Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/LEwFqapli5PxNuCUoQySFZJ8NTA.roa
File:                     LEwFqapli5PxNuCUoQySFZJ8NTA.roa (raw, json)
Hash identifier:          0bCoC8acOLS1UmGJWuUOLHXelEEtMHRmh0LXsAUSe4w=
Subject key identifier:   2C:4C:05:A9:AA:65:8B:93:F1:36:E0:94:A1:0C:92:15:92:7C:35:30
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228D9B9798685090C2DE291C04403478
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/LEwFqapli5PxNuCUoQySFZJ8NTA.roa
Signing time:             Wed 01 Jan 2025 15:48:13 +0000
ROA not before:           Wed 01 Jan 2025 15:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33960
IP address blocks:        212.252.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:9b:97:98:68:50:90:c2:de:29:1c:04:40:34:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c4c05a9aa658b93f136e094a10c9215927c3530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:38:c9:c4:c6:3a:de:7c:7c:d4:91:8f:a4:7e:
                    d4:ed:d6:56:a3:e8:f0:75:a2:3a:b6:12:7e:85:98:
                    91:c9:14:94:af:c0:0e:c3:49:2c:17:0b:a1:4e:8e:
                    23:4f:2f:c3:0b:59:08:3f:2e:c3:87:01:1d:41:5c:
                    3f:b8:ab:25:cb:8f:3e:89:af:fe:8b:eb:74:0e:f0:
                    b6:d6:a8:09:bc:0c:f9:39:58:03:b1:d9:de:3c:9e:
                    b2:f1:38:97:3d:9d:e8:f8:e0:88:be:54:d8:44:7a:
                    68:58:84:64:97:1e:5d:8c:27:bc:99:1d:aa:87:78:
                    16:87:60:eb:7e:e2:bc:e7:9d:3b:66:0c:99:d7:22:
                    6d:50:5f:be:32:4c:32:ba:b2:b7:3b:0f:b7:81:9b:
                    80:87:51:32:31:dd:8a:53:0d:3d:c4:d7:ee:fe:99:
                    2e:8d:da:db:dc:e3:1d:cc:82:f8:8e:f6:3c:37:e4:
                    95:ea:42:b6:8f:4b:93:9d:05:87:3f:29:f0:22:9a:
                    20:75:b0:d5:be:48:3a:98:c4:db:b9:1d:d8:d5:1c:
                    c3:7b:b7:a9:b7:1b:e8:d3:db:2d:a5:95:23:bc:38:
                    19:88:5d:ce:e4:82:7f:c7:b3:c9:e9:ed:98:00:ff:
                    bb:bc:a0:24:8b:7d:20:b7:8b:05:64:9b:e8:fe:3c:
                    20:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:4C:05:A9:AA:65:8B:93:F1:36:E0:94:A1:0C:92:15:92:7C:35:30
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/LEwFqapli5PxNuCUoQySFZJ8NTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.252.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:e7:ab:7a:3c:ff:33:39:de:a4:37:64:be:9d:53:09:1d:bc:
         ac:67:66:46:54:02:fb:26:20:c4:eb:89:cc:b1:e4:35:16:13:
         7b:31:c0:3e:cb:df:ad:cb:03:61:c6:3c:7f:2e:2e:49:ca:80:
         00:1e:dc:ce:77:f7:91:ad:32:58:d8:61:1f:c5:ad:ea:0c:11:
         85:f0:85:09:99:55:c7:b1:e5:c6:33:09:62:40:8b:92:26:93:
         3f:c5:bc:81:de:26:a1:97:45:96:f2:59:81:dd:ce:6c:af:94:
         fd:c9:22:8f:27:5a:f4:7b:62:a3:90:a4:f4:08:c8:a4:93:b4:
         9f:59:2e:33:e4:d2:d2:40:ee:77:05:db:22:53:3c:95:ad:69:
         c7:d3:fe:3b:8b:1f:59:c3:0a:ff:a8:31:7d:f4:33:53:14:94:
         ef:b8:37:38:7a:5f:d1:f5:21:ff:d8:db:ef:a5:35:f6:6c:a3:
         2c:b0:c0:d6:ff:a2:c5:aa:8e:23:d8:f7:d5:ce:51:31:67:38:
         b1:b5:b3:8a:05:0e:79:3b:f2:e1:4f:43:db:0a:74:70:26:cf:
         fb:38:67:3a:18:77:e5:71:0e:5f:3d:61:1a:ec:df:de:58:5c:
         f2:3c:38:c1:b7:40:32:b6:91:ce:15:b0:88:50:4a:cb:2e:99:
         4a:53:13:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZuXmGhQkMLeKRwEQDR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzRjMDVhOWFhNjU4YjkzZjEzNmUwOTRhMTBjOTIxNTkyN2MzNTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTjJxMY63nx81JGPpH7U7dZWo+jw
daI6thJ+hZiRyRSUr8AOw0ksFwuhTo4jTy/DC1kIPy7DhwEdQVw/uKsly48+ia/+
i+t0DvC21qgJvAz5OVgDsdnePJ6y8TiXPZ3o+OCIvlTYRHpoWIRklx5djCe8mR2q
h3gWh2DrfuK85507ZgyZ1yJtUF++MkwyurK3Ow+3gZuAh1EyMd2KUw09xNfu/pku
jdrb3OMdzIL4jvY8N+SV6kK2j0uTnQWHPynwIpogdbDVvkg6mMTbuR3Y1RzDe7ep
txvo09stpZUjvDgZiF3O5IJ/x7PJ6e2YAP+7vKAki30gt4sFZJvo/jwgFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxMBamqZYuT8TbglKEMkhWSfDUwMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvTEV3RnFhcGxpNVB4TnVDVW9ReVNGWko4TlRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1PzKMA0G
CSqGSIb3DQEBCwUAA4IBAQB156t6PP8zOd6kN2S+nVMJHbysZ2ZGVAL7JiDE64nM
seQ1FhN7McA+y9+tywNhxjx/Li5JyoAAHtzOd/eRrTJY2GEfxa3qDBGF8IUJmVXH
seXGMwliQIuSJpM/xbyB3iahl0WW8lmB3c5sr5T9ySKPJ1r0e2KjkKT0CMikk7Sf
WS4z5NLSQO53BdsiUzyVrWnH0/47ix9Zwwr/qDF99DNTFJTvuDc4el/R9SH/2Nvv
pTX2bKMssMDW/6LFqo4j2PfVzlExZzixtbOKBQ55O/LhT0PbCnRwJs/7OGc6GHfl
cQ5fPWEa7N/eWFzyPDjBt0AytpHOFbCIUErLLplKUxNb
-----END CERTIFICATE-----