Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/02aa3b-e3a8-4c69-82ce-d957264653e2/1/aFCOTElnBLsNf9Ly_hbmm8JGZvk.roa
File:                     aFCOTElnBLsNf9Ly_hbmm8JGZvk.roa (raw, json)
Hash identifier:          MGWHqg1x0uZrRis7Xazn4JBDX59gH8eSl4RHJngdXlI=
Subject key identifier:   68:50:8E:4C:49:67:04:BB:0D:7F:D2:F2:FE:16:E6:9B:C2:46:66:F9
Certificate issuer:       /CN=6b5e8b0701e35d66a97876d8055012a89682fdc3
Certificate serial:       019427B36AAA5BD4CE69CAF63A2C87016587
Authority key identifier: 6B:5E:8B:07:01:E3:5D:66:A9:78:76:D8:05:50:12:A8:96:82:FD:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a16LBwHjXWapeHbYBVASqJaC_cM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/02aa3b-e3a8-4c69-82ce-d957264653e2/1/aFCOTElnBLsNf9Ly_hbmm8JGZvk.roa
Signing time:             Thu 02 Jan 2025 15:47:37 +0000
ROA not before:           Thu 02 Jan 2025 15:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60017
IP address blocks:        185.156.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/02aa3b-e3a8-4c69-82ce-d957264653e2/1/a16LBwHjXWapeHbYBVASqJaC_cM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/02aa3b-e3a8-4c69-82ce-d957264653e2/1/a16LBwHjXWapeHbYBVASqJaC_cM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a16LBwHjXWapeHbYBVASqJaC_cM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:6a:aa:5b:d4:ce:69:ca:f6:3a:2c:87:01:65:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5e8b0701e35d66a97876d8055012a89682fdc3
        Validity
            Not Before: Jan  2 15:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68508e4c496704bb0d7fd2f2fe16e69bc24666f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d8:49:20:0d:e5:c2:87:b9:15:54:98:d7:8f:
                    1c:22:aa:93:e7:54:9f:6c:90:3c:85:5a:b1:c8:19:
                    96:c5:f7:c5:75:53:b3:04:55:a1:78:25:70:7e:54:
                    d6:38:e7:a7:03:67:66:a1:fe:68:f3:4e:d9:cc:7d:
                    73:ec:0c:22:d1:89:c3:bb:5f:5d:28:1a:f3:2f:e3:
                    5f:78:61:b6:ae:2b:ca:45:3f:87:80:8b:53:a2:4b:
                    9d:7d:72:8a:58:46:b5:66:2e:71:ab:22:4d:53:bf:
                    19:09:64:55:ee:7a:19:7b:83:6f:7d:87:c5:5b:d5:
                    7a:5b:40:2c:a6:51:8d:7b:9d:22:7a:25:be:b0:63:
                    00:93:3b:ce:e1:47:4c:92:28:86:d3:41:ed:29:d1:
                    d6:d4:84:2c:16:f9:9e:a2:e4:a6:aa:de:69:17:85:
                    43:81:4a:26:7a:92:be:d4:98:fb:1c:c5:f3:b8:65:
                    e4:3a:16:39:98:e3:6a:73:e4:a0:d0:a6:4a:b6:cd:
                    6a:8b:d2:c9:e3:bd:99:c5:44:fb:ab:88:c9:2a:06:
                    50:7f:47:c4:d0:71:60:4c:fb:62:d9:e2:61:f7:e1:
                    3c:b0:45:2b:db:6c:49:07:79:cf:c8:c4:04:ea:34:
                    6e:fe:ad:88:99:94:60:80:6b:9a:28:c2:1b:d4:c1:
                    65:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:50:8E:4C:49:67:04:BB:0D:7F:D2:F2:FE:16:E6:9B:C2:46:66:F9
            X509v3 Authority Key Identifier:
                keyid:6B:5E:8B:07:01:E3:5D:66:A9:78:76:D8:05:50:12:A8:96:82:FD:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a16LBwHjXWapeHbYBVASqJaC_cM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/02aa3b-e3a8-4c69-82ce-d957264653e2/1/aFCOTElnBLsNf9Ly_hbmm8JGZvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/02aa3b-e3a8-4c69-82ce-d957264653e2/1/a16LBwHjXWapeHbYBVASqJaC_cM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:78:37:8c:9c:54:b4:b6:d4:13:90:ab:50:f4:41:be:10:f1:
         49:65:bf:b0:1f:37:82:f2:72:92:62:43:c9:ec:09:e9:42:ba:
         b5:0a:29:23:4c:c3:e2:ae:6d:c9:e9:d4:bd:a7:a9:1b:99:d7:
         b6:04:25:7f:80:16:f1:87:c6:4c:51:1f:5a:d8:24:b0:ca:aa:
         22:56:7b:83:85:14:3d:a9:f3:f3:17:ef:17:e8:ed:af:e4:40:
         27:c0:45:57:58:ac:ce:d0:99:2b:fd:6e:57:e8:36:b1:e1:b9:
         47:2b:8e:99:76:a3:25:30:de:55:04:f6:4a:30:e4:5f:c2:11:
         c6:5e:80:39:5c:d1:96:ed:c8:77:9a:25:39:f6:91:ad:7f:af:
         04:47:0e:ab:96:2f:ad:fa:64:0e:a9:c5:ca:1a:a5:6b:d6:ba:
         95:9b:17:e2:b6:a5:88:56:7b:33:52:86:07:93:3a:b7:bc:b7:
         d3:f5:99:15:d2:66:3f:30:0d:4c:5d:ec:1f:78:ca:62:67:1d:
         1e:99:ab:ff:65:07:3e:cc:d1:59:a0:95:e2:ad:b9:74:1d:ec:
         d2:50:32:29:8c:ea:19:c1:e0:14:3f:5b:f7:eb:a7:c9:d6:7d:
         c8:c6:37:3f:8f:9a:9f:c9:98:d7:8c:06:87:e3:00:53:e8:32:
         31:2e:6c:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns2qqW9TOacr2OiyHAWWHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWU4YjA3MDFlMzVkNjZhOTc4NzZkODA1NTAxMmE4OTY4
MmZkYzMwHhcNMjUwMTAyMTU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODUwOGU0YzQ5NjcwNGJiMGQ3ZmQyZjJmZTE2ZTY5YmMyNDY2NmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19hJIA3lwoe5FVSY148cIqqT51Sf
bJA8hVqxyBmWxffFdVOzBFWheCVwflTWOOenA2dmof5o807ZzH1z7Awi0YnDu19d
KBrzL+NfeGG2rivKRT+HgItTokudfXKKWEa1Zi5xqyJNU78ZCWRV7noZe4NvfYfF
W9V6W0AsplGNe50ieiW+sGMAkzvO4UdMkiiG00HtKdHW1IQsFvmeouSmqt5pF4VD
gUomepK+1Jj7HMXzuGXkOhY5mONqc+Sg0KZKts1qi9LJ472ZxUT7q4jJKgZQf0fE
0HFgTPti2eJh9+E8sEUr22xJB3nPyMQE6jRu/q2ImZRggGuaKMIb1MFlqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhQjkxJZwS7DX/S8v4W5pvCRmb5MB8GA1UdIwQY
MBaAFGteiwcB411mqXh22AVQEqiWgv3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTE2TEJ3SGpYV2FwZUhiWUJWQVNxSmFDX2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8wMmFhM2ItZTNhOC00YzY5LTgyY2Ut
ZDk1NzI2NDY1M2UyLzEvYUZDT1RFbG5CTHNOZjlMeV9oYm1tOEpHWnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8wMmFhM2ItZTNhOC00YzY5LTgyY2UtZDk1NzI2NDY1M2Uy
LzEvYTE2TEJ3SGpYV2FwZUhiWUJWQVNxSmFDX2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZzoMA0G
CSqGSIb3DQEBCwUAA4IBAQCneDeMnFS0ttQTkKtQ9EG+EPFJZb+wHzeC8nKSYkPJ
7AnpQrq1CikjTMPirm3J6dS9p6kbmde2BCV/gBbxh8ZMUR9a2CSwyqoiVnuDhRQ9
qfPzF+8X6O2v5EAnwEVXWKzO0Jkr/W5X6Dax4blHK46ZdqMlMN5VBPZKMORfwhHG
XoA5XNGW7ch3miU59pGtf68ERw6rli+t+mQOqcXKGqVr1rqVmxfitqWIVnszUoYH
kzq3vLfT9ZkV0mY/MA1MXewfeMpiZx0emav/ZQc+zNFZoJXirbl0HezSUDIpjOoZ
weAUP1v366fJ1n3Ixjc/j5qfyZjXjAaH4wBT6DIxLmyi
-----END CERTIFICATE-----