Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/65f0c1-fe9d-4b09-b528-5db030c1f14b/1/yV6dlaQqykdXmPFxWtSp2DJEhJw.roa
File:                     yV6dlaQqykdXmPFxWtSp2DJEhJw.roa (raw, json)
Hash identifier:          WmIvozgI3vtTkD0hLlFRwt8yL/FQ4uPIVdy3pddOlRc=
Subject key identifier:   C9:5E:9D:95:A4:2A:CA:47:57:98:F1:71:5A:D4:A9:D8:32:44:84:9C
Certificate issuer:       /CN=3f5a6d97fc7878429404578e5cc0cc652fe4b4d4
Certificate serial:       019424B271980F94C1CE0E5F4900E220FA91
Authority key identifier: 3F:5A:6D:97:FC:78:78:42:94:04:57:8E:5C:C0:CC:65:2F:E4:B4:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P1ptl_x4eEKUBFeOXMDMZS_ktNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/65f0c1-fe9d-4b09-b528-5db030c1f14b/1/yV6dlaQqykdXmPFxWtSp2DJEhJw.roa
Signing time:             Thu 02 Jan 2025 01:47:41 +0000
ROA not before:           Thu 02 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207533
IP address blocks:        212.6.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/65f0c1-fe9d-4b09-b528-5db030c1f14b/1/P1ptl_x4eEKUBFeOXMDMZS_ktNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/65f0c1-fe9d-4b09-b528-5db030c1f14b/1/P1ptl_x4eEKUBFeOXMDMZS_ktNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P1ptl_x4eEKUBFeOXMDMZS_ktNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:71:98:0f:94:c1:ce:0e:5f:49:00:e2:20:fa:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f5a6d97fc7878429404578e5cc0cc652fe4b4d4
        Validity
            Not Before: Jan  2 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c95e9d95a42aca475798f1715ad4a9d83244849c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:89:b9:cb:e2:32:5a:05:8c:aa:46:8e:3f:9d:
                    95:c5:12:fe:d6:19:aa:47:24:27:ec:c3:87:00:43:
                    f1:e6:d1:a1:d2:b9:e4:72:9f:13:fd:b1:09:55:ce:
                    ad:5c:7e:59:35:ad:db:aa:9a:47:90:2b:21:ad:c9:
                    08:74:ae:85:8e:92:cb:38:27:fb:b5:be:e2:30:f0:
                    86:e7:ff:97:b8:2d:7a:85:aa:36:e4:6d:ea:69:e7:
                    0f:c6:a2:13:90:f4:e6:e6:1b:fa:4d:01:01:c3:45:
                    3e:76:2c:dc:e0:ac:1e:b5:6f:b8:ec:96:4e:f0:21:
                    38:7a:55:74:eb:d1:5b:09:c2:07:16:27:d0:06:f1:
                    58:7d:03:3f:4e:f5:22:f0:a5:5c:e3:76:aa:4e:ad:
                    1f:c5:0a:66:ef:d1:29:59:dd:f8:d7:56:59:31:ef:
                    75:e7:65:c2:c2:8b:67:7c:f8:9a:ea:bc:b0:0e:0f:
                    77:5a:be:a1:20:f7:a9:19:04:10:8e:a0:d3:29:ba:
                    a8:97:af:6c:bf:92:e0:1a:41:45:90:c9:1b:3e:53:
                    3c:8c:c4:a4:08:ff:8d:30:57:ae:95:ee:ae:4a:99:
                    35:da:52:2f:76:b3:84:70:e6:7e:d6:df:8a:aa:93:
                    0d:c2:4c:c3:76:a9:84:a2:82:88:0b:c9:3b:25:b0:
                    85:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:5E:9D:95:A4:2A:CA:47:57:98:F1:71:5A:D4:A9:D8:32:44:84:9C
            X509v3 Authority Key Identifier:
                keyid:3F:5A:6D:97:FC:78:78:42:94:04:57:8E:5C:C0:CC:65:2F:E4:B4:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P1ptl_x4eEKUBFeOXMDMZS_ktNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/65f0c1-fe9d-4b09-b528-5db030c1f14b/1/yV6dlaQqykdXmPFxWtSp2DJEhJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/65f0c1-fe9d-4b09-b528-5db030c1f14b/1/P1ptl_x4eEKUBFeOXMDMZS_ktNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:ce:14:4e:9a:84:a5:2c:2a:60:a8:5f:91:b2:d5:0c:98:7d:
         26:34:77:be:2c:f2:de:aa:79:64:13:85:d2:e2:ce:b8:bd:bb:
         67:a0:a0:98:09:86:ee:ca:e6:f4:88:20:46:dc:3f:4f:18:5b:
         5b:db:9d:c6:2a:e8:88:0e:d1:cd:bc:21:7e:bf:39:0b:72:1c:
         d6:86:19:ed:67:5e:c3:c4:dc:96:fc:ad:1d:20:d6:a9:03:70:
         a3:22:46:23:0c:a8:46:56:82:6e:e3:df:fd:ee:cf:35:0f:83:
         8e:8b:e4:47:28:9e:57:87:c2:88:73:9b:6b:65:07:1d:56:8c:
         da:17:b4:58:e5:26:18:91:3c:41:17:e8:5d:a4:15:62:36:28:
         a6:12:b9:2c:d3:64:c1:fa:13:35:f7:11:06:be:3d:26:77:98:
         89:99:d3:9e:2d:26:fd:cb:6d:09:1a:0e:60:0c:f3:ad:72:c5:
         db:d6:21:6a:9a:af:e8:61:a3:45:c4:69:a0:8f:c1:09:29:80:
         f6:8e:45:d2:47:92:34:10:85:9b:3b:26:b5:38:21:b9:d1:2d:
         3c:fc:cc:c9:3b:a7:50:cd:25:a3:2b:a7:70:81:d3:77:c4:5b:
         d4:ac:35:be:cb:13:17:bc:7f:25:df:1b:bf:31:7a:88:80:26:
         f8:68:ee:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksnGYD5TBzg5fSQDiIPqRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNWE2ZDk3ZmM3ODc4NDI5NDA0NTc4ZTVjYzBjYzY1MmZl
NGI0ZDQwHhcNMjUwMTAyMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTVlOWQ5NWE0MmFjYTQ3NTc5OGYxNzE1YWQ0YTlkODMyNDQ4NDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4m5y+IyWgWMqkaOP52VxRL+1hmq
RyQn7MOHAEPx5tGh0rnkcp8T/bEJVc6tXH5ZNa3bqppHkCshrckIdK6FjpLLOCf7
tb7iMPCG5/+XuC16hao25G3qaecPxqITkPTm5hv6TQEBw0U+dizc4KwetW+47JZO
8CE4elV069FbCcIHFifQBvFYfQM/TvUi8KVc43aqTq0fxQpm79EpWd3411ZZMe91
52XCwotnfPia6rywDg93Wr6hIPepGQQQjqDTKbqol69sv5LgGkFFkMkbPlM8jMSk
CP+NMFeule6uSpk12lIvdrOEcOZ+1t+KqpMNwkzDdqmEooKIC8k7JbCF3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlenZWkKspHV5jxcVrUqdgyRIScMB8GA1UdIwQY
MBaAFD9abZf8eHhClARXjlzAzGUv5LTUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDFwdGxfeDRlRUtVQkZlT1hNRE1aU19rdE5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS82NWYwYzEtZmU5ZC00YjA5LWI1Mjgt
NWRiMDMwYzFmMTRiLzEveVY2ZGxhUXF5a2RYbVBGeFd0U3AyREpFaEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS82NWYwYzEtZmU5ZC00YjA5LWI1MjgtNWRiMDMwYzFmMTRi
LzEvUDFwdGxfeDRlRUtVQkZlT1hNRE1aU19rdE5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AYiMA0G
CSqGSIb3DQEBCwUAA4IBAQBVzhROmoSlLCpgqF+RstUMmH0mNHe+LPLeqnlkE4XS
4s64vbtnoKCYCYbuyub0iCBG3D9PGFtb253GKuiIDtHNvCF+vzkLchzWhhntZ17D
xNyW/K0dINapA3CjIkYjDKhGVoJu49/97s81D4OOi+RHKJ5Xh8KIc5trZQcdVoza
F7RY5SYYkTxBF+hdpBViNiimErks02TB+hM19xEGvj0md5iJmdOeLSb9y20JGg5g
DPOtcsXb1iFqmq/oYaNFxGmgj8EJKYD2jkXSR5I0EIWbOya1OCG50S08/MzJO6dQ
zSWjK6dwgdN3xFvUrDW+yxMXvH8l3xu/MXqIgCb4aO5o
-----END CERTIFICATE-----