Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/EacbpO8P-LkG-h50-C35fVYJXyI.roa
File:                     EacbpO8P-LkG-h50-C35fVYJXyI.roa (raw, json)
Hash identifier:          btUaf5jDz02025fLzDlihBUOmr88cX2MxuDiHPb5dc4=
Subject key identifier:   11:A7:1B:A4:EF:0F:F8:B9:06:FA:1E:74:F8:2D:F9:7D:56:09:5F:22
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       019424451BC0BBDE271D42C244AB4C500707
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/EacbpO8P-LkG-h50-C35fVYJXyI.roa
Signing time:             Wed 01 Jan 2025 23:48:16 +0000
ROA not before:           Wed 01 Jan 2025 23:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206048
IP address blocks:        212.7.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 17:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:1b:c0:bb:de:27:1d:42:c2:44:ab:4c:50:07:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Jan  1 23:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11a71ba4ef0ff8b906fa1e74f82df97d56095f22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:29:64:ec:09:df:5e:8e:a4:61:82:1c:b1:d7:
                    5c:0c:cb:68:7f:d3:d1:54:f7:6b:13:3c:bc:a8:95:
                    b7:8d:aa:62:ff:56:41:08:ad:0d:29:26:a9:4f:0e:
                    f1:ce:12:7b:72:2f:cf:82:8f:25:b7:11:ce:ab:09:
                    15:3e:b3:71:24:ec:8f:15:0c:f4:5e:09:4a:59:12:
                    4e:25:ef:42:4a:9c:79:39:55:70:84:04:ea:df:2d:
                    73:b5:12:1c:16:4e:89:43:35:d9:e5:c8:7d:78:85:
                    77:42:6f:61:83:ee:61:e0:a0:56:5a:64:68:bc:2a:
                    55:80:61:55:09:96:74:02:c6:91:7f:7a:87:e2:35:
                    e9:a5:9b:1f:39:a1:59:71:a9:5f:87:60:48:2d:16:
                    ab:68:74:d5:8d:6d:37:ca:3d:f1:eb:66:34:ca:30:
                    05:93:10:64:89:89:c4:82:6d:ea:50:bc:06:54:56:
                    51:9c:51:5e:e1:67:3a:1e:33:ee:14:4e:f1:7f:f0:
                    f7:49:15:94:95:c0:71:b1:bb:59:c4:ad:ca:17:db:
                    0b:86:54:5f:fb:fd:c1:a6:0d:94:39:7e:89:b5:77:
                    fa:f0:c2:b9:22:ca:b5:0e:67:5d:8a:84:ba:a8:dd:
                    4f:97:0a:db:b3:db:d0:e2:81:fb:d1:a3:a8:b9:ec:
                    d4:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A7:1B:A4:EF:0F:F8:B9:06:FA:1E:74:F8:2D:F9:7D:56:09:5F:22
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/EacbpO8P-LkG-h50-C35fVYJXyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.7.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:e5:49:0f:2c:fd:74:9b:2b:df:37:bc:36:21:ed:c0:aa:3f:
         97:3e:56:08:95:62:40:dc:e6:74:66:0c:8a:16:cb:7e:f5:9f:
         3e:37:f6:9e:8c:3f:40:ef:95:5a:6b:2c:4b:21:94:59:12:96:
         42:17:3e:26:c3:ea:ec:83:ba:c7:a8:85:eb:c4:b5:bb:2f:8b:
         c8:47:27:c2:cd:8d:2d:29:aa:0b:e7:98:d3:41:ba:2f:f4:4b:
         86:7d:02:9f:c0:7e:d8:b8:b5:74:05:cb:e6:f3:38:98:4d:73:
         d3:70:02:09:17:6c:d8:b3:80:05:b4:da:2a:32:e8:cd:48:73:
         b2:3f:4f:23:ba:8e:8b:5d:49:47:f0:c1:0f:38:74:5a:a8:42:
         c4:73:0e:43:ce:a0:0e:78:0f:65:16:6d:af:46:b6:8a:a1:f9:
         bb:29:52:2c:01:55:a1:2b:5f:04:20:d8:fd:d6:1e:d5:59:a2:
         a6:52:53:ac:3f:d4:eb:91:fd:56:37:28:55:a2:03:3e:95:d2:
         20:c7:21:be:1f:cf:f9:ee:70:ec:ea:f0:06:73:1c:02:3b:60:
         d7:0f:64:c3:04:5a:f9:7e:cd:99:91:50:9a:08:2f:ae:ad:84:
         f3:f1:78:51:ae:44:2e:d7:ed:62:70:3c:1f:f3:48:25:d2:9d:
         d3:22:63:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRRvAu94nHULCRKtMUAcHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjUwMTAxMjM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWE3MWJhNGVmMGZmOGI5MDZmYTFlNzRmODJkZjk3ZDU2MDk1ZjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySlk7AnfXo6kYYIcsddcDMtof9PR
VPdrEzy8qJW3japi/1ZBCK0NKSapTw7xzhJ7ci/Pgo8ltxHOqwkVPrNxJOyPFQz0
XglKWRJOJe9CSpx5OVVwhATq3y1ztRIcFk6JQzXZ5ch9eIV3Qm9hg+5h4KBWWmRo
vCpVgGFVCZZ0AsaRf3qH4jXppZsfOaFZcalfh2BILRaraHTVjW03yj3x62Y0yjAF
kxBkiYnEgm3qULwGVFZRnFFe4Wc6HjPuFE7xf/D3SRWUlcBxsbtZxK3KF9sLhlRf
+/3Bpg2UOX6JtXf68MK5Isq1DmddioS6qN1Plwrbs9vQ4oH70aOouezUdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGnG6TvD/i5BvoedPgt+X1WCV8iMB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEvRWFjYnBPOFAtTGtHLWg1MC1DMzVmVllKWHlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AfXMA0G
CSqGSIb3DQEBCwUAA4IBAQAW5UkPLP10myvfN7w2Ie3Aqj+XPlYIlWJA3OZ0ZgyK
Fst+9Z8+N/aejD9A75VaayxLIZRZEpZCFz4mw+rsg7rHqIXrxLW7L4vIRyfCzY0t
KaoL55jTQbov9EuGfQKfwH7YuLV0Bcvm8ziYTXPTcAIJF2zYs4AFtNoqMujNSHOy
P08juo6LXUlH8MEPOHRaqELEcw5DzqAOeA9lFm2vRraKofm7KVIsAVWhK18EINj9
1h7VWaKmUlOsP9Trkf1WNyhVogM+ldIgxyG+H8/57nDs6vAGcxwCO2DXD2TDBFr5
fs2ZkVCaCC+urYTz8XhRrkQu1+1icDwf80gl0p3TImPR
-----END CERTIFICATE-----