Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/IfT3mv-srwgc4CQ7fQArEzebBBA.roa
File:                     IfT3mv-srwgc4CQ7fQArEzebBBA.roa (raw, json)
Hash identifier:          95gb7vVhebJAmqOzG0YfdjEqberXj+/78wM2EUtK1Cc=
Subject key identifier:   21:F4:F7:9A:FF:AC:AF:08:1C:E0:24:3B:7D:00:2B:13:37:9B:04:10
Certificate issuer:       /CN=7a05ea59805f94be185282039bbae2fa8a9253f5
Certificate serial:       0194206860F98EC8D30569C9385DC8618F7E
Authority key identifier: 7A:05:EA:59:80:5F:94:BE:18:52:82:03:9B:BA:E2:FA:8A:92:53:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/egXqWYBflL4YUoIDm7ri-oqSU_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/IfT3mv-srwgc4CQ7fQArEzebBBA.roa
Signing time:             Wed 01 Jan 2025 05:48:18 +0000
ROA not before:           Wed 01 Jan 2025 05:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50376
IP address blocks:        212.6.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/egXqWYBflL4YUoIDm7ri-oqSU_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/egXqWYBflL4YUoIDm7ri-oqSU_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/egXqWYBflL4YUoIDm7ri-oqSU_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:60:f9:8e:c8:d3:05:69:c9:38:5d:c8:61:8f:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a05ea59805f94be185282039bbae2fa8a9253f5
        Validity
            Not Before: Jan  1 05:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21f4f79affacaf081ce0243b7d002b13379b0410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ed:35:18:82:c2:6f:ae:9e:e8:b2:01:80:bf:
                    13:3f:1a:4f:f1:6b:55:6f:66:b3:fd:a7:da:f6:17:
                    1a:ec:e1:b7:52:08:fd:fc:1c:ce:cb:cd:bc:51:22:
                    20:d7:3a:02:4f:3b:3f:f0:69:0f:38:f8:9a:8c:96:
                    a5:7c:f2:b6:ed:c5:7e:ce:5e:22:9b:de:b8:c9:e1:
                    50:7e:11:4b:85:0d:5d:bf:59:76:03:d5:49:bc:1b:
                    dc:b8:5c:01:64:a2:1b:56:70:b5:5d:2b:fa:f5:49:
                    ca:c2:fb:d0:c5:78:b4:1a:5f:96:e8:2f:29:04:2d:
                    4f:04:e3:f7:52:06:f6:6c:2b:7f:d6:e7:89:70:b3:
                    d7:00:6c:59:aa:50:e0:b2:0f:46:79:f9:9a:d9:8f:
                    9e:be:6a:af:db:1f:e4:84:18:dc:87:d8:66:f1:e2:
                    b4:3b:b4:ff:fd:93:77:e9:16:9b:ca:7a:d1:81:31:
                    f2:0e:ad:0a:a3:a1:f0:a7:0c:75:bb:a7:44:b6:03:
                    cf:66:0e:37:31:73:ad:7b:4a:f1:90:b5:e9:da:35:
                    4d:e0:5b:83:c6:45:1f:f5:56:7c:91:44:88:b7:07:
                    77:39:15:a5:0a:60:7f:06:42:99:4d:36:75:29:1b:
                    10:bd:c7:37:49:4b:1b:36:0c:78:20:0b:b7:96:64:
                    29:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:F4:F7:9A:FF:AC:AF:08:1C:E0:24:3B:7D:00:2B:13:37:9B:04:10
            X509v3 Authority Key Identifier:
                keyid:7A:05:EA:59:80:5F:94:BE:18:52:82:03:9B:BA:E2:FA:8A:92:53:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/egXqWYBflL4YUoIDm7ri-oqSU_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/IfT3mv-srwgc4CQ7fQArEzebBBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/egXqWYBflL4YUoIDm7ri-oqSU_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:23:e5:ab:28:dd:6b:81:d8:60:e9:e9:27:5a:d6:03:e2:77:
         65:cb:1e:56:8b:85:6e:68:35:9f:42:f6:a7:44:c7:90:4c:17:
         e2:09:7c:88:27:be:dd:24:12:bb:bb:32:11:f3:ef:fe:2c:34:
         39:99:34:7b:4a:ca:41:7e:da:05:32:9a:90:71:e2:8d:2f:f8:
         e5:f0:fc:9e:c0:bd:ee:5f:81:25:6b:2e:c9:4e:f7:29:e1:f4:
         25:2e:9e:20:00:a8:09:09:25:94:f0:b0:48:3d:b5:10:36:e3:
         61:23:54:02:73:99:0f:f0:12:2e:b9:19:bb:99:fe:97:de:61:
         3e:98:b6:a7:9a:63:8b:d7:a8:f7:4f:9a:40:d5:08:18:95:77:
         f2:e1:f9:ca:4b:4e:24:e7:38:e2:99:c3:d1:50:39:7b:eb:e8:
         af:ac:c9:c8:b5:4b:c4:b9:2f:2a:94:e2:37:6a:84:b6:68:ba:
         7f:96:0f:65:6f:b2:34:42:69:54:ac:fb:87:d9:ec:84:8d:3f:
         a6:e8:b9:ec:51:dc:34:35:d9:78:72:4f:e8:16:60:db:36:9b:
         8a:46:5f:86:b1:0a:eb:f8:4b:19:67:c7:36:14:93:94:3b:38:
         38:26:e1:f5:c4:26:35:96:75:75:2e:d5:52:c3:e6:7f:ec:29:
         a8:67:9b:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGD5jsjTBWnJOF3IYY9+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMDVlYTU5ODA1Zjk0YmUxODUyODIwMzliYmFlMmZhOGE5
MjUzZjUwHhcNMjUwMTAxMDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWY0Zjc5YWZmYWNhZjA4MWNlMDI0M2I3ZDAwMmIxMzM3OWIwNDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtO01GILCb66e6LIBgL8TPxpP8WtV
b2az/afa9hca7OG3Ugj9/BzOy828USIg1zoCTzs/8GkPOPiajJalfPK27cV+zl4i
m964yeFQfhFLhQ1dv1l2A9VJvBvcuFwBZKIbVnC1XSv69UnKwvvQxXi0Gl+W6C8p
BC1PBOP3Ugb2bCt/1ueJcLPXAGxZqlDgsg9Gefma2Y+evmqv2x/khBjch9hm8eK0
O7T//ZN36RabynrRgTHyDq0Ko6Hwpwx1u6dEtgPPZg43MXOte0rxkLXp2jVN4FuD
xkUf9VZ8kUSItwd3ORWlCmB/BkKZTTZ1KRsQvcc3SUsbNgx4IAu3lmQprQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCH095r/rK8IHOAkO30AKxM3mwQQMB8GA1UdIwQY
MBaAFHoF6lmAX5S+GFKCA5u64vqKklP1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWdYcVdZQmZsTDRZVW9JRG03cmktb3FTVV9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9jZjI0YmQtYzE1Yi00ODRjLTk3MzIt
MDRiMzgxM2YzYjNkLzEvSWZUM212LXNyd2djNENRN2ZRQXJFemViQkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9jZjI0YmQtYzE1Yi00ODRjLTk3MzItMDRiMzgxM2YzYjNk
LzEvZWdYcVdZQmZsTDRZVW9JRG03cmktb3FTVV9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AY7MA0G
CSqGSIb3DQEBCwUAA4IBAQByI+WrKN1rgdhg6eknWtYD4ndlyx5Wi4VuaDWfQvan
RMeQTBfiCXyIJ77dJBK7uzIR8+/+LDQ5mTR7SspBftoFMpqQceKNL/jl8PyewL3u
X4Elay7JTvcp4fQlLp4gAKgJCSWU8LBIPbUQNuNhI1QCc5kP8BIuuRm7mf6X3mE+
mLanmmOL16j3T5pA1QgYlXfy4fnKS04k5zjimcPRUDl76+ivrMnItUvEuS8qlOI3
aoS2aLp/lg9lb7I0QmlUrPuH2eyEjT+m6LnsUdw0Ndl4ck/oFmDbNpuKRl+GsQrr
+EsZZ8c2FJOUOzg4JuH1xCY1lnV1LtVSw+Z/7CmoZ5vC
-----END CERTIFICATE-----