Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/AAaiTjB1saRdCO-SUj5QC9Vm8PA.roa
File:                     AAaiTjB1saRdCO-SUj5QC9Vm8PA.roa (raw, json)
Hash identifier:          TVIOe+KfCUmamQmBNTI3SRl/ZRiS77vHXqt/12Vyqio=
Subject key identifier:   00:06:A2:4E:30:75:B1:A4:5D:08:EF:92:52:3E:50:0B:D5:66:F0:F0
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0195CE4F7AC3A0E1AEA0C5E79134AEF9C5C3
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/AAaiTjB1saRdCO-SUj5QC9Vm8PA.roa
Signing time:             Tue 25 Mar 2025 17:17:49 +0000
ROA not before:           Tue 25 Mar 2025 17:17:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        212.16.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 12:15:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ce:4f:7a:c3:a0:e1:ae:a0:c5:e7:91:34:ae:f9:c5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Mar 25 17:17:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0006a24e3075b1a45d08ef92523e500bd566f0f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:59:e5:cd:33:f7:af:91:d1:e3:a5:e3:23:f9:
                    b7:aa:3b:ab:34:c2:75:ea:62:20:be:f4:83:a7:35:
                    59:01:4a:71:03:7f:2d:8d:50:b0:d4:71:5b:c0:04:
                    ef:a2:56:48:6e:d3:88:9c:4f:eb:8b:ed:c5:6d:00:
                    1c:66:04:85:ed:9c:6d:ff:bb:9b:ec:9a:92:51:0b:
                    75:d0:df:bb:a4:64:c0:db:f3:50:ae:5d:f3:90:99:
                    e4:02:52:a1:8e:b5:86:33:38:30:44:c1:35:56:5e:
                    a5:32:8a:50:40:dc:19:ca:99:93:b7:1c:4c:95:7f:
                    0c:68:06:b5:19:14:ca:37:54:21:9f:85:63:cb:6e:
                    98:d7:ba:37:6a:f9:5b:69:8a:fc:27:31:6a:2c:a7:
                    11:40:3f:e0:7e:1b:ba:fe:98:ef:33:4f:1a:74:eb:
                    3d:e7:8c:14:ca:7e:91:77:db:6f:ce:0a:34:7e:b0:
                    e4:87:2f:b0:bc:25:fa:65:ea:4b:ca:0b:c9:dd:80:
                    c9:de:7c:56:ae:97:2d:9d:f6:e8:8d:3c:71:8f:6e:
                    04:b3:24:7b:dc:ec:32:33:b1:d7:bd:35:91:9c:9d:
                    ba:11:b5:1a:b7:29:a5:69:29:13:41:d4:ad:e4:90:
                    df:8a:2b:fb:33:27:90:a0:79:9d:4e:66:14:55:9a:
                    7e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:06:A2:4E:30:75:B1:A4:5D:08:EF:92:52:3E:50:0B:D5:66:F0:F0
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/AAaiTjB1saRdCO-SUj5QC9Vm8PA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:14:9b:c5:5c:a1:a0:e4:d8:ce:63:9b:62:b4:f6:19:da:03:
         eb:9e:0d:7b:c0:fa:68:a3:98:dc:e3:8c:0e:e4:21:67:5b:9b:
         94:fa:f8:cc:4a:a9:47:d2:f5:5f:de:79:76:d6:d8:f6:a8:db:
         fa:f5:03:52:9a:51:dc:19:47:3e:f2:ba:63:6f:7d:93:a4:e2:
         43:eb:3c:69:f9:da:0a:ea:22:90:28:a9:d4:79:ae:87:d0:ec:
         33:d4:b8:8c:ab:5d:d8:3d:cf:5a:23:a7:3d:02:5f:70:4a:09:
         0b:2b:72:0f:7c:52:c3:b7:09:ae:86:12:d1:2c:43:be:43:5e:
         68:ce:38:6c:22:3b:d1:54:1f:cf:cf:19:ce:32:5e:f2:2c:82:
         b0:fe:09:d3:2d:ef:b2:7c:15:c8:5a:81:16:be:98:ac:81:1a:
         97:12:70:5b:9e:7f:82:55:75:82:f7:ed:b7:8a:78:42:e3:b6:
         2a:16:ef:09:11:48:4f:c8:2b:8f:9e:22:d9:6a:27:27:a5:09:
         cf:18:98:c8:45:04:da:bc:bd:65:7f:df:8d:b0:45:2f:eb:fe:
         92:24:7f:1b:af:37:2d:c4:a8:7b:52:e6:32:e2:48:23:99:dc:
         42:76:43:05:8e:fb:d4:a0:a7:56:2c:57:8e:1d:93:85:24:5d:
         d4:7e:1d:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXOT3rDoOGuoMXnkTSu+cXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwMzI1MTcxNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDA2YTI0ZTMwNzViMWE0NWQwOGVmOTI1MjNlNTAwYmQ1NjZmMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4FnlzTP3r5HR46XjI/m3qjurNMJ1
6mIgvvSDpzVZAUpxA38tjVCw1HFbwATvolZIbtOInE/ri+3FbQAcZgSF7Zxt/7ub
7JqSUQt10N+7pGTA2/NQrl3zkJnkAlKhjrWGMzgwRME1Vl6lMopQQNwZypmTtxxM
lX8MaAa1GRTKN1Qhn4Vjy26Y17o3avlbaYr8JzFqLKcRQD/gfhu6/pjvM08adOs9
54wUyn6Rd9tvzgo0frDkhy+wvCX6ZepLygvJ3YDJ3nxWrpctnfbojTxxj24EsyR7
3OwyM7HXvTWRnJ26EbUatymlaSkTQdSt5JDfiiv7MyeQoHmdTmYUVZp+xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAGok4wdbGkXQjvklI+UAvVZvDwMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvQUFhaVRqQjFzYVJkQ08tU1VqNVFDOVZtOFBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BBcMA0G
CSqGSIb3DQEBCwUAA4IBAQBlFJvFXKGg5NjOY5titPYZ2gPrng17wPpoo5jc44wO
5CFnW5uU+vjMSqlH0vVf3nl21tj2qNv69QNSmlHcGUc+8rpjb32TpOJD6zxp+doK
6iKQKKnUea6H0Owz1LiMq13YPc9aI6c9Al9wSgkLK3IPfFLDtwmuhhLRLEO+Q15o
zjhsIjvRVB/PzxnOMl7yLIKw/gnTLe+yfBXIWoEWvpisgRqXEnBbnn+CVXWC9+23
inhC47YqFu8JEUhPyCuPniLZaicnpQnPGJjIRQTavL1lf9+NsEUv6/6SJH8brzct
xKh7UuYy4kgjmdxCdkMFjvvUoKdWLFeOHZOFJF3Ufh3C
-----END CERTIFICATE-----