b:91:08:8a:ee:4e:2e:9b:65:79:da:a9:43:9d:48:
                    eb:cd:5a:2a:09:ab:0c:07:d5:be:dc:f0:7e:35:8a:
                    72:9b:1e:b4:8c:c0:2b:2c:18:a6:30:ea:49:a9:a7:
                    12:75:3d:e9:13:f6:c9:76:96:bc:c0:a7:25:b4:e9:
                    68:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C6:06:2B:C0:A4:C4:71:C9:CA:62:AF:66:CB:C0:C1:36:71:E7:7E
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/acYGK8CkxHHJymKvZsvAwTZx534.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:4c:a7:02:6f:80:15:df:ff:21:03:43:70:5e:74:03:7f:a4:
         36:2d:f0:fc:6a:a0:b2:e1:1b:21:64:40:1a:52:85:ac:3a:89:
         71:6f:97:93:89:df:71:4c:00:5e:1b:8e:24:70:c7:7b:ff:c9:
         56:3a:17:34:84:4a:f6:ec:99:2b:f9:d2:ee:d8:3e:96:49:ad:
         3b:53:7f:0f:de:d8:c7:ff:b0:3a:e6:08:7b:b4:97:7d:ac:f3:
         65:ca:ff:61:df:7e:ae:08:0e:6e:54:f8:5f:4a:24:de:d7:e7:
         bc:d3:e1:cd:02:cf:69:10:02:3c:99:70:48:49:5f:5b:4b:4f:
         43:1a:df:47:c3:2c:76:6b:37:27:60:06:52:c4:a2:69:e4:a0:
         c9:ee:0c:c4:f8:b7:13:23:ad:c6:35:1b:64:6f:1b:ac:84:7c:
         03:1b:ba:a9:5c:d0:39:4e:a6:e4:9e:93:35:7b:80:0c:60:71:
         04:b8:25:5d:6b:39:44:76:7e:11:6c:a6:84:61:ba:04:85:c7:
         74:1d:57:e6:b5:95:ea:f9:05:cb:1f:bc:31:db:6d:3a:e6:e4:
         5e:03:5c:8f:a6:1f:fa:5c:cf:b4:93:e2:a0:48:8c:98:10:eb:
         6d:f8:aa:56:d9:b2:f9:eb:82:87:c4:d6:d2:f8:69:ee:3e:21:
         7f:cc:9c:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbHCONcQK6nzOrAqPT2IPF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwNTEzMDAyNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM2MDYyYmMwYTRjNDcxYzljYTYyYWY2NmNiYzBjMTM2NzFlNzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwen33723UYZ1uy51Z2hlRRlb8IUz
6YedFfEK+pmdC3uOBcZEIdwzcJiSVgYnP9InGqinA7aido0keR6kt1W/jP9Gmw+D
fmdrduTKQIWG0dfpqwRyDMAVb081/s0YQkBhfUHhtOmCpiWTx1mMcZr18jfwN0wW
CvnzUpm39x2CUTu2r4maXvUVOMV+OPhCB0Lwtq3byT7McmN2K3n5An3E5smTR/l9
uqGh0DbcPD41EZYUogq0+SNwu9oI/90fb6enUOcrkQiK7k4um2V52qlDnUjrzVoq
CasMB9W+3PB+NYpymx60jMArLBimMOpJqacSdT3pE/bJdpa8wKcltOlonQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnGBivApMRxycpir2bLwME2ced+MB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvYWNZR0s4Q2t4SEhKeW1LdlpzdkF3VFp4NTM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HT2MA0G
CSqGSIb3DQEBCwUAA4IBAQCKTKcCb4AV3/8hA0NwXnQDf6Q2LfD8aqCy4RshZEAa
UoWsOolxb5eTid9xTABeG44kcMd7/8lWOhc0hEr27Jkr+dLu2D6WSa07U38P3tjH
/7A65gh7tJd9rPNlyv9h336uCA5uVPhfSiTe1+e80+HNAs9pEAI8mXBISV9bS09D
Gt9Hwyx2azcnYAZSxKJp5KDJ7gzE+LcTI63GNRtkbxushHwDG7qpXNA5TqbknpM1
e4AMYHEEuCVdazlEdn4RbKaEYboEhcd0HVfmtZXq+QXLH7wx22065uReA1yPph/6
XM+0k+KgSIyYEOtt+KpW2bL564KHxNbS+GnuPiF/zJxW
-----END CERTIFICATE-----