Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/xep_ZSd-UYST4LG5ubjmMHrwdGA.roa
File:                     xep_ZSd-UYST4LG5ubjmMHrwdGA.roa (raw, json)
Hash identifier:          OlesDq6IzgVFC9THyQPDW7jLAYbE9zx0KcnWSKDk/sU=
Subject key identifier:   C5:EA:7F:65:27:7E:51:84:93:E0:B1:B9:B9:B8:E6:30:7A:F0:74:60
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747E19A573D468095A267816BDC8BB2
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/xep_ZSd-UYST4LG5ubjmMHrwdGA.roa
Signing time:             Thu 02 Jan 2025 13:50:09 +0000
ROA not before:           Thu 02 Jan 2025 13:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12756
IP address blocks:        212.72.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e1:9a:57:3d:46:80:95:a2:67:81:6b:dc:8b:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5ea7f65277e518493e0b1b9b9b8e6307af07460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a6:75:ca:33:54:1f:1e:9f:17:ae:88:91:68:
                    13:20:cb:02:60:6f:88:4b:97:57:9c:db:3d:c9:ae:
                    42:c8:5f:f0:aa:ab:51:86:28:26:ce:4c:14:4e:d2:
                    97:ff:a7:7e:9f:84:fe:15:64:8b:cd:c8:38:fb:71:
                    a3:b7:63:33:21:42:0a:68:22:cf:7a:18:69:63:6d:
                    01:83:09:66:15:f8:f4:c9:b0:60:5b:88:26:17:64:
                    c8:ff:71:30:a7:80:ee:0d:34:bf:e2:9f:4d:91:08:
                    bc:13:c8:ab:43:88:93:79:c7:b4:33:dd:1f:af:14:
                    de:20:b0:90:b2:82:28:7e:70:ac:4e:46:f3:7a:68:
                    8a:15:59:b2:c2:ed:9f:0d:e5:b5:69:f7:c1:9d:f5:
                    27:62:cf:ad:f7:0b:64:26:c8:36:b5:11:26:3b:aa:
                    1f:4b:6c:e1:0c:a2:30:71:d1:4d:46:c0:72:c6:2b:
                    b8:d4:c8:2b:e5:94:52:d4:5f:c8:6a:c2:2a:72:bc:
                    da:f7:70:49:db:79:02:e8:1e:36:28:e6:fa:0d:84:
                    34:70:59:25:48:3e:fb:f0:b7:09:da:bb:3c:09:e5:
                    62:95:4f:5c:97:15:62:76:40:65:9f:f0:cc:3d:71:
                    43:fa:a7:5a:d5:00:21:76:44:54:23:88:e3:57:20:
                    e9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:EA:7F:65:27:7E:51:84:93:E0:B1:B9:B9:B8:E6:30:7A:F0:74:60
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/xep_ZSd-UYST4LG5ubjmMHrwdGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.72.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:d6:80:1e:3a:7b:ae:3f:a3:a1:6b:d9:50:70:43:48:cb:a2:
         73:ac:1e:92:3b:69:04:99:71:6e:10:20:53:24:10:4e:da:c5:
         fe:65:89:62:d3:93:e4:9f:0b:30:5f:56:7c:8c:db:5a:a2:48:
         07:3e:72:69:9a:c9:87:c3:e9:45:b9:70:77:df:5a:bf:5f:bd:
         cf:70:c7:1b:72:fa:71:31:ff:ec:02:17:e0:5b:d7:26:77:23:
         cb:fa:4e:87:fb:20:f6:3f:27:a2:07:fa:81:e7:87:e4:ae:99:
         85:40:50:17:f7:5b:bc:d0:46:be:f1:93:b0:42:46:92:6a:f2:
         1b:5f:b9:e5:ef:68:80:41:50:55:a3:3f:ee:f7:4e:2b:cb:7f:
         82:64:f4:fd:15:de:a9:29:27:db:f1:34:c1:eb:97:69:b7:fe:
         1f:06:f3:4d:aa:4f:31:62:be:ec:7b:1c:1c:1e:7f:21:02:20:
         91:06:bf:97:39:2d:ff:39:17:50:f1:ab:f9:d0:1f:de:63:0e:
         52:d4:eb:16:35:37:e5:1f:73:65:16:4e:1c:e7:03:94:6a:51:
         4d:2b:22:e5:79:d9:d8:f0:3f:92:ab:54:05:d1:71:64:af:c6:
         8d:74:d6:60:bf:5e:ef:d1:1d:29:76:0b:61:44:93:f0:8f:49:
         3f:51:21:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+GaVz1GgJWiZ4Fr3IuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWVhN2Y2NTI3N2U1MTg0OTNlMGIxYjliOWI4ZTYzMDdhZjA3NDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KZ1yjNUHx6fF66IkWgTIMsCYG+I
S5dXnNs9ya5CyF/wqqtRhigmzkwUTtKX/6d+n4T+FWSLzcg4+3Gjt2MzIUIKaCLP
ehhpY20BgwlmFfj0ybBgW4gmF2TI/3Ewp4DuDTS/4p9NkQi8E8irQ4iTece0M90f
rxTeILCQsoIofnCsTkbzemiKFVmywu2fDeW1affBnfUnYs+t9wtkJsg2tREmO6of
S2zhDKIwcdFNRsByxiu41Mgr5ZRS1F/IasIqcrza93BJ23kC6B42KOb6DYQ0cFkl
SD778LcJ2rs8CeVilU9clxVidkBln/DMPXFD+qda1QAhdkRUI4jjVyDpFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXqf2UnflGEk+Cxubm45jB68HRgMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEveGVwX1pTZC1VWVNUNExHNXViam1NSHJ3ZEdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EjNMA0G
CSqGSIb3DQEBCwUAA4IBAQAk1oAeOnuuP6Oha9lQcENIy6JzrB6SO2kEmXFuECBT
JBBO2sX+ZYli05PknwswX1Z8jNtaokgHPnJpmsmHw+lFuXB331q/X73PcMcbcvpx
Mf/sAhfgW9cmdyPL+k6H+yD2PyeiB/qB54fkrpmFQFAX91u80Ea+8ZOwQkaSavIb
X7nl72iAQVBVoz/u904ry3+CZPT9Fd6pKSfb8TTB65dpt/4fBvNNqk8xYr7sexwc
Hn8hAiCRBr+XOS3/ORdQ8av50B/eYw5S1OsWNTflH3NlFk4c5wOUalFNKyLlednY
8D+Sq1QF0XFkr8aNdNZgv17v0R0pdgthRJPwj0k/USF+
-----END CERTIFICATE-----