Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/p6HHOYDEee_YFxcXEQQw4tj_loo.roa
File:                     p6HHOYDEee_YFxcXEQQw4tj_loo.roa (raw, json)
Hash identifier:          XVgmeoKKw2smz01W8p65Y0a7sBeyS3+sdPmsdrroyxo=
Subject key identifier:   A7:A1:C7:39:80:C4:79:EF:D8:17:17:17:11:04:30:E2:D8:FF:96:8A
Certificate issuer:       /CN=af73ff1ec55f49296dd734039fa0284cc400eb26
Certificate serial:       0194228DDC8AB9EAA5A4B53BEEA0A1C23227
Authority key identifier: AF:73:FF:1E:C5:5F:49:29:6D:D7:34:03:9F:A0:28:4C:C4:00:EB:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3P_HsVfSSlt1zQDn6AoTMQA6yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/p6HHOYDEee_YFxcXEQQw4tj_loo.roa
Signing time:             Wed 01 Jan 2025 15:48:29 +0000
ROA not before:           Wed 01 Jan 2025 15:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211099
IP address blocks:        94.177.116.0/23 maxlen: 24
                          194.156.235.0/24 maxlen: 24
                          2a02:7c9::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/r3P_HsVfSSlt1zQDn6AoTMQA6yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/r3P_HsVfSSlt1zQDn6AoTMQA6yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3P_HsVfSSlt1zQDn6AoTMQA6yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:dc:8a:b9:ea:a5:a4:b5:3b:ee:a0:a1:c2:32:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af73ff1ec55f49296dd734039fa0284cc400eb26
        Validity
            Not Before: Jan  1 15:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7a1c73980c479efd8171717110430e2d8ff968a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d9:2b:aa:b5:77:00:66:b6:de:11:8b:07:41:
                    1f:a9:01:fd:1a:cb:38:d8:9f:1a:b4:e6:31:ea:a9:
                    f4:d6:e8:bb:4b:99:c8:10:4f:f9:a9:53:e7:80:31:
                    eb:89:23:ed:e3:2f:e4:df:da:3b:cd:84:07:56:18:
                    fb:ac:c3:98:41:84:8c:f1:ae:e2:3e:4e:28:e1:d1:
                    1c:ed:f9:82:52:75:e2:9c:38:43:5d:23:fa:5a:06:
                    8f:ce:55:f4:0b:18:54:2c:89:be:3a:a4:a1:f1:59:
                    41:fa:2e:08:c4:13:f5:8a:df:eb:ba:1c:73:9c:15:
                    3d:db:bd:93:f0:45:a2:b2:9a:3e:a4:b4:a4:9c:9f:
                    f8:1a:0a:a6:1b:b3:ca:c4:eb:0f:cd:5c:4c:d0:29:
                    d6:3d:c0:0b:99:af:d3:56:65:ce:d9:6a:9b:01:a1:
                    e9:78:f7:9b:59:e1:c6:e8:14:ce:50:6c:a1:e4:35:
                    f2:a4:2a:5a:c4:03:33:be:b5:f1:15:0a:fb:48:43:
                    a7:41:f6:b1:e2:ea:7e:db:61:76:a4:dc:ef:55:64:
                    f5:46:4f:e0:ff:00:10:b2:93:50:cc:65:59:a3:e2:
                    cd:e4:0e:8f:ef:74:5e:0e:6d:19:53:43:88:f7:36:
                    12:2f:a5:60:1f:8e:1d:a1:ca:37:c3:61:d2:9d:44:
                    27:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:A1:C7:39:80:C4:79:EF:D8:17:17:17:11:04:30:E2:D8:FF:96:8A
            X509v3 Authority Key Identifier:
                keyid:AF:73:FF:1E:C5:5F:49:29:6D:D7:34:03:9F:A0:28:4C:C4:00:EB:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3P_HsVfSSlt1zQDn6AoTMQA6yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/p6HHOYDEee_YFxcXEQQw4tj_loo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/r3P_HsVfSSlt1zQDn6AoTMQA6yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.116.0/23
                  194.156.235.0/24
                IPv6:
                  2a02:7c9::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:63:4e:b8:65:ca:8d:9e:f1:b3:1c:eb:73:93:f3:89:03:5a:
         69:86:e5:39:7e:c0:cc:04:9a:71:8f:3b:35:b7:4f:2b:92:fe:
         62:13:a9:a2:6c:2a:27:91:51:43:e8:ab:39:50:a2:d6:7c:85:
         d8:0c:d0:75:44:27:08:ac:d1:bc:f0:c7:91:65:94:a7:dd:89:
         c6:86:fa:1c:1a:ed:a7:da:e6:c5:76:84:a2:d1:25:ea:34:2f:
         d9:ee:a0:20:4c:a9:97:b2:5c:17:d4:9a:18:14:58:b7:42:7e:
         fb:7a:24:2b:37:53:d2:bb:6d:f3:00:46:c2:43:53:19:e0:5a:
         73:84:6f:13:78:57:dc:47:16:60:80:d3:b2:23:fe:76:2f:79:
         06:f8:6c:1f:55:58:2f:b0:52:cd:c3:f7:2d:3c:8e:e7:bc:18:
         eb:92:95:c8:bb:3f:7f:c4:b7:f5:9a:49:11:fd:20:70:81:8d:
         06:2c:83:10:6d:2a:03:64:40:1f:fb:37:5d:99:90:24:05:ad:
         8e:52:ac:a8:2e:e3:8c:f2:c8:9c:16:82:f2:e1:8a:7b:2b:f6:
         70:0b:84:58:e0:3c:3f:b4:09:ea:b8:30:de:b6:c2:62:09:4a:
         ee:94:01:cf:20:ca:ca:00:8e:f0:df:33:a9:b5:bb:86:e4:07:
         bf:9c:ef:3a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQijdyKueqlpLU77qChwjInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzNmZjFlYzU1ZjQ5Mjk2ZGQ3MzQwMzlmYTAyODRjYzQw
MGViMjYwHhcNMjUwMTAxMTU0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2ExYzczOTgwYzQ3OWVmZDgxNzE3MTcxMTA0MzBlMmQ4ZmY5NjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39krqrV3AGa23hGLB0EfqQH9Gss4
2J8atOYx6qn01ui7S5nIEE/5qVPngDHriSPt4y/k39o7zYQHVhj7rMOYQYSM8a7i
Pk4o4dEc7fmCUnXinDhDXSP6WgaPzlX0CxhULIm+OqSh8VlB+i4IxBP1it/ruhxz
nBU9272T8EWispo+pLSknJ/4GgqmG7PKxOsPzVxM0CnWPcALma/TVmXO2WqbAaHp
ePebWeHG6BTOUGyh5DXypCpaxAMzvrXxFQr7SEOnQfax4up+22F2pNzvVWT1Rk/g
/wAQspNQzGVZo+LN5A6P73ReDm0ZU0OI9zYSL6VgH44doco3w2HSnUQn9wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFKehxzmAxHnv2BcXFxEEMOLY/5aKMB8GA1UdIwQY
MBaAFK9z/x7FX0kpbdc0A5+gKEzEAOsmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNQX0hzVmZTU2x0MXpRRG42QW9UTVFBNnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jZWE1ODEtNWNkZS00NTc0LWJhMGEt
MmM2MmRlN2IzZTQ1LzEvcDZISE9ZREVlZV9ZRnhjWEVRUXc0dGpfbG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jZWE1ODEtNWNkZS00NTc0LWJhMGEtMmM2MmRlN2IzZTQ1
LzEvcjNQX0hzVmZTU2x0MXpRRG42QW9UTVFBNnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBXrF0AwQA
wpzrMA8EAgACMAkDBwQqAgfJAAAwDQYJKoZIhvcNAQELBQADggEBABFjTrhlyo2e
8bMc63OT84kDWmmG5Tl+wMwEmnGPOzW3TyuS/mITqaJsKieRUUPoqzlQotZ8hdgM
0HVEJwis0bzwx5FllKfdicaG+hwa7afa5sV2hKLRJeo0L9nuoCBMqZeyXBfUmhgU
WLdCfvt6JCs3U9K7bfMARsJDUxngWnOEbxN4V9xHFmCA07Ij/nYveQb4bB9VWC+w
Us3D9y08jue8GOuSlci7P3/Et/WaSRH9IHCBjQYsgxBtKgNkQB/7N12ZkCQFrY5S
rKgu44zyyJwWgvLhinsr9nALhFjgPD+0Ceq4MN62wmIJSu6UAc8gysoAjvDfM6m1
u4bkB7+c7zo=
-----END CERTIFICATE-----