Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/ba0ff0-2be2-4286-a2d7-58a8a33d54a6/1/U_Lbl4dQRImqSP6zV_MXvnCzVro.roa
File:                     U_Lbl4dQRImqSP6zV_MXvnCzVro.roa (raw, json)
Hash identifier:          k+fOfvjUjOj8hU8vOKkhlBwBO0V4NXX3JC8vdkG/viY=
Subject key identifier:   53:F2:DB:97:87:50:44:89:AA:48:FE:B3:57:F3:17:BE:70:B3:56:BA
Certificate issuer:       /CN=6b423b29a182936b22df8f9826dd583a0059134a
Certificate serial:       0194214389DAC1CA2C8EF34379374C27DC85
Authority key identifier: 6B:42:3B:29:A1:82:93:6B:22:DF:8F:98:26:DD:58:3A:00:59:13:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a0I7KaGCk2si34-YJt1YOgBZE0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/ba0ff0-2be2-4286-a2d7-58a8a33d54a6/1/U_Lbl4dQRImqSP6zV_MXvnCzVro.roa
Signing time:             Wed 01 Jan 2025 09:47:41 +0000
ROA not before:           Wed 01 Jan 2025 09:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204550
IP address blocks:        94.101.100.0/24 maxlen: 24
                          198.205.102.0/24 maxlen: 24
                          2a0b:eb00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/ba0ff0-2be2-4286-a2d7-58a8a33d54a6/1/a0I7KaGCk2si34-YJt1YOgBZE0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/ba0ff0-2be2-4286-a2d7-58a8a33d54a6/1/a0I7KaGCk2si34-YJt1YOgBZE0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a0I7KaGCk2si34-YJt1YOgBZE0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:89:da:c1:ca:2c:8e:f3:43:79:37:4c:27:dc:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b423b29a182936b22df8f9826dd583a0059134a
        Validity
            Not Before: Jan  1 09:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53f2db9787504489aa48feb357f317be70b356ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3b:37:b3:46:72:12:62:5c:ce:3c:c0:81:6d:
                    3e:f2:ef:7f:75:7a:a5:57:62:49:9a:d8:c8:55:9f:
                    bb:47:a6:a2:44:02:f5:7f:62:94:33:4c:67:a9:91:
                    94:ab:d8:32:7a:f5:ba:15:d1:a7:92:c7:2f:57:b9:
                    48:89:23:60:ea:a2:11:85:c2:36:08:db:a4:73:83:
                    9d:ee:11:52:6f:07:c4:f4:f3:4a:b3:68:db:74:b3:
                    48:4a:7a:4f:6e:22:09:70:a2:40:8f:00:5a:40:d2:
                    40:57:52:63:22:10:3e:02:a5:14:56:c9:c3:8d:a5:
                    0c:f1:4d:37:6c:dc:c2:14:7a:47:df:fb:49:28:71:
                    ad:c5:ed:c4:89:f1:9e:36:25:0b:c9:4b:39:c3:ed:
                    f7:92:49:bd:64:7e:c3:0b:44:b1:bb:11:f3:11:f5:
                    9b:f3:a7:4e:9f:77:f8:b5:57:52:ab:9d:85:0d:e9:
                    47:db:71:1c:42:d7:ea:af:38:33:74:7e:40:88:c9:
                    58:44:c9:61:12:fa:48:08:5f:fd:a3:f1:d9:7a:29:
                    cd:5b:0a:aa:7c:bf:76:76:06:f9:55:64:66:6b:69:
                    06:68:3c:b1:7a:ae:ce:59:ff:6f:c6:a5:61:68:e4:
                    68:00:6b:2e:6d:b1:e4:6b:57:52:03:c6:ab:92:57:
                    cb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:F2:DB:97:87:50:44:89:AA:48:FE:B3:57:F3:17:BE:70:B3:56:BA
            X509v3 Authority Key Identifier:
                keyid:6B:42:3B:29:A1:82:93:6B:22:DF:8F:98:26:DD:58:3A:00:59:13:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0I7KaGCk2si34-YJt1YOgBZE0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/ba0ff0-2be2-4286-a2d7-58a8a33d54a6/1/U_Lbl4dQRImqSP6zV_MXvnCzVro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/ba0ff0-2be2-4286-a2d7-58a8a33d54a6/1/a0I7KaGCk2si34-YJt1YOgBZE0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.100.0/24
                  198.205.102.0/24
                IPv6:
                  2a0b:eb00::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:ff:db:11:61:1e:41:3a:22:d5:7a:cd:e4:ee:fe:54:22:34:
         48:7b:67:de:83:5e:ba:ef:10:22:7d:2a:f7:d0:91:3a:33:34:
         35:04:44:ff:27:3b:ed:59:b0:0a:b6:b9:3e:45:4d:96:b6:39:
         3b:89:c4:85:c5:3d:f2:ca:38:49:3f:c9:94:c7:fa:00:7b:2d:
         8d:f9:22:3d:55:e0:7b:df:56:47:2b:6a:25:4d:43:aa:5a:d1:
         78:0f:3b:f0:ce:3b:b6:e4:52:d6:53:bc:e8:53:5e:4c:20:86:
         13:35:08:29:59:f0:bb:5e:d8:fe:a5:88:bc:a1:d0:9d:f9:63:
         e0:40:d5:8b:c3:3e:70:f0:27:a8:36:56:8e:89:9f:b5:29:03:
         df:0c:49:ff:66:b0:8c:d3:75:ba:d7:a6:f1:46:74:f3:8a:17:
         d0:53:8c:ac:36:4c:35:fc:66:52:2a:c4:b5:bb:ee:66:8b:21:
         9c:e0:21:25:1c:41:da:4c:e2:f4:6b:2a:e5:7d:4a:36:69:55:
         02:47:bf:76:37:47:a0:a3:4c:c6:66:ba:ec:42:2b:64:29:dc:
         d5:1f:2f:99:35:25:9e:12:7a:e9:9d:eb:ed:c4:2a:78:f1:ca:
         c4:57:86:6a:61:48:97:ab:ba:4d:5f:cd:17:4a:11:76:38:13:
         07:21:76:fb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhQ4nawcosjvNDeTdMJ9yFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNDIzYjI5YTE4MjkzNmIyMmRmOGY5ODI2ZGQ1ODNhMDA1
OTEzNGEwHhcNMjUwMTAxMDk0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2YyZGI5Nzg3NTA0NDg5YWE0OGZlYjM1N2YzMTdiZTcwYjM1NmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjs3s0ZyEmJczjzAgW0+8u9/dXql
V2JJmtjIVZ+7R6aiRAL1f2KUM0xnqZGUq9gyevW6FdGnkscvV7lIiSNg6qIRhcI2
CNukc4Od7hFSbwfE9PNKs2jbdLNISnpPbiIJcKJAjwBaQNJAV1JjIhA+AqUUVsnD
jaUM8U03bNzCFHpH3/tJKHGtxe3EifGeNiULyUs5w+33kkm9ZH7DC0SxuxHzEfWb
86dOn3f4tVdSq52FDelH23EcQtfqrzgzdH5AiMlYRMlhEvpICF/9o/HZeinNWwqq
fL92dgb5VWRma2kGaDyxeq7OWf9vxqVhaORoAGsubbHka1dSA8arklfLBwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFPy25eHUESJqkj+s1fzF75ws1a6MB8GA1UdIwQY
MBaAFGtCOymhgpNrIt+PmCbdWDoAWRNKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTBJN0thR0NrMnNpMzQtWUp0MVlPZ0JaRTBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iYTBmZjAtMmJlMi00Mjg2LWEyZDct
NThhOGEzM2Q1NGE2LzEvVV9MYmw0ZFFSSW1xU1A2elZfTVh2bkN6VnJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iYTBmZjAtMmJlMi00Mjg2LWEyZDctNThhOGEzM2Q1NGE2
LzEvYTBJN0thR0NrMnNpMzQtWUp0MVlPZ0JaRTBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAXmVkAwQA
xs1mMA0EAgACMAcDBQAqC+sAMA0GCSqGSIb3DQEBCwUAA4IBAQAy/9sRYR5BOiLV
es3k7v5UIjRIe2feg1667xAifSr30JE6MzQ1BET/JzvtWbAKtrk+RU2Wtjk7icSF
xT3yyjhJP8mUx/oAey2N+SI9VeB731ZHK2olTUOqWtF4Dzvwzju25FLWU7zoU15M
IIYTNQgpWfC7Xtj+pYi8odCd+WPgQNWLwz5w8CeoNlaOiZ+1KQPfDEn/ZrCM03W6
16bxRnTzihfQU4ysNkw1/GZSKsS1u+5miyGc4CElHEHaTOL0ayrlfUo2aVUCR792
N0ego0zGZrrsQitkKdzVHy+ZNSWeEnrpnevtxCp48crEV4ZqYUiXq7pNX80XShF2
OBMHIXb7
-----END CERTIFICATE-----