Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/mM2enVDYdLiXBKAs6x9oVxUDYoc.roa
File:                     mM2enVDYdLiXBKAs6x9oVxUDYoc.roa (raw, json)
Hash identifier:          8WzLZPt1oUUmxk4YfWhm8jgi6Eau9QV4/cHfIxSx6Rk=
Subject key identifier:   98:CD:9E:9D:50:D8:74:B8:97:04:A0:2C:EB:1F:68:57:15:03:62:87
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       019727550E25FE8F4E2CBD68FE1928F294EE
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/mM2enVDYdLiXBKAs6x9oVxUDYoc.roa
Signing time:             Sat 31 May 2025 17:12:54 +0000
ROA not before:           Sat 31 May 2025 17:12:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12462
IP address blocks:        212.49.189.0/24 maxlen: 24
                          212.163.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:27:55:0e:25:fe:8f:4e:2c:bd:68:fe:19:28:f2:94:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: May 31 17:12:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98cd9e9d50d874b89704a02ceb1f685715036287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:55:db:09:62:ae:40:7a:47:94:e7:83:14:9b:
                    8e:a6:7c:47:7c:95:29:6f:05:42:7c:e2:44:cd:3b:
                    7f:d1:2a:0d:1b:5d:7f:cf:cb:f9:bc:4c:f5:d1:e9:
                    87:e0:fe:07:b7:86:e5:93:94:ed:56:37:a1:8f:b6:
                    07:cb:21:30:35:a6:b3:5e:68:31:c7:ac:4c:39:14:
                    4f:f3:b3:f7:13:87:77:b9:05:92:43:1d:f0:d0:ed:
                    05:61:58:cc:cf:6b:b5:96:6a:6b:e8:32:ba:4a:88:
                    d5:0c:91:9e:28:7c:10:f8:61:6c:4e:22:a7:af:10:
                    1a:89:ea:f0:cd:70:73:1b:5f:46:27:d0:19:41:dd:
                    1a:2d:90:0f:46:ea:c3:9d:df:e4:c8:2d:a1:e3:fe:
                    e7:9e:aa:cd:b3:89:25:c0:11:a2:03:e4:e4:ff:56:
                    c0:1d:39:7a:69:bb:86:cb:81:2a:f4:69:41:1a:b4:
                    dc:77:dd:61:28:2d:53:df:71:f8:c5:c7:df:47:73:
                    5d:ed:9f:14:27:e2:ce:21:0f:45:0e:9c:a6:4a:f1:
                    07:63:2d:1b:09:06:20:c6:a0:d4:d1:71:f9:7a:05:
                    1d:a5:1f:66:51:0a:ab:61:19:4b:b2:14:09:bb:84:
                    77:22:16:d8:d4:5f:61:47:be:89:27:d3:7b:88:02:
                    1d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:CD:9E:9D:50:D8:74:B8:97:04:A0:2C:EB:1F:68:57:15:03:62:87
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/mM2enVDYdLiXBKAs6x9oVxUDYoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.49.189.0/24
                  212.163.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:c1:b0:de:1d:81:fa:69:06:de:0c:72:2b:0c:f5:27:d8:5e:
         5a:55:e4:a6:21:f6:7c:7b:cb:72:cf:2f:bc:f5:17:c4:2b:67:
         5c:c1:20:83:b8:a8:25:4c:e8:94:06:42:c6:41:2a:c4:10:5c:
         f2:8e:56:e2:9e:8b:d7:4f:8a:b1:7b:32:3e:b2:24:74:01:94:
         f5:06:c6:2c:67:b9:20:65:04:02:37:87:65:71:d9:3c:45:e3:
         eb:0a:63:fd:ab:8d:38:ef:f3:f9:f9:f3:01:23:5a:c1:c5:09:
         af:5c:dc:7d:75:d7:73:17:5b:fc:75:3b:4c:ea:1d:fd:bd:43:
         75:b6:43:6b:63:bf:c9:37:66:81:65:90:0e:e0:7c:fc:3b:04:
         6b:4e:47:24:ae:b3:30:ea:e6:23:e9:d8:72:15:1e:b3:96:86:
         88:48:40:4b:16:19:ca:46:4b:de:97:5c:e5:f7:c7:50:5f:4c:
         ec:e4:61:67:61:9b:b3:43:4d:a6:71:4c:83:54:bc:a3:bd:d4:
         f7:06:fd:3c:ba:70:87:34:30:ab:df:cc:1a:fd:3b:74:f8:55:
         32:63:8e:90:dc:d5:06:26:63:21:77:28:10:03:b2:d4:38:fa:
         72:63:dd:1b:17:36:8c:c7:d8:b7:e1:72:65:47:58:b3:ef:d5:
         a5:4e:f6:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcnVQ4l/o9OLL1o/hko8pTuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjUwNTMxMTcxMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGNkOWU5ZDUwZDg3NGI4OTcwNGEwMmNlYjFmNjg1NzE1MDM2Mjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1XbCWKuQHpHlOeDFJuOpnxHfJUp
bwVCfOJEzTt/0SoNG11/z8v5vEz10emH4P4Ht4blk5TtVjehj7YHyyEwNaazXmgx
x6xMORRP87P3E4d3uQWSQx3w0O0FYVjMz2u1lmpr6DK6SojVDJGeKHwQ+GFsTiKn
rxAaierwzXBzG19GJ9AZQd0aLZAPRurDnd/kyC2h4/7nnqrNs4klwBGiA+Tk/1bA
HTl6abuGy4Eq9GlBGrTcd91hKC1T33H4xcffR3Nd7Z8UJ+LOIQ9FDpymSvEHYy0b
CQYgxqDU0XH5egUdpR9mUQqrYRlLshQJu4R3IhbY1F9hR76JJ9N7iAIdzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJjNnp1Q2HS4lwSgLOsfaFcVA2KHMB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvbU0yZW5WRFlkTGlYQktBczZ4OW9WeFVEWW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1DG9AwQA
1KMfMA0GCSqGSIb3DQEBCwUAA4IBAQBewbDeHYH6aQbeDHIrDPUn2F5aVeSmIfZ8
e8tyzy+89RfEK2dcwSCDuKglTOiUBkLGQSrEEFzyjlbinovXT4qxezI+siR0AZT1
BsYsZ7kgZQQCN4dlcdk8RePrCmP9q4047/P5+fMBI1rBxQmvXNx9dddzF1v8dTtM
6h39vUN1tkNrY7/JN2aBZZAO4Hz8OwRrTkckrrMw6uYj6dhyFR6zloaISEBLFhnK
Rkvel1zl98dQX0zs5GFnYZuzQ02mcUyDVLyjvdT3Bv08unCHNDCr38wa/Tt0+FUy
Y46Q3NUGJmMhdygQA7LUOPpyY90bFzaMx9i34XJlR1iz79WlTvZN
-----END CERTIFICATE-----