Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/KfGJMmkRIX4A9hAZFz_PR62PKHE.roa
File:                     KfGJMmkRIX4A9hAZFz_PR62PKHE.roa (raw, json)
Hash identifier:          SktvQwEi23qf18c9b9mCeGO1EvYe32AftJUY7UQAmU4=
Subject key identifier:   29:F1:89:32:69:11:21:7E:00:F6:10:19:17:3F:CF:47:AD:8F:28:71
Certificate issuer:       /CN=547841eeff20c78b33d411dae51a692adb892e31
Certificate serial:       018CC5001260266706BEE38C68B365B84991
Authority key identifier: 54:78:41:EE:FF:20:C7:8B:33:D4:11:DA:E5:1A:69:2A:DB:89:2E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VHhB7v8gx4sz1BHa5RppKtuJLjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/KfGJMmkRIX4A9hAZFz_PR62PKHE.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199292
IP address blocks:        212.225.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/VHhB7v8gx4sz1BHa5RppKtuJLjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/VHhB7v8gx4sz1BHa5RppKtuJLjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VHhB7v8gx4sz1BHa5RppKtuJLjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:12:60:26:67:06:be:e3:8c:68:b3:65:b8:49:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=547841eeff20c78b33d411dae51a692adb892e31
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29f189326911217e00f61019173fcf47ad8f2871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3d:01:13:e7:b0:21:7f:f4:e4:87:d6:f0:d3:
                    b0:8e:37:f6:ef:d2:0d:84:e9:a3:fb:e6:58:f9:2a:
                    8d:f2:a9:8b:eb:42:3f:96:bb:a6:66:97:0a:0e:92:
                    99:99:5c:04:6f:f3:ce:79:62:e8:b0:16:82:cd:03:
                    f4:11:ff:0c:cb:a6:74:a6:ec:be:75:85:aa:34:ab:
                    70:06:7b:c9:8b:74:90:23:6f:6e:bf:25:ff:a9:d3:
                    25:d4:ba:6c:ac:02:28:19:ab:96:22:52:9f:1b:fa:
                    47:13:26:00:2e:24:2a:00:44:f2:d2:6e:44:cd:bf:
                    cb:6d:12:32:34:a8:59:5a:63:45:41:23:77:f3:24:
                    18:97:b2:ba:d9:75:1d:b6:12:8b:8b:bc:cf:91:a4:
                    31:91:18:cb:2e:40:92:91:30:50:88:68:97:66:4a:
                    ef:48:76:dc:93:9b:5a:c7:49:2a:a5:02:8d:8c:93:
                    92:a2:d0:e0:61:63:38:c5:09:88:28:69:04:e2:3f:
                    dd:6a:a3:f9:08:4d:0f:0c:58:2c:c3:7d:ee:63:0c:
                    26:58:25:9d:d2:ac:48:f3:ad:5b:e8:f5:0c:6a:39:
                    59:72:4c:af:4c:eb:6d:e0:55:ca:81:50:83:0a:93:
                    c5:d6:f5:88:14:4e:90:31:83:a8:c3:68:d5:47:f8:
                    98:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F1:89:32:69:11:21:7E:00:F6:10:19:17:3F:CF:47:AD:8F:28:71
            X509v3 Authority Key Identifier:
                keyid:54:78:41:EE:FF:20:C7:8B:33:D4:11:DA:E5:1A:69:2A:DB:89:2E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VHhB7v8gx4sz1BHa5RppKtuJLjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/KfGJMmkRIX4A9hAZFz_PR62PKHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/VHhB7v8gx4sz1BHa5RppKtuJLjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.225.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:a2:73:99:4c:4b:1c:3c:65:bd:23:26:1c:4e:31:8c:ce:75:
         e7:fd:e1:b2:10:f9:0f:cc:05:c4:89:d0:18:3a:7a:e1:6c:b2:
         b0:32:17:0e:e5:48:e0:c6:f6:83:bd:91:50:22:7d:47:e9:7e:
         12:2e:ff:d3:fd:15:5d:49:2e:46:2b:93:e4:00:ec:01:56:e5:
         c9:e0:df:b1:8d:fc:4d:8b:70:d7:6b:3b:df:8b:0d:dd:a3:8d:
         7e:ee:2a:4b:63:f0:79:a4:f7:00:ed:49:08:29:c6:13:97:3c:
         b5:74:b8:fc:af:cd:16:4c:d6:4f:a1:60:9d:48:7d:b6:1c:3e:
         10:19:f8:41:af:0e:49:88:81:d1:67:c5:a5:6d:ad:1c:36:ec:
         eb:84:f4:3c:9d:4a:de:f6:2f:05:8e:d6:8b:98:a8:31:30:15:
         13:04:4e:4f:47:2d:de:6f:e3:3a:40:2f:73:bd:be:1a:a5:2e:
         e9:89:a4:28:14:46:e5:d3:9b:11:84:3f:ff:96:6e:e5:c4:af:
         c8:5b:0e:16:4a:18:65:80:f1:e8:72:01:e1:4f:28:ca:73:5c:
         51:f6:03:ee:56:38:5b:28:1a:52:6f:68:e6:88:b9:1e:1e:30:
         01:00:bb:94:eb:87:74:00:3a:f2:dc:06:d2:45:d4:e7:60:af:
         a6:9f:11:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABJgJmcGvuOMaLNluEmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Nzg0MWVlZmYyMGM3OGIzM2Q0MTFkYWU1MWE2OTJhZGI4
OTJlMzEwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWYxODkzMjY5MTEyMTdlMDBmNjEwMTkxNzNmY2Y0N2FkOGYyODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqj0BE+ewIX/05IfW8NOwjjf279IN
hOmj++ZY+SqN8qmL60I/lrumZpcKDpKZmVwEb/POeWLosBaCzQP0Ef8My6Z0puy+
dYWqNKtwBnvJi3SQI29uvyX/qdMl1LpsrAIoGauWIlKfG/pHEyYALiQqAETy0m5E
zb/LbRIyNKhZWmNFQSN38yQYl7K62XUdthKLi7zPkaQxkRjLLkCSkTBQiGiXZkrv
SHbck5tax0kqpQKNjJOSotDgYWM4xQmIKGkE4j/daqP5CE0PDFgsw33uYwwmWCWd
0qxI861b6PUMajlZckyvTOtt4FXKgVCDCpPF1vWIFE6QMYOow2jVR/iYrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnxiTJpESF+APYQGRc/z0etjyhxMB8GA1UdIwQY
MBaAFFR4Qe7/IMeLM9QR2uUaaSrbiS4xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkhoQjd2OGd4NHN6MUJIYTVScHBLdHVKTGpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9jOGQzOTMtM2UyOC00ZjA3LTk5NmIt
MzY2YmExNzAwZmUwLzEvS2ZHSk1ta1JJWDRBOWhBWkZ6X1BSNjJQS0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9jOGQzOTMtM2UyOC00ZjA3LTk5NmItMzY2YmExNzAwZmUw
LzEvVkhoQjd2OGd4NHN6MUJIYTVScHBLdHVKTGpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1OH9MA0G
CSqGSIb3DQEBCwUAA4IBAQCOonOZTEscPGW9IyYcTjGMznXn/eGyEPkPzAXEidAY
OnrhbLKwMhcO5UjgxvaDvZFQIn1H6X4SLv/T/RVdSS5GK5PkAOwBVuXJ4N+xjfxN
i3DXazvfiw3do41+7ipLY/B5pPcA7UkIKcYTlzy1dLj8r80WTNZPoWCdSH22HD4Q
GfhBrw5JiIHRZ8Wlba0cNuzrhPQ8nUre9i8FjtaLmKgxMBUTBE5PRy3eb+M6QC9z
vb4apS7piaQoFEbl05sRhD//lm7lxK/IWw4WShhlgPHocgHhTyjKc1xR9gPuVjhb
KBpSb2jmiLkeHjABALuU64d0ADry3AbSRdTnYK+mnxG2
-----END CERTIFICATE-----