Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/3c2956-df9d-4048-b011-d8e98b85aea4/1/bdAF9viIHB5V5FhTALS-owQhcks.roa
File:                     bdAF9viIHB5V5FhTALS-owQhcks.roa (raw, json)
Hash identifier:          lPv9YsuyVHwxqfP/RRJpZeMDZjwRG/d34AhteS5V7Ew=
Subject key identifier:   6D:D0:05:F6:F8:88:1C:1E:55:E4:58:53:00:B4:BE:A3:04:21:72:4B
Certificate issuer:       /CN=94d161593da815cac58d3479652d048480d26713
Certificate serial:       0194206865A67BABEAC761FE19DA162B3A78
Authority key identifier: 94:D1:61:59:3D:A8:15:CA:C5:8D:34:79:65:2D:04:84:80:D2:67:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lNFhWT2oFcrFjTR5ZS0EhIDSZxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/3c2956-df9d-4048-b011-d8e98b85aea4/1/bdAF9viIHB5V5FhTALS-owQhcks.roa
Signing time:             Wed 01 Jan 2025 05:48:20 +0000
ROA not before:           Wed 01 Jan 2025 05:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59984
IP address blocks:        185.63.104.0/22 maxlen: 22
                          2a03:ca0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/3c2956-df9d-4048-b011-d8e98b85aea4/1/lNFhWT2oFcrFjTR5ZS0EhIDSZxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/3c2956-df9d-4048-b011-d8e98b85aea4/1/lNFhWT2oFcrFjTR5ZS0EhIDSZxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lNFhWT2oFcrFjTR5ZS0EhIDSZxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:65:a6:7b:ab:ea:c7:61:fe:19:da:16:2b:3a:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94d161593da815cac58d3479652d048480d26713
        Validity
            Not Before: Jan  1 05:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dd005f6f8881c1e55e4585300b4bea30421724b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c3:04:e7:14:fe:58:79:47:32:7d:e0:10:27:
                    fa:8e:6f:a2:da:de:af:90:c4:bd:d4:b6:4a:fc:f9:
                    63:44:ee:c3:70:dc:eb:d3:93:1d:72:a4:8c:1a:97:
                    1f:54:97:e0:1e:c0:a0:67:38:4e:3f:e8:d3:64:6e:
                    2d:50:d4:c5:73:98:e4:2b:7b:5a:ca:eb:4f:28:f5:
                    23:8c:c5:72:ce:1a:8f:a4:e9:1c:72:13:c8:da:89:
                    71:43:e7:5d:35:ae:1d:b2:54:bb:86:3e:b4:d1:99:
                    d9:5e:41:f7:1f:93:f4:60:f0:9a:94:5b:b9:a5:0f:
                    c5:19:97:09:49:a9:b7:69:3f:89:99:89:bd:9c:5b:
                    6a:18:bf:52:66:55:7b:0b:0a:81:7e:c9:17:42:c2:
                    19:f2:40:b9:50:d7:dc:ce:ec:c0:1b:ec:90:0a:88:
                    d5:36:a3:f4:1d:e4:18:fa:e3:d5:0b:6a:91:9a:21:
                    81:c3:26:44:67:ce:de:ed:11:d8:8a:77:6a:e8:e0:
                    c4:b2:39:fe:41:8c:ff:2d:fa:57:9c:ae:ed:a6:a6:
                    25:fa:ca:5f:78:79:22:b8:8e:1b:f9:06:58:84:b8:
                    ea:88:87:4c:da:d5:06:3e:21:ab:f2:0b:93:d0:d9:
                    c0:ef:76:4a:d4:79:8d:f9:73:26:4b:ad:d7:f5:5b:
                    15:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D0:05:F6:F8:88:1C:1E:55:E4:58:53:00:B4:BE:A3:04:21:72:4B
            X509v3 Authority Key Identifier:
                keyid:94:D1:61:59:3D:A8:15:CA:C5:8D:34:79:65:2D:04:84:80:D2:67:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lNFhWT2oFcrFjTR5ZS0EhIDSZxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/3c2956-df9d-4048-b011-d8e98b85aea4/1/bdAF9viIHB5V5FhTALS-owQhcks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/3c2956-df9d-4048-b011-d8e98b85aea4/1/lNFhWT2oFcrFjTR5ZS0EhIDSZxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.104.0/22
                IPv6:
                  2a03:ca0::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:06:90:2e:75:01:3d:75:a0:fd:7b:20:ba:a4:5d:04:1b:bf:
         df:d5:c5:b1:8e:3d:04:98:7b:31:6d:b8:33:fa:2d:8a:91:20:
         52:54:81:2a:b6:b3:49:91:03:17:e0:7b:ad:a8:bc:78:18:c0:
         66:e1:f7:3b:9d:0f:8d:62:e4:e7:35:c3:cc:17:e6:7e:e2:86:
         0d:9e:81:f0:e1:bc:e0:3f:ed:b0:e2:94:1a:c1:63:e1:2d:29:
         e2:a5:87:70:74:a5:73:05:3e:15:64:53:6f:fc:5e:a4:82:70:
         53:d3:0c:28:0d:6f:35:68:2f:5b:fa:75:04:3c:ab:bc:db:0a:
         aa:48:53:2d:52:1b:d7:d7:fa:2f:85:34:37:e8:91:b2:73:93:
         85:2f:13:ad:e8:1b:6f:0c:d7:be:b6:85:19:2a:35:f1:13:09:
         42:f4:16:44:62:55:28:94:2b:08:66:2f:40:c6:5c:c1:a5:15:
         1a:67:87:51:c3:57:89:04:3d:35:9c:9a:6e:0f:a9:f7:c5:b6:
         6a:0e:a2:b7:bb:b1:4f:b3:8c:78:3c:35:8b:bd:7b:ac:33:04:
         d6:d7:68:89:67:e3:55:67:92:d9:d7:d8:21:39:d7:4a:cf:96:
         60:a4:96:40:90:e4:b9:67:99:5e:96:7d:2b:dd:ac:2d:92:44:
         a5:46:33:6a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaGWme6vqx2H+GdoWKzp4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZDE2MTU5M2RhODE1Y2FjNThkMzQ3OTY1MmQwNDg0ODBk
MjY3MTMwHhcNMjUwMTAxMDU0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQwMDVmNmY4ODgxYzFlNTVlNDU4NTMwMGI0YmVhMzA0MjE3MjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8ME5xT+WHlHMn3gECf6jm+i2t6v
kMS91LZK/PljRO7DcNzr05MdcqSMGpcfVJfgHsCgZzhOP+jTZG4tUNTFc5jkK3ta
yutPKPUjjMVyzhqPpOkcchPI2olxQ+ddNa4dslS7hj600ZnZXkH3H5P0YPCalFu5
pQ/FGZcJSam3aT+JmYm9nFtqGL9SZlV7CwqBfskXQsIZ8kC5UNfczuzAG+yQCojV
NqP0HeQY+uPVC2qRmiGBwyZEZ87e7RHYindq6ODEsjn+QYz/LfpXnK7tpqYl+spf
eHkiuI4b+QZYhLjqiIdM2tUGPiGr8guT0NnA73ZK1HmN+XMmS63X9VsVnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG3QBfb4iBweVeRYUwC0vqMEIXJLMB8GA1UdIwQY
MBaAFJTRYVk9qBXKxY00eWUtBISA0mcTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE5GaFdUMm9GY3JGalRSNVpTMEVoSURTWnhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8zYzI5NTYtZGY5ZC00MDQ4LWIwMTEt
ZDhlOThiODVhZWE0LzEvYmRBRjl2aUlIQjVWNUZoVEFMUy1vd1FoY2tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8zYzI5NTYtZGY5ZC00MDQ4LWIwMTEtZDhlOThiODVhZWE0
LzEvbE5GaFdUMm9GY3JGalRSNVpTMEVoSURTWnhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuT9oMA0E
AgACMAcDBQAqAwygMA0GCSqGSIb3DQEBCwUAA4IBAQBkBpAudQE9daD9eyC6pF0E
G7/f1cWxjj0EmHsxbbgz+i2KkSBSVIEqtrNJkQMX4HutqLx4GMBm4fc7nQ+NYuTn
NcPMF+Z+4oYNnoHw4bzgP+2w4pQawWPhLSnipYdwdKVzBT4VZFNv/F6kgnBT0wwo
DW81aC9b+nUEPKu82wqqSFMtUhvX1/ovhTQ36JGyc5OFLxOt6BtvDNe+toUZKjXx
EwlC9BZEYlUolCsIZi9AxlzBpRUaZ4dRw1eJBD01nJpuD6n3xbZqDqK3u7FPs4x4
PDWLvXusMwTW12iJZ+NVZ5LZ19ghOddKz5ZgpJZAkOS5Z5leln0r3awtkkSlRjNq
-----END CERTIFICATE-----