Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/o2x-oVc1zQxFkOL6DbwKH34fpBI.roa
File:                     o2x-oVc1zQxFkOL6DbwKH34fpBI.roa (raw, json)
Hash identifier:          8mQR+Hkf1kUDohUWdvvrhz0M3trQS0HeWkXhCUEMUBM=
Subject key identifier:   A3:6C:7E:A1:57:35:CD:0C:45:90:E2:FA:0D:BC:0A:1F:7E:1F:A4:12
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0197D9D83DA8655D16F5F0484837C4E2BEA3
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/o2x-oVc1zQxFkOL6DbwKH34fpBI.roa
Signing time:             Sat 05 Jul 2025 09:08:36 +0000
ROA not before:           Sat 05 Jul 2025 09:08:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203757
IP address blocks:        212.111.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d9:d8:3d:a8:65:5d:16:f5:f0:48:48:37:c4:e2:be:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jul  5 09:08:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a36c7ea15735cd0c4590e2fa0dbc0a1f7e1fa412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:62:4a:8c:25:19:62:0b:ab:b2:12:0a:ab:29:
                    a2:c3:70:b0:6f:15:6b:64:dd:3e:c7:e9:a3:09:56:
                    d4:6f:af:52:54:8e:49:f7:1b:67:04:88:6d:e7:0d:
                    bf:b2:1b:86:27:27:25:a9:af:33:95:13:9b:c6:5e:
                    07:fd:b8:83:92:09:3d:f7:23:80:de:b6:08:14:bb:
                    6d:a3:61:92:a0:3f:76:be:23:9f:e1:9d:64:d3:97:
                    22:66:19:67:97:b3:a0:dd:29:98:cc:38:78:32:b9:
                    4c:d5:0a:a7:62:d1:9c:41:47:d8:f1:79:2f:e0:e9:
                    e0:76:e5:fb:d1:78:7f:0c:ab:a6:c1:b2:28:92:b4:
                    ff:bd:c4:b5:ef:d8:40:71:f1:f7:67:72:9e:e1:23:
                    51:35:a5:bb:d9:21:6b:fe:8e:02:1d:1e:8f:6e:db:
                    f7:d6:90:72:1d:fb:9a:8f:c9:4f:4a:a8:df:41:fa:
                    ac:75:91:e5:5c:d6:bb:62:4b:39:6a:0d:3f:fb:8b:
                    b7:3f:b7:b8:3d:f9:bb:75:22:ea:f0:c3:8d:60:2d:
                    39:61:ff:d2:6b:ec:ac:f5:53:6b:ab:84:a4:d1:fc:
                    36:6b:cc:67:80:fe:9b:56:7f:8d:3a:19:c6:47:ef:
                    d6:eb:89:17:f9:ff:23:f8:0a:2e:69:1e:27:40:ca:
                    41:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:6C:7E:A1:57:35:CD:0C:45:90:E2:FA:0D:BC:0A:1F:7E:1F:A4:12
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/o2x-oVc1zQxFkOL6DbwKH34fpBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:46:68:e2:86:99:26:09:84:dc:af:2b:39:cb:cb:ca:88:3d:
         f7:1d:8e:75:68:47:59:2d:e3:03:80:05:9e:90:0f:55:ad:6d:
         f3:ab:59:7f:12:3d:18:3e:9b:f0:62:1d:d8:58:47:c6:46:25:
         e6:ca:43:c7:bc:b1:47:f7:78:ca:a3:8b:2c:11:ac:63:a8:8f:
         85:b5:1f:19:ff:d7:6f:c6:af:82:f4:71:16:58:7b:a6:d4:23:
         70:ae:4c:bb:4f:ce:7f:56:8a:95:99:12:f7:1f:98:71:72:a7:
         a5:bc:37:bd:08:c0:c0:86:3a:fb:72:8b:a2:d8:6b:45:d1:85:
         ff:b4:67:c8:2c:14:b0:3d:54:92:35:87:d7:02:7a:91:df:78:
         33:ae:55:ea:f7:f6:2d:f4:ea:de:76:c6:f5:84:4a:e1:94:6c:
         bb:a8:ea:c9:d8:2f:76:bb:af:ce:1c:40:2b:52:94:0c:b6:b7:
         16:c8:61:3c:e8:01:5d:58:4e:cc:4a:6c:e5:57:66:67:b6:bb:
         29:f6:39:16:07:91:3e:76:3f:a8:2a:f8:35:9a:fd:62:98:2f:
         fb:1a:71:c4:e4:62:54:63:51:62:2b:31:a5:bb:5a:75:05:5b:
         02:ea:11:bf:d6:26:ee:5d:1e:30:8b:d4:27:b5:d2:85:a3:26:
         05:fe:71:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfZ2D2oZV0W9fBISDfE4r6jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwNzA1MDkwODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzZjN2VhMTU3MzVjZDBjNDU5MGUyZmEwZGJjMGExZjdlMWZhNDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGJKjCUZYgurshIKqymiw3CwbxVr
ZN0+x+mjCVbUb69SVI5J9xtnBIht5w2/shuGJyclqa8zlRObxl4H/biDkgk99yOA
3rYIFLtto2GSoD92viOf4Z1k05ciZhlnl7Og3SmYzDh4MrlM1QqnYtGcQUfY8Xkv
4OngduX70Xh/DKumwbIokrT/vcS179hAcfH3Z3Ke4SNRNaW72SFr/o4CHR6Pbtv3
1pByHfuaj8lPSqjfQfqsdZHlXNa7Yks5ag0/+4u3P7e4Pfm7dSLq8MONYC05Yf/S
a+ys9VNrq4Sk0fw2a8xngP6bVn+NOhnGR+/W64kX+f8j+AouaR4nQMpB2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNsfqFXNc0MRZDi+g28Ch9+H6QSMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvbzJ4LW9WYzF6UXhGa09MNkRid0tIMzRmcEJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G/IMA0G
CSqGSIb3DQEBCwUAA4IBAQBBRmjihpkmCYTcrys5y8vKiD33HY51aEdZLeMDgAWe
kA9VrW3zq1l/Ej0YPpvwYh3YWEfGRiXmykPHvLFH93jKo4ssEaxjqI+FtR8Z/9dv
xq+C9HEWWHum1CNwrky7T85/VoqVmRL3H5hxcqelvDe9CMDAhjr7coui2GtF0YX/
tGfILBSwPVSSNYfXAnqR33gzrlXq9/Yt9Oredsb1hErhlGy7qOrJ2C92u6/OHEAr
UpQMtrcWyGE86AFdWE7MSmzlV2Zntrsp9jkWB5E+dj+oKvg1mv1imC/7GnHE5GJU
Y1FiKzGlu1p1BVsC6hG/1ibuXR4wi9QntdKFoyYF/nFO
-----END CERTIFICATE-----