Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/ljWuuAPqxLdLupltPhFa0zVbH_4.roa
File:                     ljWuuAPqxLdLupltPhFa0zVbH_4.roa (raw, json)
Hash identifier:          /Ehm4VYhhxFy4At5uWV0OQz/yA/FJQHbjiutpWGRS7k=
Subject key identifier:   96:35:AE:B8:03:EA:C4:B7:4B:BA:99:6D:3E:11:5A:D3:35:5B:1F:FE
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5B2F7A0DBFCEBDC208576BAE53EA2
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/ljWuuAPqxLdLupltPhFa0zVbH_4.roa
Signing time:             Wed 01 Jan 2025 07:47:43 +0000
ROA not before:           Wed 01 Jan 2025 07:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47127
IP address blocks:        212.234.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b2:f7:a0:db:fc:eb:dc:20:85:76:ba:e5:3e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9635aeb803eac4b74bba996d3e115ad3355b1ffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8d:36:5c:40:ed:ec:6b:28:aa:35:ca:d1:94:
                    8b:06:f5:a1:5f:9e:c2:40:20:38:5b:23:63:72:86:
                    ea:d2:49:6a:88:14:cc:a1:fc:f5:7e:4c:b2:36:e6:
                    f2:46:8e:04:dc:2b:3a:ac:b5:5d:83:0e:49:f3:2f:
                    6e:06:a0:81:d5:0e:b9:ba:40:08:f4:76:7f:4f:6d:
                    10:9e:60:ef:24:15:d9:28:f7:d1:41:65:c4:ef:b9:
                    17:2b:ad:c7:8f:d8:66:3b:ae:64:fe:e4:28:54:2f:
                    12:90:b3:24:df:14:66:7b:0b:5b:56:2b:20:25:ee:
                    f0:1f:c3:38:a6:b8:b0:65:19:ec:b1:45:29:44:e3:
                    42:94:1f:2f:aa:9b:ba:b0:1a:1d:3f:bf:bd:a9:20:
                    93:d5:52:06:09:f1:f6:a5:84:71:ac:6e:95:0c:7d:
                    2d:e9:99:17:92:82:0c:81:3b:4d:92:2b:4c:49:ff:
                    c8:87:33:53:e6:f7:45:79:aa:6e:a6:be:0c:b7:56:
                    c7:64:81:20:d2:4b:a0:fc:80:31:3d:05:f9:d7:b4:
                    54:6c:fa:31:4f:4c:38:34:cd:ed:fe:be:a1:b1:69:
                    f0:8e:d1:90:be:ed:62:1f:2e:6b:e2:51:82:01:bf:
                    b2:eb:90:fc:a1:92:74:cf:6b:33:0f:7e:1e:5b:a5:
                    85:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:35:AE:B8:03:EA:C4:B7:4B:BA:99:6D:3E:11:5A:D3:35:5B:1F:FE
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/ljWuuAPqxLdLupltPhFa0zVbH_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.234.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:f3:e5:00:71:af:ec:e1:3a:c2:e8:88:0e:b4:84:98:18:29:
         31:60:74:84:2a:b0:02:fd:17:7b:eb:a9:e2:2e:85:83:fe:1d:
         fe:0b:57:79:87:c8:f8:bc:0f:2c:8d:88:ad:04:fb:c6:87:3f:
         de:72:5c:0d:c1:df:5c:8f:cd:7a:85:9d:2a:22:2c:8d:91:93:
         92:8a:ec:95:2a:a2:25:e0:e0:0d:51:b9:28:1e:ea:39:51:fe:
         59:e1:14:8c:73:1f:71:04:a6:e2:39:c7:c6:80:d1:14:75:44:
         30:77:ed:75:ca:eb:2f:77:88:c3:bf:95:1e:c3:a0:42:01:55:
         f2:9a:33:5f:2b:68:66:df:b9:f0:15:7b:49:0c:79:1e:9a:72:
         8e:f0:0c:6d:e1:24:1f:e4:7e:34:64:66:13:26:8d:7c:8d:9c:
         4a:d2:9c:69:f2:23:6b:4b:79:3f:e1:ec:06:33:e4:ee:9c:ac:
         9f:ae:9c:a9:bb:37:a8:84:92:70:28:a3:9b:99:2c:b9:13:bf:
         7f:0b:b9:24:50:09:54:8d:c3:70:4c:b2:ed:1f:fb:77:1a:d6:
         d3:a1:05:1f:cb:b0:d7:f3:21:e6:45:e0:34:fc:d4:97:37:a5:
         e8:ae:7b:ee:43:b3:3a:47:2d:3e:9c:be:d0:bd:f7:25:41:81:
         ea:b8:0d:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1bL3oNv869wghXa65T6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjM1YWViODAzZWFjNGI3NGJiYTk5NmQzZTExNWFkMzM1NWIxZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApI02XEDt7GsoqjXK0ZSLBvWhX57C
QCA4WyNjcobq0klqiBTMofz1fkyyNubyRo4E3Cs6rLVdgw5J8y9uBqCB1Q65ukAI
9HZ/T20QnmDvJBXZKPfRQWXE77kXK63Hj9hmO65k/uQoVC8SkLMk3xRmewtbVisg
Je7wH8M4priwZRnssUUpRONClB8vqpu6sBodP7+9qSCT1VIGCfH2pYRxrG6VDH0t
6ZkXkoIMgTtNkitMSf/IhzNT5vdFeapupr4Mt1bHZIEg0kug/IAxPQX517RUbPox
T0w4NM3t/r6hsWnwjtGQvu1iHy5r4lGCAb+y65D8oZJ0z2szD34eW6WFWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJY1rrgD6sS3S7qZbT4RWtM1Wx/+MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvbGpXdXVBUHF4TGRMdXBsdFBoRmEwelZiSF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1OqpMA0G
CSqGSIb3DQEBCwUAA4IBAQCX8+UAca/s4TrC6IgOtISYGCkxYHSEKrAC/Rd766ni
LoWD/h3+C1d5h8j4vA8sjYitBPvGhz/eclwNwd9cj816hZ0qIiyNkZOSiuyVKqIl
4OANUbkoHuo5Uf5Z4RSMcx9xBKbiOcfGgNEUdUQwd+11yusvd4jDv5Uew6BCAVXy
mjNfK2hm37nwFXtJDHkemnKO8Axt4SQf5H40ZGYTJo18jZxK0pxp8iNrS3k/4ewG
M+TunKyfrpypuzeohJJwKKObmSy5E79/C7kkUAlUjcNwTLLtH/t3GtbToQUfy7DX
8yHmReA0/NSXN6XornvuQ7M6Ry0+nL7QvfclQYHquA0a
-----END CERTIFICATE-----