Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/FOD3niUAFByHf_3AVeIUXpSh3eU.roa
File:                     FOD3niUAFByHf_3AVeIUXpSh3eU.roa (raw, json)
Hash identifier:          tL1Ffm0wpVP0V6P+OgHe15E1tAeHEWyTr3rcMfOjZ34=
Subject key identifier:   14:E0:F7:9E:25:00:14:1C:87:7F:FD:C0:55:E2:14:5E:94:A1:DD:E5
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       01928755AD9606A0FF2F06725746EA432CB1
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/FOD3niUAFByHf_3AVeIUXpSh3eU.roa
Signing time:             Sun 13 Oct 2024 19:23:12 +0000
ROA not before:           Sun 13 Oct 2024 19:23:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215071
IP address blocks:        212.115.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:87:55:ad:96:06:a0:ff:2f:06:72:57:46:ea:43:2c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Oct 13 19:23:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14e0f79e2500141c877ffdc055e2145e94a1dde5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9e:2c:88:02:80:b1:fd:4c:14:3f:2a:0a:5d:
                    1a:92:2a:d7:86:ca:af:25:1a:45:70:bb:bd:83:95:
                    3b:97:bc:32:25:eb:9f:fa:be:4a:11:76:8e:ce:95:
                    43:71:04:65:58:bd:39:cc:9e:78:f9:36:73:da:32:
                    dd:33:7d:82:38:15:cd:67:5c:04:ca:18:e4:94:8f:
                    90:a9:96:1f:c6:93:01:cb:45:20:ae:3e:39:b6:c0:
                    91:e6:f8:de:c9:50:cb:fe:ef:1e:4c:b1:91:10:55:
                    78:66:3a:24:d3:95:8b:79:92:fa:76:03:2e:40:98:
                    aa:1d:ca:7f:81:8e:e3:16:44:5b:25:fd:1e:5b:a2:
                    94:29:75:92:9b:2a:75:e2:b9:21:3b:9f:43:48:64:
                    28:c7:b6:69:d2:00:ce:0d:de:f5:d2:e6:d3:0a:f4:
                    af:2f:28:07:73:1c:32:f8:19:af:44:9a:ac:0d:ad:
                    c5:74:0b:c9:d1:32:e0:72:56:ac:95:48:60:d5:0f:
                    36:38:20:13:e5:80:f2:25:d6:25:84:cd:29:29:7b:
                    6f:31:19:f3:de:ad:c6:57:ac:8c:78:35:5f:6a:07:
                    2a:2d:31:6a:6e:d5:3f:a8:e1:a1:ac:e0:b7:1b:47:
                    da:d2:6a:63:3e:05:2c:77:a6:3f:5b:1b:8c:0f:14:
                    57:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E0:F7:9E:25:00:14:1C:87:7F:FD:C0:55:E2:14:5E:94:A1:DD:E5
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/FOD3niUAFByHf_3AVeIUXpSh3eU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.115.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:27:bc:fb:f3:89:64:23:9e:1f:98:87:b4:4c:30:12:80:c7:
         13:f5:bf:7a:79:d8:86:61:25:03:68:1f:77:5e:c4:9d:dd:b0:
         18:ba:bd:87:ec:f0:ca:4a:78:75:0c:0f:a1:d0:6d:d1:10:2f:
         9d:78:a1:dc:78:4b:fd:e2:20:d3:05:3e:88:93:e2:01:45:63:
         1f:e2:3e:09:d8:4d:63:af:0b:cc:93:67:b8:4b:99:54:77:5c:
         29:e2:81:ae:5c:d9:fb:c2:90:73:90:4b:ba:49:1a:63:39:8d:
         8a:e6:43:9a:4a:7b:95:85:28:e1:2c:ce:4b:26:a3:dc:9b:63:
         46:03:21:b2:6d:aa:30:cd:4c:28:58:65:2d:d2:91:ba:11:91:
         fd:e0:20:30:14:c0:c2:59:7c:3e:54:a2:57:5f:73:5d:a8:d1:
         62:d6:ac:1b:fa:c9:db:93:7f:86:10:9d:1b:5f:ce:2e:d4:5a:
         65:7d:13:9e:56:99:45:a1:5e:9d:d5:c0:ad:ac:81:3c:fe:2f:
         9d:87:dd:e8:77:27:e3:01:a0:82:8c:b8:4f:3b:ca:8c:66:f3:
         3c:3e:55:03:aa:0a:13:8c:50:cc:15:2b:a4:d2:c4:46:cc:38:
         e1:83:b5:ad:1a:5c:f7:77:ce:9a:82:38:b2:2a:77:19:85:ee:
         64:0a:82:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKHVa2WBqD/LwZyV0bqQyyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQxMDEzMTkyMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGUwZjc5ZTI1MDAxNDFjODc3ZmZkYzA1NWUyMTQ1ZTk0YTFkZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx54siAKAsf1MFD8qCl0akirXhsqv
JRpFcLu9g5U7l7wyJeuf+r5KEXaOzpVDcQRlWL05zJ54+TZz2jLdM32COBXNZ1wE
yhjklI+QqZYfxpMBy0Ugrj45tsCR5vjeyVDL/u8eTLGREFV4Zjok05WLeZL6dgMu
QJiqHcp/gY7jFkRbJf0eW6KUKXWSmyp14rkhO59DSGQox7Zp0gDODd710ubTCvSv
LygHcxwy+BmvRJqsDa3FdAvJ0TLgclaslUhg1Q82OCAT5YDyJdYlhM0pKXtvMRnz
3q3GV6yMeDVfagcqLTFqbtU/qOGhrOC3G0fa0mpjPgUsd6Y/WxuMDxRX7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTg954lABQch3/9wFXiFF6Uod3lMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvRk9EM25pVUFGQnlIZl8zQVZlSVVYcFNoM2VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HN9MA0G
CSqGSIb3DQEBCwUAA4IBAQBJJ7z784lkI54fmIe0TDASgMcT9b96ediGYSUDaB93
XsSd3bAYur2H7PDKSnh1DA+h0G3REC+deKHceEv94iDTBT6Ik+IBRWMf4j4J2E1j
rwvMk2e4S5lUd1wp4oGuXNn7wpBzkEu6SRpjOY2K5kOaSnuVhSjhLM5LJqPcm2NG
AyGybaowzUwoWGUt0pG6EZH94CAwFMDCWXw+VKJXX3NdqNFi1qwb+snbk3+GEJ0b
X84u1FplfROeVplFoV6d1cCtrIE8/i+dh93odyfjAaCCjLhPO8qMZvM8PlUDqgoT
jFDMFSuk0sRGzDjhg7WtGlz3d86agjiyKncZhe5kCoLL
-----END CERTIFICATE-----