Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/fBfhsJw2d6Op2y70b533dv-T4j4.roa
File:                     fBfhsJw2d6Op2y70b533dv-T4j4.roa (raw, json)
Hash identifier:          B8cZmEngTY2Ne9QwtzyJ6aeIrWSAdYH7Des5rTXKgP4=
Subject key identifier:   7C:17:E1:B0:9C:36:77:A3:A9:DB:2E:F4:6F:9D:F7:76:FF:93:E2:3E
Certificate issuer:       /CN=a63bcc6d25f7476fbb3ec33f6dbc3e9eead92212
Certificate serial:       01972C340067C926E160130A86A0D21539D1
Authority key identifier: A6:3B:CC:6D:25:F7:47:6F:BB:3E:C3:3F:6D:BC:3E:9E:EA:D9:22:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjvMbSX3R2-7PsM_bbw-nurZIhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/fBfhsJw2d6Op2y70b533dv-T4j4.roa
Signing time:             Sun 01 Jun 2025 15:54:54 +0000
ROA not before:           Sun 01 Jun 2025 15:54:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215524
IP address blocks:        212.24.239.0/24 maxlen: 24
                          212.24.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/pjvMbSX3R2-7PsM_bbw-nurZIhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/pjvMbSX3R2-7PsM_bbw-nurZIhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pjvMbSX3R2-7PsM_bbw-nurZIhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2c:34:00:67:c9:26:e1:60:13:0a:86:a0:d2:15:39:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a63bcc6d25f7476fbb3ec33f6dbc3e9eead92212
        Validity
            Not Before: Jun  1 15:54:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c17e1b09c3677a3a9db2ef46f9df776ff93e23e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:db:46:c3:93:03:7a:de:ed:77:d1:5a:a5:c0:
                    7e:24:db:9e:e9:17:81:7c:5d:2a:0e:16:29:b8:b1:
                    68:35:71:f5:b7:54:17:b4:4d:a5:9a:4f:71:14:6c:
                    16:57:83:7a:6c:19:89:a4:92:57:ed:67:20:17:a0:
                    24:03:f4:a0:84:99:6e:dd:33:a9:21:2f:71:1a:80:
                    80:65:4b:41:17:95:30:22:af:c1:e3:5b:cf:f0:1d:
                    4b:68:ff:24:d4:bf:03:d5:ad:4f:95:e9:1d:20:86:
                    1e:db:37:a8:54:9e:06:51:9d:86:61:bb:cd:ed:8b:
                    01:57:fc:fa:66:ab:72:08:b5:c4:03:ef:66:1d:24:
                    53:89:0d:3b:e7:d4:3c:08:ca:2e:43:6a:10:aa:4f:
                    ce:1a:6b:77:0a:61:73:59:0d:99:3f:5a:e7:0c:42:
                    7b:d6:a6:59:e4:d9:2b:d7:6e:46:6d:3b:64:2e:17:
                    15:82:9c:6f:34:47:38:8d:4f:27:55:e8:5e:41:53:
                    fa:f2:83:2c:35:89:7f:d5:6c:4c:5b:0a:33:40:ae:
                    5d:0a:d2:ec:85:ed:cd:a0:c3:d9:14:05:4b:b9:b8:
                    4c:ef:9c:4a:bb:db:6e:70:7f:af:83:68:50:f6:3a:
                    ab:ed:0d:d4:e7:78:c5:29:af:c7:87:8a:28:ce:51:
                    4a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:17:E1:B0:9C:36:77:A3:A9:DB:2E:F4:6F:9D:F7:76:FF:93:E2:3E
            X509v3 Authority Key Identifier:
                keyid:A6:3B:CC:6D:25:F7:47:6F:BB:3E:C3:3F:6D:BC:3E:9E:EA:D9:22:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjvMbSX3R2-7PsM_bbw-nurZIhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/fBfhsJw2d6Op2y70b533dv-T4j4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/pjvMbSX3R2-7PsM_bbw-nurZIhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.24.239.0-212.24.240.255

    Signature Algorithm: sha256WithRSAEncryption
         09:2b:24:61:dd:77:1f:ab:19:f8:47:c1:83:f6:0e:02:ce:35:
         98:ad:e3:fb:5f:ad:ef:fc:0c:99:e4:c3:26:10:7d:08:83:ab:
         4e:2c:5d:17:54:de:68:79:ba:be:0b:3b:2b:7c:fc:d4:c8:25:
         09:db:60:05:03:21:10:35:0c:6c:15:c0:e4:b9:61:3f:b8:67:
         45:c3:18:31:38:81:06:92:74:4c:c9:e6:0f:cc:5f:79:b9:55:
         32:09:f3:f8:78:79:9b:0f:7f:c9:57:65:a6:e6:90:09:c3:20:
         5b:41:96:78:bb:b3:36:37:e5:31:5a:96:a4:11:e7:f1:7a:e9:
         f7:9f:5f:0a:97:36:94:66:d1:87:a2:7f:b3:ef:d8:4b:2d:b7:
         f2:6d:80:bc:e6:ef:4f:8d:f6:91:aa:99:d9:a4:24:f3:74:5d:
         4f:a2:8f:0c:83:60:d0:29:12:1c:3d:65:60:c6:1a:4a:1e:3d:
         df:e2:4f:33:31:74:8e:61:fb:03:b4:b5:59:59:f4:a8:4c:bd:
         93:4a:15:0d:e3:f3:db:50:f3:1c:1c:87:02:3a:87:10:79:3f:
         91:a3:86:6a:21:c8:ae:9b:2e:b0:6a:ad:2f:d4:b0:20:88:13:
         70:6f:88:63:25:df:09:7a:af:d9:b7:0a:8d:57:3a:82:a3:69:
         8e:96:89:4d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcsNABnySbhYBMKhqDSFTnRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2M2JjYzZkMjVmNzQ3NmZiYjNlYzMzZjZkYmMzZTllZWFk
OTIyMTIwHhcNMjUwNjAxMTU1NDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzE3ZTFiMDljMzY3N2EzYTlkYjJlZjQ2ZjlkZjc3NmZmOTNlMjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNtGw5MDet7td9FapcB+JNue6ReB
fF0qDhYpuLFoNXH1t1QXtE2lmk9xFGwWV4N6bBmJpJJX7WcgF6AkA/SghJlu3TOp
IS9xGoCAZUtBF5UwIq/B41vP8B1LaP8k1L8D1a1PlekdIIYe2zeoVJ4GUZ2GYbvN
7YsBV/z6ZqtyCLXEA+9mHSRTiQ0759Q8CMouQ2oQqk/OGmt3CmFzWQ2ZP1rnDEJ7
1qZZ5Nkr125GbTtkLhcVgpxvNEc4jU8nVeheQVP68oMsNYl/1WxMWwozQK5dCtLs
he3NoMPZFAVLubhM75xKu9tucH+vg2hQ9jqr7Q3U53jFKa/Hh4oozlFKGwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHwX4bCcNnejqdsu9G+d93b/k+I+MB8GA1UdIwQY
MBaAFKY7zG0l90dvuz7DP228Pp7q2SISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGp2TWJTWDNSMi03UHNNX2Jidy1udXJaSWhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS83NjhmZGItZDFiNS00YmVmLWJjYmQt
NDkyNGZhMDAwYjdjLzEvZkJmaHNKdzJkNk9wMnk3MGI1MzNkdi1UNGo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS83NjhmZGItZDFiNS00YmVmLWJjYmQtNDkyNGZhMDAwYjdj
LzEvcGp2TWJTWDNSMi03UHNNX2Jidy1udXJaSWhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADUGO8D
BADUGPAwDQYJKoZIhvcNAQELBQADggEBAAkrJGHddx+rGfhHwYP2DgLONZit4/tf
re/8DJnkwyYQfQiDq04sXRdU3mh5ur4LOyt8/NTIJQnbYAUDIRA1DGwVwOS5YT+4
Z0XDGDE4gQaSdEzJ5g/MX3m5VTIJ8/h4eZsPf8lXZabmkAnDIFtBlni7szY35TFa
lqQR5/F66fefXwqXNpRm0Yeif7Pv2Estt/JtgLzm70+N9pGqmdmkJPN0XU+ijwyD
YNApEhw9ZWDGGkoePd/iTzMxdI5h+wO0tVlZ9KhMvZNKFQ3j89tQ8xwchwI6hxB5
P5GjhmohyK6bLrBqrS/UsCCIE3BviGMl3wl6r9m3Co1XOoKjaY6WiU0=
-----END CERTIFICATE-----