Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/Wm8utYaAl4ZMre6kWYKnqXiiOiw.roa
File:                     Wm8utYaAl4ZMre6kWYKnqXiiOiw.roa (raw, json)
Hash identifier:          8NKhHY0obt4MJcpBncJiFgosygRTtWNojzKhfWVbODY=
Subject key identifier:   5A:6F:2E:B5:86:80:97:86:4C:AD:EE:A4:59:82:A7:A9:78:A2:3A:2C
Certificate issuer:       /CN=feb84d9f8f9e33156589a5ebf722203a899e0a51
Certificate serial:       01973A8276C255D5C41AD32FF3B06CDB321B
Authority key identifier: FE:B8:4D:9F:8F:9E:33:15:65:89:A5:EB:F7:22:20:3A:89:9E:0A:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/Wm8utYaAl4ZMre6kWYKnqXiiOiw.roa
Signing time:             Wed 04 Jun 2025 10:35:17 +0000
ROA not before:           Wed 04 Jun 2025 10:35:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206352
IP address blocks:        195.210.110.0/23 maxlen: 23
                          195.210.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3a:82:76:c2:55:d5:c4:1a:d3:2f:f3:b0:6c:db:32:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=feb84d9f8f9e33156589a5ebf722203a899e0a51
        Validity
            Not Before: Jun  4 10:35:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a6f2eb5868097864cadeea45982a7a978a23a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c0:24:fd:74:60:9b:93:fd:c0:3a:75:13:9b:
                    ff:98:bc:cb:4e:77:0f:9f:b4:96:61:af:9d:b4:51:
                    b0:82:d6:fd:bd:5c:49:4a:76:2b:38:6d:aa:e4:28:
                    34:31:a9:64:a4:0d:91:4a:9c:fb:3e:05:19:2f:e6:
                    ca:31:45:31:81:ce:11:d3:7a:de:16:87:c9:37:c3:
                    e7:a6:8e:5b:32:25:27:c2:f5:b9:cb:7e:2e:5d:5e:
                    ab:c8:9d:91:af:1e:58:f2:a8:56:2f:a1:61:c3:37:
                    7a:e4:a2:fc:2d:8a:43:d0:52:a7:c7:92:fe:fb:7a:
                    de:04:84:13:b4:e6:83:b8:c3:0f:35:05:26:ed:25:
                    1f:1b:23:57:46:4c:ad:29:09:a3:fa:46:4e:0a:3d:
                    51:6a:0c:4d:53:2d:13:8b:6e:fd:e2:cb:b0:a7:03:
                    81:36:1b:74:bd:b2:4c:7f:d6:0e:e4:b6:67:7b:32:
                    27:72:b4:70:04:f4:88:cc:77:45:0b:44:7e:dc:3c:
                    16:ce:82:8c:e4:a5:9c:13:cd:3e:4e:d6:bf:6b:11:
                    cf:bb:c9:7b:3d:20:52:6d:bf:7c:d1:53:75:1d:5d:
                    99:21:a1:37:12:0c:37:8f:53:9e:ce:be:44:26:9b:
                    a8:9e:eb:26:76:b1:21:35:fc:63:84:ab:79:e6:55:
                    a3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:6F:2E:B5:86:80:97:86:4C:AD:EE:A4:59:82:A7:A9:78:A2:3A:2C
            X509v3 Authority Key Identifier:
                keyid:FE:B8:4D:9F:8F:9E:33:15:65:89:A5:EB:F7:22:20:3A:89:9E:0A:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/Wm8utYaAl4ZMre6kWYKnqXiiOiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.210.110.0/23
                  195.210.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:6c:d3:f1:6e:ff:04:38:67:27:88:51:ac:9d:8d:77:b3:bd:
         97:67:2f:c7:b0:f6:e2:2e:d8:67:40:e9:df:a9:14:d5:bf:db:
         33:fc:ea:8b:1f:12:02:c9:ac:0a:78:1f:3c:90:93:a2:b6:d1:
         a4:55:e5:1b:c4:1d:08:c1:96:cd:d2:50:16:18:63:0d:77:69:
         cc:6b:6b:98:46:8f:16:ac:3e:bf:a7:01:93:90:90:b7:58:6b:
         5f:d6:9b:61:5e:3e:62:c6:30:5b:b9:18:e2:98:dd:bd:1e:7d:
         67:94:ec:3a:0e:8f:27:8e:e3:b8:75:36:5d:7e:4c:63:5f:bd:
         e1:42:b2:18:fc:a3:71:03:0f:40:14:67:e2:ac:da:77:63:bd:
         92:d6:d4:5c:21:71:a3:05:25:3a:ba:bf:65:8d:31:4b:e2:4a:
         0f:ba:52:81:33:ed:99:94:08:5a:e8:2f:be:7a:47:20:8c:02:
         9d:13:a6:61:f9:ff:e5:88:c0:ee:80:a9:ba:6a:4e:82:9b:20:
         1c:c6:b0:85:b8:ad:b8:0d:40:07:76:c6:a0:f5:be:e5:6e:1e:
         29:80:7f:61:77:d7:bb:eb:7c:cc:cc:94:96:6b:b7:65:c9:71:
         13:0a:43:bd:ef:56:7d:54:59:44:4f:08:1a:22:f8:c2:51:33:
         4f:b0:11:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZc6gnbCVdXEGtMv87Bs2zIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYjg0ZDlmOGY5ZTMzMTU2NTg5YTVlYmY3MjIyMDNhODk5
ZTBhNTEwHhcNMjUwNjA0MTAzNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTZmMmViNTg2ODA5Nzg2NGNhZGVlYTQ1OTgyYTdhOTc4YTIzYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMAk/XRgm5P9wDp1E5v/mLzLTncP
n7SWYa+dtFGwgtb9vVxJSnYrOG2q5Cg0MalkpA2RSpz7PgUZL+bKMUUxgc4R03re
FofJN8Pnpo5bMiUnwvW5y34uXV6ryJ2Rrx5Y8qhWL6Fhwzd65KL8LYpD0FKnx5L+
+3reBIQTtOaDuMMPNQUm7SUfGyNXRkytKQmj+kZOCj1RagxNUy0Ti2794suwpwOB
Nht0vbJMf9YO5LZnezIncrRwBPSIzHdFC0R+3DwWzoKM5KWcE80+Tta/axHPu8l7
PSBSbb980VN1HV2ZIaE3Egw3j1Oezr5EJpuonusmdrEhNfxjhKt55lWjHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFpvLrWGgJeGTK3upFmCp6l4ojosMB8GA1UdIwQY
MBaAFP64TZ+PnjMVZYml6/ciIDqJngpRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3JoTm40LWVNeFZsaWFYcjl5SWdPb21lQ2xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82MTRlNWMtMjk5Yi00ZmQ0LWEwYmMt
YWYxY2MyMzE3ZTM5LzEvV204dXRZYUFsNFpNcmU2a1dZS25xWGlpT2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82MTRlNWMtMjk5Yi00ZmQ0LWEwYmMtYWYxY2MyMzE3ZTM5
LzEvX3JoTm40LWVNeFZsaWFYcjl5SWdPb21lQ2xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw9JuAwQA
w9J6MA0GCSqGSIb3DQEBCwUAA4IBAQC+bNPxbv8EOGcniFGsnY13s72XZy/HsPbi
LthnQOnfqRTVv9sz/OqLHxICyawKeB88kJOittGkVeUbxB0IwZbN0lAWGGMNd2nM
a2uYRo8WrD6/pwGTkJC3WGtf1pthXj5ixjBbuRjimN29Hn1nlOw6Do8njuO4dTZd
fkxjX73hQrIY/KNxAw9AFGfirNp3Y72S1tRcIXGjBSU6ur9ljTFL4koPulKBM+2Z
lAha6C++ekcgjAKdE6Zh+f/liMDugKm6ak6CmyAcxrCFuK24DUAHdsag9b7lbh4p
gH9hd9e763zMzJSWa7dlyXETCkO971Z9VFlETwgaIvjCUTNPsBHG
-----END CERTIFICATE-----