Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/IRskINg41VtTIRpf8KUQyejfOZ4.roa
File:                     IRskINg41VtTIRpf8KUQyejfOZ4.roa (raw, json)
Hash identifier:          gqvze0bjn5WFe15kL+WtLc59rxWgOyihFu31fqipvOk=
Subject key identifier:   21:1B:24:20:D8:38:D5:5B:53:21:1A:5F:F0:A5:10:C9:E8:DF:39:9E
Certificate issuer:       /CN=92253353ba649debee927998ba02c8614399f961
Certificate serial:       019424B31A18BE4FFB6E1AA5B574CDCC001F
Authority key identifier: 92:25:33:53:BA:64:9D:EB:EE:92:79:98:BA:02:C8:61:43:99:F9:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/IRskINg41VtTIRpf8KUQyejfOZ4.roa
Signing time:             Thu 02 Jan 2025 01:48:24 +0000
ROA not before:           Thu 02 Jan 2025 01:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49367
IP address blocks:        212.104.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:1a:18:be:4f:fb:6e:1a:a5:b5:74:cd:cc:00:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92253353ba649debee927998ba02c8614399f961
        Validity
            Not Before: Jan  2 01:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=211b2420d838d55b53211a5ff0a510c9e8df399e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bb:75:e6:c4:d5:b3:2b:d1:d0:db:2c:66:1b:
                    68:40:af:51:5b:b4:42:44:73:3c:92:1b:1f:89:6e:
                    e8:5b:e5:37:dd:84:46:69:b9:f8:9f:37:88:5f:74:
                    8b:13:f3:61:b5:6c:2e:c7:99:a6:41:21:31:19:b9:
                    7f:02:0b:83:01:cb:46:68:8c:2e:09:52:79:d1:2c:
                    5b:63:33:97:93:90:86:9f:04:a4:49:70:01:93:b2:
                    85:6b:15:1f:4b:d7:14:7f:aa:eb:93:a7:83:7b:34:
                    79:45:7e:38:eb:f9:2c:d1:d0:f7:6d:cc:09:60:14:
                    56:60:be:ae:31:ee:c6:15:7c:dd:08:67:c6:f7:e4:
                    86:84:42:d1:06:64:11:fe:53:a1:6a:2c:02:94:de:
                    72:60:77:33:0b:91:56:5d:6b:04:a1:40:79:94:9b:
                    1b:09:31:53:d2:0e:df:67:31:a2:94:60:3c:38:64:
                    78:1f:ff:6d:8e:0b:29:b6:af:c1:d0:9f:66:2f:b1:
                    6f:03:89:e0:2b:a7:04:15:8c:e4:c0:b5:1c:cb:a0:
                    30:2f:ad:d6:2f:d7:cd:7e:5e:60:72:11:4a:6f:08:
                    fd:e0:69:d0:12:76:9d:a8:36:5b:66:2f:be:2d:ca:
                    31:d1:de:7c:a7:57:4d:3a:4f:c2:93:72:38:d6:1d:
                    21:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:1B:24:20:D8:38:D5:5B:53:21:1A:5F:F0:A5:10:C9:E8:DF:39:9E
            X509v3 Authority Key Identifier:
                keyid:92:25:33:53:BA:64:9D:EB:EE:92:79:98:BA:02:C8:61:43:99:F9:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/IRskINg41VtTIRpf8KUQyejfOZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.104.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:27:36:11:d5:65:a8:6e:7a:04:7f:b1:df:c5:d8:6f:17:14:
         97:67:34:1c:e8:ca:12:5c:d7:ba:86:00:97:56:04:0c:d1:4d:
         9b:82:f3:b1:cf:04:64:51:0e:de:81:de:40:22:0d:19:60:1a:
         92:af:01:8f:1f:87:9e:81:5c:f7:d2:2a:aa:a2:fb:14:0d:c6:
         78:77:9e:a8:27:fb:d7:12:ce:70:d4:b4:6c:64:95:ee:4d:dd:
         5d:97:08:be:32:7b:41:3f:0a:62:bb:26:7d:38:63:82:ba:82:
         b5:a7:2a:9c:83:f0:93:f8:a8:cf:40:25:d3:c1:dc:98:c9:32:
         a0:43:a5:61:c6:79:9d:11:74:f2:d8:99:8f:97:60:51:85:89:
         1f:ad:39:1d:5d:25:0e:15:d8:d4:4b:f7:99:e5:ac:6c:46:43:
         0c:79:fb:ac:66:0c:df:3f:46:44:55:f3:53:6f:39:55:b2:42:
         9e:e8:0d:69:c1:04:25:a8:4b:8a:a5:f9:d1:02:2e:8d:6b:4c:
         ad:b6:54:6b:ed:3f:57:04:0d:af:81:24:82:21:ae:e6:f3:78:
         8d:74:67:ae:ab:6b:06:97:92:fd:73:8f:7c:a7:2f:cf:5a:dc:
         9f:3e:e2:e2:cf:8f:d6:bd:6b:f4:7b:31:80:73:41:1d:70:d3:
         ec:20:c9:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksxoYvk/7bhqltXTNzAAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjUzMzUzYmE2NDlkZWJlZTkyNzk5OGJhMDJjODYxNDM5
OWY5NjEwHhcNMjUwMTAyMDE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTFiMjQyMGQ4MzhkNTViNTMyMTFhNWZmMGE1MTBjOWU4ZGYzOTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07t15sTVsyvR0NssZhtoQK9RW7RC
RHM8khsfiW7oW+U33YRGabn4nzeIX3SLE/NhtWwux5mmQSExGbl/AguDActGaIwu
CVJ50SxbYzOXk5CGnwSkSXABk7KFaxUfS9cUf6rrk6eDezR5RX446/ks0dD3bcwJ
YBRWYL6uMe7GFXzdCGfG9+SGhELRBmQR/lOhaiwClN5yYHczC5FWXWsEoUB5lJsb
CTFT0g7fZzGilGA8OGR4H/9tjgsptq/B0J9mL7FvA4ngK6cEFYzkwLUcy6AwL63W
L9fNfl5gchFKbwj94GnQEnadqDZbZi++Lcox0d58p1dNOk/Ck3I41h0hYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEbJCDYONVbUyEaX/ClEMno3zmeMB8GA1UdIwQY
MBaAFJIlM1O6ZJ3r7pJ5mLoCyGFDmflhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lVelU3cGtuZXZ1a25tWXVnTElZVU9aLVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80NTNhZTMtZjIyNy00ZTBkLWJkMDYt
Njk5N2IyNTc5YTM0LzEvSVJza0lOZzQxVnRUSVJwZjhLVVF5ZWpmT1o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80NTNhZTMtZjIyNy00ZTBkLWJkMDYtNjk5N2IyNTc5YTM0
LzEva2lVelU3cGtuZXZ1a25tWXVnTElZVU9aLVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GiFMA0G
CSqGSIb3DQEBCwUAA4IBAQBQJzYR1WWobnoEf7HfxdhvFxSXZzQc6MoSXNe6hgCX
VgQM0U2bgvOxzwRkUQ7egd5AIg0ZYBqSrwGPH4eegVz30iqqovsUDcZ4d56oJ/vX
Es5w1LRsZJXuTd1dlwi+MntBPwpiuyZ9OGOCuoK1pyqcg/CT+KjPQCXTwdyYyTKg
Q6VhxnmdEXTy2JmPl2BRhYkfrTkdXSUOFdjUS/eZ5axsRkMMefusZgzfP0ZEVfNT
bzlVskKe6A1pwQQlqEuKpfnRAi6Na0yttlRr7T9XBA2vgSSCIa7m83iNdGeuq2sG
l5L9c498py/PWtyfPuLiz4/WvWv0ezGAc0EdcNPsIMkj
-----END CERTIFICATE-----