Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/IM3jkTphC9VARelZMzYXbS6OoOk.roa
File:                     IM3jkTphC9VARelZMzYXbS6OoOk.roa (raw, json)
Hash identifier:          OSTpwFaAnjf89a8v2pPip+6H79PMOvZ32w9oktsxC38=
Subject key identifier:   20:CD:E3:91:3A:61:0B:D5:40:45:E9:59:33:36:17:6D:2E:8E:A0:E9
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228D990C8F21345984184F690E28B912
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/IM3jkTphC9VARelZMzYXbS6OoOk.roa
Signing time:             Wed 01 Jan 2025 15:48:12 +0000
ROA not before:           Wed 01 Jan 2025 15:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31307
IP address blocks:        212.252.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:99:0c:8f:21:34:59:84:18:4f:69:0e:28:b9:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20cde3913a610bd54045e9593336176d2e8ea0e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:4b:d6:c9:4b:c3:a9:4e:45:11:49:84:c5:fd:
                    f8:f2:91:55:f9:58:5b:9b:7a:17:d5:9f:54:6a:2a:
                    b3:e6:44:59:c7:80:9b:f8:e7:d2:0c:6a:cb:0d:d6:
                    6d:6d:ad:67:aa:b3:96:5d:27:86:e9:76:f1:e6:61:
                    ea:13:c5:a0:a4:dd:e2:7f:68:50:97:ff:bc:a0:cc:
                    ab:81:56:1a:b9:ee:3b:da:9f:db:30:3a:3e:89:56:
                    af:0b:61:35:38:c1:2c:0d:52:2c:ef:85:d1:60:05:
                    47:e1:d5:39:01:fb:f2:ab:6f:6c:aa:ca:63:5c:d9:
                    10:03:4f:b7:a9:be:bd:32:f5:76:cc:a1:47:ec:1b:
                    32:ba:f1:c7:2c:27:c5:1c:34:48:94:64:5c:f0:23:
                    44:58:cd:fd:0b:05:a0:2e:59:04:5b:ba:84:bc:62:
                    fc:d5:11:21:43:5c:af:47:6b:46:fb:1c:9d:df:15:
                    57:4d:67:cb:66:5b:ae:be:a2:bb:54:13:c0:57:79:
                    a0:f2:95:bc:64:b5:46:1b:b3:74:e0:a0:c4:50:e2:
                    d1:d7:98:88:8e:d0:58:42:f3:cb:7e:15:d8:72:95:
                    4f:fd:33:7c:3d:e6:c1:42:5f:20:ed:c7:c7:2d:fe:
                    50:44:e5:01:f3:ba:f0:62:c1:7d:ec:32:c0:d3:ac:
                    f2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:CD:E3:91:3A:61:0B:D5:40:45:E9:59:33:36:17:6D:2E:8E:A0:E9
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/IM3jkTphC9VARelZMzYXbS6OoOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.252.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c8:fe:58:72:2b:4b:85:7c:72:bb:8d:0a:7a:cc:3f:48:97:
         15:0b:1e:2c:5b:e4:14:26:19:f8:35:37:8b:ae:30:1a:7a:f3:
         cb:60:a3:b5:18:f9:6e:bf:13:2f:2d:c9:96:99:b8:5c:f4:f5:
         ce:47:ee:e6:00:80:b2:60:ac:75:ec:9f:6b:71:83:7a:db:9c:
         56:75:bd:ee:e6:48:89:16:af:c0:0b:86:61:dc:01:d3:0f:19:
         7b:05:11:f1:ac:f2:08:39:c6:bc:3a:d4:ed:97:47:5b:88:ee:
         9f:38:a4:dc:8f:e8:d1:6c:3f:67:4e:25:1d:3c:86:a5:da:30:
         73:d8:db:82:44:60:ee:f7:1f:95:d2:89:ad:57:31:09:a0:da:
         28:4e:1e:4f:7e:9a:6f:77:5f:1b:65:98:9f:d8:cc:9f:a9:63:
         ed:91:28:9d:a4:df:b5:4d:22:33:a5:af:74:34:ae:5c:9e:0a:
         94:22:fe:c2:a7:e0:cf:6c:e1:c9:84:d1:86:d4:1d:75:23:9b:
         59:39:bd:cc:53:d0:be:ab:ce:c4:ba:93:8a:6e:16:b7:28:56:
         ca:2b:7c:e7:da:d1:07:21:fc:c4:b6:c1:1b:d9:33:0f:e2:ed:
         63:9f:39:5e:67:8f:8c:c8:be:60:21:6d:ed:11:7f:a3:f6:80:
         01:29:94:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZkMjyE0WYQYT2kOKLkSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGNkZTM5MTNhNjEwYmQ1NDA0NWU5NTkzMzM2MTc2ZDJlOGVhMGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0vWyUvDqU5FEUmExf348pFV+Vhb
m3oX1Z9Uaiqz5kRZx4Cb+OfSDGrLDdZtba1nqrOWXSeG6Xbx5mHqE8WgpN3if2hQ
l/+8oMyrgVYaue472p/bMDo+iVavC2E1OMEsDVIs74XRYAVH4dU5Afvyq29sqspj
XNkQA0+3qb69MvV2zKFH7BsyuvHHLCfFHDRIlGRc8CNEWM39CwWgLlkEW7qEvGL8
1REhQ1yvR2tG+xyd3xVXTWfLZluuvqK7VBPAV3mg8pW8ZLVGG7N04KDEUOLR15iI
jtBYQvPLfhXYcpVP/TN8PebBQl8g7cfHLf5QROUB87rwYsF97DLA06zyiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDN45E6YQvVQEXpWTM2F20ujqDpMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvSU0zamtUcGhDOVZBUmVsWk16WVhiUzZPb09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1PzEMA0G
CSqGSIb3DQEBCwUAA4IBAQAfyP5YcitLhXxyu40Kesw/SJcVCx4sW+QUJhn4NTeL
rjAaevPLYKO1GPluvxMvLcmWmbhc9PXOR+7mAICyYKx17J9rcYN625xWdb3u5kiJ
Fq/AC4Zh3AHTDxl7BRHxrPIIOca8OtTtl0dbiO6fOKTcj+jRbD9nTiUdPIal2jBz
2NuCRGDu9x+V0omtVzEJoNooTh5Pfppvd18bZZif2MyfqWPtkSidpN+1TSIzpa90
NK5cngqUIv7Cp+DPbOHJhNGG1B11I5tZOb3MU9C+q87EupOKbha3KFbKK3zn2tEH
IfzEtsEb2TMP4u1jnzleZ4+MyL5gIW3tEX+j9oABKZSD
-----END CERTIFICATE-----