Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/IO-WtDQojrXnpAq8np1ov8CUCWc.roa
File:                     IO-WtDQojrXnpAq8np1ov8CUCWc.roa (raw, json)
Hash identifier:          wK5cAChC2zZKj0xpr4U4SsnHLvY+XqHr++A5Z8gxuX0=
Subject key identifier:   20:EF:96:B4:34:28:8E:B5:E7:A4:0A:BC:9E:9D:68:BF:C0:94:09:67
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       0194228E44889A72B7B24C7C14C74CC1E101
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/IO-WtDQojrXnpAq8np1ov8CUCWc.roa
Signing time:             Wed 01 Jan 2025 15:48:56 +0000
ROA not before:           Wed 01 Jan 2025 15:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32159
IP address blocks:        213.145.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:44:88:9a:72:b7:b2:4c:7c:14:c7:4c:c1:e1:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jan  1 15:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20ef96b434288eb5e7a40abc9e9d68bfc0940967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:76:b2:b6:5a:92:ba:6a:b3:5f:47:41:99:4d:
                    3d:59:cb:3d:5d:d4:3b:a2:74:de:6c:97:da:25:36:
                    fb:ac:90:95:ee:64:61:ed:6e:48:84:3f:62:5b:7a:
                    7a:37:87:0c:f4:d5:af:9d:f6:64:fd:03:66:eb:36:
                    16:81:c8:b1:68:69:9f:fb:ae:c8:f4:1c:e4:74:50:
                    09:a2:69:0f:01:a8:eb:3a:3e:bb:b3:27:09:bd:41:
                    27:f8:a6:f7:29:80:8f:79:00:a5:3f:9b:f5:a6:83:
                    5c:f2:49:9b:14:15:0e:e6:a6:2e:a8:fc:21:ae:9a:
                    6a:34:c0:cc:2d:c0:29:4e:43:bd:0c:1d:39:70:ad:
                    c0:a8:d5:59:93:d8:00:7c:ab:02:c2:41:a7:49:7a:
                    9d:75:1d:1a:fe:a9:b6:11:dc:22:fd:48:21:7b:2d:
                    b1:0b:a8:81:4e:23:6c:40:87:40:7d:50:5f:ef:f9:
                    e5:17:fb:8f:8a:d2:8b:81:f4:ee:5c:8d:2b:0d:52:
                    f0:70:a3:ac:e0:d7:e3:2c:9c:9b:75:e4:9f:76:41:
                    48:39:d2:0e:28:dc:34:60:15:a8:d6:86:f5:4b:77:
                    7a:62:f2:bd:70:95:c8:c4:bd:b0:27:3c:c0:1e:93:
                    73:74:20:af:f4:97:70:82:56:98:ac:b4:dd:25:ce:
                    7b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:EF:96:B4:34:28:8E:B5:E7:A4:0A:BC:9E:9D:68:BF:C0:94:09:67
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/IO-WtDQojrXnpAq8np1ov8CUCWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:ce:71:6d:92:fb:2b:97:7d:53:bd:1d:2c:83:20:c2:bd:54:
         06:40:98:6a:e9:43:ca:ac:3a:1a:71:96:69:f7:20:7c:8c:3c:
         5e:59:76:1d:40:ed:49:2d:ec:ba:fb:ac:00:53:c0:ea:5c:c4:
         70:5e:45:95:cb:38:b3:fa:d9:c6:a4:b0:ae:1f:6b:2d:2a:8d:
         45:a2:37:db:e5:51:20:98:db:f1:72:59:54:82:55:cd:a7:ed:
         1d:83:5e:40:6b:ab:ee:3f:aa:62:14:c9:0c:ed:c9:ae:ab:4d:
         fa:c6:2b:b9:0a:6a:13:f8:84:93:68:4f:68:b9:9e:8c:46:ec:
         c2:50:3b:17:e7:34:b4:3b:fb:a2:59:a1:d5:62:f5:bd:f0:4e:
         23:c1:ee:79:64:72:e4:68:e3:13:f8:8c:44:12:31:4f:a8:7d:
         8b:bb:80:8a:88:3e:61:43:d1:66:99:57:a2:42:18:7c:7f:c5:
         b0:2e:2b:69:d3:f0:37:87:70:02:8b:1e:70:af:16:ce:0f:29:
         e5:2d:4c:48:30:65:78:9c:15:fd:97:56:f2:fe:7a:26:47:62:
         59:08:ad:39:e6:f3:34:95:5b:63:0d:2f:45:04:93:91:73:cb:
         e6:c6:c7:a5:77:57:2f:da:ef:c7:7d:df:8a:86:59:1c:d3:a2:
         c8:1d:d3:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijkSImnK3skx8FMdMweEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUwMTAxMTU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGVmOTZiNDM0Mjg4ZWI1ZTdhNDBhYmM5ZTlkNjhiZmMwOTQwOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHaytlqSumqzX0dBmU09Wcs9XdQ7
onTebJfaJTb7rJCV7mRh7W5IhD9iW3p6N4cM9NWvnfZk/QNm6zYWgcixaGmf+67I
9BzkdFAJomkPAajrOj67sycJvUEn+Kb3KYCPeQClP5v1poNc8kmbFBUO5qYuqPwh
rppqNMDMLcApTkO9DB05cK3AqNVZk9gAfKsCwkGnSXqddR0a/qm2Edwi/Ughey2x
C6iBTiNsQIdAfVBf7/nlF/uPitKLgfTuXI0rDVLwcKOs4NfjLJybdeSfdkFIOdIO
KNw0YBWo1ob1S3d6YvK9cJXIxL2wJzzAHpNzdCCv9JdwglaYrLTdJc57GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDvlrQ0KI6156QKvJ6daL/AlAlnMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvSU8tV3REUW9qclhucEFxOG5wMW92OENVQ1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFXMA0G
CSqGSIb3DQEBCwUAA4IBAQA9znFtkvsrl31TvR0sgyDCvVQGQJhq6UPKrDoacZZp
9yB8jDxeWXYdQO1JLey6+6wAU8DqXMRwXkWVyziz+tnGpLCuH2stKo1Fojfb5VEg
mNvxcllUglXNp+0dg15Aa6vuP6piFMkM7cmuq036xiu5CmoT+ISTaE9ouZ6MRuzC
UDsX5zS0O/uiWaHVYvW98E4jwe55ZHLkaOMT+IxEEjFPqH2Lu4CKiD5hQ9FmmVei
Qhh8f8WwLitp0/A3h3ACix5wrxbODynlLUxIMGV4nBX9l1by/nomR2JZCK055vM0
lVtjDS9FBJORc8vmxseld1cv2u/Hfd+Khlkc06LIHdPh
-----END CERTIFICATE-----