Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/uoQypbe_WXl9fUjjkza2xu-8nhM.roa
File:                     uoQypbe_WXl9fUjjkza2xu-8nhM.roa (raw, json)
Hash identifier:          YX+cx3IEUEYmyF+dpQ2e75vD+fBMEYY3zSfURoavVBs=
Subject key identifier:   BA:84:32:A5:B7:BF:59:79:7D:7D:48:E3:93:36:B6:C6:EF:BC:9E:13
Certificate issuer:       /CN=abbad3de831da94222c1add104caf4c3247689ac
Certificate serial:       01942826CE12A9037B790EF46BC8F26729E4
Authority key identifier: AB:BA:D3:DE:83:1D:A9:42:22:C1:AD:D1:04:CA:F4:C3:24:76:89:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/uoQypbe_WXl9fUjjkza2xu-8nhM.roa
Signing time:             Thu 02 Jan 2025 17:53:39 +0000
ROA not before:           Thu 02 Jan 2025 17:53:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12548
IP address blocks:        212.68.160.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/q7rT3oMdqUIiwa3RBMr0wyR2iaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/q7rT3oMdqUIiwa3RBMr0wyR2iaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:ce:12:a9:03:7b:79:0e:f4:6b:c8:f2:67:29:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abbad3de831da94222c1add104caf4c3247689ac
        Validity
            Not Before: Jan  2 17:53:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba8432a5b7bf59797d7d48e39336b6c6efbc9e13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c6:7a:ac:6b:9f:bb:eb:b0:8d:ec:c6:4a:c6:
                    03:1c:4e:06:f3:62:74:83:3d:56:8c:e2:c8:01:2e:
                    c8:de:a2:9d:08:0a:2b:ef:20:da:2c:cf:4a:b2:bc:
                    61:8d:6d:b8:24:9c:de:1b:7d:bd:01:fb:93:d8:97:
                    a4:2e:9c:46:4f:78:7a:cc:45:de:37:a8:01:2c:45:
                    ea:3e:5f:e0:63:6d:ee:6c:d7:aa:ca:67:3d:46:37:
                    9f:01:3d:bf:83:79:45:52:82:1e:72:29:3e:59:b7:
                    51:8e:38:24:0a:4b:58:46:4b:18:f5:3b:cd:6e:fa:
                    ca:80:5e:d2:34:b6:f6:a7:63:9c:2d:0a:32:69:4e:
                    b5:1d:71:59:c1:cd:d0:e9:de:67:94:19:2e:9e:c0:
                    4b:02:08:0e:a0:5a:06:b6:9c:06:b8:dd:df:35:23:
                    52:49:30:bf:15:e4:d0:50:41:f1:36:8a:db:78:bb:
                    a5:49:54:d2:09:f3:de:ed:5b:cf:86:b5:13:56:75:
                    08:fd:b1:0a:e9:55:9c:5d:22:28:cc:d5:6c:78:c4:
                    2a:ea:3e:f2:dd:b9:96:dc:67:1a:71:d8:10:6d:e0:
                    5e:de:e9:e5:e6:aa:93:7c:b4:f0:e3:30:19:d5:b3:
                    54:f1:4c:f3:82:b5:0e:50:34:0c:f0:9d:8b:16:54:
                    7d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:84:32:A5:B7:BF:59:79:7D:7D:48:E3:93:36:B6:C6:EF:BC:9E:13
            X509v3 Authority Key Identifier:
                keyid:AB:BA:D3:DE:83:1D:A9:42:22:C1:AD:D1:04:CA:F4:C3:24:76:89:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/uoQypbe_WXl9fUjjkza2xu-8nhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/q7rT3oMdqUIiwa3RBMr0wyR2iaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.68.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:b2:4a:e5:2f:7b:d0:ca:6a:ec:44:f1:3a:99:63:67:d4:e0:
         71:21:41:7a:8f:64:1c:cf:07:c0:74:46:31:03:aa:45:56:51:
         94:15:88:8b:5a:49:07:bc:9c:9f:8c:d1:ae:10:db:c2:7b:b5:
         6e:97:77:85:97:4f:e0:82:d9:04:1e:66:d1:4a:9a:0e:f6:d2:
         6c:92:54:8f:f2:25:0f:c5:c7:aa:75:c9:9a:69:80:c7:1f:8a:
         50:27:07:0a:2d:35:66:c7:d1:ba:f8:31:db:2f:04:a3:ae:e0:
         f8:21:8d:5b:e8:fe:35:b2:70:11:55:0f:8e:c8:53:9e:53:65:
         f9:b8:dc:46:d8:dd:82:fc:ae:ab:37:cc:4c:d6:15:80:e0:44:
         a8:a7:e3:1c:c9:ee:80:86:07:c8:72:e6:0c:a1:89:8a:dc:da:
         b9:2c:be:11:bd:a6:b2:c3:31:ee:48:b5:a7:af:72:54:ef:c7:
         19:04:c4:c8:4d:a6:30:08:ab:b9:80:89:1f:a2:c8:81:25:23:
         12:92:7f:6f:8c:3d:9c:f1:51:22:54:fc:82:8e:16:15:05:56:
         49:20:b0:cc:f0:19:83:89:98:f8:ad:00:96:3a:53:f3:ea:e5:
         b7:c8:ab:85:7e:c2:b7:7a:f3:63:4f:10:c8:9c:8c:8b:fe:db:
         0c:5b:aa:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJs4SqQN7eQ70a8jyZynkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYmFkM2RlODMxZGE5NDIyMmMxYWRkMTA0Y2FmNGMzMjQ3
Njg5YWMwHhcNMjUwMTAyMTc1MzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTg0MzJhNWI3YmY1OTc5N2Q3ZDQ4ZTM5MzM2YjZjNmVmYmM5ZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8Z6rGufu+uwjezGSsYDHE4G82J0
gz1WjOLIAS7I3qKdCAor7yDaLM9KsrxhjW24JJzeG329AfuT2JekLpxGT3h6zEXe
N6gBLEXqPl/gY23ubNeqymc9RjefAT2/g3lFUoIecik+WbdRjjgkCktYRksY9TvN
bvrKgF7SNLb2p2OcLQoyaU61HXFZwc3Q6d5nlBkunsBLAggOoFoGtpwGuN3fNSNS
STC/FeTQUEHxNorbeLulSVTSCfPe7VvPhrUTVnUI/bEK6VWcXSIozNVseMQq6j7y
3bmW3GcacdgQbeBe3unl5qqTfLTw4zAZ1bNU8UzzgrUOUDQM8J2LFlR9AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqEMqW3v1l5fX1I45M2tsbvvJ4TMB8GA1UdIwQY
MBaAFKu6096DHalCIsGt0QTK9MMkdomsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTdyVDNvTWRxVUlpd2EzUkJNcjB3eVIyaWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZTgxNDktZDUzYy00OTkyLWJkMDct
NTVjNDM0ZWVjOTZjLzEvdW9ReXBiZV9XWGw5ZlVqamt6YTJ4dS04bmhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZTgxNDktZDUzYy00OTkyLWJkMDctNTVjNDM0ZWVjOTZj
LzEvcTdyVDNvTWRxVUlpd2EzUkJNcjB3eVIyaWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ESgMA0G
CSqGSIb3DQEBCwUAA4IBAQChskrlL3vQymrsRPE6mWNn1OBxIUF6j2QczwfAdEYx
A6pFVlGUFYiLWkkHvJyfjNGuENvCe7Vul3eFl0/ggtkEHmbRSpoO9tJsklSP8iUP
xceqdcmaaYDHH4pQJwcKLTVmx9G6+DHbLwSjruD4IY1b6P41snARVQ+OyFOeU2X5
uNxG2N2C/K6rN8xM1hWA4ESop+Mcye6AhgfIcuYMoYmK3Nq5LL4RvaaywzHuSLWn
r3JU78cZBMTITaYwCKu5gIkfosiBJSMSkn9vjD2c8VEiVPyCjhYVBVZJILDM8BmD
iZj4rQCWOlPz6uW3yKuFfsK3evNjTxDInIyL/tsMW6qp
-----END CERTIFICATE-----