Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/0077c5-f0be-463f-ab75-8c3dcc459026/1/6v3xaZ7YrvMvQdKxxjWwKZ-HZN4.roa
File:                     6v3xaZ7YrvMvQdKxxjWwKZ-HZN4.roa (raw, json)
Hash identifier:          hWUPq5N6t+RwJdEvOikw63sUGiZaD6rAh+UZM/+TLZM=
Subject key identifier:   EA:FD:F1:69:9E:D8:AE:F3:2F:41:D2:B1:C6:35:B0:29:9F:87:64:DE
Certificate issuer:       /CN=97c00de007d4aa4a4031d47610b39b774908bf49
Certificate serial:       0194A2D785A1C68E2D0B13FB4DA2EB659E43
Authority key identifier: 97:C0:0D:E0:07:D4:AA:4A:40:31:D4:76:10:B3:9B:77:49:08:BF:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l8AN4AfUqkpAMdR2ELObd0kIv0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/0077c5-f0be-463f-ab75-8c3dcc459026/1/6v3xaZ7YrvMvQdKxxjWwKZ-HZN4.roa
Signing time:             Sun 26 Jan 2025 13:40:20 +0000
ROA not before:           Sun 26 Jan 2025 13:40:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        195.10.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/0077c5-f0be-463f-ab75-8c3dcc459026/1/l8AN4AfUqkpAMdR2ELObd0kIv0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/0077c5-f0be-463f-ab75-8c3dcc459026/1/l8AN4AfUqkpAMdR2ELObd0kIv0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l8AN4AfUqkpAMdR2ELObd0kIv0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a2:d7:85:a1:c6:8e:2d:0b:13:fb:4d:a2:eb:65:9e:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97c00de007d4aa4a4031d47610b39b774908bf49
        Validity
            Not Before: Jan 26 13:40:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eafdf1699ed8aef32f41d2b1c635b0299f8764de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:de:2d:d5:f2:79:77:e2:be:96:fc:f1:3c:7d:
                    f1:98:7d:3b:f3:5d:ba:d4:86:6a:17:87:93:50:ab:
                    ca:c1:c3:fb:5f:10:23:2d:a8:b4:d4:09:1b:84:44:
                    07:0f:f3:f3:53:7d:37:36:6f:8b:a6:dc:c5:04:21:
                    c7:6a:1a:4f:1f:a8:09:22:87:4b:97:a3:23:9c:1e:
                    61:3b:d4:bc:99:32:f5:60:a9:75:ea:0b:98:20:fa:
                    38:6c:95:b5:53:b2:6f:02:6a:f7:46:5f:0a:da:34:
                    04:e3:b4:79:02:ed:fb:82:e1:66:40:e5:6b:62:53:
                    73:c1:ba:3f:53:e1:bf:06:89:cd:7d:06:86:09:2e:
                    0d:39:da:46:8c:1d:31:f5:1c:45:02:e9:c9:4a:9c:
                    ed:40:d8:5c:19:a3:6a:05:b2:15:ae:97:e7:4b:7d:
                    47:4e:03:f6:ca:cc:a4:f7:6d:b1:c4:21:dd:84:81:
                    ac:1d:bd:b3:3f:4e:6d:a8:1e:dc:cc:70:c8:38:f4:
                    43:75:74:d0:cb:64:09:c5:47:62:13:b3:a4:70:bd:
                    9a:14:b0:90:b9:7f:73:84:80:c8:9e:d0:91:5c:0f:
                    f4:08:e0:ca:06:f2:1a:0a:3a:f3:d0:f9:ec:b2:87:
                    09:e8:f9:9e:55:eb:85:77:cb:2f:7e:40:e2:2d:fb:
                    af:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:FD:F1:69:9E:D8:AE:F3:2F:41:D2:B1:C6:35:B0:29:9F:87:64:DE
            X509v3 Authority Key Identifier:
                keyid:97:C0:0D:E0:07:D4:AA:4A:40:31:D4:76:10:B3:9B:77:49:08:BF:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l8AN4AfUqkpAMdR2ELObd0kIv0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/0077c5-f0be-463f-ab75-8c3dcc459026/1/6v3xaZ7YrvMvQdKxxjWwKZ-HZN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/0077c5-f0be-463f-ab75-8c3dcc459026/1/l8AN4AfUqkpAMdR2ELObd0kIv0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:90:fa:ec:22:20:a0:46:3c:48:f9:83:2b:08:3b:5d:01:b4:
         39:25:2b:0e:15:3c:71:5a:cb:cd:9d:50:9f:36:d9:2c:e0:fa:
         c3:47:dc:25:18:72:9b:43:3a:ad:82:9f:35:85:88:ec:b0:0a:
         9a:5b:95:f5:a8:cb:0e:bc:95:e7:4a:e8:0c:0b:e7:a4:81:f3:
         e0:29:b9:5b:d5:89:82:7d:81:d4:50:5a:62:d9:60:6e:6e:90:
         08:7b:b8:f4:06:da:65:ca:45:a4:bc:50:94:17:68:ba:06:1e:
         a8:41:d7:b8:84:b1:72:9e:92:8e:da:a4:4a:51:4c:40:e1:2a:
         3c:bc:97:93:66:39:7b:08:65:2b:55:33:9b:cf:ca:72:d7:96:
         26:44:05:3b:85:f2:49:61:19:c1:74:77:9e:32:15:3e:d8:6d:
         f0:b1:34:88:06:9a:2f:1a:8e:0d:24:34:f9:52:f2:c5:fe:98:
         3f:ab:16:bd:0e:15:fd:ea:8c:45:3e:9a:d3:19:26:15:d8:22:
         8e:b7:f9:c7:59:48:cf:d2:23:b1:29:b3:48:85:0e:16:6a:8c:
         32:eb:17:85:bb:c5:fc:94:c6:3b:9c:8c:5b:f3:f0:8b:72:12:
         b5:6b:fa:a5:b2:b0:2a:f4:6d:48:40:17:67:81:13:d2:42:f8:
         45:ac:c4:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSi14Whxo4tCxP7TaLrZZ5DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YzAwZGUwMDdkNGFhNGE0MDMxZDQ3NjEwYjM5Yjc3NDkw
OGJmNDkwHhcNMjUwMTI2MTM0MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWZkZjE2OTllZDhhZWYzMmY0MWQyYjFjNjM1YjAyOTlmODc2NGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnt4t1fJ5d+K+lvzxPH3xmH078126
1IZqF4eTUKvKwcP7XxAjLai01AkbhEQHD/PzU303Nm+LptzFBCHHahpPH6gJIodL
l6MjnB5hO9S8mTL1YKl16guYIPo4bJW1U7JvAmr3Rl8K2jQE47R5Au37guFmQOVr
YlNzwbo/U+G/BonNfQaGCS4NOdpGjB0x9RxFAunJSpztQNhcGaNqBbIVrpfnS31H
TgP2ysyk922xxCHdhIGsHb2zP05tqB7czHDIOPRDdXTQy2QJxUdiE7OkcL2aFLCQ
uX9zhIDIntCRXA/0CODKBvIaCjrz0PnssocJ6PmeVeuFd8svfkDiLfuvCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOr98Wme2K7zL0HSscY1sCmfh2TeMB8GA1UdIwQY
MBaAFJfADeAH1KpKQDHUdhCzm3dJCL9JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDhBTjRBZlVxa3BBTWRSMkVMT2JkMGtJdjBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8wMDc3YzUtZjBiZS00NjNmLWFiNzUt
OGMzZGNjNDU5MDI2LzEvNnYzeGFaN1lydk12UWRLeHhqV3dLWi1IWk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8wMDc3YzUtZjBiZS00NjNmLWFiNzUtOGMzZGNjNDU5MDI2
LzEvbDhBTjRBZlVxa3BBTWRSMkVMT2JkMGtJdjBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrcMA0G
CSqGSIb3DQEBCwUAA4IBAQBbkPrsIiCgRjxI+YMrCDtdAbQ5JSsOFTxxWsvNnVCf
Ntks4PrDR9wlGHKbQzqtgp81hYjssAqaW5X1qMsOvJXnSugMC+ekgfPgKblb1YmC
fYHUUFpi2WBubpAIe7j0BtplykWkvFCUF2i6Bh6oQde4hLFynpKO2qRKUUxA4So8
vJeTZjl7CGUrVTObz8py15YmRAU7hfJJYRnBdHeeMhU+2G3wsTSIBpovGo4NJDT5
UvLF/pg/qxa9DhX96oxFPprTGSYV2CKOt/nHWUjP0iOxKbNIhQ4Waowy6xeFu8X8
lMY7nIxb8/CLchK1a/qlsrAq9G1IQBdngRPSQvhFrMQF
-----END CERTIFICATE-----