Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/KbXum3tGxYpXO3QIbsz4v0Gc9YE.roa
File:                     KbXum3tGxYpXO3QIbsz4v0Gc9YE.roa (raw, json)
Hash identifier:          Xdbf5vp7RPXfCgiOaz1rHhCCOGhSA6vAYCYI/x90YU0=
Subject key identifier:   29:B5:EE:9B:7B:46:C5:8A:57:3B:74:08:6E:CC:F8:BF:41:9C:F5:81
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       019427B429568DBDAE48A58609BF57E384C9
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/KbXum3tGxYpXO3QIbsz4v0Gc9YE.roa
Signing time:             Thu 02 Jan 2025 15:48:25 +0000
ROA not before:           Thu 02 Jan 2025 15:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198622
IP address blocks:        213.252.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:29:56:8d:bd:ae:48:a5:86:09:bf:57:e3:84:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Jan  2 15:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29b5ee9b7b46c58a573b74086eccf8bf419cf581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:67:e0:70:66:c1:c4:0d:a5:05:95:4b:8a:07:
                    93:24:bd:ff:58:17:37:59:82:d3:76:e3:a3:03:61:
                    3d:85:65:3f:0d:0f:35:cf:34:64:86:81:4b:37:e1:
                    4e:76:3c:68:69:e9:00:84:1b:39:54:03:c3:03:96:
                    6a:49:9e:4c:2b:16:6a:b2:70:3a:15:2a:09:1d:75:
                    12:01:ef:72:34:15:91:bd:aa:5a:b0:22:3c:ef:2d:
                    75:af:ee:50:4d:d0:40:67:d8:4c:06:79:2e:fb:21:
                    bf:08:47:9e:26:f2:8a:bc:ae:22:f3:95:1a:e4:51:
                    fb:cb:a2:e0:01:c8:2f:15:0a:b8:20:b9:c7:d0:94:
                    f9:7a:2d:d6:3d:25:b1:40:66:dc:d5:e7:b3:b1:e7:
                    1e:d9:e6:39:ab:0a:5a:9a:5d:4c:ea:c1:f2:f1:ab:
                    ee:78:bb:ba:b3:ca:df:d6:34:1a:3a:da:88:f3:c9:
                    a8:82:dd:f5:e6:50:3f:f9:fa:f1:dd:bc:6c:ad:0d:
                    da:c5:c2:da:ce:f0:5f:0b:9f:6f:6d:75:2d:df:35:
                    f6:81:be:c7:d2:b8:d8:a8:26:89:b4:2f:50:bd:44:
                    3b:41:1c:68:e7:f4:b9:c9:7c:e2:7b:cf:0b:63:f6:
                    6b:96:b6:19:54:94:df:80:b0:ac:08:5a:71:e9:01:
                    53:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B5:EE:9B:7B:46:C5:8A:57:3B:74:08:6E:CC:F8:BF:41:9C:F5:81
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/KbXum3tGxYpXO3QIbsz4v0Gc9YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.252.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:8d:00:6a:04:f3:3f:a4:b8:7f:32:d9:96:99:13:06:d4:fe:
         27:0c:07:a3:48:a4:d7:2b:f0:f2:e7:67:35:48:db:fe:b7:b3:
         29:95:38:02:06:32:31:5a:06:ec:70:94:c8:4e:84:65:3c:9c:
         3b:0d:87:7d:5e:29:27:62:e4:56:44:1c:84:9c:c0:d2:18:f9:
         d8:07:6c:9c:d3:13:a5:c0:fc:4d:03:fd:c3:ed:51:33:cc:42:
         91:1a:8a:fb:78:65:84:1f:cd:02:71:e0:ab:c6:e1:16:c9:13:
         0c:76:dd:23:68:56:52:16:82:53:aa:21:ad:c0:0d:39:9e:13:
         19:11:1c:1e:95:58:ce:2c:d3:93:22:95:6f:b9:65:81:c7:89:
         34:58:94:9e:cd:b2:c7:03:86:85:6d:11:11:cc:bc:ec:53:9b:
         b2:f4:09:47:8c:13:4e:40:fe:83:3d:15:8b:dc:9c:4d:31:4b:
         de:19:c6:2b:92:88:cd:f3:dd:ad:bd:c7:bb:a1:dd:e9:e9:f8:
         8f:43:93:66:4c:c7:3d:55:a0:03:a6:4e:47:ae:74:f2:77:ad:
         95:a4:7f:f6:a8:9a:52:60:11:88:50:d8:2f:7b:08:06:d4:bc:
         78:72:3f:c1:ad:18:f9:3b:6d:77:89:3b:0a:d6:67:6b:ae:15:
         b7:18:a0:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntClWjb2uSKWGCb9X44TJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUwMTAyMTU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWI1ZWU5YjdiNDZjNThhNTczYjc0MDg2ZWNjZjhiZjQxOWNmNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGfgcGbBxA2lBZVLigeTJL3/WBc3
WYLTduOjA2E9hWU/DQ81zzRkhoFLN+FOdjxoaekAhBs5VAPDA5ZqSZ5MKxZqsnA6
FSoJHXUSAe9yNBWRvapasCI87y11r+5QTdBAZ9hMBnku+yG/CEeeJvKKvK4i85Ua
5FH7y6LgAcgvFQq4ILnH0JT5ei3WPSWxQGbc1eezsece2eY5qwpaml1M6sHy8avu
eLu6s8rf1jQaOtqI88mogt315lA/+frx3bxsrQ3axcLazvBfC59vbXUt3zX2gb7H
0rjYqCaJtC9QvUQ7QRxo5/S5yXzie88LY/ZrlrYZVJTfgLCsCFpx6QFT8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCm17pt7RsWKVzt0CG7M+L9BnPWBMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvS2JYdW0zdEd4WXBYTzNRSWJzejR2MEdjOVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1fz/MA0G
CSqGSIb3DQEBCwUAA4IBAQAjjQBqBPM/pLh/MtmWmRMG1P4nDAejSKTXK/Dy52c1
SNv+t7MplTgCBjIxWgbscJTIToRlPJw7DYd9XiknYuRWRByEnMDSGPnYB2yc0xOl
wPxNA/3D7VEzzEKRGor7eGWEH80CceCrxuEWyRMMdt0jaFZSFoJTqiGtwA05nhMZ
ERwelVjOLNOTIpVvuWWBx4k0WJSezbLHA4aFbRERzLzsU5uy9AlHjBNOQP6DPRWL
3JxNMUveGcYrkojN892tvce7od3p6fiPQ5NmTMc9VaADpk5HrnTyd62VpH/2qJpS
YBGIUNgvewgG1Lx4cj/BrRj5O213iTsK1mdrrhW3GKDF
-----END CERTIFICATE-----