Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/O2RIUnXhUoxIfnLK0K6j2KoA7fI.roa
File:                     O2RIUnXhUoxIfnLK0K6j2KoA7fI.roa (raw, json)
Hash identifier:          fpnaDOsMwIXVIMqfrXRkuPb4ysTREEm8z4tMAkZJth8=
Subject key identifier:   3B:64:48:52:75:E1:52:8C:48:7E:72:CA:D0:AE:A3:D8:AA:00:ED:F2
Certificate issuer:       /CN=547841eeff20c78b33d411dae51a692adb892e31
Certificate serial:       018CC50013D7C21638178E501DBCEFB2F2E2
Authority key identifier: 54:78:41:EE:FF:20:C7:8B:33:D4:11:DA:E5:1A:69:2A:DB:89:2E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VHhB7v8gx4sz1BHa5RppKtuJLjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/O2RIUnXhUoxIfnLK0K6j2KoA7fI.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212941
IP address blocks:        212.225.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/VHhB7v8gx4sz1BHa5RppKtuJLjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/VHhB7v8gx4sz1BHa5RppKtuJLjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VHhB7v8gx4sz1BHa5RppKtuJLjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:13:d7:c2:16:38:17:8e:50:1d:bc:ef:b2:f2:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=547841eeff20c78b33d411dae51a692adb892e31
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b64485275e1528c487e72cad0aea3d8aa00edf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:60:e3:72:00:39:e9:85:ca:c0:74:43:54:e5:
                    6f:30:31:6f:1d:58:c4:ed:78:73:5f:67:8a:20:43:
                    d1:bf:37:0e:31:5c:85:f6:74:90:c5:0e:c3:19:f5:
                    b4:c0:64:85:63:9a:d6:54:4a:0a:51:bd:87:92:ca:
                    f9:82:39:d4:eb:1d:94:90:d8:07:35:d2:98:30:3f:
                    ca:c9:e0:c2:60:29:0f:76:0b:34:9b:f6:a5:9a:6d:
                    61:52:1f:3b:f6:33:7b:01:d9:ad:83:70:32:51:d4:
                    cb:c3:e7:3d:86:95:dc:13:38:c1:bd:89:de:91:4d:
                    05:9c:d0:c2:53:4d:00:e0:a5:b7:5b:f6:0d:e4:43:
                    57:47:18:43:9e:7d:f3:69:fa:3c:3f:c0:12:8a:4d:
                    47:d3:db:cc:5b:6e:2b:f4:45:1d:38:e4:36:7d:cd:
                    8e:c1:c1:fb:ca:bc:00:4e:c4:3a:db:b7:e0:3c:c4:
                    8f:f5:67:ec:d5:98:96:be:25:48:59:9b:9f:4d:a8:
                    b1:1d:da:26:53:9f:97:33:dd:a4:3e:c0:35:d4:e6:
                    72:ab:59:c7:41:2c:b7:65:8b:c4:54:f9:f1:4c:6e:
                    55:74:bf:32:89:b3:2f:04:3d:59:1f:e0:ec:95:af:
                    74:fb:55:89:62:78:45:b6:c6:d7:cb:32:48:92:1d:
                    8e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:64:48:52:75:E1:52:8C:48:7E:72:CA:D0:AE:A3:D8:AA:00:ED:F2
            X509v3 Authority Key Identifier:
                keyid:54:78:41:EE:FF:20:C7:8B:33:D4:11:DA:E5:1A:69:2A:DB:89:2E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VHhB7v8gx4sz1BHa5RppKtuJLjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/O2RIUnXhUoxIfnLK0K6j2KoA7fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/VHhB7v8gx4sz1BHa5RppKtuJLjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.225.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:2c:bb:09:f0:8c:77:8c:b9:cf:24:50:29:bb:36:e4:13:0e:
         e5:74:63:4c:6b:d3:ba:30:4a:15:ea:5d:f9:93:8b:1a:55:da:
         79:16:23:87:20:62:16:99:71:84:8f:73:8e:ca:fb:0f:22:43:
         dc:1a:d5:3f:55:86:ba:05:05:b2:60:d3:c2:f7:7e:18:5a:ae:
         94:b0:78:46:63:62:90:9f:78:aa:1d:76:85:4c:12:b1:4b:f6:
         80:da:cc:4b:29:3e:a9:ba:a1:cf:3f:b9:ac:9f:0a:86:b0:60:
         58:28:fa:3d:19:66:e2:9a:de:b8:6b:03:6a:af:0b:7d:af:95:
         32:b7:0a:7b:24:e1:2c:6f:dc:8f:af:dc:91:f0:47:c1:41:83:
         39:4a:3c:8c:d5:88:7e:95:41:a1:f8:28:45:23:97:27:66:9b:
         40:1b:fe:79:f7:da:4e:0c:89:2f:f1:2c:bf:58:08:63:08:64:
         f1:fc:69:cc:68:1e:0e:93:e8:02:3b:9c:2b:a9:96:7a:42:3d:
         1c:36:95:77:a2:a6:89:ba:90:33:95:a5:80:fc:0d:86:c0:63:
         6a:fb:dc:8a:74:d8:35:3f:21:a9:d1:c8:4b:e9:e8:d0:8a:71:
         1c:af:65:ca:aa:34:43:f1:85:71:71:54:0d:38:6e:cd:7a:51:
         49:a5:17:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABPXwhY4F45QHbzvsvLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Nzg0MWVlZmYyMGM3OGIzM2Q0MTFkYWU1MWE2OTJhZGI4
OTJlMzEwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjY0NDg1Mjc1ZTE1MjhjNDg3ZTcyY2FkMGFlYTNkOGFhMDBlZGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomDjcgA56YXKwHRDVOVvMDFvHVjE
7XhzX2eKIEPRvzcOMVyF9nSQxQ7DGfW0wGSFY5rWVEoKUb2Hksr5gjnU6x2UkNgH
NdKYMD/KyeDCYCkPdgs0m/almm1hUh879jN7Admtg3AyUdTLw+c9hpXcEzjBvYne
kU0FnNDCU00A4KW3W/YN5ENXRxhDnn3zafo8P8ASik1H09vMW24r9EUdOOQ2fc2O
wcH7yrwATsQ627fgPMSP9Wfs1ZiWviVIWZufTaixHdomU5+XM92kPsA11OZyq1nH
QSy3ZYvEVPnxTG5VdL8yibMvBD1ZH+Dsla90+1WJYnhFtsbXyzJIkh2OBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtkSFJ14VKMSH5yytCuo9iqAO3yMB8GA1UdIwQY
MBaAFFR4Qe7/IMeLM9QR2uUaaSrbiS4xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkhoQjd2OGd4NHN6MUJIYTVScHBLdHVKTGpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9jOGQzOTMtM2UyOC00ZjA3LTk5NmIt
MzY2YmExNzAwZmUwLzEvTzJSSVVuWGhVb3hJZm5MSzBLNmoyS29BN2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9jOGQzOTMtM2UyOC00ZjA3LTk5NmItMzY2YmExNzAwZmUw
LzEvVkhoQjd2OGd4NHN6MUJIYTVScHBLdHVKTGpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1OHgMA0G
CSqGSIb3DQEBCwUAA4IBAQBzLLsJ8Ix3jLnPJFApuzbkEw7ldGNMa9O6MEoV6l35
k4saVdp5FiOHIGIWmXGEj3OOyvsPIkPcGtU/VYa6BQWyYNPC934YWq6UsHhGY2KQ
n3iqHXaFTBKxS/aA2sxLKT6puqHPP7msnwqGsGBYKPo9GWbimt64awNqrwt9r5Uy
twp7JOEsb9yPr9yR8EfBQYM5SjyM1Yh+lUGh+ChFI5cnZptAG/5599pODIkv8Sy/
WAhjCGTx/GnMaB4Ok+gCO5wrqZZ6Qj0cNpV3oqaJupAzlaWA/A2GwGNq+9yKdNg1
PyGp0chL6ejQinEcr2XKqjRD8YVxcVQNOG7NelFJpRfE
-----END CERTIFICATE-----