Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/o5FfsyY8uPlw7vxZiArINnpfYQ4.roa
File:                     o5FfsyY8uPlw7vxZiArINnpfYQ4.roa (raw, json)
Hash identifier:          8fYUUuL1jUUHxudyw5FjfTDD1VxmkrgHLHMkAP13QCE=
Subject key identifier:   A3:91:5F:B3:26:3C:B8:F9:70:EE:FC:59:88:0A:C8:36:7A:5F:61:0E
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       01942220063E8E3C14D2B2966676B435AFEF
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/o5FfsyY8uPlw7vxZiArINnpfYQ4.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54252
IP address blocks:        212.87.202.0/23 maxlen: 24
                          212.87.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:06:3e:8e:3c:14:d2:b2:96:66:76:b4:35:af:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3915fb3263cb8f970eefc59880ac8367a5f610e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:62:56:18:e6:0a:54:91:b1:8d:48:30:71:d4:
                    d2:e1:4b:c7:3d:30:5e:37:39:b5:2f:0c:71:ff:53:
                    79:26:da:77:e3:f5:15:20:fe:40:bb:6d:93:17:95:
                    b2:77:cd:c1:4f:9b:4a:29:c7:72:e6:9b:df:eb:54:
                    1f:78:38:4a:f0:26:75:e7:c3:39:ce:18:8e:c0:6b:
                    51:f0:da:a1:f5:ef:12:7b:d7:25:00:5f:76:76:3a:
                    a1:29:51:b1:73:d0:94:0a:1c:d0:a6:47:b5:28:b1:
                    f0:57:bf:10:5f:f1:8c:a3:5e:5a:6e:ef:8f:89:11:
                    18:c9:86:e5:11:19:5c:76:0b:b1:1a:b0:db:53:bf:
                    ea:c7:91:26:d3:aa:27:0e:0d:80:68:9d:7a:f7:1e:
                    2e:51:4c:9a:c1:f7:53:d9:62:c8:c7:f5:7d:9c:c4:
                    8f:ab:e1:42:bd:2c:87:0f:8b:5e:49:34:76:96:8c:
                    63:4f:a2:8b:a9:fa:e7:e8:32:7d:d6:2c:24:e6:70:
                    43:dd:2b:ef:73:79:ee:26:fe:ac:a4:0f:02:26:a2:
                    47:93:e7:03:9b:a4:7a:66:ca:51:22:cf:37:9b:3a:
                    8b:fc:2a:80:92:c5:91:e7:24:39:fd:f7:3e:87:d6:
                    a7:39:a4:dc:86:0d:79:15:a2:56:99:ed:41:02:de:
                    5c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:91:5F:B3:26:3C:B8:F9:70:EE:FC:59:88:0A:C8:36:7A:5F:61:0E
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/o5FfsyY8uPlw7vxZiArINnpfYQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:46:a2:fc:71:5a:b0:c3:4a:03:cd:2c:7e:a7:01:25:7d:89:
         dd:86:c6:9a:92:d5:e3:01:3f:57:49:a3:3f:a0:f4:1d:f4:09:
         9c:81:6c:c4:81:8a:e0:ab:96:66:07:78:58:e9:da:da:7d:a7:
         ab:4d:f7:66:c1:28:96:59:f2:82:5a:d3:53:e8:83:fe:3f:8d:
         b3:a3:a4:25:b1:1a:b4:b5:97:40:93:38:ae:0c:8f:a2:38:24:
         8e:f5:26:ee:59:0a:ec:20:e3:dd:4f:d2:1b:73:d3:b1:6c:7d:
         18:a0:f0:bd:74:02:41:2d:8c:7d:f8:18:07:b1:00:05:48:fd:
         3d:8e:d7:94:c4:b3:3e:ac:a3:90:8e:4b:da:f9:f6:59:16:a0:
         6c:2f:63:14:75:85:a4:6b:c3:26:74:c5:3a:a1:04:ee:8c:bc:
         0b:0b:69:db:88:aa:96:68:a0:34:a8:17:53:df:33:cd:d9:e1:
         0e:78:57:77:ea:05:99:7c:81:68:2c:e6:3f:d5:48:a0:55:db:
         fe:96:c8:09:14:60:45:3d:1c:a3:2f:8c:31:4e:06:bf:3c:4d:
         c7:d6:09:db:07:67:5a:c9:92:dc:83:df:f3:76:29:44:2d:9d:
         88:d2:7d:ff:2e:93:3f:cc:14:5d:00:8a:f4:1d:a5:45:da:e2:
         73:e7:bb:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAY+jjwU0rKWZna0Na/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzkxNWZiMzI2M2NiOGY5NzBlZWZjNTk4ODBhYzgzNjdhNWY2MTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmJWGOYKVJGxjUgwcdTS4UvHPTBe
Nzm1Lwxx/1N5Jtp34/UVIP5Au22TF5Wyd83BT5tKKcdy5pvf61QfeDhK8CZ158M5
zhiOwGtR8Nqh9e8Se9clAF92djqhKVGxc9CUChzQpke1KLHwV78QX/GMo15abu+P
iREYyYblERlcdguxGrDbU7/qx5Em06onDg2AaJ169x4uUUyawfdT2WLIx/V9nMSP
q+FCvSyHD4teSTR2loxjT6KLqfrn6DJ91iwk5nBD3Svvc3nuJv6spA8CJqJHk+cD
m6R6ZspRIs83mzqL/CqAksWR5yQ5/fc+h9anOaTchg15FaJWme1BAt5cHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKORX7MmPLj5cO78WYgKyDZ6X2EOMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvbzVGZnN5WTh1UGx3N3Z4WmlBcklObnBmWVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1FfKMA0G
CSqGSIb3DQEBCwUAA4IBAQAdRqL8cVqww0oDzSx+pwElfYndhsaaktXjAT9XSaM/
oPQd9AmcgWzEgYrgq5ZmB3hY6drafaerTfdmwSiWWfKCWtNT6IP+P42zo6QlsRq0
tZdAkziuDI+iOCSO9SbuWQrsIOPdT9Ibc9OxbH0YoPC9dAJBLYx9+BgHsQAFSP09
jteUxLM+rKOQjkva+fZZFqBsL2MUdYWka8MmdMU6oQTujLwLC2nbiKqWaKA0qBdT
3zPN2eEOeFd36gWZfIFoLOY/1UigVdv+lsgJFGBFPRyjL4wxTga/PE3H1gnbB2da
yZLcg9/zdilELZ2I0n3/LpM/zBRdAIr0HaVF2uJz57t+
-----END CERTIFICATE-----