Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/6Ebu0HcrsLkrrgDBeBB1A2dy2BM.roa
File:                     6Ebu0HcrsLkrrgDBeBB1A2dy2BM.roa (raw, json)
Hash identifier:          TccVrsP1WNA2hyHvabl2Zj8Mx0JoLI/zobG0dsNCzu8=
Subject key identifier:   E8:46:EE:D0:77:2B:B0:B9:2B:AE:00:C1:78:10:75:03:67:72:D8:13
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       01941FFA4F80960BD4B3A76BA3159614941D
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/6Ebu0HcrsLkrrgDBeBB1A2dy2BM.roa
Signing time:             Wed 01 Jan 2025 03:48:05 +0000
ROA not before:           Wed 01 Jan 2025 03:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200451
IP address blocks:        84.207.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4f:80:96:0b:d4:b3:a7:6b:a3:15:96:14:94:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 03:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e846eed0772bb0b92bae00c1781075036772d813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:47:d2:f5:cf:9d:78:b3:35:dc:38:3c:07:e2:
                    79:a2:89:4f:47:7e:9d:6e:31:3c:eb:a9:5f:66:75:
                    1a:da:12:c2:53:5d:47:77:1e:55:d3:49:ec:1f:e2:
                    b3:61:1f:50:86:5e:af:49:cf:f1:c1:ad:80:9c:96:
                    9b:cf:30:bb:d4:b3:48:85:65:6a:fe:44:6d:fa:01:
                    16:6b:f3:5a:b8:f3:5d:27:79:08:8c:e8:22:72:69:
                    ca:7b:d9:d7:0b:2c:c1:41:0b:5b:39:b4:59:de:1e:
                    89:b1:69:23:d3:16:d6:b4:1f:12:71:10:42:3a:3b:
                    e7:36:19:64:95:a6:a2:c7:9f:8a:5a:99:a8:38:9b:
                    5b:e4:21:7a:a2:27:a2:e4:42:7c:96:3b:22:0e:eb:
                    39:f6:a3:e8:c2:6c:92:bf:5a:e9:b6:d0:2a:ea:1a:
                    55:fb:b6:fd:c2:75:88:8c:60:d5:c7:b9:9f:cb:e8:
                    1b:3e:dc:58:3e:88:83:95:ef:6a:f2:48:c9:f9:d4:
                    48:92:17:3e:e3:d5:c3:a0:17:7f:fb:26:6c:09:df:
                    f8:03:85:97:bc:7c:67:6f:91:2b:35:9e:b5:27:b3:
                    b4:c8:d6:76:a2:a3:ea:a5:69:67:43:bc:4d:84:4f:
                    69:f5:a1:7a:d1:aa:b6:55:b7:84:34:71:0d:5e:39:
                    82:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:46:EE:D0:77:2B:B0:B9:2B:AE:00:C1:78:10:75:03:67:72:D8:13
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/6Ebu0HcrsLkrrgDBeBB1A2dy2BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.207.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:b0:22:ef:f1:2a:aa:e2:3c:a6:09:8b:e8:08:7b:22:e4:3e:
         fd:39:34:16:d9:2c:ac:d1:e9:50:30:74:cf:b4:6a:a5:a7:16:
         b8:5e:15:d8:f7:34:51:8c:26:d5:18:62:ed:5d:96:97:28:03:
         59:55:40:0a:d7:30:94:87:20:dd:a2:3c:64:30:63:f0:c0:67:
         18:3a:51:9c:ae:36:9e:c9:cd:04:a1:4c:0d:34:a4:25:0e:1c:
         3c:aa:a2:5a:34:05:ff:f2:b8:09:5e:00:76:c2:c1:31:cf:66:
         64:c7:98:68:25:9b:b9:80:93:92:b1:41:d9:46:51:a7:22:a0:
         8f:38:50:6c:0b:c5:6e:ad:08:78:10:17:a5:91:50:cd:28:82:
         9d:85:0c:df:03:d5:5a:35:b3:cc:3b:06:9a:f1:45:8a:db:6b:
         24:8c:b3:9c:df:9e:81:3c:84:c1:c9:0c:cc:2d:06:88:07:96:
         25:19:84:dd:41:d4:bf:7f:65:c9:c8:3c:05:0f:6c:17:41:f0:
         63:65:5f:24:c1:2f:da:02:5f:07:67:ad:fd:66:d6:a5:d0:35:
         dd:64:e5:24:3b:da:27:c2:dd:2c:30:51:99:95:93:58:4e:4a:
         1e:a1:af:90:4c:77:1e:30:4a:38:fe:2b:51:ea:a1:6a:60:10:
         7f:98:6a:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+k+AlgvUs6droxWWFJQdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjUwMTAxMDM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODQ2ZWVkMDc3MmJiMGI5MmJhZTAwYzE3ODEwNzUwMzY3NzJkODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUfS9c+deLM13Dg8B+J5oolPR36d
bjE866lfZnUa2hLCU11Hdx5V00nsH+KzYR9Qhl6vSc/xwa2AnJabzzC71LNIhWVq
/kRt+gEWa/NauPNdJ3kIjOgicmnKe9nXCyzBQQtbObRZ3h6JsWkj0xbWtB8ScRBC
OjvnNhlklaaix5+KWpmoOJtb5CF6oiei5EJ8ljsiDus59qPowmySv1rpttAq6hpV
+7b9wnWIjGDVx7mfy+gbPtxYPoiDle9q8kjJ+dRIkhc+49XDoBd/+yZsCd/4A4WX
vHxnb5ErNZ61J7O0yNZ2oqPqpWlnQ7xNhE9p9aF60aq2VbeENHENXjmCHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhG7tB3K7C5K64AwXgQdQNnctgTMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvNkVidTBIY3JzTGtycmdEQmVCQjFBMmR5MkJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVM/VMA0G
CSqGSIb3DQEBCwUAA4IBAQAesCLv8Sqq4jymCYvoCHsi5D79OTQW2Sys0elQMHTP
tGqlpxa4XhXY9zRRjCbVGGLtXZaXKANZVUAK1zCUhyDdojxkMGPwwGcYOlGcrjae
yc0EoUwNNKQlDhw8qqJaNAX/8rgJXgB2wsExz2Zkx5hoJZu5gJOSsUHZRlGnIqCP
OFBsC8VurQh4EBelkVDNKIKdhQzfA9VaNbPMOwaa8UWK22skjLOc356BPITByQzM
LQaIB5YlGYTdQdS/f2XJyDwFD2wXQfBjZV8kwS/aAl8HZ639Ztal0DXdZOUkO9on
wt0sMFGZlZNYTkoeoa+QTHceMEo4/itR6qFqYBB/mGqS
-----END CERTIFICATE-----