Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/oEbBV7xx5_jwLtoklKva4-Dg2v8.roa
File:                     oEbBV7xx5_jwLtoklKva4-Dg2v8.roa (raw, json)
Hash identifier:          i+aaCmiUXCVg0OPcM0SwO92pJsKLDZGoxx/fXdMrMgQ=
Subject key identifier:   A0:46:C1:57:BC:71:E7:F8:F0:2E:DA:24:94:AB:DA:E3:E0:E0:DA:FF
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019423D7EAF201AAEED2999A1D20EF15AA1D
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/oEbBV7xx5_jwLtoklKva4-Dg2v8.roa
Signing time:             Wed 01 Jan 2025 21:49:00 +0000
ROA not before:           Wed 01 Jan 2025 21:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211708
IP address blocks:        212.22.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:ea:f2:01:aa:ee:d2:99:9a:1d:20:ef:15:aa:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 21:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a046c157bc71e7f8f02eda2494abdae3e0e0daff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:10:ca:d8:b2:c7:04:ce:ec:48:57:84:98:11:
                    e7:09:38:bb:39:44:68:cb:23:bd:0b:4c:15:af:e4:
                    16:9f:e5:44:28:d3:44:54:0d:27:3c:c4:6b:4d:8a:
                    a4:cd:28:52:19:16:70:70:1b:da:6a:59:82:e4:f7:
                    82:83:a5:63:79:46:21:60:49:95:69:81:a2:88:20:
                    81:fb:e3:2e:b9:8d:18:e5:f0:67:9c:18:41:16:05:
                    78:91:3f:b6:cc:44:55:6e:7a:7e:e1:33:4f:0f:23:
                    24:33:02:34:6b:0b:fd:39:10:5f:54:e4:59:27:5e:
                    9c:ad:39:25:b2:bc:ae:f8:0a:b3:27:4e:d3:65:8b:
                    c3:a5:ee:d9:59:13:b4:5c:f6:9f:03:d2:67:a0:bb:
                    96:6b:2b:e3:e7:dd:16:8c:3e:6c:fb:f6:ce:9c:1e:
                    c1:62:1a:24:3b:5b:8d:1e:24:cc:ab:30:77:6e:52:
                    5b:6c:8c:8f:4a:19:8e:1e:04:3e:51:66:45:93:89:
                    98:82:da:32:d8:aa:d0:71:f0:30:42:b2:ec:cd:01:
                    c1:be:2f:93:ab:f8:63:d8:76:70:f6:65:5d:cc:80:
                    c6:7a:1b:b6:c3:9a:fa:44:45:b1:60:70:75:87:b7:
                    86:f2:d9:3d:28:39:51:62:34:d5:80:81:96:9f:64:
                    f4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:46:C1:57:BC:71:E7:F8:F0:2E:DA:24:94:AB:DA:E3:E0:E0:DA:FF
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/oEbBV7xx5_jwLtoklKva4-Dg2v8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:8e:8c:9c:31:53:8d:69:39:7a:ae:e0:50:91:20:fc:29:65:
         f0:bc:b7:70:92:72:27:67:cb:f5:b4:c0:4d:51:ba:6d:ed:93:
         92:24:3f:7a:81:16:2f:4b:3d:4b:6c:c6:3b:92:28:ad:c7:a5:
         af:de:5a:84:39:0a:61:cf:5d:1d:90:f2:28:5c:5c:56:14:8f:
         71:8d:07:00:fb:36:b8:48:72:f9:ed:e1:d4:7c:af:78:0e:29:
         75:ca:68:bc:97:39:33:04:4f:62:9c:ce:bc:60:c7:12:c1:d9:
         50:b5:51:b6:c8:76:e0:5d:b7:1b:96:d9:cb:00:b3:dc:04:2e:
         67:07:87:18:2d:a0:27:ad:76:3d:be:55:96:24:b7:c7:30:52:
         f9:79:55:cf:f8:be:8e:df:cf:12:44:52:a1:47:7b:c4:93:e1:
         48:58:32:c0:7a:be:6d:83:96:85:9f:7a:30:31:93:97:a0:1d:
         fb:f2:8d:01:b3:00:41:cf:54:83:c8:81:eb:42:59:83:17:16:
         9f:ba:c2:fa:ac:74:96:b3:c8:c1:0c:95:a0:0e:3f:4e:84:e0:
         96:2a:65:04:24:11:02:74:dd:53:f5:59:33:0c:c3:ad:56:8a:
         11:c8:ca:13:a7:ab:7d:d6:26:d8:c9:f4:e6:e8:f3:89:41:2c:
         76:94:30:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+ryAaru0pmaHSDvFaodMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwMTAxMjE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDQ2YzE1N2JjNzFlN2Y4ZjAyZWRhMjQ5NGFiZGFlM2UwZTBkYWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthDK2LLHBM7sSFeEmBHnCTi7OURo
yyO9C0wVr+QWn+VEKNNEVA0nPMRrTYqkzShSGRZwcBvaalmC5PeCg6VjeUYhYEmV
aYGiiCCB++MuuY0Y5fBnnBhBFgV4kT+2zERVbnp+4TNPDyMkMwI0awv9ORBfVORZ
J16crTklsryu+AqzJ07TZYvDpe7ZWRO0XPafA9JnoLuWayvj590WjD5s+/bOnB7B
YhokO1uNHiTMqzB3blJbbIyPShmOHgQ+UWZFk4mYgtoy2KrQcfAwQrLszQHBvi+T
q/hj2HZw9mVdzIDGehu2w5r6REWxYHB1h7eG8tk9KDlRYjTVgIGWn2T0AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBGwVe8cef48C7aJJSr2uPg4Nr/MB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvb0ViQlY3eHg1X2p3THRva2xLdmE0LURnMnY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZYMA0G
CSqGSIb3DQEBCwUAA4IBAQAxjoycMVONaTl6ruBQkSD8KWXwvLdwknInZ8v1tMBN
Ubpt7ZOSJD96gRYvSz1LbMY7kiitx6Wv3lqEOQphz10dkPIoXFxWFI9xjQcA+za4
SHL57eHUfK94Dil1ymi8lzkzBE9inM68YMcSwdlQtVG2yHbgXbcbltnLALPcBC5n
B4cYLaAnrXY9vlWWJLfHMFL5eVXP+L6O388SRFKhR3vEk+FIWDLAer5tg5aFn3ow
MZOXoB378o0BswBBz1SDyIHrQlmDFxafusL6rHSWs8jBDJWgDj9OhOCWKmUEJBEC
dN1T9VkzDMOtVooRyMoTp6t91ibYyfTm6POJQSx2lDCH
-----END CERTIFICATE-----