Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jV1YbA4gICdK2A6dJlLAfCYbbmI.roa
File:                     jV1YbA4gICdK2A6dJlLAfCYbbmI.roa (raw, json)
Hash identifier:          0mCDcW4n1f0SWCbzciKKQkLv1PJ1q2ORGn9V6PK57q8=
Subject key identifier:   8D:5D:58:6C:0E:20:20:27:4A:D8:0E:9D:26:52:C0:7C:26:1B:6E:62
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0196B6D3B925F18332185C35AB3EAD612299
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jV1YbA4gICdK2A6dJlLAfCYbbmI.roa
Signing time:             Fri 09 May 2025 20:54:10 +0000
ROA not before:           Fri 09 May 2025 20:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214024
IP address blocks:        213.210.52.0/24 maxlen: 24
                          213.210.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 20:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b6:d3:b9:25:f1:83:32:18:5c:35:ab:3e:ad:61:22:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  9 20:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d5d586c0e2020274ad80e9d2652c07c261b6e62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:fa:8c:b4:b2:c5:ba:9c:91:88:66:45:5e:1b:
                    df:74:95:ae:a7:7b:8f:34:8a:3d:87:a8:5b:66:9f:
                    37:fe:b3:7b:24:af:c1:0b:dd:ca:66:70:ca:d3:d7:
                    6d:f2:17:92:4c:7a:67:b7:ea:53:08:b5:87:7c:48:
                    28:6e:29:a0:b8:ef:fa:fb:7a:73:d7:61:88:e6:fc:
                    84:aa:79:05:42:f1:c5:ac:84:be:43:64:47:f6:51:
                    dc:10:f5:6e:2a:f5:8b:9d:4c:f9:fa:9f:6c:7f:1b:
                    e0:1e:ea:66:93:d8:98:39:04:63:da:46:4d:1d:6f:
                    fa:e4:43:16:25:d8:ac:b9:d3:d5:3c:1d:9f:70:9a:
                    b5:38:4d:2d:68:66:56:58:2e:32:57:a1:e7:7f:01:
                    40:16:cc:80:cd:08:e1:22:a5:bc:56:a2:50:03:a2:
                    cf:b9:4f:e6:28:25:10:de:6f:51:3d:2b:fb:81:94:
                    a5:e9:67:7a:64:d4:a1:aa:cb:94:c7:ee:c3:25:06:
                    b7:02:71:70:39:b0:aa:fe:69:23:64:2f:dd:08:dc:
                    f6:48:91:dd:da:9d:2c:e1:2f:ce:4d:57:6e:aa:28:
                    20:57:f0:5e:82:f9:6c:ba:3b:72:4d:49:34:c4:cd:
                    c8:b3:60:84:07:d0:85:a2:f6:0f:c6:b3:86:9e:65:
                    fc:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:5D:58:6C:0E:20:20:27:4A:D8:0E:9D:26:52:C0:7C:26:1B:6E:62
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jV1YbA4gICdK2A6dJlLAfCYbbmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:ef:2e:2f:1e:b5:c4:48:3c:db:dc:41:a2:3b:62:f2:5f:5b:
         1c:01:4d:fc:ba:60:8d:b1:99:a8:40:fc:b4:26:ea:ec:37:52:
         c1:80:10:52:c8:d4:b2:5e:f5:ee:9d:75:38:79:ba:b3:86:cc:
         a2:31:54:c7:cc:b6:11:c1:85:bb:fb:ac:46:e6:8e:14:f8:aa:
         87:1a:74:72:9d:f7:b1:fc:cf:4e:65:bd:00:c4:cc:7b:d7:36:
         9e:bf:fc:7d:f0:64:51:bd:d8:dd:18:a0:d1:20:25:2c:0b:96:
         76:2d:6d:96:1b:f9:db:b3:5d:30:01:a0:f1:e3:e7:d4:12:82:
         ef:91:19:65:0b:82:dd:f1:05:1b:a0:90:8c:df:0d:55:23:9b:
         cd:65:1e:86:99:ed:56:5c:86:b0:67:4d:2e:9f:39:aa:cc:d7:
         5f:f0:00:91:a5:c6:48:fe:98:b8:1f:87:b8:ef:0c:33:21:5d:
         a3:b5:52:51:be:5b:f1:95:76:db:4f:f4:da:69:64:5f:4a:da:
         20:e1:25:05:be:2f:09:c7:5f:77:b4:9d:c6:8f:bc:99:de:6d:
         5a:ae:1c:c0:31:9e:1c:1e:25:46:4c:16:a5:86:db:e7:05:ec:
         65:8a:3d:0d:6f:bd:1a:96:76:b0:5c:6c:8f:45:2c:fd:c4:8a:
         bf:00:78:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa207kl8YMyGFw1qz6tYSKZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTA5MjA1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDVkNTg2YzBlMjAyMDI3NGFkODBlOWQyNjUyYzA3YzI2MWI2ZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6/qMtLLFupyRiGZFXhvfdJWup3uP
NIo9h6hbZp83/rN7JK/BC93KZnDK09dt8heSTHpnt+pTCLWHfEgobimguO/6+3pz
12GI5vyEqnkFQvHFrIS+Q2RH9lHcEPVuKvWLnUz5+p9sfxvgHupmk9iYOQRj2kZN
HW/65EMWJdisudPVPB2fcJq1OE0taGZWWC4yV6HnfwFAFsyAzQjhIqW8VqJQA6LP
uU/mKCUQ3m9RPSv7gZSl6Wd6ZNShqsuUx+7DJQa3AnFwObCq/mkjZC/dCNz2SJHd
2p0s4S/OTVduqiggV/BegvlsujtyTUk0xM3Is2CEB9CFovYPxrOGnmX8LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1dWGwOICAnStgOnSZSwHwmG25iMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvalYxWWJBNGdJQ2RLMkE2ZEpsTEFmQ1liYm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1dI0MA0G
CSqGSIb3DQEBCwUAA4IBAQCr7y4vHrXESDzb3EGiO2LyX1scAU38umCNsZmoQPy0
JursN1LBgBBSyNSyXvXunXU4ebqzhsyiMVTHzLYRwYW7+6xG5o4U+KqHGnRynfex
/M9OZb0AxMx71zaev/x98GRRvdjdGKDRICUsC5Z2LW2WG/nbs10wAaDx4+fUEoLv
kRllC4Ld8QUboJCM3w1VI5vNZR6Gme1WXIawZ00unzmqzNdf8ACRpcZI/pi4H4e4
7wwzIV2jtVJRvlvxlXbbT/TaaWRfStog4SUFvi8Jx193tJ3Gj7yZ3m1arhzAMZ4c
HiVGTBalhtvnBexlij0Nb70alnawXGyPRSz9xIq/AHjx
-----END CERTIFICATE-----