Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/0V8p8L8dtXBYUhLAsONxVlRlhCQ.roa
File:                     0V8p8L8dtXBYUhLAsONxVlRlhCQ.roa (raw, json)
Hash identifier:          FSFySJSs/qbloIagr9SbP4wNuB1HL9DbTkgN9N81Lx4=
Subject key identifier:   D1:5F:29:F0:BF:1D:B5:70:58:52:12:C0:B0:E3:71:56:54:65:84:24
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       01959B2A845C9AAEDCD56BF9B376C51A633B
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/0V8p8L8dtXBYUhLAsONxVlRlhCQ.roa
Signing time:             Sat 15 Mar 2025 18:56:49 +0000
ROA not before:           Sat 15 Mar 2025 18:56:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214515
IP address blocks:        212.23.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:9b:2a:84:5c:9a:ae:dc:d5:6b:f9:b3:76:c5:1a:63:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Mar 15 18:56:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d15f29f0bf1db570585212c0b0e3715654658424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6b:55:75:f8:84:f5:93:dc:90:c2:72:82:23:
                    1e:50:43:2e:a3:31:8c:37:cd:48:20:b0:60:2e:b2:
                    57:98:07:f2:0e:1e:32:38:6b:ad:f3:84:d7:57:1f:
                    a3:b8:a5:b4:e4:54:3e:ec:ed:95:22:7b:b9:61:63:
                    04:1e:47:35:bb:10:23:95:c6:32:9d:b7:53:31:68:
                    26:a8:52:b1:15:2f:1a:77:4d:d2:3c:b9:bc:8c:e5:
                    3e:14:1e:0e:1f:b7:23:0b:14:9d:1a:f1:c8:d1:66:
                    fc:c8:3b:0b:e4:95:4e:4b:35:10:ea:7a:90:ae:5e:
                    ea:e1:dd:b6:48:12:59:49:51:26:8b:de:10:92:d2:
                    cf:10:49:05:3a:f3:e2:ab:27:ec:fd:b4:b3:63:9a:
                    a2:77:f3:2d:48:a8:d3:a8:bb:2a:45:4d:5a:a6:3d:
                    e7:a9:0c:1d:7e:58:ed:3d:9b:8b:92:f8:c1:d2:47:
                    a6:fb:64:11:1a:5b:d0:05:6c:42:e3:74:ff:d6:3a:
                    10:5b:2d:14:2b:dc:be:74:61:33:25:a6:33:31:4c:
                    87:25:33:b7:5f:f6:b8:62:4e:96:3e:22:0b:df:d3:
                    44:8c:96:11:1c:00:85:a7:9a:4f:d9:80:cc:d7:0f:
                    1c:4b:c3:13:35:e9:83:37:5f:49:75:e8:0c:df:2d:
                    57:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:5F:29:F0:BF:1D:B5:70:58:52:12:C0:B0:E3:71:56:54:65:84:24
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/0V8p8L8dtXBYUhLAsONxVlRlhCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:6d:f0:9a:9d:fa:1b:d5:66:6f:84:d5:f2:34:fb:0f:86:28:
         b7:1e:ac:66:b4:df:53:2c:5c:26:96:81:5d:ec:c0:58:b7:04:
         b1:c1:d4:01:f3:78:98:14:95:a9:47:51:94:60:59:2b:99:27:
         02:9f:38:bd:85:cc:9c:15:41:8a:59:f0:ca:47:33:ee:b8:d3:
         fc:90:46:75:b5:79:4b:89:a7:d7:d4:59:04:c8:fd:ff:d2:a3:
         61:1b:d2:af:e2:ff:db:32:9a:1c:d5:5d:fb:4b:be:63:c5:d9:
         d7:17:66:ea:06:e8:62:05:62:72:16:51:a5:4d:3b:fc:5b:cf:
         77:d2:92:bd:c6:c1:d5:cd:ca:a0:49:be:c2:45:cf:da:07:61:
         94:d9:5b:8f:b2:74:83:fe:83:d7:97:c4:55:0a:ae:74:30:9d:
         32:02:b7:aa:53:f8:cd:e4:01:e2:83:92:f4:84:51:eb:14:97:
         53:f1:9c:a1:50:fe:22:4d:ca:9c:7d:0d:5c:de:3c:75:df:94:
         5c:b9:e8:c0:60:1a:99:b0:5b:d9:d8:de:cc:b1:27:35:25:53:
         19:12:db:43:a3:db:71:24:ff:aa:6f:25:03:de:04:ce:8c:64:
         c5:25:1c:c5:4a:5d:58:e4:e1:33:39:32:1b:1e:cc:e4:b7:a9:
         69:97:0c:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWbKoRcmq7c1Wv5s3bFGmM7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjUwMzE1MTg1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTVmMjlmMGJmMWRiNTcwNTg1MjEyYzBiMGUzNzE1NjU0NjU4NDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGtVdfiE9ZPckMJygiMeUEMuozGM
N81IILBgLrJXmAfyDh4yOGut84TXVx+juKW05FQ+7O2VInu5YWMEHkc1uxAjlcYy
nbdTMWgmqFKxFS8ad03SPLm8jOU+FB4OH7cjCxSdGvHI0Wb8yDsL5JVOSzUQ6nqQ
rl7q4d22SBJZSVEmi94QktLPEEkFOvPiqyfs/bSzY5qid/MtSKjTqLsqRU1apj3n
qQwdfljtPZuLkvjB0kem+2QRGlvQBWxC43T/1joQWy0UK9y+dGEzJaYzMUyHJTO3
X/a4Yk6WPiIL39NEjJYRHACFp5pP2YDM1w8cS8MTNemDN19JdegM3y1XNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFfKfC/HbVwWFISwLDjcVZUZYQkMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvMFY4cDhMOGR0WEJZVWhMQXNPTnhWbFJsaENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfWMA0G
CSqGSIb3DQEBCwUAA4IBAQCubfCanfob1WZvhNXyNPsPhii3HqxmtN9TLFwmloFd
7MBYtwSxwdQB83iYFJWpR1GUYFkrmScCnzi9hcycFUGKWfDKRzPuuNP8kEZ1tXlL
iafX1FkEyP3/0qNhG9Kv4v/bMpoc1V37S75jxdnXF2bqBuhiBWJyFlGlTTv8W893
0pK9xsHVzcqgSb7CRc/aB2GU2VuPsnSD/oPXl8RVCq50MJ0yAreqU/jN5AHig5L0
hFHrFJdT8ZyhUP4iTcqcfQ1c3jx135RcuejAYBqZsFvZ2N7MsSc1JVMZEttDo9tx
JP+qbyUD3gTOjGTFJRzFSl1Y5OEzOTIbHszkt6lplwxA
-----END CERTIFICATE-----