Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/tzK7bQadc-X5ERcHUFRyrLjFAic.roa
File:                     tzK7bQadc-X5ERcHUFRyrLjFAic.roa (raw, json)
Hash identifier:          pH5a6hVvwpFpvLEU3OQ9naeDuYIybxvVLAzccWIRqYM=
Subject key identifier:   B7:32:BB:6D:06:9D:73:E5:F9:11:17:07:50:54:72:AC:B8:C5:02:27
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       01956A0E0A6135BA23F2C6A93EA256B9C319
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/tzK7bQadc-X5ERcHUFRyrLjFAic.roa
Signing time:             Thu 06 Mar 2025 06:04:19 +0000
ROA not before:           Thu 06 Mar 2025 06:04:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209854
IP address blocks:        212.116.230.0/24 maxlen: 24
                          212.116.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6a:0e:0a:61:35:ba:23:f2:c6:a9:3e:a2:56:b9:c3:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Mar  6 06:04:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b732bb6d069d73e5f9111707505472acb8c50227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:75:97:20:e7:f0:cc:cc:6b:d6:e6:d3:66:a8:
                    05:ec:59:f5:16:ed:ea:96:43:cf:1e:c2:31:52:28:
                    4a:e0:17:7c:2f:61:4b:50:89:f3:25:4f:8e:37:a8:
                    b0:ea:95:13:77:eb:dc:cc:be:6d:be:ec:7f:8c:34:
                    d6:0f:9b:ce:a8:72:e3:cc:e1:e2:00:7a:74:e8:9a:
                    b5:3c:18:e5:e3:b3:6d:13:5c:60:c5:08:7e:18:30:
                    6b:61:12:f6:06:98:59:0d:78:58:98:52:dd:cc:14:
                    7b:4e:5a:d3:f6:ff:4e:36:17:1e:81:2e:26:f5:00:
                    35:8b:9b:11:61:f2:a8:aa:14:05:49:1d:a7:71:3c:
                    d2:f8:df:2c:7d:5b:36:2e:20:6d:eb:23:a1:52:ed:
                    5e:1f:9e:07:0e:1c:16:c9:68:63:b3:ba:2a:ca:3f:
                    78:40:df:a0:62:12:b3:a9:bc:bb:eb:2e:9e:4f:a6:
                    29:68:15:77:e0:91:36:41:27:ac:0e:c7:58:6c:bb:
                    31:3d:cd:7e:cb:01:49:de:96:58:e4:b9:ef:6d:49:
                    80:25:61:f6:02:22:21:5e:20:4f:07:10:ac:0d:60:
                    32:a7:fd:ca:ce:e9:77:c5:e4:17:eb:63:08:2b:28:
                    8d:82:a1:af:a3:20:85:73:79:6a:a8:f3:23:ce:28:
                    00:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:32:BB:6D:06:9D:73:E5:F9:11:17:07:50:54:72:AC:B8:C5:02:27
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/tzK7bQadc-X5ERcHUFRyrLjFAic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:55:d7:a3:49:bc:d3:2f:b5:d5:03:89:75:cc:1b:06:77:d9:
         f5:cc:48:d9:81:8e:68:25:3a:a8:1f:1b:fb:4c:e1:f0:d9:f5:
         d0:ab:1e:c6:c9:48:f9:2f:36:57:25:98:89:e3:c5:d2:c1:d4:
         5e:5a:ca:0b:8a:2e:ac:be:52:1e:ee:6e:7a:c3:40:ea:07:d3:
         e8:b7:d3:69:61:f5:ef:68:b0:59:34:f2:b5:db:ec:06:4e:aa:
         ce:54:bf:7f:44:7b:50:df:23:28:2f:d8:4d:93:74:7b:ba:8f:
         a6:05:30:24:3d:b2:fa:8e:6a:f9:c8:e5:cc:bd:c9:f6:af:95:
         7f:b8:c1:a7:8e:66:6c:bc:71:d2:61:f8:7c:1d:de:46:5c:9d:
         41:65:32:50:69:a1:74:9e:93:f3:a3:bb:4b:ab:97:03:69:1f:
         b8:a8:31:a2:7e:e4:f4:32:c9:7b:8b:37:0a:72:9a:7e:8c:18:
         16:e4:d7:e3:39:12:b0:3d:41:be:a9:c3:32:6d:0c:2d:ea:fb:
         3f:9a:63:85:7b:35:3e:d4:d7:ea:04:24:fc:b9:c6:73:d6:62:
         45:03:cd:d3:ea:c1:2f:b8:33:42:17:be:1e:6b:a7:c0:f5:f2:
         3d:9b:52:09:58:40:0b:66:42:aa:e4:a0:33:5d:11:8e:a2:35:
         d4:ab:45:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVqDgphNboj8sapPqJWucMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwMzA2MDYwNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzMyYmI2ZDA2OWQ3M2U1ZjkxMTE3MDc1MDU0NzJhY2I4YzUwMjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHWXIOfwzMxr1ubTZqgF7Fn1Fu3q
lkPPHsIxUihK4Bd8L2FLUInzJU+ON6iw6pUTd+vczL5tvux/jDTWD5vOqHLjzOHi
AHp06Jq1PBjl47NtE1xgxQh+GDBrYRL2BphZDXhYmFLdzBR7TlrT9v9ONhcegS4m
9QA1i5sRYfKoqhQFSR2ncTzS+N8sfVs2LiBt6yOhUu1eH54HDhwWyWhjs7oqyj94
QN+gYhKzqby76y6eT6YpaBV34JE2QSesDsdYbLsxPc1+ywFJ3pZY5LnvbUmAJWH2
AiIhXiBPBxCsDWAyp/3Kzul3xeQX62MIKyiNgqGvoyCFc3lqqPMjzigA+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcyu20GnXPl+REXB1BUcqy4xQInMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvdHpLN2JRYWRjLVg1RVJjSFVGUnlyTGpGQWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HTmMA0G
CSqGSIb3DQEBCwUAA4IBAQBSVdejSbzTL7XVA4l1zBsGd9n1zEjZgY5oJTqoHxv7
TOHw2fXQqx7GyUj5LzZXJZiJ48XSwdReWsoLii6svlIe7m56w0DqB9Pot9NpYfXv
aLBZNPK12+wGTqrOVL9/RHtQ3yMoL9hNk3R7uo+mBTAkPbL6jmr5yOXMvcn2r5V/
uMGnjmZsvHHSYfh8Hd5GXJ1BZTJQaaF0npPzo7tLq5cDaR+4qDGifuT0Msl7izcK
cpp+jBgW5NfjORKwPUG+qcMybQwt6vs/mmOFezU+1NfqBCT8ucZz1mJFA83T6sEv
uDNCF74ea6fA9fI9m1IJWEALZkKq5KAzXRGOojXUq0XS
-----END CERTIFICATE-----