Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/3Rpe1R8BCd6LULBZtSTV8iTRQAk.roa
File:                     3Rpe1R8BCd6LULBZtSTV8iTRQAk.roa (raw, json)
Hash identifier:          I7sDyoAjDynW3qOJ6LzLB9iItmRvHzJLFVc6GKefq5E=
Subject key identifier:   DD:1A:5E:D5:1F:01:09:DE:8B:50:B0:59:B5:24:D5:F2:24:D1:40:09
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942748072FC4692DFC73E634C44D0561A0
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/3Rpe1R8BCd6LULBZtSTV8iTRQAk.roa
Signing time:             Thu 02 Jan 2025 13:50:19 +0000
ROA not before:           Thu 02 Jan 2025 13:50:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213357
IP address blocks:        212.25.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:07:2f:c4:69:2d:fc:73:e6:34:c4:4d:05:61:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd1a5ed51f0109de8b50b059b524d5f224d14009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:7b:8d:43:ea:f2:d2:a1:0a:81:61:6e:2e:32:
                    0e:3d:ee:17:be:1f:ef:95:c9:50:8b:15:ba:8b:d9:
                    cd:e1:89:d1:50:d5:39:d1:75:9b:99:e4:f7:24:b6:
                    ea:b0:6b:53:3c:85:1e:f5:67:05:81:0f:81:79:a8:
                    9e:e5:c8:25:b4:c2:2d:4b:37:01:43:13:9e:08:1b:
                    f1:70:36:ec:9d:49:88:ea:a6:ee:ea:0e:eb:17:95:
                    e3:68:53:73:78:b5:6f:c2:5b:ae:fe:a8:36:e8:46:
                    79:c7:c0:58:62:5e:72:69:04:bb:59:a2:bc:64:e0:
                    9b:20:73:cc:63:02:fd:2e:52:9b:06:cd:17:75:27:
                    98:a3:97:80:c2:28:49:ca:e6:30:41:f9:05:fb:77:
                    f2:3f:4e:f5:c1:8b:09:d4:97:5a:a8:20:88:c4:d4:
                    81:51:07:37:20:8d:3c:cf:a4:52:5b:78:34:6d:27:
                    27:a3:e7:5c:69:2b:d4:45:76:c3:22:aa:f0:98:0d:
                    f3:29:84:36:f5:37:e9:c8:1e:f0:3b:51:9c:92:db:
                    03:bc:e8:40:bb:b2:a3:01:49:63:59:f0:f0:3c:74:
                    d8:5d:f5:8a:b2:0e:c2:a7:43:ea:7d:11:ed:6e:04:
                    3f:1b:9f:1a:e1:74:a4:2c:82:a6:91:6b:af:42:1b:
                    c1:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:1A:5E:D5:1F:01:09:DE:8B:50:B0:59:B5:24:D5:F2:24:D1:40:09
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/3Rpe1R8BCd6LULBZtSTV8iTRQAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.25.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:cc:77:94:04:48:00:b6:df:ad:da:96:e1:bc:b0:f4:d0:69:
         e2:d0:91:c6:86:e6:d3:1e:fe:d3:ab:e5:ee:35:7b:a2:66:1e:
         f2:9d:f7:c8:8d:a1:50:c8:72:74:70:c3:8f:f7:fe:3f:55:2f:
         f7:53:22:f3:de:80:15:40:26:2a:e5:38:93:62:54:42:b2:1c:
         b7:68:83:02:15:13:e7:91:de:65:20:bb:4d:64:a7:fc:bd:00:
         d0:e5:2d:36:2a:3f:77:9b:ed:16:aa:57:73:83:ea:92:ce:14:
         dd:62:c9:fb:69:ef:79:49:77:84:12:7b:18:62:5d:37:8f:da:
         5c:de:48:dd:40:63:2b:88:c8:45:06:ac:d4:99:40:02:f2:05:
         bb:78:3a:44:e1:d7:30:cd:63:bc:5d:99:ed:6c:71:85:da:bf:
         bc:aa:6b:1a:38:64:05:e1:63:62:cb:58:61:03:62:2f:d0:2b:
         29:0b:da:de:1f:7b:b9:3f:8f:7c:95:47:bf:0b:13:02:66:68:
         b6:e1:1d:05:a2:ba:bd:04:fd:0d:94:b1:b5:db:28:8e:a8:c9:
         84:05:13:f2:63:66:ef:6b:ef:33:0b:43:b5:06:cc:09:40:19:
         43:d3:8e:7e:b6:ad:f5:cc:1e:50:b6:3e:d9:19:1b:6a:98:4d:
         97:db:50:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSAcvxGkt/HPmNMRNBWGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDFhNWVkNTFmMDEwOWRlOGI1MGIwNTliNTI0ZDVmMjI0ZDE0MDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHuNQ+ry0qEKgWFuLjIOPe4Xvh/v
lclQixW6i9nN4YnRUNU50XWbmeT3JLbqsGtTPIUe9WcFgQ+Beaie5cgltMItSzcB
QxOeCBvxcDbsnUmI6qbu6g7rF5XjaFNzeLVvwluu/qg26EZ5x8BYYl5yaQS7WaK8
ZOCbIHPMYwL9LlKbBs0XdSeYo5eAwihJyuYwQfkF+3fyP071wYsJ1JdaqCCIxNSB
UQc3II08z6RSW3g0bScno+dcaSvURXbDIqrwmA3zKYQ29TfpyB7wO1GcktsDvOhA
u7KjAUljWfDwPHTYXfWKsg7Cp0PqfRHtbgQ/G58a4XSkLIKmkWuvQhvB3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0aXtUfAQnei1CwWbUk1fIk0UAJMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvM1JwZTFSOEJDZDZMVUxCWnRTVFY4aVRSUUFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Bk4MA0G
CSqGSIb3DQEBCwUAA4IBAQAIzHeUBEgAtt+t2pbhvLD00Gni0JHGhubTHv7Tq+Xu
NXuiZh7ynffIjaFQyHJ0cMOP9/4/VS/3UyLz3oAVQCYq5TiTYlRCshy3aIMCFRPn
kd5lILtNZKf8vQDQ5S02Kj93m+0Wqldzg+qSzhTdYsn7ae95SXeEEnsYYl03j9pc
3kjdQGMriMhFBqzUmUAC8gW7eDpE4dcwzWO8XZntbHGF2r+8qmsaOGQF4WNiy1hh
A2Iv0CspC9reH3u5P498lUe/CxMCZmi24R0Forq9BP0NlLG12yiOqMmEBRPyY2bv
a+8zC0O1BswJQBlD045+tq31zB5Qtj7ZGRtqmE2X21BD
-----END CERTIFICATE-----