Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/02c68b-cedf-4317-82b8-2cd8c9139030/1/bOAoo9Xlbcl-PK-rbfwF58rAKlc.roa
File:                     bOAoo9Xlbcl-PK-rbfwF58rAKlc.roa (raw, json)
Hash identifier:          Vn8yXcKwSTNwIZccCZWqjun9GvkjZC8dYUcNBhWRmco=
Subject key identifier:   6C:E0:28:A3:D5:E5:6D:C9:7E:3C:AF:AB:6D:FC:05:E7:CA:C0:2A:57
Certificate issuer:       /CN=92bd25b6b9f3cfe0785ffd4e5e5402833b4a4f8d
Certificate serial:       019426D98DC780798C304199C5FA5D2E3DBB
Authority key identifier: 92:BD:25:B6:B9:F3:CF:E0:78:5F:FD:4E:5E:54:02:83:3B:4A:4F:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kr0ltrnzz-B4X_1OXlQCgztKT40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/02c68b-cedf-4317-82b8-2cd8c9139030/1/bOAoo9Xlbcl-PK-rbfwF58rAKlc.roa
Signing time:             Thu 02 Jan 2025 11:49:39 +0000
ROA not before:           Thu 02 Jan 2025 11:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209965
IP address blocks:        212.81.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/02c68b-cedf-4317-82b8-2cd8c9139030/1/kr0ltrnzz-B4X_1OXlQCgztKT40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/02c68b-cedf-4317-82b8-2cd8c9139030/1/kr0ltrnzz-B4X_1OXlQCgztKT40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kr0ltrnzz-B4X_1OXlQCgztKT40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:8d:c7:80:79:8c:30:41:99:c5:fa:5d:2e:3d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92bd25b6b9f3cfe0785ffd4e5e5402833b4a4f8d
        Validity
            Not Before: Jan  2 11:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ce028a3d5e56dc97e3cafab6dfc05e7cac02a57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:77:8c:cb:be:33:e2:ff:af:3b:b0:13:0e:d7:
                    fa:06:7a:13:a9:99:8c:e9:73:3b:36:34:e5:e1:2e:
                    01:9a:b4:62:05:8a:c9:6d:e4:c7:de:e8:b5:a9:21:
                    ce:45:10:0d:fd:45:4b:90:3a:9e:4e:02:f4:39:97:
                    06:60:34:d8:73:42:d3:6b:3f:81:4b:ca:7d:78:19:
                    c6:e9:0f:88:7f:9d:55:db:10:0b:65:36:7a:f3:9f:
                    23:3c:7a:77:59:29:9a:13:8f:6d:b3:a0:ef:e9:b1:
                    33:1c:a6:5e:e5:fe:28:d5:2d:3f:00:f8:c1:c2:4e:
                    ac:82:d6:6c:20:ec:07:c0:e4:ac:1c:4d:63:11:5e:
                    d0:26:1f:dc:da:a1:af:80:03:95:4f:85:ba:d5:49:
                    f6:a6:3e:f2:2c:08:20:cb:ef:6c:ee:90:41:0b:09:
                    4e:98:d0:db:5f:94:dc:af:4d:e5:7d:af:30:37:fd:
                    26:34:1e:54:36:6d:20:a1:d9:00:07:c0:ec:47:bb:
                    3d:da:f5:9e:9f:45:58:d0:a1:87:30:c1:af:eb:97:
                    e5:91:d1:80:9a:63:4f:6e:9b:bf:bc:cb:df:30:96:
                    75:b3:56:10:49:e3:10:eb:66:67:16:41:c8:e6:ab:
                    08:38:dd:0d:53:14:98:ba:12:d0:bb:2d:1d:d4:56:
                    dd:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E0:28:A3:D5:E5:6D:C9:7E:3C:AF:AB:6D:FC:05:E7:CA:C0:2A:57
            X509v3 Authority Key Identifier:
                keyid:92:BD:25:B6:B9:F3:CF:E0:78:5F:FD:4E:5E:54:02:83:3B:4A:4F:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kr0ltrnzz-B4X_1OXlQCgztKT40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/02c68b-cedf-4317-82b8-2cd8c9139030/1/bOAoo9Xlbcl-PK-rbfwF58rAKlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/02c68b-cedf-4317-82b8-2cd8c9139030/1/kr0ltrnzz-B4X_1OXlQCgztKT40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.81.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:2c:c3:71:46:53:4a:1c:4e:11:a5:e5:c8:9a:2b:d2:da:65:
         99:f4:1b:17:78:cc:88:a3:7a:e2:ed:25:c1:21:c3:88:f6:a5:
         05:62:23:70:9a:df:79:f8:a5:fd:cb:69:0c:88:6d:d8:07:d5:
         43:cd:a2:ae:c3:dd:e9:b0:a3:a3:04:8d:27:e1:53:42:a3:a7:
         cd:4f:66:17:9d:0b:37:56:66:cc:52:39:59:66:12:11:72:0a:
         16:67:ac:c4:2a:1c:0b:d0:51:7f:43:1a:03:d1:29:ad:f4:c8:
         70:e7:e2:f1:f2:91:b2:55:18:92:ac:b1:5f:0d:6f:ac:cd:d5:
         37:06:99:18:a1:29:bc:ff:45:4d:f5:99:81:cd:55:18:6c:94:
         09:14:57:5a:73:72:79:af:3f:6d:90:8d:a6:3f:b5:27:f1:eb:
         4b:1e:d7:9f:43:ec:4e:b6:90:02:db:06:0d:63:b4:e5:a7:13:
         2a:8d:ff:b9:49:08:d4:4c:df:bc:05:cb:f3:62:ec:a3:94:a2:
         d3:1e:82:c6:39:2c:43:81:b8:08:d7:8e:fa:d9:ec:c1:a4:41:
         82:06:7c:92:9e:78:c5:9c:fe:47:c0:79:36:e0:42:a6:b7:90:
         b5:6d:67:92:4f:84:9b:ed:d3:b7:84:aa:14:ae:02:81:34:82:
         35:b3:e5:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Y3HgHmMMEGZxfpdLj27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYmQyNWI2YjlmM2NmZTA3ODVmZmQ0ZTVlNTQwMjgzM2I0
YTRmOGQwHhcNMjUwMTAyMTE0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2UwMjhhM2Q1ZTU2ZGM5N2UzY2FmYWI2ZGZjMDVlN2NhYzAyYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqneMy74z4v+vO7ATDtf6BnoTqZmM
6XM7NjTl4S4BmrRiBYrJbeTH3ui1qSHORRAN/UVLkDqeTgL0OZcGYDTYc0LTaz+B
S8p9eBnG6Q+If51V2xALZTZ6858jPHp3WSmaE49ts6Dv6bEzHKZe5f4o1S0/APjB
wk6sgtZsIOwHwOSsHE1jEV7QJh/c2qGvgAOVT4W61Un2pj7yLAggy+9s7pBBCwlO
mNDbX5Tcr03lfa8wN/0mNB5UNm0godkAB8DsR7s92vWen0VY0KGHMMGv65flkdGA
mmNPbpu/vMvfMJZ1s1YQSeMQ62ZnFkHI5qsION0NUxSYuhLQuy0d1FbdyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzgKKPV5W3Jfjyvq238BefKwCpXMB8GA1UdIwQY
MBaAFJK9Jba588/geF/9Tl5UAoM7Sk+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3IwbHRybnp6LUI0WF8xT1hsUUNnenRLVDQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8wMmM2OGItY2VkZi00MzE3LTgyYjgt
MmNkOGM5MTM5MDMwLzEvYk9Bb285WGxiY2wtUEstcmJmd0Y1OHJBS2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8wMmM2OGItY2VkZi00MzE3LTgyYjgtMmNkOGM5MTM5MDMw
LzEva3IwbHRybnp6LUI0WF8xT1hsUUNnenRLVDQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1FEwMA0G
CSqGSIb3DQEBCwUAA4IBAQCqLMNxRlNKHE4RpeXImivS2mWZ9BsXeMyIo3ri7SXB
IcOI9qUFYiNwmt95+KX9y2kMiG3YB9VDzaKuw93psKOjBI0n4VNCo6fNT2YXnQs3
VmbMUjlZZhIRcgoWZ6zEKhwL0FF/QxoD0Smt9Mhw5+Lx8pGyVRiSrLFfDW+szdU3
BpkYoSm8/0VN9ZmBzVUYbJQJFFdac3J5rz9tkI2mP7Un8etLHtefQ+xOtpAC2wYN
Y7TlpxMqjf+5SQjUTN+8BcvzYuyjlKLTHoLGOSxDgbgI14762ezBpEGCBnySnnjF
nP5HwHk24EKmt5C1bWeST4Sb7dO3hKoUrgKBNII1s+W1
-----END CERTIFICATE-----