Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7wI4dy5V5HAfG_xo8cqxKEdoUfg.roa
File:                     7wI4dy5V5HAfG_xo8cqxKEdoUfg.roa (raw, json)
Hash identifier:          6IgwbN/FY7d674XnSHPHiiZ552vWDDeHKNtg9Y/rln4=
Subject key identifier:   EF:02:38:77:2E:55:E4:70:1F:1B:FC:68:F1:CA:B1:28:47:68:51:F8
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747E972BD02720CE5C5784FE69CC332
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7wI4dy5V5HAfG_xo8cqxKEdoUfg.roa
Signing time:             Thu 02 Jan 2025 13:50:11 +0000
ROA not before:           Thu 02 Jan 2025 13:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39135
IP address blocks:        212.5.129.0/24 maxlen: 24
                          212.5.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e9:72:bd:02:72:0c:e5:c5:78:4f:e6:9c:c3:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef0238772e55e4701f1bfc68f1cab128476851f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:d7:96:01:22:99:2b:02:a9:66:fd:b1:49:22:
                    7a:df:be:99:d5:fc:cc:1c:51:90:bf:af:ab:a1:77:
                    0f:8d:26:69:0a:25:c0:e6:74:73:1b:95:61:8b:bf:
                    2f:18:70:91:65:c7:aa:4b:41:ac:62:49:86:49:d9:
                    a7:99:53:d9:31:83:b1:69:7d:3c:19:ca:50:c3:6a:
                    b0:32:f3:1f:93:33:9e:80:f1:b6:f6:dc:08:00:65:
                    cf:c0:70:77:52:c6:16:9a:51:64:09:89:3a:18:58:
                    c3:b9:97:40:0b:31:e5:ee:75:c2:07:1a:21:76:29:
                    5a:b8:79:bd:c8:67:c8:c3:e2:df:46:d9:ad:c4:a9:
                    f5:37:26:25:ba:0c:ef:9c:88:c9:89:3a:a8:6c:2a:
                    72:60:85:be:53:f6:b6:f7:8c:63:66:eb:52:69:15:
                    11:40:56:f0:d8:3a:cd:4f:e8:93:4f:25:da:89:5e:
                    d8:c7:88:fa:a6:7c:e8:11:03:7f:f5:e1:91:68:a5:
                    de:e9:8e:72:bb:19:cf:33:11:d7:42:56:bc:17:bc:
                    ec:6f:12:69:bb:d7:ef:b4:53:e0:4b:d7:47:31:3b:
                    b5:c4:b3:d4:42:f0:99:6b:7e:2d:69:79:03:57:c5:
                    7d:4d:ea:c9:80:5c:9b:e9:23:6a:eb:d8:71:c8:90:
                    d4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:02:38:77:2E:55:E4:70:1F:1B:FC:68:F1:CA:B1:28:47:68:51:F8
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7wI4dy5V5HAfG_xo8cqxKEdoUfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.5.129.0-212.5.130.255

    Signature Algorithm: sha256WithRSAEncryption
         b4:c6:50:91:1f:e6:d0:f1:b2:19:37:e9:43:82:39:72:e8:58:
         98:f5:37:92:b7:aa:69:40:11:24:69:9a:3c:cc:27:10:f8:10:
         15:a5:1a:23:af:a7:b9:f5:7a:78:ac:65:eb:54:77:32:cd:b0:
         d7:75:ae:ee:a3:48:23:2b:b5:ae:65:8f:8f:08:3a:40:ec:db:
         bb:49:dc:80:9a:e0:af:cc:eb:e6:68:5d:91:44:b8:e9:20:e4:
         56:e3:5b:4e:6a:12:0f:1e:9f:8c:b6:27:40:58:ac:54:d7:13:
         73:4e:77:9f:41:62:07:1d:76:dd:2e:1c:63:04:0d:f1:79:0e:
         e7:a0:07:04:2d:3e:6a:c8:7a:1c:e3:63:2d:5a:ad:29:53:20:
         71:dd:74:84:2d:ac:05:ff:70:3f:5c:0e:a4:da:31:6f:8e:0a:
         5b:c8:9b:57:d8:42:a5:a3:47:9f:bb:cc:0c:6e:c8:4c:ae:b6:
         47:e0:47:f5:26:ed:fc:70:d2:1c:09:45:d2:64:da:04:bf:0f:
         df:1a:5f:c5:bc:d1:00:5a:bf:a4:d2:46:9f:f5:fe:e4:92:1c:
         da:a4:43:b3:5f:32:5d:a5:89:c9:80:d9:7b:5d:39:c2:38:56:
         d0:c6:05:5e:29:52:c4:8f:be:e8:57:27:22:ee:fa:de:46:88:
         b3:c1:92:7d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQnR+lyvQJyDOXFeE/mnMMyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjAyMzg3NzJlNTVlNDcwMWYxYmZjNjhmMWNhYjEyODQ3Njg1MWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3deWASKZKwKpZv2xSSJ6376Z1fzM
HFGQv6+roXcPjSZpCiXA5nRzG5Vhi78vGHCRZceqS0GsYkmGSdmnmVPZMYOxaX08
GcpQw2qwMvMfkzOegPG29twIAGXPwHB3UsYWmlFkCYk6GFjDuZdACzHl7nXCBxoh
dilauHm9yGfIw+LfRtmtxKn1NyYlugzvnIjJiTqobCpyYIW+U/a294xjZutSaRUR
QFbw2DrNT+iTTyXaiV7Yx4j6pnzoEQN/9eGRaKXe6Y5yuxnPMxHXQla8F7zsbxJp
u9fvtFPgS9dHMTu1xLPUQvCZa34taXkDV8V9TerJgFyb6SNq69hxyJDUBQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO8COHcuVeRwHxv8aPHKsShHaFH4MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvN3dJNGR5NVY1SEFmR194bzhjcXhLRWRvVWZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADUBYED
BADUBYIwDQYJKoZIhvcNAQELBQADggEBALTGUJEf5tDxshk36UOCOXLoWJj1N5K3
qmlAESRpmjzMJxD4EBWlGiOvp7n1enisZetUdzLNsNd1ru6jSCMrta5lj48IOkDs
27tJ3ICa4K/M6+ZoXZFEuOkg5FbjW05qEg8en4y2J0BYrFTXE3NOd59BYgcddt0u
HGMEDfF5DuegBwQtPmrIehzjYy1arSlTIHHddIQtrAX/cD9cDqTaMW+OClvIm1fY
QqWjR5+7zAxuyEyutkfgR/Um7fxw0hwJRdJk2gS/D98aX8W80QBav6TSRp/1/uSS
HNqkQ7NfMl2licmA2XtdOcI4VtDGBV4pUsSPvuhXJyLu+t5GiLPBkn0=
-----END CERTIFICATE-----