Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/_0V8txyjPPqzjlvfK-eiSEPQud8.roa
File:                     _0V8txyjPPqzjlvfK-eiSEPQud8.roa (raw, json)
Hash identifier:          OuyYUMKPpEltyvzJnMLVyp9dQDUE6+Aj/UBjntoQqiQ=
Subject key identifier:   FF:45:7C:B7:1C:A3:3C:FA:B3:8E:5B:DF:2B:E7:A2:48:43:D0:B9:DF
Certificate issuer:       /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial:       019427B58FA22E1CB64789B194CBB9CA55CC
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/_0V8txyjPPqzjlvfK-eiSEPQud8.roa
Signing time:             Thu 02 Jan 2025 15:49:57 +0000
ROA not before:           Thu 02 Jan 2025 15:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206621
IP address blocks:        212.87.170.0/23 maxlen: 23
                          212.87.170.0/24 maxlen: 24
                          212.87.180.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:8f:a2:2e:1c:b6:47:89:b1:94:cb:b9:ca:55:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
        Validity
            Not Before: Jan  2 15:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff457cb71ca33cfab38e5bdf2be7a24843d0b9df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3b:af:76:0b:9c:6a:39:74:a3:b1:cd:db:80:
                    59:92:e3:e6:2f:69:d4:d4:f0:8c:06:5e:f6:85:d2:
                    a8:e6:ad:6e:62:f7:40:7d:1a:f2:ef:a3:62:87:eb:
                    2e:e3:5f:4f:2d:4e:23:52:25:3c:14:db:14:2f:6d:
                    a3:d0:df:88:c4:b4:a3:b2:f3:e0:1b:66:8b:2b:61:
                    05:82:31:9d:0c:3e:01:6d:3e:58:2a:f9:0f:19:21:
                    99:f9:09:09:2a:5e:9b:ba:07:78:12:e8:a6:f1:77:
                    3e:f5:12:ab:61:cc:aa:4f:36:a8:50:50:db:66:e7:
                    e2:f0:c7:35:79:5d:93:42:5c:e2:f0:17:1a:fa:09:
                    28:35:ec:d1:98:e8:9e:b6:34:7b:76:e5:b5:2e:db:
                    83:6f:25:0d:36:fd:68:86:94:ec:7e:bf:e6:c0:64:
                    be:71:2c:69:64:10:f6:f1:4e:06:89:7a:e2:03:96:
                    40:d1:35:a0:5d:7e:d6:9b:1d:b5:57:d4:21:81:f3:
                    5f:be:f2:15:c9:72:a4:62:2d:d4:4d:d7:19:a4:36:
                    06:39:fb:51:59:67:ed:82:77:7a:7f:67:90:a7:24:
                    4e:7f:25:3f:48:81:4b:44:15:58:a1:3c:40:03:9c:
                    f3:60:1b:79:05:f3:8b:87:61:8b:f1:34:d0:bf:76:
                    59:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:45:7C:B7:1C:A3:3C:FA:B3:8E:5B:DF:2B:E7:A2:48:43:D0:B9:DF
            X509v3 Authority Key Identifier:
                keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/_0V8txyjPPqzjlvfK-eiSEPQud8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.170.0/23
                  212.87.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:2f:d7:ec:79:93:75:43:e6:01:25:18:af:bd:24:c8:26:6a:
         10:bb:7f:8e:55:5f:55:97:d0:cf:ab:44:f7:eb:89:5c:b0:c3:
         34:e0:08:19:7b:0e:91:11:df:19:62:d6:ce:96:1a:c0:dc:e4:
         da:61:3e:b8:e3:86:5e:e2:c5:03:49:a2:49:d3:98:a5:b5:fc:
         5d:42:68:bb:aa:db:c8:3a:6c:e4:3c:82:7b:9f:0d:d2:ca:54:
         0c:92:9e:e9:e5:64:fc:ba:8d:02:8e:e0:ef:4e:09:bb:48:6a:
         1c:81:7f:60:20:2b:ac:c3:2c:38:a1:84:4b:8a:d8:5b:a1:1f:
         b7:50:1a:ea:16:3a:67:17:f5:91:9f:8e:90:4b:ec:ea:33:69:
         05:c8:2b:4c:8d:74:35:7e:7b:16:1b:b0:52:6a:c4:f7:b0:3d:
         c4:c7:d3:db:e0:2a:fa:92:ef:b4:96:48:1d:88:99:e9:41:97:
         9f:12:ce:b0:36:e5:2e:ab:c4:38:7e:ef:0a:22:ed:89:ed:d9:
         70:17:13:e9:ed:90:e1:01:1e:50:a9:56:c1:ad:7d:f7:bf:30:
         ab:4a:1d:9c:1d:2d:dc:30:4a:96:1b:bf:da:19:73:38:9f:7b:
         f8:16:91:ea:01:89:03:66:13:10:67:6b:9b:eb:8e:0d:62:c9:
         7c:9c:b1:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntY+iLhy2R4mxlMu5ylXMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjUwMTAyMTU0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjQ1N2NiNzFjYTMzY2ZhYjM4ZTViZGYyYmU3YTI0ODQzZDBiOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszuvdgucajl0o7HN24BZkuPmL2nU
1PCMBl72hdKo5q1uYvdAfRry76Nih+su419PLU4jUiU8FNsUL22j0N+IxLSjsvPg
G2aLK2EFgjGdDD4BbT5YKvkPGSGZ+QkJKl6bugd4Euim8Xc+9RKrYcyqTzaoUFDb
Zufi8Mc1eV2TQlzi8Bca+gkoNezRmOietjR7duW1LtuDbyUNNv1ohpTsfr/mwGS+
cSxpZBD28U4GiXriA5ZA0TWgXX7Wmx21V9QhgfNfvvIVyXKkYi3UTdcZpDYGOftR
WWftgnd6f2eQpyROfyU/SIFLRBVYoTxAA5zzYBt5BfOLh2GL8TTQv3ZZxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP9FfLccozz6s45b3yvnokhD0LnfMB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEvXzBWOHR4eWpQUHF6amx2ZkstZWlTRVBRdWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQB1FeqAwQB
1Fe0MA0GCSqGSIb3DQEBCwUAA4IBAQABL9fseZN1Q+YBJRivvSTIJmoQu3+OVV9V
l9DPq0T364lcsMM04AgZew6REd8ZYtbOlhrA3OTaYT6444Ze4sUDSaJJ05iltfxd
Qmi7qtvIOmzkPIJ7nw3SylQMkp7p5WT8uo0CjuDvTgm7SGocgX9gICuswyw4oYRL
ithboR+3UBrqFjpnF/WRn46QS+zqM2kFyCtMjXQ1fnsWG7BSasT3sD3Ex9Pb4Cr6
ku+0lkgdiJnpQZefEs6wNuUuq8Q4fu8KIu2J7dlwFxPp7ZDhAR5QqVbBrX33vzCr
Sh2cHS3cMEqWG7/aGXM4n3v4FpHqAYkDZhMQZ2ub644NYsl8nLHt
-----END CERTIFICATE-----