Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/JI0eb8S1GNh05B8yRPp4g-MmznE.roa
File:                     JI0eb8S1GNh05B8yRPp4g-MmznE.roa (raw, json)
Hash identifier:          vofbBr6agtDCq9C2DcAavwwJSfex0/8B3Z91wfqPM6M=
Subject key identifier:   24:8D:1E:6F:C4:B5:18:D8:74:E4:1F:32:44:FA:78:83:E3:26:CE:71
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019424455DE21FE4EDD395499FDF53B30C1A
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/JI0eb8S1GNh05B8yRPp4g-MmznE.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12956
IP address blocks:        213.99.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5d:e2:1f:e4:ed:d3:95:49:9f:df:53:b3:0c:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=248d1e6fc4b518d874e41f3244fa7883e326ce71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:77:59:85:f9:40:5e:a5:8f:94:b9:e6:21:75:
                    6a:3b:21:0e:c2:28:b5:3e:65:8a:56:1c:fa:d2:15:
                    70:89:01:f0:e3:aa:75:90:ea:22:99:1d:c1:57:4a:
                    df:ab:c7:9d:c6:c5:2c:bb:37:53:2c:de:28:a6:0a:
                    78:7d:72:79:64:68:37:e5:21:b8:99:d8:3c:db:d1:
                    de:6a:b0:1b:a1:d1:1d:eb:5e:a2:9b:70:f4:cb:1e:
                    17:cc:88:cb:5e:13:29:e7:39:aa:65:10:82:7c:16:
                    c4:b1:9d:40:5c:b9:cb:51:2e:70:06:82:bd:5a:df:
                    08:40:8e:72:87:09:13:9d:70:b4:49:8a:3d:99:ad:
                    d6:80:b6:b5:67:41:a7:00:c0:6c:4d:36:6f:ad:d7:
                    fa:13:cb:f3:b3:c9:e4:ff:e0:c8:5a:0d:b2:39:5d:
                    0b:f9:3d:03:df:9e:a3:83:2f:1f:7a:c5:88:0e:b7:
                    aa:8d:a5:20:ba:f3:fc:7c:49:d1:35:73:cd:6a:78:
                    0f:63:1c:34:32:b9:c9:cf:4a:d7:12:e8:83:60:5c:
                    77:c2:6f:31:3e:e3:ce:1c:a3:aa:13:3a:d6:8c:26:
                    ea:2b:9f:fb:e7:0e:16:1c:64:08:49:e0:46:05:1b:
                    8e:86:88:93:8b:a7:1a:d3:34:d7:11:e4:c1:86:36:
                    74:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8D:1E:6F:C4:B5:18:D8:74:E4:1F:32:44:FA:78:83:E3:26:CE:71
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/JI0eb8S1GNh05B8yRPp4g-MmznE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.99.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:ca:6f:f2:1a:3a:37:9b:3e:da:2c:3d:0f:ea:33:45:77:4e:
         00:78:fe:44:ab:79:2a:f3:b2:ad:f6:f1:ed:af:56:b8:a7:69:
         2b:f6:1b:3b:28:34:78:64:b1:5a:30:12:7d:94:35:ff:f3:56:
         3d:86:18:a0:d4:9c:32:33:0f:a7:53:0a:d1:ef:43:9f:02:b0:
         30:62:b0:76:5b:08:1e:3f:03:a4:40:92:54:91:f5:e4:2b:19:
         dd:39:b2:67:7d:93:81:e6:d1:64:40:a3:66:f3:3e:d0:84:75:
         5b:d7:67:24:83:40:48:4e:ec:e6:e0:76:cf:9f:23:bd:b8:1e:
         cf:83:23:f4:9b:58:9a:bf:b5:5d:ac:86:37:91:ba:ad:2c:58:
         a0:95:c4:46:cf:c6:f1:d6:ab:c4:5b:3f:03:f6:f3:1c:12:ab:
         b0:da:b8:cc:68:b1:90:1a:07:8d:2b:41:29:a3:34:7e:8f:ec:
         de:f9:22:a3:43:30:74:d5:d6:c0:90:02:83:ff:45:89:27:ce:
         e1:bd:eb:bb:52:a1:1f:76:b7:a2:91:36:58:2b:5f:d7:4c:c0:
         88:0d:37:f3:1c:58:56:bc:a6:be:32:1f:f1:36:67:1a:e6:2c:
         8f:7f:61:ad:6b:6c:36:fa:47:71:77:95:17:52:35:48:f9:79:
         62:46:26:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRV3iH+Tt05VJn99TswwaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDhkMWU2ZmM0YjUxOGQ4NzRlNDFmMzI0NGZhNzg4M2UzMjZjZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAundZhflAXqWPlLnmIXVqOyEOwii1
PmWKVhz60hVwiQHw46p1kOoimR3BV0rfq8edxsUsuzdTLN4opgp4fXJ5ZGg35SG4
mdg829HearAbodEd616im3D0yx4XzIjLXhMp5zmqZRCCfBbEsZ1AXLnLUS5wBoK9
Wt8IQI5yhwkTnXC0SYo9ma3WgLa1Z0GnAMBsTTZvrdf6E8vzs8nk/+DIWg2yOV0L
+T0D356jgy8fesWIDreqjaUguvP8fEnRNXPNangPYxw0MrnJz0rXEuiDYFx3wm8x
PuPOHKOqEzrWjCbqK5/75w4WHGQISeBGBRuOhoiTi6ca0zTXEeTBhjZ0bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSNHm/EtRjYdOQfMkT6eIPjJs5xMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvSkkwZWI4UzFHTmgwNUI4eVJQcDRnLU1tem5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1WMQMA0G
CSqGSIb3DQEBCwUAA4IBAQCKym/yGjo3mz7aLD0P6jNFd04AeP5Eq3kq87Kt9vHt
r1a4p2kr9hs7KDR4ZLFaMBJ9lDX/81Y9hhig1JwyMw+nUwrR70OfArAwYrB2Wwge
PwOkQJJUkfXkKxndObJnfZOB5tFkQKNm8z7QhHVb12ckg0BITuzm4HbPnyO9uB7P
gyP0m1iav7VdrIY3kbqtLFiglcRGz8bx1qvEWz8D9vMcEquw2rjMaLGQGgeNK0Ep
ozR+j+ze+SKjQzB01dbAkAKD/0WJJ87hveu7UqEfdreikTZYK1/XTMCIDTfzHFhW
vKa+Mh/xNmca5iyPf2Gta2w2+kdxd5UXUjVI+XliRiaF
-----END CERTIFICATE-----