Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/BZzPZeF6nVBFp0ePkibSpSImMO4.roa
File:                     BZzPZeF6nVBFp0ePkibSpSImMO4.roa (raw, json)
Hash identifier:          CC6O/xKtKrtHkfClJGWdlIogukbhcIa4MJLuoLVEnNw=
Subject key identifier:   05:9C:CF:65:E1:7A:9D:50:45:A7:47:8F:92:26:D2:A5:22:26:30:EE
Certificate issuer:       /CN=a7aee67620d9c0ae63d295785c9d956f063c21c3
Certificate serial:       019427B613592707FD480A3F8AFCEE1E83AB
Authority key identifier: A7:AE:E6:76:20:D9:C0:AE:63:D2:95:78:5C:9D:95:6F:06:3C:21:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p67mdiDZwK5j0pV4XJ2VbwY8IcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/BZzPZeF6nVBFp0ePkibSpSImMO4.roa
Signing time:             Thu 02 Jan 2025 15:50:31 +0000
ROA not before:           Thu 02 Jan 2025 15:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8879
IP address blocks:        212.101.192.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/p67mdiDZwK5j0pV4XJ2VbwY8IcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/p67mdiDZwK5j0pV4XJ2VbwY8IcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p67mdiDZwK5j0pV4XJ2VbwY8IcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 15:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:13:59:27:07:fd:48:0a:3f:8a:fc:ee:1e:83:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7aee67620d9c0ae63d295785c9d956f063c21c3
        Validity
            Not Before: Jan  2 15:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=059ccf65e17a9d5045a7478f9226d2a5222630ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:8b:cb:53:c1:30:96:34:91:f9:d9:a0:69:85:
                    e5:b8:da:7e:0a:c5:6e:e8:87:a9:0c:44:e9:fd:28:
                    85:7e:02:d0:d6:10:8a:7e:ce:37:c1:95:e8:6b:da:
                    c6:7e:2b:af:36:96:15:79:68:9c:8a:d4:fc:db:40:
                    ca:4a:a8:37:68:20:fc:64:38:51:39:fd:84:bc:be:
                    a4:73:d3:fc:1b:43:ed:96:53:e5:4f:46:cb:2a:03:
                    92:e5:d0:b8:ea:3e:f4:da:ca:ef:4c:60:8d:68:2a:
                    af:15:60:35:50:d0:00:e7:56:48:47:bc:24:0f:bd:
                    be:22:b1:7e:ff:46:4d:65:26:55:70:d5:51:eb:80:
                    54:33:12:60:7c:c3:2f:50:2d:2e:e4:b3:a4:06:ae:
                    71:0d:9a:e5:72:ca:a3:bd:8b:fc:ed:20:fc:11:d4:
                    05:7c:4b:5f:eb:c0:40:a9:e0:2b:4a:73:d6:19:32:
                    ae:98:f2:71:88:f0:96:7d:de:e9:db:23:07:9f:9c:
                    57:e1:63:4e:82:97:03:fd:0d:2a:cd:7d:ee:53:d9:
                    bc:bd:2d:d1:0b:b9:b4:c2:2b:37:51:55:ac:d3:08:
                    ab:aa:67:67:b9:a6:5a:dd:53:ea:1c:c5:e5:e5:17:
                    a4:37:92:06:c1:2b:48:84:45:fc:b0:e4:ff:33:46:
                    97:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:9C:CF:65:E1:7A:9D:50:45:A7:47:8F:92:26:D2:A5:22:26:30:EE
            X509v3 Authority Key Identifier:
                keyid:A7:AE:E6:76:20:D9:C0:AE:63:D2:95:78:5C:9D:95:6F:06:3C:21:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p67mdiDZwK5j0pV4XJ2VbwY8IcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/BZzPZeF6nVBFp0ePkibSpSImMO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/p67mdiDZwK5j0pV4XJ2VbwY8IcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.101.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         78:c3:93:38:e2:02:27:d6:c6:ed:cb:18:85:73:e4:7d:5a:28:
         81:d8:ca:87:f6:f4:a4:97:2c:33:b4:ab:11:1a:77:9a:07:95:
         93:dc:4d:08:27:df:d3:b9:ec:43:f7:87:e8:1b:c6:9d:72:ae:
         0f:26:71:73:d5:27:a0:a0:e6:28:4d:4e:6f:81:3c:e1:0a:bc:
         16:3f:8b:f1:6a:4e:2d:63:af:58:57:7c:08:25:45:8c:5e:40:
         be:7a:fc:61:2d:ed:f7:99:1a:f5:52:8c:bb:c8:a3:d7:6c:6c:
         9d:3c:98:ac:0f:47:6c:e2:1f:9f:f0:c1:98:a5:54:67:3e:47:
         92:18:a8:89:71:05:1f:fd:2d:d0:b3:d5:88:3e:a3:58:f8:47:
         f5:1f:6d:01:cb:88:ca:d9:c6:5b:e2:e7:1b:6d:03:ac:ad:a8:
         2a:16:70:ed:3b:66:ec:70:00:db:31:14:f8:08:b3:fe:f9:a0:
         37:0d:65:0d:4c:27:af:28:e1:6d:3d:59:9b:ad:af:f1:dd:5a:
         20:ef:97:7e:cb:48:84:5f:66:59:43:3b:6c:02:95:c2:ad:fb:
         e0:3b:6f:e5:6c:21:5c:18:be:02:8c:d0:ad:2d:4c:09:fc:14:
         7f:7e:3a:55:0c:b0:09:d2:aa:b8:67:16:e9:3a:a0:76:54:5a:
         b4:95:26:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnthNZJwf9SAo/ivzuHoOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YWVlNjc2MjBkOWMwYWU2M2QyOTU3ODVjOWQ5NTZmMDYz
YzIxYzMwHhcNMjUwMTAyMTU1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTljY2Y2NWUxN2E5ZDUwNDVhNzQ3OGY5MjI2ZDJhNTIyMjYzMGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YvLU8EwljSR+dmgaYXluNp+CsVu
6IepDETp/SiFfgLQ1hCKfs43wZXoa9rGfiuvNpYVeWicitT820DKSqg3aCD8ZDhR
Of2EvL6kc9P8G0PtllPlT0bLKgOS5dC46j702srvTGCNaCqvFWA1UNAA51ZIR7wk
D72+IrF+/0ZNZSZVcNVR64BUMxJgfMMvUC0u5LOkBq5xDZrlcsqjvYv87SD8EdQF
fEtf68BAqeArSnPWGTKumPJxiPCWfd7p2yMHn5xX4WNOgpcD/Q0qzX3uU9m8vS3R
C7m0wis3UVWs0wirqmdnuaZa3VPqHMXl5RekN5IGwStIhEX8sOT/M0aXvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWcz2Xhep1QRadHj5Im0qUiJjDuMB8GA1UdIwQY
MBaAFKeu5nYg2cCuY9KVeFydlW8GPCHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDY3bWRpRFp3SzVqMHBWNFhKMlZid1k4SWNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8yYmEyNWEtMGFiZC00NTUwLWJjYTQt
MGI3ZjE1YjUwOWNiLzEvQlp6UFplRjZuVkJGcDBlUGtpYlNwU0ltTU80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8yYmEyNWEtMGFiZC00NTUwLWJjYTQtMGI3ZjE1YjUwOWNi
LzEvcDY3bWRpRFp3SzVqMHBWNFhKMlZid1k4SWNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1GXAMA0G
CSqGSIb3DQEBCwUAA4IBAQB4w5M44gIn1sbtyxiFc+R9WiiB2MqH9vSklywztKsR
GneaB5WT3E0IJ9/TuexD94foG8adcq4PJnFz1SegoOYoTU5vgTzhCrwWP4vxak4t
Y69YV3wIJUWMXkC+evxhLe33mRr1Uoy7yKPXbGydPJisD0ds4h+f8MGYpVRnPkeS
GKiJcQUf/S3Qs9WIPqNY+Ef1H20By4jK2cZb4ucbbQOsragqFnDtO2bscADbMRT4
CLP++aA3DWUNTCevKOFtPVmbra/x3Vog75d+y0iEX2ZZQztsApXCrfvgO2/lbCFc
GL4CjNCtLUwJ/BR/fjpVDLAJ0qq4ZxbpOqB2VFq0lSbR
-----END CERTIFICATE-----