Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/E__vFrmTsxyOGMhhVRbUyFs6fE4.roa
File:                     E__vFrmTsxyOGMhhVRbUyFs6fE4.roa (raw, json)
Hash identifier:          f5Wu8Iuw9y3vTxcVmuh7meVQB42MGArKR0E5sohYz4c=
Subject key identifier:   13:FF:EF:16:B9:93:B3:1C:8E:18:C8:61:55:16:D4:C8:5B:3A:7C:4E
Certificate issuer:       /CN=fec6fb5a467974c977a997c6dda1464805ed379f
Certificate serial:       019426D9E188B61CF1F425EFCA74613F6CA3
Authority key identifier: FE:C6:FB:5A:46:79:74:C9:77:A9:97:C6:DD:A1:46:48:05:ED:37:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_sb7WkZ5dMl3qZfG3aFGSAXtN58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/E__vFrmTsxyOGMhhVRbUyFs6fE4.roa
Signing time:             Thu 02 Jan 2025 11:50:00 +0000
ROA not before:           Thu 02 Jan 2025 11:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20792
IP address blocks:        212.237.228.0/24 maxlen: 24
                          2a0f:fa42::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/_sb7WkZ5dMl3qZfG3aFGSAXtN58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/_sb7WkZ5dMl3qZfG3aFGSAXtN58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_sb7WkZ5dMl3qZfG3aFGSAXtN58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e1:88:b6:1c:f1:f4:25:ef:ca:74:61:3f:6c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fec6fb5a467974c977a997c6dda1464805ed379f
        Validity
            Not Before: Jan  2 11:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13ffef16b993b31c8e18c8615516d4c85b3a7c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:84:83:3c:1e:69:ac:9e:a0:03:fd:b9:b6:bd:
                    4c:c7:99:a0:ce:a9:94:1b:33:87:f8:89:f1:2e:af:
                    cf:5d:c0:36:02:f0:63:e2:06:b6:fa:89:e1:16:ac:
                    d3:0a:a0:07:16:64:11:b2:fd:59:52:27:08:a8:60:
                    09:95:c3:1f:ad:bf:7d:32:fe:45:8f:ab:f5:5b:cd:
                    da:7c:66:9a:17:4e:b7:77:53:51:1c:0a:c7:a6:18:
                    9d:4d:59:f0:09:12:d1:42:bd:6d:8c:23:84:83:2b:
                    e9:85:8f:0f:98:c0:c0:33:ae:04:b6:4d:47:27:ed:
                    77:2c:9d:d9:95:b7:b6:ab:52:67:2f:f1:49:8e:9e:
                    88:95:d0:fe:3b:31:02:64:06:74:16:30:37:40:48:
                    63:3f:02:2c:68:ec:e1:4a:84:b0:93:98:9d:da:00:
                    ce:62:22:15:f0:94:f8:23:20:2c:1f:e8:fe:e2:f5:
                    18:22:79:37:ae:d3:d4:04:0d:b3:dd:2c:39:e0:95:
                    78:66:0d:58:1b:26:08:33:21:fe:a3:e8:2a:e9:09:
                    74:aa:e3:b0:07:16:d2:22:7f:98:ca:17:e3:e9:7c:
                    0f:92:5c:f1:22:b8:bf:18:51:5d:b5:3d:72:a2:3d:
                    05:65:37:91:f7:1f:8d:de:3b:94:25:22:53:ac:d2:
                    55:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:FF:EF:16:B9:93:B3:1C:8E:18:C8:61:55:16:D4:C8:5B:3A:7C:4E
            X509v3 Authority Key Identifier:
                keyid:FE:C6:FB:5A:46:79:74:C9:77:A9:97:C6:DD:A1:46:48:05:ED:37:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_sb7WkZ5dMl3qZfG3aFGSAXtN58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/E__vFrmTsxyOGMhhVRbUyFs6fE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/_sb7WkZ5dMl3qZfG3aFGSAXtN58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.237.228.0/24
                IPv6:
                  2a0f:fa42::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:f2:9b:f9:2d:87:70:10:11:ec:c0:3b:a2:09:e7:7d:0b:b5:
         0c:1c:bf:32:be:76:f6:49:5e:61:2b:50:b7:91:47:d0:02:22:
         99:fa:04:22:15:0a:b8:b3:e9:a9:e9:b7:76:e3:92:7e:24:f9:
         b6:da:16:e1:64:a9:41:06:11:01:8c:f5:42:37:8c:fe:d0:10:
         fb:d9:18:9c:ad:c8:a4:fb:09:ea:f8:5e:eb:75:1e:c7:b8:01:
         22:86:8b:b3:7e:f2:79:ae:a7:73:2a:33:4b:64:c0:61:f1:65:
         75:dd:4a:35:51:14:4a:05:18:ac:6d:51:fa:6f:7b:20:dc:24:
         65:7d:34:7d:f8:46:d5:8d:19:a8:a3:fd:83:3f:88:55:63:61:
         16:39:7f:08:66:4a:b1:c8:2a:58:7b:92:ba:e6:5e:66:8a:02:
         3a:dd:19:71:ef:a5:61:8b:9c:59:9a:a4:17:b4:86:bd:b1:e6:
         a3:fe:3a:43:30:ba:6d:fe:26:0b:bd:16:2d:e2:15:5f:13:b6:
         ec:c0:7c:0b:6c:cc:60:2e:8b:6c:56:85:4e:82:d3:74:a2:d7:
         68:5c:76:83:36:d0:14:7c:e0:ca:2d:e3:32:60:17:82:71:09:
         03:3e:14:c0:e2:a3:f1:d3:8a:9f:48:dd:2e:fa:12:47:fe:19:
         20:de:25:56
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2eGIthzx9CXvynRhP2yjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYzZmYjVhNDY3OTc0Yzk3N2E5OTdjNmRkYTE0NjQ4MDVl
ZDM3OWYwHhcNMjUwMTAyMTE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2ZmZWYxNmI5OTNiMzFjOGUxOGM4NjE1NTE2ZDRjODViM2E3YzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4SDPB5prJ6gA/25tr1Mx5mgzqmU
GzOH+InxLq/PXcA2AvBj4ga2+onhFqzTCqAHFmQRsv1ZUicIqGAJlcMfrb99Mv5F
j6v1W83afGaaF063d1NRHArHphidTVnwCRLRQr1tjCOEgyvphY8PmMDAM64Etk1H
J+13LJ3Zlbe2q1JnL/FJjp6IldD+OzECZAZ0FjA3QEhjPwIsaOzhSoSwk5id2gDO
YiIV8JT4IyAsH+j+4vUYInk3rtPUBA2z3Sw54JV4Zg1YGyYIMyH+o+gq6Ql0quOw
BxbSIn+Yyhfj6XwPklzxIri/GFFdtT1yoj0FZTeR9x+N3juUJSJTrNJVIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBP/7xa5k7McjhjIYVUW1MhbOnxOMB8GA1UdIwQY
MBaAFP7G+1pGeXTJd6mXxt2hRkgF7TefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3NiN1drWjVkTWwzcVpmRzNhRkdTQVh0TjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9hYzUyYzMtY2E0NC00Nzg0LWI3MmUt
MTI2NDFmOWU2ZmMwLzEvRV9fdkZybVRzeHlPR01oaFZSYlV5RnM2ZkU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9hYzUyYzMtY2E0NC00Nzg0LWI3MmUtMTI2NDFmOWU2ZmMw
LzEvX3NiN1drWjVkTWwzcVpmRzNhRkdTQVh0TjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1O3kMA0E
AgACMAcDBQAqD/pCMA0GCSqGSIb3DQEBCwUAA4IBAQAP8pv5LYdwEBHswDuiCed9
C7UMHL8yvnb2SV5hK1C3kUfQAiKZ+gQiFQq4s+mp6bd245J+JPm22hbhZKlBBhEB
jPVCN4z+0BD72Ricrcik+wnq+F7rdR7HuAEihouzfvJ5rqdzKjNLZMBh8WV13Uo1
URRKBRisbVH6b3sg3CRlfTR9+EbVjRmoo/2DP4hVY2EWOX8IZkqxyCpYe5K65l5m
igI63Rlx76Vhi5xZmqQXtIa9seaj/jpDMLpt/iYLvRYt4hVfE7bswHwLbMxgLots
VoVOgtN0otdoXHaDNtAUfODKLeMyYBeCcQkDPhTA4qPx04qfSN0u+hJH/hkg3iVW
-----END CERTIFICATE-----