Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/RT8a7mPMDO9HoMt7EOJmuD2o3UU.roa
File:                     RT8a7mPMDO9HoMt7EOJmuD2o3UU.roa (raw, json)
Hash identifier:          rnjvXt3qT6vJoQIo+gb/8obbK5CyweYTgoY0ZCgIE+I=
Subject key identifier:   45:3F:1A:EE:63:CC:0C:EF:47:A0:CB:7B:10:E2:66:B8:3D:A8:DD:45
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       018FEE65013C861C0B88FDFCFD8ED41DAB73
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/RT8a7mPMDO9HoMt7EOJmuD2o3UU.roa
Signing time:             Thu 06 Jun 2024 16:32:27 +0000
ROA not before:           Thu 06 Jun 2024 16:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203778
IP address blocks:        212.7.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Oct 2024 16:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ee:65:01:3c:86:1c:0b:88:fd:fc:fd:8e:d4:1d:ab:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Jun  6 16:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=453f1aee63cc0cef47a0cb7b10e266b83da8dd45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a6:68:db:13:79:8d:22:04:51:c4:3a:8b:45:
                    0b:d6:75:36:d4:fe:7f:a7:d7:32:11:09:3d:d6:ce:
                    0e:9c:86:f7:1e:a3:a6:ea:42:34:ad:b6:da:6a:e8:
                    83:04:c8:7d:3a:e5:cc:42:cd:54:5d:b7:35:95:0b:
                    f1:a5:c5:bb:05:1b:69:ad:c6:d4:d9:f0:5e:de:aa:
                    22:28:1c:80:e9:33:66:85:14:bc:0f:ee:fe:00:1d:
                    a4:9e:7f:1b:d5:ad:c7:3c:b1:81:af:bd:47:b4:5b:
                    29:48:d5:10:de:8e:29:b6:35:f5:01:7a:c9:5d:10:
                    a3:b7:18:34:7b:84:b8:60:9e:c9:ca:d6:d0:d1:78:
                    ab:5f:6c:0a:d7:9e:fb:20:09:5b:76:59:13:3d:1b:
                    12:d4:91:f8:ca:e1:f0:24:ed:59:b5:11:b2:5c:04:
                    4f:48:38:9f:70:46:ef:05:20:52:2e:d4:7b:00:24:
                    be:f5:07:22:dd:62:c9:aa:e7:ea:e6:10:fc:30:5b:
                    c8:b3:55:63:78:41:5c:f5:a6:0d:15:16:07:80:f8:
                    62:8a:44:2e:2b:5e:60:2f:0a:4d:d2:bf:38:a9:ec:
                    b2:cd:d3:bc:bf:6e:ae:6f:9e:91:0c:53:e3:cf:1d:
                    09:99:61:f8:d1:d4:64:97:42:bc:37:6b:08:ef:83:
                    5c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:3F:1A:EE:63:CC:0C:EF:47:A0:CB:7B:10:E2:66:B8:3D:A8:DD:45
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/RT8a7mPMDO9HoMt7EOJmuD2o3UU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.7.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:fd:90:09:68:f9:0a:4a:57:20:ec:ba:44:2c:7a:d4:9c:43:
         33:74:38:f1:94:3e:85:d7:48:ce:b2:23:32:65:ee:f3:a1:4d:
         0d:0e:32:69:7f:b0:6e:ec:b5:79:f3:ca:70:e3:17:a5:3c:b8:
         fc:03:fa:b9:e4:e3:13:00:1f:e8:b5:1a:3c:73:ba:fd:96:4e:
         25:e8:40:b0:92:43:e5:bc:91:c3:0b:33:69:1a:a4:cc:89:ac:
         48:c2:c7:40:ca:17:33:8f:36:d0:55:68:06:9a:08:de:03:e0:
         5b:5d:40:4f:23:d9:8a:22:eb:45:4e:48:6e:b3:b9:68:df:39:
         b9:95:12:27:80:22:f8:a0:ed:31:27:69:6b:31:61:4e:14:da:
         02:5b:8d:ce:e1:3c:fd:7f:f3:3e:6c:a5:4a:e1:7b:e1:71:47:
         29:88:8a:1a:f8:93:c9:41:0c:3b:6d:c7:12:bd:29:52:21:6d:
         f3:91:a8:37:f4:a1:97:e5:e3:d2:0a:46:9c:bb:e9:23:a6:7a:
         10:6d:8f:ed:0c:a7:83:f9:c5:83:db:eb:ed:c6:ed:be:7a:09:
         bb:27:b7:44:84:b1:eb:78:ba:d0:15:8f:3c:4b:18:ab:02:cf:
         93:fd:f2:e3:bb:54:2b:85:66:ee:82:14:2f:08:9b:cf:9d:0c:
         6a:ad:48:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/uZQE8hhwLiP38/Y7UHatzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjQwNjA2MTYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTNmMWFlZTYzY2MwY2VmNDdhMGNiN2IxMGUyNjZiODNkYThkZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaZo2xN5jSIEUcQ6i0UL1nU21P5/
p9cyEQk91s4OnIb3HqOm6kI0rbbaauiDBMh9OuXMQs1UXbc1lQvxpcW7BRtprcbU
2fBe3qoiKByA6TNmhRS8D+7+AB2knn8b1a3HPLGBr71HtFspSNUQ3o4ptjX1AXrJ
XRCjtxg0e4S4YJ7JytbQ0XirX2wK1577IAlbdlkTPRsS1JH4yuHwJO1ZtRGyXARP
SDifcEbvBSBSLtR7ACS+9Qci3WLJqufq5hD8MFvIs1VjeEFc9aYNFRYHgPhiikQu
K15gLwpN0r84qeyyzdO8v26ub56RDFPjzx0JmWH40dRkl0K8N2sI74NckQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEU/Gu5jzAzvR6DLexDiZrg9qN1FMB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEvUlQ4YTdtUE1ETzlIb010N0VPSm11RDJvM1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AfWMA0G
CSqGSIb3DQEBCwUAA4IBAQB8/ZAJaPkKSlcg7LpELHrUnEMzdDjxlD6F10jOsiMy
Ze7zoU0NDjJpf7Bu7LV588pw4xelPLj8A/q55OMTAB/otRo8c7r9lk4l6ECwkkPl
vJHDCzNpGqTMiaxIwsdAyhczjzbQVWgGmgjeA+BbXUBPI9mKIutFTkhus7lo3zm5
lRIngCL4oO0xJ2lrMWFOFNoCW43O4Tz9f/M+bKVK4XvhcUcpiIoa+JPJQQw7bccS
vSlSIW3zkag39KGX5ePSCkacu+kjpnoQbY/tDKeD+cWD2+vtxu2+egm7J7dEhLHr
eLrQFY88SxirAs+T/fLju1QrhWbughQvCJvPnQxqrUi/
-----END CERTIFICATE-----