Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/jN3YKyZr7fLBbaM-ys_51VKLM4I.roa
File:                     jN3YKyZr7fLBbaM-ys_51VKLM4I.roa (raw, json)
Hash identifier:          /Z7rTH+6bXmxYBkfBLPrrW+aXm6fTfnVD3Lj/2mMT08=
Subject key identifier:   8C:DD:D8:2B:26:6B:ED:F2:C1:6D:A3:3E:CA:CF:F9:D5:52:8B:33:82
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019420D62459416366055F9190F4CD76751B
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/jN3YKyZr7fLBbaM-ys_51VKLM4I.roa
Signing time:             Wed 01 Jan 2025 07:48:12 +0000
ROA not before:           Wed 01 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197289
IP address blocks:        212.107.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:24:59:41:63:66:05:5f:91:90:f4:cd:76:75:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: Jan  1 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cddd82b266bedf2c16da33ecacff9d5528b3382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:45:45:80:8e:1f:7a:7e:d7:c6:6c:ac:15:57:
                    b7:0e:ae:84:8c:c8:78:a3:67:5f:b9:57:74:bd:f0:
                    2e:5e:f8:9a:27:94:6f:98:77:23:cc:6d:7f:f3:3d:
                    8d:02:57:1a:2a:a3:15:61:bd:35:99:34:a6:4b:84:
                    ee:6b:b4:21:9b:e8:4f:7e:ce:c9:f5:18:e2:6a:81:
                    ef:69:ae:80:d9:5d:73:b8:06:7b:3c:1c:07:be:a0:
                    dd:9f:01:42:54:17:c3:7f:49:47:f6:a6:19:97:08:
                    34:34:de:81:99:86:c4:d7:6f:b6:17:89:7b:a5:24:
                    2f:5c:da:46:91:01:4d:a0:b1:12:22:45:90:eb:46:
                    51:89:00:13:3e:02:08:92:4f:18:0d:05:fc:55:db:
                    6a:0c:ff:18:ba:ac:98:06:1c:72:17:cd:26:6d:fa:
                    47:af:ef:03:50:95:0e:ab:20:4d:19:06:3d:07:1d:
                    12:db:8a:fe:5c:37:c7:a9:0d:34:bd:ac:fb:6c:25:
                    70:1d:22:f7:bf:42:a2:6f:58:c6:01:e9:ca:01:d9:
                    91:7e:b7:ad:8a:28:ff:01:1a:b6:77:6a:27:b8:c0:
                    60:8d:ed:c9:7c:3c:9a:0d:ab:f9:1f:7f:18:c0:47:
                    5d:8f:17:27:c8:97:b5:97:92:bd:32:56:51:51:f4:
                    e1:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:DD:D8:2B:26:6B:ED:F2:C1:6D:A3:3E:CA:CF:F9:D5:52:8B:33:82
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/jN3YKyZr7fLBbaM-ys_51VKLM4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.107.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:c2:aa:b4:1f:06:3f:c7:1d:49:66:ee:58:40:00:a1:83:97:
         d5:a1:28:53:0e:fe:5b:bf:8a:e6:ad:34:2d:da:6d:55:fa:9a:
         ab:d7:22:de:eb:45:c4:a2:6e:0f:26:fe:b3:e0:ba:77:c6:54:
         5d:8c:c6:9f:6a:05:ec:a5:f3:25:17:72:8a:4c:ff:71:07:0c:
         a8:79:0a:2d:e3:47:bf:8b:ef:7a:e1:52:ea:00:22:e9:70:a6:
         5d:f0:b5:a0:c2:15:9d:d4:dd:3b:b7:5d:21:1e:d0:61:79:bb:
         10:57:9d:9e:c5:36:69:08:c6:ca:c6:54:83:8c:2e:aa:f1:ef:
         b6:95:e7:50:ed:fa:05:bb:fb:b5:db:27:a0:80:85:9a:cd:e8:
         bc:e1:5a:6d:1b:14:b5:83:4d:3e:4f:3f:56:53:ca:05:97:f9:
         d9:35:72:fd:f7:f1:1b:90:17:ec:50:ce:fa:0b:65:0e:88:85:
         73:4d:45:01:82:10:89:92:7c:71:2b:26:87:66:6d:9e:31:3e:
         bb:32:2f:21:59:79:54:c6:7e:b2:b8:9b:d0:a7:34:1d:c9:3d:
         18:2a:40:be:98:d7:ea:58:72:81:d1:c7:4b:bd:1f:4f:a3:51:
         06:6a:81:b2:82:1b:3e:9e:34:05:0f:b7:11:5d:4a:f7:b1:9e:
         27:06:a6:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1iRZQWNmBV+RkPTNdnUbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjUwMTAxMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2RkZDgyYjI2NmJlZGYyYzE2ZGEzM2VjYWNmZjlkNTUyOGIzMzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUVFgI4fen7XxmysFVe3Dq6EjMh4
o2dfuVd0vfAuXviaJ5RvmHcjzG1/8z2NAlcaKqMVYb01mTSmS4Tua7Qhm+hPfs7J
9RjiaoHvaa6A2V1zuAZ7PBwHvqDdnwFCVBfDf0lH9qYZlwg0NN6BmYbE12+2F4l7
pSQvXNpGkQFNoLESIkWQ60ZRiQATPgIIkk8YDQX8VdtqDP8YuqyYBhxyF80mbfpH
r+8DUJUOqyBNGQY9Bx0S24r+XDfHqQ00vaz7bCVwHSL3v0Kib1jGAenKAdmRfret
iij/ARq2d2onuMBgje3JfDyaDav5H38YwEddjxcnyJe1l5K9MlZRUfThoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzd2Csma+3ywW2jPsrP+dVSizOCMB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvak4zWUt5WnI3ZkxCYmFNLXlzXzUxVktMTTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1Gs0MA0G
CSqGSIb3DQEBCwUAA4IBAQAuwqq0HwY/xx1JZu5YQAChg5fVoShTDv5bv4rmrTQt
2m1V+pqr1yLe60XEom4PJv6z4Lp3xlRdjMafagXspfMlF3KKTP9xBwyoeQot40e/
i+964VLqACLpcKZd8LWgwhWd1N07t10hHtBhebsQV52exTZpCMbKxlSDjC6q8e+2
ledQ7foFu/u12yeggIWazei84VptGxS1g00+Tz9WU8oFl/nZNXL99/EbkBfsUM76
C2UOiIVzTUUBghCJknxxKyaHZm2eMT67Mi8hWXlUxn6yuJvQpzQdyT0YKkC+mNfq
WHKB0cdLvR9Po1EGaoGyghs+njQFD7cRXUr3sZ4nBqZq
-----END CERTIFICATE-----