Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/7U36SlZapyeDS2Ak1ibKjOwXw_k.roa
File:                     7U36SlZapyeDS2Ak1ibKjOwXw_k.roa (raw, json)
Hash identifier:          8qxvJp9rWWP4iXTSuHjrQKYQTm/Cdbn1SdddAUifY+g=
Subject key identifier:   ED:4D:FA:4A:56:5A:A7:27:83:4B:60:24:D6:26:CA:8C:EC:17:C3:F9
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       01963CE6A47567306F502F3BD551DCAF49A4
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/7U36SlZapyeDS2Ak1ibKjOwXw_k.roa
Signing time:             Wed 16 Apr 2025 04:41:10 +0000
ROA not before:           Wed 16 Apr 2025 04:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        212.116.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3c:e6:a4:75:67:30:6f:50:2f:3b:d5:51:dc:af:49:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Apr 16 04:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed4dfa4a565aa727834b6024d626ca8cec17c3f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b0:8f:41:4d:32:76:cd:95:ad:ff:45:b1:14:
                    cc:7c:8a:cf:b4:9f:f5:03:27:14:4d:70:68:31:b3:
                    50:fb:84:ac:42:78:9c:dd:bd:f5:c2:fc:e6:5d:5c:
                    5c:54:26:f6:90:de:33:74:7d:0f:27:eb:e3:74:ae:
                    66:7e:25:5f:c1:d8:27:21:54:bd:d1:a5:e6:55:a0:
                    16:9a:0d:67:dc:43:f0:20:92:00:97:6a:e6:a8:0b:
                    b4:69:aa:f5:26:d0:55:3d:d0:1d:20:f1:00:7c:74:
                    46:03:3f:19:94:fe:9d:bf:84:09:3f:31:c4:c1:a6:
                    dd:d5:44:42:08:05:1e:fd:fb:60:cb:4f:35:60:2c:
                    fc:0c:6a:39:82:1a:43:e3:0a:b7:f8:3d:9a:1e:79:
                    ca:c2:80:51:61:72:51:e1:a6:aa:63:cc:fb:5b:e4:
                    b1:e4:c1:50:97:14:8b:0b:c3:b4:fe:17:f6:7c:00:
                    16:53:67:af:79:fd:00:3b:96:93:86:23:1e:c9:43:
                    52:3c:b9:ae:d0:db:32:c2:1d:55:28:b8:91:8e:bb:
                    7d:f5:6b:3f:b3:1e:f7:f8:d4:8e:04:41:89:83:30:
                    8a:62:6d:dd:af:44:6c:5d:ff:37:a6:88:83:6c:5e:
                    e4:fc:9f:a9:7d:bc:b6:d2:5e:be:c1:4d:b9:3d:ff:
                    e8:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:4D:FA:4A:56:5A:A7:27:83:4B:60:24:D6:26:CA:8C:EC:17:C3:F9
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/7U36SlZapyeDS2Ak1ibKjOwXw_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:e8:8e:cb:07:dd:10:a7:3a:f9:58:32:1a:bb:7c:cb:06:e4:
         e7:b3:db:77:bd:04:c6:49:33:d8:26:01:93:4a:f0:25:a8:31:
         88:a6:aa:8d:7a:17:8b:16:ab:ae:b5:43:40:07:cd:36:73:86:
         8e:b2:cc:a1:84:91:b4:07:ca:6c:af:03:5c:4b:8b:fd:da:5d:
         ff:f5:39:71:6d:b5:52:83:22:bf:1b:c5:72:74:f6:93:28:c6:
         97:bf:93:f4:62:22:e3:5c:c0:9b:64:e3:3e:cd:5f:39:a0:8d:
         cc:ad:cb:0c:14:19:e8:b2:ce:7f:f4:98:e9:6f:ed:00:e1:ea:
         02:ff:48:a8:7f:5c:8e:ab:0e:4d:1c:65:97:03:25:fe:89:51:
         30:24:25:f0:e0:1e:b8:ae:e8:99:bf:17:a1:04:5d:22:4f:e0:
         62:77:9d:7b:9b:59:02:70:79:a5:11:c8:aa:19:1b:5f:b7:3b:
         e6:55:90:fa:9b:45:64:81:72:12:2c:b3:09:36:32:a0:4a:f5:
         9e:61:b5:7f:ef:6a:e0:a1:ec:69:4e:83:3e:95:ef:f2:31:49:
         b5:1c:ca:87:3d:1b:49:f1:23:19:4b:30:d0:f9:10:a2:5e:7c:
         83:b1:08:32:c2:84:f5:3b:a2:cf:a3:a7:d6:b2:2e:3c:c0:58:
         42:7c:02:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY85qR1ZzBvUC871VHcr0mkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwNDE2MDQ0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDRkZmE0YTU2NWFhNzI3ODM0YjYwMjRkNjI2Y2E4Y2VjMTdjM2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubCPQU0yds2Vrf9FsRTMfIrPtJ/1
AycUTXBoMbNQ+4SsQnic3b31wvzmXVxcVCb2kN4zdH0PJ+vjdK5mfiVfwdgnIVS9
0aXmVaAWmg1n3EPwIJIAl2rmqAu0aar1JtBVPdAdIPEAfHRGAz8ZlP6dv4QJPzHE
wabd1URCCAUe/ftgy081YCz8DGo5ghpD4wq3+D2aHnnKwoBRYXJR4aaqY8z7W+Sx
5MFQlxSLC8O0/hf2fAAWU2evef0AO5aThiMeyUNSPLmu0Nsywh1VKLiRjrt99Ws/
sx73+NSOBEGJgzCKYm3dr0RsXf83poiDbF7k/J+pfby20l6+wU25Pf/o6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1N+kpWWqcng0tgJNYmyozsF8P5MB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvN1UzNlNsWmFweWVEUzJBazFpYktqT3dYd19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HTiMA0G
CSqGSIb3DQEBCwUAA4IBAQCu6I7LB90Qpzr5WDIau3zLBuTns9t3vQTGSTPYJgGT
SvAlqDGIpqqNeheLFquutUNAB802c4aOssyhhJG0B8psrwNcS4v92l3/9TlxbbVS
gyK/G8VydPaTKMaXv5P0YiLjXMCbZOM+zV85oI3MrcsMFBnoss5/9Jjpb+0A4eoC
/0iof1yOqw5NHGWXAyX+iVEwJCXw4B64ruiZvxehBF0iT+Bid517m1kCcHmlEciq
GRtftzvmVZD6m0VkgXISLLMJNjKgSvWeYbV/72rgoexpToM+le/yMUm1HMqHPRtJ
8SMZSzDQ+RCiXnyDsQgywoT1O6LPo6fWsi48wFhCfAJN
-----END CERTIFICATE-----