Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/ea471a-da64-4596-8370-612a762007ec/1/xIncpff8t5DuBdap78CZRmBq41M.roa
File:                     xIncpff8t5DuBdap78CZRmBq41M.roa (raw, json)
Hash identifier:          iuGa85kLc6g4Qd8kr/ZV4w/v+4lb0FJF9McHzQYZMGI=
Subject key identifier:   C4:89:DC:A5:F7:FC:B7:90:EE:05:D6:A9:EF:C0:99:46:60:6A:E3:53
Certificate issuer:       /CN=6ea3b5028ce364f5102c1aec27736b7c33bc0493
Certificate serial:       019420D619E7CD18736054E64513F0D9648D
Authority key identifier: 6E:A3:B5:02:8C:E3:64:F5:10:2C:1A:EC:27:73:6B:7C:33:BC:04:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bqO1AozjZPUQLBrsJ3NrfDO8BJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/ea471a-da64-4596-8370-612a762007ec/1/xIncpff8t5DuBdap78CZRmBq41M.roa
Signing time:             Wed 01 Jan 2025 07:48:09 +0000
ROA not before:           Wed 01 Jan 2025 07:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205151
IP address blocks:        217.150.64.0/21 maxlen: 21
                          2a01:8c81::/32 maxlen: 32
                          2a01:8c82::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/ea471a-da64-4596-8370-612a762007ec/1/bqO1AozjZPUQLBrsJ3NrfDO8BJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/ea471a-da64-4596-8370-612a762007ec/1/bqO1AozjZPUQLBrsJ3NrfDO8BJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bqO1AozjZPUQLBrsJ3NrfDO8BJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:19:e7:cd:18:73:60:54:e6:45:13:f0:d9:64:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ea3b5028ce364f5102c1aec27736b7c33bc0493
        Validity
            Not Before: Jan  1 07:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c489dca5f7fcb790ee05d6a9efc09946606ae353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:25:c6:af:bc:b0:37:0f:a7:ff:c4:a6:95:e5:
                    cd:6d:fb:91:ee:db:be:aa:70:de:a5:82:0d:5d:4c:
                    9f:04:91:55:24:04:47:17:6c:77:c3:70:74:a8:b8:
                    6f:5d:6e:3b:9c:09:0a:17:05:dd:77:22:e4:63:67:
                    e0:07:b1:6c:30:d6:2c:2e:50:83:fe:01:10:86:08:
                    10:9c:0a:bb:f7:ae:26:a3:ba:6d:d1:27:3a:42:ce:
                    c7:4e:5b:f5:af:f7:8c:25:c6:1a:23:51:3b:da:fd:
                    04:e4:60:b8:32:fc:86:0f:93:44:61:88:d8:4b:7c:
                    f7:29:29:e9:e0:0c:be:e1:d0:48:14:2d:ef:91:9f:
                    be:2f:2e:90:71:df:55:88:cd:be:c6:8c:b3:83:d6:
                    b9:56:cf:58:f7:52:b8:18:71:12:f0:5b:dc:4e:80:
                    2d:a2:c2:8e:7b:6b:18:14:c3:ce:64:96:09:ad:66:
                    cd:91:b8:d0:2f:b1:b9:c2:ad:d9:f2:15:cd:e9:10:
                    32:3d:00:4e:de:46:a3:84:ca:20:c4:72:cf:40:d8:
                    26:97:14:e6:3f:5b:d0:cf:85:3d:ae:c8:5a:d9:dd:
                    02:29:8b:c8:9b:f7:f8:e2:bd:b1:4f:c6:77:36:c0:
                    2f:fb:05:cb:51:fa:f2:3c:53:60:a3:6b:60:f2:72:
                    c4:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:89:DC:A5:F7:FC:B7:90:EE:05:D6:A9:EF:C0:99:46:60:6A:E3:53
            X509v3 Authority Key Identifier:
                keyid:6E:A3:B5:02:8C:E3:64:F5:10:2C:1A:EC:27:73:6B:7C:33:BC:04:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bqO1AozjZPUQLBrsJ3NrfDO8BJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ea471a-da64-4596-8370-612a762007ec/1/xIncpff8t5DuBdap78CZRmBq41M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ea471a-da64-4596-8370-612a762007ec/1/bqO1AozjZPUQLBrsJ3NrfDO8BJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.150.64.0/21
                IPv6:
                  2a01:8c81::-2a01:8c82:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         29:24:dc:62:a8:e0:63:00:14:ed:56:df:90:5e:41:a4:3b:81:
         62:29:62:80:ec:1e:cc:51:bf:dd:bf:ef:f2:c0:03:8c:e8:19:
         e0:d7:7a:b4:d7:7e:b5:04:ca:01:35:f5:2c:d6:76:ab:e6:05:
         09:7c:97:7f:3b:05:d2:50:2e:ec:e1:30:42:30:bd:d0:16:1e:
         49:90:53:2f:27:12:c2:f8:07:46:84:07:64:09:a6:e3:bf:e3:
         ae:d8:4a:05:77:80:7d:44:2d:bb:56:0c:de:c7:b2:13:8b:91:
         c2:07:90:7c:7b:ec:1d:62:3d:bc:6c:6b:a6:2c:57:52:6f:2e:
         67:bb:09:64:49:30:92:73:cf:05:43:bb:da:08:7f:ea:d2:a2:
         67:6c:66:6c:c7:9c:2b:4c:f3:08:f2:a4:07:9b:17:30:aa:e6:
         44:56:b5:57:fa:6d:ad:41:ab:a3:aa:76:17:7d:f3:41:1a:1c:
         47:64:92:97:94:f9:9d:3d:a2:e9:ea:ac:ac:90:e0:c1:21:b0:
         50:54:f6:9f:a7:23:38:75:a3:38:6d:f8:84:4d:21:1e:5d:f6:
         1d:ef:14:b1:6d:0e:b3:b0:a4:ec:3d:06:f6:2c:10:62:a9:3a:
         f3:33:17:19:3c:c5:cc:02:d9:ec:81:8b:48:4d:75:f1:e5:b3:
         b5:c5:ca:ca
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQg1hnnzRhzYFTmRRPw2WSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYTNiNTAyOGNlMzY0ZjUxMDJjMWFlYzI3NzM2YjdjMzNi
YzA0OTMwHhcNMjUwMTAxMDc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDg5ZGNhNWY3ZmNiNzkwZWUwNWQ2YTllZmMwOTk0NjYwNmFlMzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiXGr7ywNw+n/8SmleXNbfuR7tu+
qnDepYINXUyfBJFVJARHF2x3w3B0qLhvXW47nAkKFwXddyLkY2fgB7FsMNYsLlCD
/gEQhggQnAq7964mo7pt0Sc6Qs7HTlv1r/eMJcYaI1E72v0E5GC4MvyGD5NEYYjY
S3z3KSnp4Ay+4dBIFC3vkZ++Ly6Qcd9ViM2+xoyzg9a5Vs9Y91K4GHES8FvcToAt
osKOe2sYFMPOZJYJrWbNkbjQL7G5wq3Z8hXN6RAyPQBO3kajhMogxHLPQNgmlxTm
P1vQz4U9rsha2d0CKYvIm/f44r2xT8Z3NsAv+wXLUfryPFNgo2tg8nLEtQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMSJ3KX3/LeQ7gXWqe/AmUZgauNTMB8GA1UdIwQY
MBaAFG6jtQKM42T1ECwa7Cdza3wzvASTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnFPMUFvempaUFVRTEJyc0ozTnJmRE84QkpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9lYTQ3MWEtZGE2NC00NTk2LTgzNzAt
NjEyYTc2MjAwN2VjLzEveEluY3BmZjh0NUR1QmRhcDc4Q1pSbUJxNDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9lYTQ3MWEtZGE2NC00NTk2LTgzNzAtNjEyYTc2MjAwN2Vj
LzEvYnFPMUFvempaUFVRTEJyc0ozTnJmRE84QkpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQD2ZZAMBYE
AgACMBAwDgMFACoBjIEDBQAqAYyCMA0GCSqGSIb3DQEBCwUAA4IBAQApJNxiqOBj
ABTtVt+QXkGkO4FiKWKA7B7MUb/dv+/ywAOM6Bng13q01361BMoBNfUs1nar5gUJ
fJd/OwXSUC7s4TBCML3QFh5JkFMvJxLC+AdGhAdkCabjv+Ou2EoFd4B9RC27Vgze
x7ITi5HCB5B8e+wdYj28bGumLFdSby5nuwlkSTCSc88FQ7vaCH/q0qJnbGZsx5wr
TPMI8qQHmxcwquZEVrVX+m2tQaujqnYXffNBGhxHZJKXlPmdPaLp6qyskODBIbBQ
VPafpyM4daM4bfiETSEeXfYd7xSxbQ6zsKTsPQb2LBBiqTrzMxcZPMXMAtnsgYtI
TXXx5bO1xcrK
-----END CERTIFICATE-----