Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/a5yaKlijnL4kZ_oj1IyssANoPrY.roa
File:                     a5yaKlijnL4kZ_oj1IyssANoPrY.roa (raw, json)
Hash identifier:          Ldfc6br/bRY5cT98+AAZmtT6be1fhfXCxblPXo1RRow=
Subject key identifier:   6B:9C:9A:2A:58:A3:9C:BE:24:67:FA:23:D4:8C:AC:B0:03:68:3E:B6
Certificate issuer:       /CN=adfff1bd771287ced4c4dd6d8a851d2ad770661d
Certificate serial:       019473BA248542C2563E4250EFC95AA7304B
Authority key identifier: AD:FF:F1:BD:77:12:87:CE:D4:C4:DD:6D:8A:85:1D:2A:D7:70:66:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rf_xvXcSh87UxN1tioUdKtdwZh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/a5yaKlijnL4kZ_oj1IyssANoPrY.roa
Signing time:             Fri 17 Jan 2025 10:06:06 +0000
ROA not before:           Fri 17 Jan 2025 10:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1103
IP address blocks:        194.13.16.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/rf_xvXcSh87UxN1tioUdKtdwZh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/rf_xvXcSh87UxN1tioUdKtdwZh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rf_xvXcSh87UxN1tioUdKtdwZh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:73:ba:24:85:42:c2:56:3e:42:50:ef:c9:5a:a7:30:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adfff1bd771287ced4c4dd6d8a851d2ad770661d
        Validity
            Not Before: Jan 17 10:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b9c9a2a58a39cbe2467fa23d48cacb003683eb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3c:1d:95:52:33:69:48:9c:2a:21:87:f2:2b:
                    ec:f5:86:d5:01:2b:11:ca:4a:2a:9e:f4:08:fe:58:
                    73:5b:32:30:5f:0f:d6:cb:e4:1e:04:f1:8a:6f:92:
                    bb:53:16:28:0f:72:f3:51:04:b6:2b:2b:12:b5:37:
                    c7:bf:91:ae:c4:f1:f7:d8:26:9b:cf:db:b0:08:f4:
                    81:e2:fe:13:7b:3b:c7:16:dd:fe:43:e2:f9:93:3a:
                    f4:c0:3d:59:43:53:79:1e:52:d8:29:70:9a:b9:56:
                    8b:2d:6a:78:dd:5c:9b:3e:3a:83:fb:23:80:b7:a1:
                    03:53:f0:63:88:43:d3:ba:86:fb:62:c2:18:2b:4b:
                    f1:40:c6:c3:95:2a:2f:c6:3c:c6:43:b7:f8:40:aa:
                    6f:76:b8:c9:ce:58:a2:ef:c4:f7:86:75:7c:7d:7a:
                    9f:60:f7:8e:87:f6:b6:3c:d3:de:7e:04:98:ff:70:
                    1a:f4:bc:95:37:c5:0a:a1:b4:88:d5:9c:52:2a:6a:
                    fe:e9:68:c5:23:f9:93:f8:a1:9c:27:f5:e1:3d:ce:
                    3a:7b:0e:5e:9e:28:2f:c2:8c:7c:ea:43:61:91:4d:
                    4a:9d:84:a3:7d:b5:0a:92:0b:51:69:a8:21:41:10:
                    11:df:aa:4a:c1:b5:05:08:98:f1:13:07:95:9a:bc:
                    0f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:9C:9A:2A:58:A3:9C:BE:24:67:FA:23:D4:8C:AC:B0:03:68:3E:B6
            X509v3 Authority Key Identifier:
                keyid:AD:FF:F1:BD:77:12:87:CE:D4:C4:DD:6D:8A:85:1D:2A:D7:70:66:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rf_xvXcSh87UxN1tioUdKtdwZh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/a5yaKlijnL4kZ_oj1IyssANoPrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/rf_xvXcSh87UxN1tioUdKtdwZh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3b:48:1e:cc:ea:cc:84:05:d4:13:ae:e9:c6:fd:b9:b0:47:c3:
         1b:88:24:b4:2e:25:ca:b6:b6:1a:8e:c3:67:94:91:23:e5:0f:
         6c:25:23:b0:0d:eb:4c:28:7c:a9:ee:44:e2:1f:be:38:6c:dd:
         51:5c:87:1c:4f:4a:ac:81:25:bf:ef:cb:1b:b7:0b:40:cd:c3:
         39:47:b9:f8:13:d9:c0:28:be:8d:9b:2e:89:49:0e:c2:51:c5:
         c2:82:8f:bc:7d:e4:2f:af:ab:05:cc:58:de:22:d2:64:70:bf:
         76:28:48:70:f2:bd:0e:ba:89:38:44:2d:87:c9:8c:c5:70:f9:
         f6:4a:0e:ed:cf:0c:30:65:ea:d3:62:92:8f:0c:5a:c1:4f:e0:
         da:97:72:b8:95:07:03:c4:68:de:5a:19:0b:b4:56:c9:93:d2:
         98:8f:93:7e:99:97:fa:08:59:df:00:a0:ce:59:16:57:3c:01:
         f4:11:4e:65:40:13:c4:ea:f2:28:c0:7c:4f:e8:73:18:1a:67:
         d6:b8:79:ed:d5:24:a1:f3:35:9a:a0:83:9a:49:49:28:48:99:
         73:48:32:4f:ef:4a:53:0f:e8:0f:71:1f:41:7c:70:43:88:d4:
         56:3a:7e:43:fa:2b:d6:fd:65:a5:df:b7:a9:ba:1b:53:a8:42:
         7c:e7:2e:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRzuiSFQsJWPkJQ78lapzBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZmZmMWJkNzcxMjg3Y2VkNGM0ZGQ2ZDhhODUxZDJhZDc3
MDY2MWQwHhcNMjUwMTE3MTAwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjljOWEyYTU4YTM5Y2JlMjQ2N2ZhMjNkNDhjYWNiMDAzNjgzZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDwdlVIzaUicKiGH8ivs9YbVASsR
ykoqnvQI/lhzWzIwXw/Wy+QeBPGKb5K7UxYoD3LzUQS2KysStTfHv5GuxPH32Cab
z9uwCPSB4v4TezvHFt3+Q+L5kzr0wD1ZQ1N5HlLYKXCauVaLLWp43VybPjqD+yOA
t6EDU/BjiEPTuob7YsIYK0vxQMbDlSovxjzGQ7f4QKpvdrjJzlii78T3hnV8fXqf
YPeOh/a2PNPefgSY/3Aa9LyVN8UKobSI1ZxSKmr+6WjFI/mT+KGcJ/XhPc46ew5e
nigvwox86kNhkU1KnYSjfbUKkgtRaaghQRAR36pKwbUFCJjxEweVmrwPkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGucmipYo5y+JGf6I9SMrLADaD62MB8GA1UdIwQY
MBaAFK3/8b13EofO1MTdbYqFHSrXcGYdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZfeHZYY1NoODdVeE4xdGlvVWRLdGR3WmgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy82MjNlMTEtZTcwYy00ZjViLTg1MmMt
NDk0M2I0YjQyZWJiLzEvYTV5YUtsaWpuTDRrWl9vajFJeXNzQU5vUHJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy82MjNlMTEtZTcwYy00ZjViLTg1MmMtNDk0M2I0YjQyZWJi
LzEvcmZfeHZYY1NoODdVeE4xdGlvVWRLdGR3WmgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwg0QMA0G
CSqGSIb3DQEBCwUAA4IBAQA7SB7M6syEBdQTrunG/bmwR8MbiCS0LiXKtrYajsNn
lJEj5Q9sJSOwDetMKHyp7kTiH744bN1RXIccT0qsgSW/78sbtwtAzcM5R7n4E9nA
KL6Nmy6JSQ7CUcXCgo+8feQvr6sFzFjeItJkcL92KEhw8r0Ouok4RC2HyYzFcPn2
Sg7tzwwwZerTYpKPDFrBT+Dal3K4lQcDxGjeWhkLtFbJk9KYj5N+mZf6CFnfAKDO
WRZXPAH0EU5lQBPE6vIowHxP6HMYGmfWuHnt1SSh8zWaoIOaSUkoSJlzSDJP70pT
D+gPcR9BfHBDiNRWOn5D+ivW/WWl37epuhtTqEJ85y5Y
-----END CERTIFICATE-----