Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/d1deXM4xRbSP2UhrLzN0Mx2NRgs.roa
File:                     d1deXM4xRbSP2UhrLzN0Mx2NRgs.roa (raw, json)
Hash identifier:          qhm+RjDaElbxGpexTe1+uIgmaSf6XCswUmT9fyMU4Nw=
Subject key identifier:   77:57:5E:5C:CE:31:45:B4:8F:D9:48:6B:2F:33:74:33:1D:8D:46:0B
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       0194228DFCE2C9B0DB3899CD35B8F115C623
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/d1deXM4xRbSP2UhrLzN0Mx2NRgs.roa
Signing time:             Wed 01 Jan 2025 15:48:38 +0000
ROA not before:           Wed 01 Jan 2025 15:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213951
IP address blocks:        212.20.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:fc:e2:c9:b0:db:38:99:cd:35:b8:f1:15:c6:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jan  1 15:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77575e5cce3145b48fd9486b2f3374331d8d460b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:cb:c5:ea:db:0f:d2:dd:32:92:8d:4a:49:0f:
                    e1:4f:2b:71:e0:14:7e:fc:7e:72:c7:32:ec:59:0f:
                    f5:3e:57:49:cc:83:37:df:31:9c:2d:fd:63:0c:70:
                    83:89:8a:1a:10:9c:69:77:fb:ba:18:ef:45:85:e4:
                    25:46:63:aa:c0:e1:9f:5e:6b:b1:9e:77:67:cf:34:
                    36:ed:97:56:f1:e5:e8:4d:aa:d9:a5:a4:59:ec:31:
                    1e:7e:64:f9:d6:3d:4e:50:f6:2a:86:3e:5d:7f:e5:
                    79:5e:7f:52:72:77:d0:f3:5a:a0:04:e7:ba:b7:53:
                    47:f3:bb:3f:51:31:44:0a:d0:0f:76:f2:e7:65:0d:
                    c8:94:b9:a2:0a:15:38:37:74:53:db:f2:17:e4:21:
                    2a:da:65:fc:6f:59:e4:3d:b1:a5:e8:38:4c:79:5b:
                    43:8b:52:31:08:08:dc:67:1a:7f:40:e1:c4:86:5f:
                    3d:19:7f:c2:f4:66:d4:a2:1c:c9:80:74:8c:70:39:
                    46:de:5e:9d:48:4e:51:84:e2:fb:81:24:31:4b:a6:
                    34:54:4d:3d:d8:03:5c:7e:3b:cb:ad:39:62:83:c9:
                    a4:98:14:52:05:e4:f9:46:2f:24:fa:97:79:35:b0:
                    2d:f0:59:e3:77:5a:0c:42:f2:ea:01:00:be:fc:22:
                    00:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:57:5E:5C:CE:31:45:B4:8F:D9:48:6B:2F:33:74:33:1D:8D:46:0B
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/d1deXM4xRbSP2UhrLzN0Mx2NRgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.20.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:4c:14:0a:d8:a2:2e:64:d6:86:83:dd:47:f7:d4:b9:ab:d6:
         dd:fe:bc:03:44:46:43:46:95:7b:65:76:74:05:50:fd:94:54:
         92:88:f4:e7:01:8e:a0:f1:e8:c1:5d:7a:4c:20:86:15:51:7d:
         c9:cb:5c:f2:60:59:37:ac:e7:df:26:04:81:dd:c9:c7:c0:d6:
         b2:92:29:37:21:59:f3:99:4c:84:55:cc:2d:00:82:5b:fe:b6:
         ce:b2:30:fd:84:f0:53:54:02:ef:99:1a:7b:cc:b8:29:d2:74:
         37:c7:46:83:45:a3:5d:5a:6a:ac:67:dd:3c:b7:f6:ee:c8:63:
         8c:08:95:f7:53:df:f5:20:f2:71:8b:0e:45:b5:8b:26:4d:e4:
         2b:5b:6d:88:4c:29:79:bf:76:d2:7d:3a:b1:52:0f:76:a9:2e:
         1a:76:ea:df:67:f5:ac:24:50:0f:f5:dd:84:30:f2:4a:c9:5b:
         3d:b2:d5:7a:21:d2:0b:f5:de:62:7e:37:86:74:77:32:b4:80:
         7d:07:f9:dd:5c:90:ed:c5:1a:c7:0d:4f:a9:6b:fc:e3:d7:08:
         d3:04:d2:f5:5a:ea:c7:f1:70:12:bb:3d:a9:69:55:bb:79:ce:
         90:d1:ae:2e:8f:97:e1:56:f6:f2:bc:8e:21:ab:3e:f2:83:2f:
         01:01:57:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijfziybDbOJnNNbjxFcYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjUwMTAxMTU0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzU3NWU1Y2NlMzE0NWI0OGZkOTQ4NmIyZjMzNzQzMzFkOGQ0NjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1cvF6tsP0t0yko1KSQ/hTytx4BR+
/H5yxzLsWQ/1PldJzIM33zGcLf1jDHCDiYoaEJxpd/u6GO9FheQlRmOqwOGfXmux
nndnzzQ27ZdW8eXoTarZpaRZ7DEefmT51j1OUPYqhj5df+V5Xn9ScnfQ81qgBOe6
t1NH87s/UTFECtAPdvLnZQ3IlLmiChU4N3RT2/IX5CEq2mX8b1nkPbGl6DhMeVtD
i1IxCAjcZxp/QOHEhl89GX/C9GbUohzJgHSMcDlG3l6dSE5RhOL7gSQxS6Y0VE09
2ANcfjvLrTlig8mkmBRSBeT5Ri8k+pd5NbAt8Fnjd1oMQvLqAQC+/CIAEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdXXlzOMUW0j9lIay8zdDMdjUYLMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvZDFkZVhNNHhSYlNQMlVockx6TjBNeDJOUmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BSXMA0G
CSqGSIb3DQEBCwUAA4IBAQA0TBQK2KIuZNaGg91H99S5q9bd/rwDREZDRpV7ZXZ0
BVD9lFSSiPTnAY6g8ejBXXpMIIYVUX3Jy1zyYFk3rOffJgSB3cnHwNaykik3IVnz
mUyEVcwtAIJb/rbOsjD9hPBTVALvmRp7zLgp0nQ3x0aDRaNdWmqsZ908t/buyGOM
CJX3U9/1IPJxiw5FtYsmTeQrW22ITCl5v3bSfTqxUg92qS4adurfZ/WsJFAP9d2E
MPJKyVs9stV6IdIL9d5ifjeGdHcytIB9B/ndXJDtxRrHDU+pa/zj1wjTBNL1WurH
8XASuz2paVW7ec6Q0a4uj5fhVvbyvI4hqz7ygy8BAVfw
-----END CERTIFICATE-----