Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/wD8nYbbqM1KLj38YM5LFeps6dvg.roa
File:                     wD8nYbbqM1KLj38YM5LFeps6dvg.roa (raw, json)
Hash identifier:          XKfem7e78QtcKfKCo2GBRZOY9h90lNcWcBElf0PBnV8=
Subject key identifier:   C0:3F:27:61:B6:EA:33:52:8B:8F:7F:18:33:92:C5:7A:9B:3A:76:F8
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       019428236737F3A363B74BF944FC33901015
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/wD8nYbbqM1KLj38YM5LFeps6dvg.roa
Signing time:             Thu 02 Jan 2025 17:49:56 +0000
ROA not before:           Thu 02 Jan 2025 17:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31262
IP address blocks:        212.49.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:67:37:f3:a3:63:b7:4b:f9:44:fc:33:90:10:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: Jan  2 17:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c03f2761b6ea33528b8f7f183392c57a9b3a76f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:06:db:0c:de:0e:83:61:39:99:47:34:51:ad:
                    c0:fa:20:3d:d2:38:1e:5b:24:49:b7:bd:7a:b4:08:
                    9e:8b:86:3b:15:b4:ac:33:1c:7a:a7:7d:46:80:4b:
                    e0:20:db:b9:c3:1c:99:da:85:af:60:81:b7:46:fa:
                    dc:0c:6e:6e:57:6f:41:15:a0:f5:e1:57:f5:9a:1b:
                    52:ad:7f:74:f0:32:ac:a3:b6:b2:9b:2b:12:4d:c7:
                    a5:f7:e4:06:70:54:c1:43:0e:50:55:46:ef:c9:cf:
                    85:17:c5:0b:e3:40:ce:2a:26:3b:0f:30:12:0a:51:
                    c6:65:ee:e1:b7:50:e6:5d:b6:92:c2:11:18:85:8d:
                    44:9a:cd:a4:e7:7d:e8:2f:2e:ec:e6:74:93:98:8e:
                    f5:f9:76:2e:16:ce:2a:d6:f5:64:c7:d6:c1:c1:52:
                    8c:3d:84:92:d5:bd:44:df:bb:2f:3b:65:8c:ce:9b:
                    1e:33:58:83:ee:c6:d4:86:96:45:b3:7f:d5:b6:b5:
                    9f:6a:0c:dd:67:c5:00:7e:08:70:b4:9d:cf:06:e2:
                    91:2b:f0:ad:fc:0d:67:ac:eb:2a:29:3a:0f:29:c8:
                    33:a9:1c:8f:4a:5a:de:d2:e8:d9:dc:fc:2a:33:09:
                    bd:8e:59:67:54:ba:ce:dd:d8:ce:5b:5f:b7:93:a4:
                    d7:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:3F:27:61:B6:EA:33:52:8B:8F:7F:18:33:92:C5:7A:9B:3A:76:F8
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/wD8nYbbqM1KLj38YM5LFeps6dvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.49.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:53:af:6c:27:23:09:fe:78:03:39:47:c3:db:19:86:f1:f4:
         a4:7c:2a:9e:7d:f7:ee:af:2c:ea:60:81:ba:1b:36:db:78:7f:
         c1:7f:bd:3e:c8:dd:41:a3:d1:9a:91:01:d7:92:6f:68:6f:63:
         e4:a6:94:34:1d:74:b6:2c:76:26:f2:53:74:df:5f:2f:50:09:
         8c:88:1d:48:02:c6:9f:28:f2:88:da:7f:a3:ed:90:ae:5f:9a:
         ee:7f:cc:10:b0:09:53:ee:4f:14:78:ab:81:ae:90:7c:56:c8:
         2c:26:2b:02:e3:82:19:f8:a8:3d:fc:46:f8:53:5c:5e:6d:5d:
         60:8a:af:80:d0:03:82:0f:91:e0:b8:4a:aa:50:db:05:b8:73:
         15:ea:8f:a5:5a:da:a6:f8:01:31:29:5c:2e:05:eb:f7:40:2d:
         c3:df:23:b8:ac:2e:55:c3:4a:84:15:13:7b:d2:12:ce:b1:81:
         cc:d8:a7:de:5a:13:6a:bb:de:08:5e:db:e9:f8:83:52:cc:42:
         3d:32:a4:75:bf:9a:fa:25:d9:86:d4:00:08:92:7e:53:0e:4d:
         6c:f5:ee:fa:b2:01:16:29:62:50:44:70:5f:43:01:03:e2:83:
         a3:c5:e2:13:92:9b:b0:2b:b2:a5:a9:3e:1c:e8:5f:67:30:9d:
         25:57:ea:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI2c386Njt0v5RPwzkBAVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjUwMTAyMTc0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDNmMjc2MWI2ZWEzMzUyOGI4ZjdmMTgzMzkyYzU3YTliM2E3NmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQbbDN4Og2E5mUc0Ua3A+iA90jge
WyRJt716tAiei4Y7FbSsMxx6p31GgEvgINu5wxyZ2oWvYIG3RvrcDG5uV29BFaD1
4Vf1mhtSrX908DKso7aymysSTcel9+QGcFTBQw5QVUbvyc+FF8UL40DOKiY7DzAS
ClHGZe7ht1DmXbaSwhEYhY1Ems2k533oLy7s5nSTmI71+XYuFs4q1vVkx9bBwVKM
PYSS1b1E37svO2WMzpseM1iD7sbUhpZFs3/VtrWfagzdZ8UAfghwtJ3PBuKRK/Ct
/A1nrOsqKToPKcgzqRyPSlre0ujZ3PwqMwm9jllnVLrO3djOW1+3k6TXPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMA/J2G26jNSi49/GDOSxXqbOnb4MB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvd0Q4blliYnFNMUtMajM4WU01TEZlcHM2ZHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DGRMA0G
CSqGSIb3DQEBCwUAA4IBAQCYU69sJyMJ/ngDOUfD2xmG8fSkfCqefffuryzqYIG6
GzbbeH/Bf70+yN1Bo9GakQHXkm9ob2PkppQ0HXS2LHYm8lN0318vUAmMiB1IAsaf
KPKI2n+j7ZCuX5ruf8wQsAlT7k8UeKuBrpB8VsgsJisC44IZ+Kg9/Eb4U1xebV1g
iq+A0AOCD5HguEqqUNsFuHMV6o+lWtqm+AExKVwuBev3QC3D3yO4rC5Vw0qEFRN7
0hLOsYHM2KfeWhNqu94IXtvp+INSzEI9MqR1v5r6JdmG1AAIkn5TDk1s9e76sgEW
KWJQRHBfQwED4oOjxeITkpuwK7KlqT4c6F9nMJ0lV+qi
-----END CERTIFICATE-----