Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/cvTzrIYooEqCYZcTeeMvVkAMxYo.roa
File:                     cvTzrIYooEqCYZcTeeMvVkAMxYo.roa (raw, json)
Hash identifier:          NG5lHzxF9cCWRX9QDdwGDjbgn25GA3c/1BtMGNNx+qk=
Subject key identifier:   72:F4:F3:AC:86:28:A0:4A:82:61:97:13:79:E3:2F:56:40:0C:C5:8A
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       0196627EAA0DC7BCD4415832E0A6032FDDF8
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/cvTzrIYooEqCYZcTeeMvVkAMxYo.roa
Signing time:             Wed 23 Apr 2025 11:53:10 +0000
ROA not before:           Wed 23 Apr 2025 11:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60117
IP address blocks:        212.87.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:7e:aa:0d:c7:bc:d4:41:58:32:e0:a6:03:2f:dd:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Apr 23 11:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72f4f3ac8628a04a8261971379e32f56400cc58a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:00:98:69:a9:92:01:aa:58:52:e5:dd:4f:b8:
                    3b:de:e9:23:c3:25:6c:e4:15:f5:01:74:55:6c:5c:
                    62:80:77:21:83:0f:97:5b:7a:80:d0:80:67:68:90:
                    bf:96:a2:48:e7:47:cd:d9:7e:5b:92:d4:20:1e:8e:
                    23:6a:d6:18:42:37:12:c1:e8:af:e3:bc:49:0e:4a:
                    2f:eb:c6:25:88:2b:79:7c:dc:d3:9b:2b:1d:1a:8d:
                    9d:16:a4:72:e8:8a:f8:aa:72:ea:6a:7a:bd:1a:78:
                    e2:5b:bb:6c:27:b4:84:2c:77:0b:5d:f4:13:72:4c:
                    5b:f7:5d:57:55:e7:40:be:62:b5:f1:26:a7:9e:ba:
                    9c:a5:cd:c9:9f:04:cc:c1:a9:30:3d:e1:c9:91:2a:
                    51:15:ad:f5:a9:21:81:8b:92:14:a2:5e:10:86:be:
                    bd:bc:a9:cc:79:8b:c5:58:e8:f4:f0:d8:be:9b:e4:
                    dd:cc:bd:37:50:59:61:ad:f3:68:d1:3f:33:93:89:
                    72:73:02:f0:e4:00:13:c0:62:7c:f8:16:b9:b2:4d:
                    68:e4:5a:84:b3:c0:b9:9f:59:9b:4e:dc:cd:22:2e:
                    21:a0:86:67:99:03:a6:a5:ab:b5:e7:c2:b2:a5:05:
                    2c:0a:70:71:f8:7f:2e:27:63:ce:39:39:22:9b:66:
                    85:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F4:F3:AC:86:28:A0:4A:82:61:97:13:79:E3:2F:56:40:0C:C5:8A
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/cvTzrIYooEqCYZcTeeMvVkAMxYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:49:68:7b:fb:be:cf:7e:82:4c:9e:6f:0f:ef:7e:ad:19:5d:
         e4:df:f1:7f:3a:d6:0c:e7:05:55:b1:89:9f:14:04:99:19:99:
         07:fa:58:7c:cf:66:33:46:04:50:86:d3:be:f8:10:6b:3b:ce:
         46:33:46:53:49:7a:0b:43:01:69:1f:96:7c:f7:34:b6:80:a4:
         9f:9e:cb:66:25:d4:75:e2:89:4c:88:19:07:f9:c7:60:07:95:
         30:81:8c:ca:b9:fc:bd:36:a0:e3:64:c3:7c:fd:90:8b:4e:74:
         a8:09:bd:e5:85:b0:4e:ea:10:80:4a:34:d2:20:c8:8b:d7:ac:
         0d:e9:f3:75:86:80:05:0a:a1:ba:d1:c8:09:d2:2f:34:b0:d2:
         b1:08:65:aa:ba:fd:52:0f:05:7f:60:b6:d0:d5:2d:1a:8d:3d:
         5b:43:9e:93:c6:e1:ec:59:20:43:84:b1:2c:72:8d:ab:a9:eb:
         6e:af:c2:1e:1a:55:d8:2b:eb:e1:1a:99:24:80:f1:8f:cd:dc:
         bb:4f:81:62:49:d1:dd:bc:c7:ee:95:06:8d:46:d1:c8:1d:54:
         35:df:35:0a:04:52:00:63:c2:c3:f9:fb:7c:94:9c:0b:66:82:
         bb:1d:ba:b0:7a:b0:23:bd:66:51:41:9d:a1:40:e8:7d:99:23:
         f8:f1:e2:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZifqoNx7zUQVgy4KYDL934MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwNDIzMTE1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmY0ZjNhYzg2MjhhMDRhODI2MTk3MTM3OWUzMmY1NjQwMGNjNThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gCYaamSAapYUuXdT7g73ukjwyVs
5BX1AXRVbFxigHchgw+XW3qA0IBnaJC/lqJI50fN2X5bktQgHo4jatYYQjcSweiv
47xJDkov68YliCt5fNzTmysdGo2dFqRy6Ir4qnLqanq9GnjiW7tsJ7SELHcLXfQT
ckxb911XVedAvmK18Sannrqcpc3JnwTMwakwPeHJkSpRFa31qSGBi5IUol4Qhr69
vKnMeYvFWOj08Ni+m+TdzL03UFlhrfNo0T8zk4lycwLw5AATwGJ8+Ba5sk1o5FqE
s8C5n1mbTtzNIi4hoIZnmQOmpau158KypQUsCnBx+H8uJ2POOTkim2aFZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHL086yGKKBKgmGXE3njL1ZADMWKMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvY3ZUenJJWW9vRXFDWVpjVGVlTXZWa0FNeFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FfJMA0G
CSqGSIb3DQEBCwUAA4IBAQAKSWh7+77PfoJMnm8P736tGV3k3/F/OtYM5wVVsYmf
FASZGZkH+lh8z2YzRgRQhtO++BBrO85GM0ZTSXoLQwFpH5Z89zS2gKSfnstmJdR1
4olMiBkH+cdgB5UwgYzKufy9NqDjZMN8/ZCLTnSoCb3lhbBO6hCASjTSIMiL16wN
6fN1hoAFCqG60cgJ0i80sNKxCGWquv1SDwV/YLbQ1S0ajT1bQ56TxuHsWSBDhLEs
co2rqetur8IeGlXYK+vhGpkkgPGPzdy7T4FiSdHdvMfulQaNRtHIHVQ13zUKBFIA
Y8LD+ft8lJwLZoK7HbqwerAjvWZRQZ2hQOh9mSP48eJG
-----END CERTIFICATE-----