Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/aKH8fqPHe8R2liostKpVkUXBe_g.roa
File:                     aKH8fqPHe8R2liostKpVkUXBe_g.roa (raw, json)
Hash identifier:          m9o9e5vF0yO4O4WdUCWYwnYdBqnXUgRsnmXxD8jWkXg=
Subject key identifier:   68:A1:FC:7E:A3:C7:7B:C4:76:96:2A:2C:B4:AA:55:91:45:C1:7B:F8
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0194258F8E643A0E4AB5FCB3748CFECAA76E
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/aKH8fqPHe8R2liostKpVkUXBe_g.roa
Signing time:             Thu 02 Jan 2025 05:49:12 +0000
ROA not before:           Thu 02 Jan 2025 05:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399618
IP address blocks:        212.111.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:8e:64:3a:0e:4a:b5:fc:b3:74:8c:fe:ca:a7:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 05:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68a1fc7ea3c77bc476962a2cb4aa559145c17bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:28:6a:02:df:60:b6:c9:07:72:e8:74:b1:73:
                    7b:83:93:d5:2c:a5:24:52:de:40:64:34:16:19:b5:
                    42:71:d8:ea:af:2d:c9:43:db:03:89:da:6c:7f:14:
                    dc:6a:55:70:81:e8:3b:e4:9e:83:41:5f:3a:3b:d0:
                    e4:53:85:d2:11:0e:cd:2c:75:05:c2:71:f6:01:73:
                    f7:ee:d4:ea:6a:df:d8:64:53:5f:3b:15:54:e8:1d:
                    bc:24:2f:96:bc:43:ac:15:23:f4:57:8d:7e:49:ef:
                    cb:66:47:9a:34:1d:d9:6a:48:54:3e:cb:ad:9d:7d:
                    a3:6b:4f:47:aa:34:a6:f2:22:44:1c:fd:de:dd:2a:
                    83:35:28:16:ae:25:74:15:ea:42:73:37:09:f2:8e:
                    70:fe:cc:be:62:fa:42:93:10:11:55:83:44:a6:2d:
                    2e:3e:ab:74:ac:97:7a:f8:ba:31:9a:57:e6:9c:9a:
                    fa:1e:61:33:10:f3:44:28:13:07:d1:a9:61:9a:cc:
                    1a:bb:52:7b:b0:8a:b3:21:d3:2b:28:13:30:39:89:
                    6d:0e:1b:7c:6b:a2:82:2b:94:c8:21:26:4a:4a:28:
                    5f:81:9d:aa:c7:92:41:34:92:64:0c:1e:d1:0b:a8:
                    3a:3e:99:b2:9c:8b:01:a8:61:b3:82:d9:41:a5:a3:
                    64:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A1:FC:7E:A3:C7:7B:C4:76:96:2A:2C:B4:AA:55:91:45:C1:7B:F8
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/aKH8fqPHe8R2liostKpVkUXBe_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:ea:61:88:73:eb:ca:56:bd:af:06:2f:7d:be:64:ac:ab:e9:
         a4:06:d9:ab:07:ec:3f:67:06:60:2f:36:fe:49:05:11:f7:37:
         b6:93:f0:80:d3:8e:40:b4:05:67:bc:0d:a7:3e:8c:ad:2c:cc:
         56:58:7a:1a:63:f7:b9:a6:e6:ae:5e:9d:4c:17:36:a4:63:3f:
         b5:1e:26:b8:27:1a:2b:38:fc:be:f7:a0:b0:ce:b2:37:7f:93:
         e8:d7:b7:42:26:77:26:7a:23:4f:94:0d:56:03:52:1a:37:49:
         4e:d0:d3:b1:08:6a:f7:a0:d7:62:ac:c2:65:ce:fa:a2:80:4b:
         94:cf:0f:dd:de:99:ce:82:00:12:c7:79:87:00:b5:b2:28:43:
         94:d8:2d:3d:30:a3:c8:07:48:71:bf:81:1e:07:43:92:34:4c:
         95:ec:03:eb:2c:65:e3:1c:bc:c2:d4:9a:42:18:64:b6:18:a2:
         42:52:22:1f:8a:ec:62:25:df:63:fe:4b:13:2f:61:53:73:a1:
         b2:a4:cb:6b:cf:94:71:0a:34:63:b7:dd:bb:ae:1a:12:2e:e2:
         ec:25:4c:31:41:00:48:5f:40:d1:db:2a:49:4d:2b:50:c5:ca:
         3f:81:d8:44:f5:72:bb:f8:80:c4:b9:71:36:51:be:1d:fd:54:
         c4:cc:34:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj45kOg5KtfyzdIz+yqduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMTAyMDU0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGExZmM3ZWEzYzc3YmM0NzY5NjJhMmNiNGFhNTU5MTQ1YzE3YmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ChqAt9gtskHcuh0sXN7g5PVLKUk
Ut5AZDQWGbVCcdjqry3JQ9sDidpsfxTcalVwgeg75J6DQV86O9DkU4XSEQ7NLHUF
wnH2AXP37tTqat/YZFNfOxVU6B28JC+WvEOsFSP0V41+Se/LZkeaNB3ZakhUPsut
nX2ja09HqjSm8iJEHP3e3SqDNSgWriV0FepCczcJ8o5w/sy+YvpCkxARVYNEpi0u
Pqt0rJd6+LoxmlfmnJr6HmEzEPNEKBMH0alhmswau1J7sIqzIdMrKBMwOYltDht8
a6KCK5TIISZKSihfgZ2qx5JBNJJkDB7RC6g6PpmynIsBqGGzgtlBpaNkPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGih/H6jx3vEdpYqLLSqVZFFwXv4MB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvYUtIOGZxUEhlOFIybGlvc3RLcFZrVVhCZV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G/WMA0G
CSqGSIb3DQEBCwUAA4IBAQBN6mGIc+vKVr2vBi99vmSsq+mkBtmrB+w/ZwZgLzb+
SQUR9ze2k/CA045AtAVnvA2nPoytLMxWWHoaY/e5puauXp1MFzakYz+1Hia4Jxor
OPy+96CwzrI3f5Po17dCJncmeiNPlA1WA1IaN0lO0NOxCGr3oNdirMJlzvqigEuU
zw/d3pnOggASx3mHALWyKEOU2C09MKPIB0hxv4EeB0OSNEyV7APrLGXjHLzC1JpC
GGS2GKJCUiIfiuxiJd9j/ksTL2FTc6GypMtrz5RxCjRjt927rhoSLuLsJUwxQQBI
X0DR2ypJTStQxco/gdhE9XK7+IDEuXE2Ub4d/VTEzDTX
-----END CERTIFICATE-----