Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hBX756wED99f0RilnQvkXHYmkbE.roa
File:                     hBX756wED99f0RilnQvkXHYmkbE.roa (raw, json)
Hash identifier:          3djpbFQeiN7V/Bl3SU4HxFpSP++N7HFxzoGc74DZ2tc=
Subject key identifier:   84:15:FB:E7:AC:04:0F:DF:5F:D1:18:A5:9D:0B:E4:5C:76:26:91:B1
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019441033EADF7979D49670D2495CA8540DB
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hBX756wED99f0RilnQvkXHYmkbE.roa
Signing time:             Tue 07 Jan 2025 13:45:19 +0000
ROA not before:           Tue 07 Jan 2025 13:45:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29066
IP address blocks:        212.192.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:41:03:3e:ad:f7:97:9d:49:67:0d:24:95:ca:85:40:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  7 13:45:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8415fbe7ac040fdf5fd118a59d0be45c762691b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ea:1a:c9:06:03:7a:3c:e9:a0:34:e6:4c:ea:
                    7c:c3:95:77:97:1f:68:ad:92:ef:1f:7a:bf:ef:8c:
                    b3:7a:75:69:9d:74:27:09:cb:5e:47:12:a2:55:d4:
                    d0:98:75:f3:e4:ed:d0:51:46:34:0f:74:8f:4a:f0:
                    71:80:6a:1a:fc:82:c2:ca:e9:3b:7a:39:34:50:d0:
                    4b:a1:8a:28:7e:36:1d:d1:83:e5:b5:2e:06:92:1b:
                    4b:0a:9c:90:e7:2c:b0:3f:07:16:8a:5b:4e:cc:b5:
                    6d:75:fa:96:53:de:e9:05:60:25:10:2f:f9:60:2d:
                    5a:ae:9d:f5:0d:da:56:d6:ed:8a:a6:65:ae:08:7d:
                    2e:56:f9:c2:a4:ad:d4:66:c3:51:4a:87:a6:0e:60:
                    56:d1:58:d2:83:4b:14:da:9d:cc:5c:fb:6e:3b:d5:
                    5b:49:c7:38:d9:09:30:ee:a7:07:67:69:5e:1c:ab:
                    0a:54:a8:31:62:f1:14:5d:88:8f:81:a8:14:82:4a:
                    0e:90:4f:27:01:52:06:c4:84:a8:62:b1:c9:70:ef:
                    f7:91:87:60:1a:14:1b:27:d5:fd:c7:91:5d:11:b4:
                    18:b6:8d:b7:49:29:b9:51:42:0c:6a:a2:de:a2:d4:
                    e1:69:ac:e3:79:97:c9:66:43:61:47:39:ae:e3:3b:
                    c4:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:15:FB:E7:AC:04:0F:DF:5F:D1:18:A5:9D:0B:E4:5C:76:26:91:B1
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hBX756wED99f0RilnQvkXHYmkbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:f5:b6:cb:a0:01:8c:b7:48:5a:32:fb:01:07:1f:ad:90:6e:
         2d:80:a8:e6:03:be:8b:43:5b:b6:54:2f:86:94:d0:cb:e8:58:
         a2:d3:5e:27:74:05:3b:d2:79:5a:e3:08:54:bd:0e:cb:68:4a:
         6c:43:29:30:af:41:30:c9:09:8b:8c:2f:9e:cf:ce:8b:84:92:
         72:b9:8e:ac:df:cc:e9:f7:2e:73:a2:f1:da:2a:36:f5:c7:bd:
         a9:30:c6:40:3e:7a:df:93:5b:cf:af:a8:d9:d7:e0:e6:96:52:
         a1:8d:ed:0e:c0:6e:24:0e:26:ed:ed:79:ca:78:c4:25:93:d8:
         8d:bf:a3:42:02:66:cf:e4:18:f2:12:af:1b:38:60:1d:f8:d1:
         a4:8c:1b:26:9c:55:11:fc:bc:4f:8d:5b:1a:e9:cb:b6:0e:21:
         cb:f9:26:9e:7c:d8:6a:3b:e2:a2:f2:4f:95:8c:58:0d:31:24:
         ca:55:10:72:78:d2:5c:c3:65:fa:0a:ce:91:b6:be:75:cd:11:
         e1:80:41:08:09:09:e8:43:40:b5:d7:66:e5:7c:1c:73:84:25:
         d0:13:9e:d9:5f:5d:cc:9a:f5:b0:7d:06:a7:5c:7b:78:8a:55:
         c6:60:34:0c:99:e8:44:27:b0:f0:cf:36:1f:48:d4:a3:1b:ab:
         92:d4:87:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRBAz6t95edSWcNJJXKhUDbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTA3MTM0NTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDE1ZmJlN2FjMDQwZmRmNWZkMTE4YTU5ZDBiZTQ1Yzc2MjY5MWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eoayQYDejzpoDTmTOp8w5V3lx9o
rZLvH3q/74yzenVpnXQnCcteRxKiVdTQmHXz5O3QUUY0D3SPSvBxgGoa/ILCyuk7
ejk0UNBLoYoofjYd0YPltS4GkhtLCpyQ5yywPwcWiltOzLVtdfqWU97pBWAlEC/5
YC1arp31DdpW1u2KpmWuCH0uVvnCpK3UZsNRSoemDmBW0VjSg0sU2p3MXPtuO9Vb
Scc42Qkw7qcHZ2leHKsKVKgxYvEUXYiPgagUgkoOkE8nAVIGxISoYrHJcO/3kYdg
GhQbJ9X9x5FdEbQYto23SSm5UUIMaqLeotThaazjeZfJZkNhRzmu4zvEuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQV++esBA/fX9EYpZ0L5Fx2JpGxMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvaEJYNzU2d0VEOTlmMFJpbG5RdmtYSFlta2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MAWMA0G
CSqGSIb3DQEBCwUAA4IBAQB19bbLoAGMt0haMvsBBx+tkG4tgKjmA76LQ1u2VC+G
lNDL6Fii014ndAU70nla4whUvQ7LaEpsQykwr0EwyQmLjC+ez86LhJJyuY6s38zp
9y5zovHaKjb1x72pMMZAPnrfk1vPr6jZ1+DmllKhje0OwG4kDibt7XnKeMQlk9iN
v6NCAmbP5BjyEq8bOGAd+NGkjBsmnFUR/LxPjVsa6cu2DiHL+SaefNhqO+Ki8k+V
jFgNMSTKVRByeNJcw2X6Cs6Rtr51zRHhgEEICQnoQ0C112blfBxzhCXQE57ZX13M
mvWwfQanXHt4ilXGYDQMmehEJ7DwzzYfSNSjG6uS1IcJ
-----END CERTIFICATE-----