Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/a0mVO4-x7F8YRbQe8mM3-ML1iz8.roa
File:                     a0mVO4-x7F8YRbQe8mM3-ML1iz8.roa (raw, json)
Hash identifier:          B8Rhv0CguI/b35lVtQSfcG/xXcI0BrQN6/h/gAWSdaw=
Subject key identifier:   6B:49:95:3B:8F:B1:EC:5F:18:45:B4:1E:F2:63:37:F8:C2:F5:8B:3F
Certificate issuer:       /CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
Certificate serial:       0194BD30E95A79D1B1BB37AD9FA8F566AA07
Authority key identifier: EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/a0mVO4-x7F8YRbQe8mM3-ML1iz8.roa
Signing time:             Fri 31 Jan 2025 16:28:06 +0000
ROA not before:           Fri 31 Jan 2025 16:28:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200632
IP address blocks:        195.242.0.0/23 maxlen: 24
                          2a13:5940::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:bd:30:e9:5a:79:d1:b1:bb:37:ad:9f:a8:f5:66:aa:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
        Validity
            Not Before: Jan 31 16:28:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b49953b8fb1ec5f1845b41ef26337f8c2f58b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:29:15:9a:a1:49:36:45:17:5e:9c:52:8c:f4:
                    6a:0d:fb:96:e5:c6:dc:21:e9:f7:9c:51:2e:08:8a:
                    e8:da:21:e8:d0:8f:31:ee:05:ce:7b:2d:3d:56:b9:
                    9e:c4:1e:fb:34:4a:a6:f5:89:b6:d3:11:f3:e0:d6:
                    09:2f:dd:d8:a6:88:d5:74:41:ca:de:7d:dd:9f:90:
                    f2:ca:12:19:80:be:0d:1b:de:6f:e7:04:7f:1c:bb:
                    82:3a:35:47:3f:c3:86:e6:07:01:21:eb:c5:cd:f2:
                    f5:7c:9d:9d:26:77:fa:01:af:4e:35:b2:50:ab:1a:
                    5c:9d:0e:83:16:e5:aa:43:2f:a0:0e:17:09:a7:ae:
                    38:80:d3:d9:8e:83:ae:a6:5d:79:5c:fb:94:d0:06:
                    0f:ff:74:41:9c:6b:fc:b4:24:75:da:32:ad:bb:71:
                    c0:2a:5b:5f:51:44:21:59:08:97:4f:b7:9d:b2:c1:
                    ea:4e:d4:3e:8a:84:a3:1d:1a:c0:9a:9f:e6:b2:09:
                    f4:ca:24:a4:0f:29:96:ca:7a:73:c8:11:96:f2:b3:
                    05:e1:8b:82:f2:e0:3d:5d:40:58:2f:fe:49:12:78:
                    2d:7f:8b:1c:97:b3:4e:73:dd:19:aa:42:63:53:20:
                    14:78:41:5d:23:e1:9c:de:6c:10:67:a1:4b:ca:fb:
                    cc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:49:95:3B:8F:B1:EC:5F:18:45:B4:1E:F2:63:37:F8:C2:F5:8B:3F
            X509v3 Authority Key Identifier:
                keyid:EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/a0mVO4-x7F8YRbQe8mM3-ML1iz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.0.0/23
                IPv6:
                  2a13:5940::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:4e:8e:23:06:0b:d2:65:7d:a8:d6:66:9c:49:4a:c4:3b:1a:
         f5:dd:38:01:db:97:b6:16:ab:23:b8:08:ff:03:bc:4a:ef:66:
         fa:53:1e:2e:14:7f:10:a9:0a:0a:60:a5:34:ec:46:88:e8:75:
         91:35:28:7b:b0:b1:43:c2:84:d4:8c:70:98:c8:41:7a:c7:ff:
         35:9b:9b:56:3f:57:01:eb:4f:af:69:52:dc:67:cc:3c:85:af:
         8e:d2:5e:8d:c6:8a:bd:59:e2:a5:f8:ba:08:80:d4:48:6e:44:
         b6:9d:e5:33:02:b7:11:34:05:52:1d:ce:72:57:47:00:6e:df:
         b9:bc:a6:df:08:51:1b:dc:c5:56:8d:90:d2:62:58:55:a2:25:
         c6:b9:38:92:13:72:2c:4c:2a:20:0d:45:04:f7:59:cc:4d:94:
         3b:9b:c7:85:e3:cb:66:2e:e9:62:a4:ad:ab:e0:ff:a6:31:21:
         eb:ab:08:54:1d:ff:26:9f:0b:cd:22:38:01:57:d5:bd:fa:9e:
         0f:d0:0e:58:c9:03:e2:90:06:77:58:61:c3:df:fe:64:49:b7:
         48:70:95:ff:97:85:41:60:54:ad:0c:f4:9f:bc:0c:7c:fe:cd:
         e4:59:ad:5b:0c:37:8d:e6:46:71:d6:8c:8e:ec:c0:0d:77:27:
         8f:12:82:d5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZS9MOlaedGxuzetn6j1ZqoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZTI2NTMxNzljYWZlNWZmNjY1MWM2MDU4YjY3YWQyZDJj
ODQ4NWUwHhcNMjUwMTMxMTYyODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjQ5OTUzYjhmYjFlYzVmMTg0NWI0MWVmMjYzMzdmOGMyZjU4YjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ikVmqFJNkUXXpxSjPRqDfuW5cbc
Ien3nFEuCIro2iHo0I8x7gXOey09VrmexB77NEqm9Ym20xHz4NYJL93YpojVdEHK
3n3dn5DyyhIZgL4NG95v5wR/HLuCOjVHP8OG5gcBIevFzfL1fJ2dJnf6Aa9ONbJQ
qxpcnQ6DFuWqQy+gDhcJp644gNPZjoOupl15XPuU0AYP/3RBnGv8tCR12jKtu3HA
KltfUUQhWQiXT7edssHqTtQ+ioSjHRrAmp/msgn0yiSkDymWynpzyBGW8rMF4YuC
8uA9XUBYL/5JEngtf4scl7NOc90ZqkJjUyAUeEFdI+Gc3mwQZ6FLyvvMoQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGtJlTuPsexfGEW0HvJjN/jC9Ys/MB8GA1UdIwQY
MBaAFOriZTF5yv5f9mUcYFi2etLSyEheMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTkt
OTkyZDc5N2Y0YmJiLzEvYTBtVk80LXg3RjhZUmJRZThtTTMtTUwxaXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTktOTkyZDc5N2Y0YmJi
LzEvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBw/IAMA0E
AgACMAcDBQAqE1lAMA0GCSqGSIb3DQEBCwUAA4IBAQAbTo4jBgvSZX2o1macSUrE
Oxr13TgB25e2FqsjuAj/A7xK72b6Ux4uFH8QqQoKYKU07EaI6HWRNSh7sLFDwoTU
jHCYyEF6x/81m5tWP1cB60+vaVLcZ8w8ha+O0l6Nxoq9WeKl+LoIgNRIbkS2neUz
ArcRNAVSHc5yV0cAbt+5vKbfCFEb3MVWjZDSYlhVoiXGuTiSE3IsTCogDUUE91nM
TZQ7m8eF48tmLulipK2r4P+mMSHrqwhUHf8mnwvNIjgBV9W9+p4P0A5YyQPikAZ3
WGHD3/5kSbdIcJX/l4VBYFStDPSfvAx8/s3kWa1bDDeN5kZx1oyO7MANdyePEoLV
-----END CERTIFICATE-----