Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/xymeMR66aDWDmDhIlx2JEKPGuQ4.roa
File:                     xymeMR66aDWDmDhIlx2JEKPGuQ4.roa (raw, json)
Hash identifier:          FDOGD9cmw7d0tSGevYfgks8MljnMa/gRurSZQ7spuUQ=
Subject key identifier:   C7:29:9E:31:1E:BA:68:35:83:98:38:48:97:1D:89:10:A3:C6:B9:0E
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       019421B1FF4D18669A1100E3B98529318C5B
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/xymeMR66aDWDmDhIlx2JEKPGuQ4.roa
Signing time:             Wed 01 Jan 2025 11:48:20 +0000
ROA not before:           Wed 01 Jan 2025 11:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        212.116.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ff:4d:18:66:9a:11:00:e3:b9:85:29:31:8c:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Jan  1 11:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7299e311eba683583983848971d8910a3c6b90e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f2:3f:74:3c:cc:5f:1b:28:c1:16:f3:a4:20:
                    32:6b:10:48:b0:1e:72:9c:1b:96:cd:e6:33:94:19:
                    a1:7e:06:89:a6:4e:25:79:c0:f5:c4:05:9e:0b:97:
                    fa:f5:7b:f1:ef:f3:24:1a:47:b8:aa:e6:3f:e5:82:
                    73:22:a6:e6:cb:62:15:2e:83:f2:1f:16:4d:66:2e:
                    17:34:5e:de:95:80:d0:6a:20:b1:45:d7:aa:8e:52:
                    04:6a:77:9d:bb:0d:e9:eb:12:5a:ab:49:2d:23:6a:
                    ea:c0:63:ce:2c:e9:2a:fc:4c:70:69:f0:ba:9c:07:
                    80:54:6f:e6:1c:1e:f8:c1:95:eb:e9:75:38:1e:ce:
                    68:35:32:88:c6:01:f0:27:f9:d5:d7:d1:a6:ef:a4:
                    c9:fb:c4:a7:d2:80:cd:4a:54:58:58:71:e1:05:af:
                    56:aa:93:16:73:2e:1f:3f:8c:a7:00:d0:ba:96:33:
                    5a:6c:a2:f1:10:7b:a6:68:8f:16:4b:c9:d9:73:a4:
                    2c:f3:84:3f:c2:27:b7:49:01:22:e4:8a:13:b6:7f:
                    2b:89:32:3a:25:a9:e9:95:25:f4:64:0b:d0:2e:ba:
                    e8:53:40:d7:f4:ee:b8:d5:24:d5:11:2f:fb:21:f9:
                    cd:07:87:41:56:63:4d:0b:55:76:83:47:85:ec:40:
                    1f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:29:9E:31:1E:BA:68:35:83:98:38:48:97:1D:89:10:A3:C6:B9:0E
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/xymeMR66aDWDmDhIlx2JEKPGuQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:e2:77:d5:d6:09:28:1d:56:7f:96:13:e6:48:40:25:26:5b:
         19:4c:98:a0:24:5f:9f:be:fc:9b:9c:06:e4:f6:1c:1c:e5:da:
         f8:1c:54:e7:d2:ee:7b:2b:2b:cb:ec:ab:7d:32:46:0f:ea:b1:
         9b:76:ca:a5:91:39:da:aa:57:af:2f:bf:fe:08:a2:6a:f2:1e:
         07:4c:3f:ca:d5:e9:72:31:14:a4:cc:25:34:94:12:a7:50:ac:
         b2:34:b0:0e:cd:e3:5a:06:62:d5:f5:6b:f9:d9:10:e4:de:eb:
         d3:bd:da:f1:d8:d5:8c:1a:02:3f:63:59:5c:46:b5:85:68:00:
         f8:be:eb:1e:21:07:26:4a:e8:bd:e0:37:03:cb:27:73:9b:06:
         b1:b3:89:7c:92:a1:ab:ff:9a:4e:c4:f4:e7:e5:07:2a:61:bd:
         2d:2d:94:a4:5c:c8:a4:c7:54:d3:b9:a1:96:e8:6e:2e:83:b7:
         be:83:30:33:45:f7:fd:90:93:69:40:80:4b:5a:b6:f2:84:2d:
         3b:40:5a:f7:8e:fe:1e:15:89:89:1a:90:17:ba:cf:ba:ac:df:
         06:f7:88:18:85:a5:59:c0:97:ea:e2:f0:4d:8f:4b:91:63:31:
         1e:ad:9c:48:aa:62:d9:ac:7c:6e:14:75:e1:88:71:82:9e:b8:
         92:69:af:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsf9NGGaaEQDjuYUpMYxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwMTAxMTE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzI5OWUzMTFlYmE2ODM1ODM5ODM4NDg5NzFkODkxMGEzYzZiOTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3fI/dDzMXxsowRbzpCAyaxBIsB5y
nBuWzeYzlBmhfgaJpk4lecD1xAWeC5f69Xvx7/MkGke4quY/5YJzIqbmy2IVLoPy
HxZNZi4XNF7elYDQaiCxRdeqjlIEaneduw3p6xJaq0ktI2rqwGPOLOkq/ExwafC6
nAeAVG/mHB74wZXr6XU4Hs5oNTKIxgHwJ/nV19Gm76TJ+8Sn0oDNSlRYWHHhBa9W
qpMWcy4fP4ynANC6ljNabKLxEHumaI8WS8nZc6Qs84Q/wie3SQEi5IoTtn8riTI6
JanplSX0ZAvQLrroU0DX9O641STVES/7IfnNB4dBVmNNC1V2g0eF7EAfOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcpnjEeumg1g5g4SJcdiRCjxrkOMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEveHltZU1SNjZhRFdEbURoSWx4MkpFS1BHdVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1HT8MA0G
CSqGSIb3DQEBCwUAA4IBAQB94nfV1gkoHVZ/lhPmSEAlJlsZTJigJF+fvvybnAbk
9hwc5dr4HFTn0u57KyvL7Kt9MkYP6rGbdsqlkTnaqlevL7/+CKJq8h4HTD/K1ely
MRSkzCU0lBKnUKyyNLAOzeNaBmLV9Wv52RDk3uvTvdrx2NWMGgI/Y1lcRrWFaAD4
vuseIQcmSui94DcDyydzmwaxs4l8kqGr/5pOxPTn5QcqYb0tLZSkXMikx1TTuaGW
6G4ug7e+gzAzRff9kJNpQIBLWrbyhC07QFr3jv4eFYmJGpAXus+6rN8G94gYhaVZ
wJfq4vBNj0uRYzEerZxIqmLZrHxuFHXhiHGCnriSaa/n
-----END CERTIFICATE-----