Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/aym9fFTlCOO6_TFKucqP8rQK7Dc.roa
File:                     aym9fFTlCOO6_TFKucqP8rQK7Dc.roa (raw, json)
Hash identifier:          9WJnq0EqKoeXj6Ls0YEvw8jPPKPCxSuUMIvPja3ohkE=
Subject key identifier:   6B:29:BD:7C:54:E5:08:E3:BA:FD:31:4A:B9:CA:8F:F2:B4:0A:EC:37
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       01941FFA4CF6D9988EFE628E51E138B2ED77
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/aym9fFTlCOO6_TFKucqP8rQK7Dc.roa
Signing time:             Wed 01 Jan 2025 03:48:04 +0000
ROA not before:           Wed 01 Jan 2025 03:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51906
IP address blocks:        82.197.132.0/23 maxlen: 23
                          2001:7f0:101::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4c:f6:d9:98:8e:fe:62:8e:51:e1:38:b2:ed:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 03:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b29bd7c54e508e3bafd314ab9ca8ff2b40aec37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:59:37:e3:39:84:9d:f3:d5:d2:32:e1:bf:fb:
                    c1:b7:22:54:eb:8e:92:b3:dd:a6:78:9a:f7:d5:49:
                    a0:f5:12:29:4d:79:30:f8:a4:d5:24:b0:30:8a:03:
                    d4:b2:98:82:95:3c:eb:7f:56:ac:91:7d:59:a4:e6:
                    de:9b:45:cf:d4:01:67:5d:b9:e8:c3:e2:54:2e:72:
                    9c:89:9a:c3:53:c0:ef:24:28:3d:41:8e:d3:9e:38:
                    d9:a9:af:7b:84:f8:cf:b0:e1:7a:ef:0c:45:ba:b0:
                    1f:69:c2:4c:c9:fd:be:65:fd:c1:f5:fe:90:34:c3:
                    e6:06:bd:c6:9d:a0:72:d2:c2:8f:cc:a5:db:9f:93:
                    2d:cf:81:ba:5a:81:96:ac:cc:34:83:bb:32:16:d3:
                    7a:77:9f:02:1c:d3:4a:66:bf:c6:93:6c:22:b2:41:
                    e4:b7:fe:6a:ba:53:79:3c:5a:ff:c5:75:54:38:85:
                    99:9f:26:db:9d:2b:35:6d:8a:b3:74:dc:bc:74:72:
                    ba:fc:f5:fd:f5:17:a9:20:e3:9e:2f:08:25:de:1b:
                    ed:33:97:f9:2e:41:0a:b3:e2:59:be:36:d9:02:da:
                    98:cf:f4:94:cd:43:0b:d4:a7:3d:0f:25:ba:77:f9:
                    22:79:25:8a:1a:1f:b3:17:ac:7e:8d:a5:77:53:b9:
                    2a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:29:BD:7C:54:E5:08:E3:BA:FD:31:4A:B9:CA:8F:F2:B4:0A:EC:37
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/aym9fFTlCOO6_TFKucqP8rQK7Dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.197.132.0/23
                IPv6:
                  2001:7f0:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:54:ee:0d:0d:15:4d:ba:e4:db:61:26:02:34:49:78:70:3f:
         04:a1:7b:9f:59:30:64:11:c5:23:63:01:d1:de:dc:f2:b3:01:
         c5:b0:fe:31:a5:18:12:6a:25:c7:7b:95:70:e5:63:c3:aa:0d:
         48:1a:32:0b:de:a1:70:64:c9:88:1b:45:16:69:88:4d:02:7c:
         53:5a:c1:c9:ca:6b:23:53:2c:17:a6:1e:29:24:8c:1d:a8:12:
         45:cb:75:dd:c5:bb:22:3e:10:fe:50:b8:45:5d:b6:5f:80:ce:
         0d:ca:bd:83:f5:5f:95:eb:05:47:d7:38:19:f9:b8:4d:3f:54:
         3e:58:b4:42:7b:41:4a:ef:b9:50:57:70:00:8e:f2:58:b1:3b:
         c8:82:d7:63:07:13:bf:0a:72:f7:79:36:92:d3:5a:e9:d0:72:
         54:cf:c7:e3:5c:4b:c6:ec:e4:08:66:e5:73:49:21:87:56:5b:
         f6:d8:53:6f:55:ce:b1:df:8d:fd:e6:ee:9a:1f:6a:71:0b:e1:
         79:91:0c:e7:b1:b1:20:79:87:34:4d:30:54:c5:ac:3b:8c:55:
         d5:1b:c4:5e:49:8d:16:d0:b8:d2:f6:5d:f9:ac:13:67:72:fc:
         e4:7f:56:e0:d4:d6:0a:ae:d4:7e:b7:22:ab:c7:94:4a:47:b3:
         ce:94:12:55
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQf+kz22ZiO/mKOUeE4su13MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjUwMTAxMDM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjI5YmQ3YzU0ZTUwOGUzYmFmZDMxNGFiOWNhOGZmMmI0MGFlYzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Fk34zmEnfPV0jLhv/vBtyJU646S
s92meJr31Umg9RIpTXkw+KTVJLAwigPUspiClTzrf1askX1ZpObem0XP1AFnXbno
w+JULnKciZrDU8DvJCg9QY7TnjjZqa97hPjPsOF67wxFurAfacJMyf2+Zf3B9f6Q
NMPmBr3GnaBy0sKPzKXbn5Mtz4G6WoGWrMw0g7syFtN6d58CHNNKZr/Gk2wiskHk
t/5qulN5PFr/xXVUOIWZnybbnSs1bYqzdNy8dHK6/PX99RepIOOeLwgl3hvtM5f5
LkEKs+JZvjbZAtqYz/SUzUML1Kc9DyW6d/kieSWKGh+zF6x+jaV3U7kq7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGspvXxU5Qjjuv0xSrnKj/K0Cuw3MB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvYXltOWZGVGxDT082X1RGS3VjcVA4clFLN0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBUsWEMA8E
AgACMAkDBwAgAQfwAQEwDQYJKoZIhvcNAQELBQADggEBAAVU7g0NFU265NthJgI0
SXhwPwShe59ZMGQRxSNjAdHe3PKzAcWw/jGlGBJqJcd7lXDlY8OqDUgaMgveoXBk
yYgbRRZpiE0CfFNawcnKayNTLBemHikkjB2oEkXLdd3FuyI+EP5QuEVdtl+Azg3K
vYP1X5XrBUfXOBn5uE0/VD5YtEJ7QUrvuVBXcACO8lixO8iC12MHE78Kcvd5NpLT
WunQclTPx+NcS8bs5Ahm5XNJIYdWW/bYU29VzrHfjf3m7pofanEL4XmRDOexsSB5
hzRNMFTFrDuMVdUbxF5JjRbQuNL2XfmsE2dy/OR/VuDU1gqu1H63IqvHlEpHs86U
ElU=
-----END CERTIFICATE-----