Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/hb6ryi0zlarGbicwA660cAdO1uU.roa
File:                     hb6ryi0zlarGbicwA660cAdO1uU.roa (raw, json)
Hash identifier:          npI6mlOfecW2btMEPci2EHiqJhnGF4s0rXnIs0wQ4wY=
Subject key identifier:   85:BE:AB:CA:2D:33:95:AA:C6:6E:27:30:03:AE:B4:70:07:4E:D6:E5
Certificate issuer:       /CN=fd9f7dc5095abdb445d189857d3101a8aee29dfa
Certificate serial:       0194258F4B34506216C50FBAC6F1E3353C10
Authority key identifier: FD:9F:7D:C5:09:5A:BD:B4:45:D1:89:85:7D:31:01:A8:AE:E2:9D:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Z99xQlavbRF0YmFfTEBqK7info.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/hb6ryi0zlarGbicwA660cAdO1uU.roa
Signing time:             Thu 02 Jan 2025 05:48:55 +0000
ROA not before:           Thu 02 Jan 2025 05:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2117
IP address blocks:        134.171.0.0/18 maxlen: 18
                          134.171.64.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/_Z99xQlavbRF0YmFfTEBqK7info.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/_Z99xQlavbRF0YmFfTEBqK7info.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Z99xQlavbRF0YmFfTEBqK7info.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4b:34:50:62:16:c5:0f:ba:c6:f1:e3:35:3c:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd9f7dc5095abdb445d189857d3101a8aee29dfa
        Validity
            Not Before: Jan  2 05:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85beabca2d3395aac66e273003aeb470074ed6e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:05:3b:ee:37:d9:5b:8f:ea:83:f9:32:e3:cd:
                    69:94:ae:a3:24:62:73:4a:3d:55:3b:2e:0b:e7:e8:
                    93:b9:9a:32:ad:b0:7c:1e:7a:ec:ce:c0:fb:73:99:
                    6c:0e:0b:9b:3d:14:5f:f5:46:92:54:a3:55:f0:71:
                    19:e4:c9:f5:72:17:72:20:70:4f:23:8b:ee:ce:4e:
                    30:ed:a5:59:15:6c:68:c5:07:6e:7b:0d:55:9f:d6:
                    f6:82:70:1c:aa:ba:b9:a5:fb:6e:83:27:54:e2:36:
                    94:49:6b:5e:39:09:71:58:e6:a4:4d:8a:59:aa:46:
                    dc:53:67:5d:77:40:b1:49:61:5a:f5:46:8b:85:71:
                    a1:55:40:f6:c5:a7:ee:e5:71:b3:56:51:54:6e:48:
                    2f:ee:eb:16:5b:21:bc:54:06:77:be:c0:e7:bd:bb:
                    05:eb:cd:27:78:6a:a4:8f:b5:5b:bf:5c:3b:9c:f6:
                    e8:8e:e9:3b:db:04:3c:98:f8:1f:d3:a9:89:da:af:
                    7c:b8:eb:4b:81:d9:9f:a7:fb:db:79:cc:be:cc:d7:
                    1b:2a:7a:0b:41:f9:03:ff:44:00:33:b7:ca:8a:4c:
                    15:17:2e:f9:d0:69:5d:85:dc:b9:dc:1e:2e:c3:86:
                    60:f0:b8:9c:77:39:79:d0:e2:8e:a2:13:ce:94:83:
                    44:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:BE:AB:CA:2D:33:95:AA:C6:6E:27:30:03:AE:B4:70:07:4E:D6:E5
            X509v3 Authority Key Identifier:
                keyid:FD:9F:7D:C5:09:5A:BD:B4:45:D1:89:85:7D:31:01:A8:AE:E2:9D:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Z99xQlavbRF0YmFfTEBqK7info.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/hb6ryi0zlarGbicwA660cAdO1uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/_Z99xQlavbRF0YmFfTEBqK7info.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.171.0.0-134.171.79.255

    Signature Algorithm: sha256WithRSAEncryption
         5e:ed:01:a9:e5:ce:db:cc:c8:9f:10:0f:09:a0:0f:a3:68:9c:
         07:93:0e:05:3b:05:11:d2:41:2d:78:b3:92:ba:c2:93:64:5d:
         03:ca:3c:c1:2a:ce:47:08:84:33:ba:29:5c:8d:a4:13:5b:31:
         f1:36:1c:a6:3b:fe:14:a0:23:da:22:ec:39:3c:e1:f4:4a:d0:
         3c:98:5a:0b:dd:ca:64:85:a7:7a:b0:5d:f8:fa:78:13:fc:ff:
         60:cf:28:c0:62:02:96:c9:39:82:69:54:1d:14:c6:45:69:bf:
         5f:15:1d:12:38:ca:ef:63:21:40:e0:59:62:b7:80:64:6f:1b:
         6c:79:1b:68:44:f7:bb:5b:7d:c6:62:ca:00:51:b1:de:d4:27:
         f9:66:ae:f5:b1:07:47:83:5d:2f:43:c9:6f:41:30:be:07:8f:
         ab:87:01:a9:d0:eb:65:b8:c3:f2:06:2c:0e:be:d0:0c:f3:63:
         f1:49:5b:cf:44:2a:e4:48:56:2b:a8:48:10:b3:e2:e6:21:a3:
         e5:d2:f8:d9:5b:ac:59:41:8c:e0:8b:38:70:da:9f:8f:e7:99:
         57:26:d6:d9:53:e8:e2:bb:21:e2:09:33:5e:ca:5e:c5:d6:07:
         79:a6:03:a8:d4:a3:df:d7:88:ab:31:e2:ac:e7:df:46:f8:24:
         b4:20:0e:fa
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQlj0s0UGIWxQ+6xvHjNTwQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkOWY3ZGM1MDk1YWJkYjQ0NWQxODk4NTdkMzEwMWE4YWVl
MjlkZmEwHhcNMjUwMTAyMDU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWJlYWJjYTJkMzM5NWFhYzY2ZTI3MzAwM2FlYjQ3MDA3NGVkNmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AU77jfZW4/qg/ky481plK6jJGJz
Sj1VOy4L5+iTuZoyrbB8HnrszsD7c5lsDgubPRRf9UaSVKNV8HEZ5Mn1chdyIHBP
I4vuzk4w7aVZFWxoxQduew1Vn9b2gnAcqrq5pftugydU4jaUSWteOQlxWOakTYpZ
qkbcU2ddd0CxSWFa9UaLhXGhVUD2xafu5XGzVlFUbkgv7usWWyG8VAZ3vsDnvbsF
680neGqkj7Vbv1w7nPbojuk72wQ8mPgf06mJ2q98uOtLgdmfp/vbecy+zNcbKnoL
QfkD/0QAM7fKikwVFy750Gldhdy53B4uw4Zg8Licdzl50OKOohPOlINEQwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIW+q8otM5Wqxm4nMAOutHAHTtblMB8GA1UdIwQY
MBaAFP2ffcUJWr20RdGJhX0xAaiu4p36MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1o5OXhRbGF2YlJGMFltRmZURUJxSzdpbmZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC81YjYwZTUtODIzNy00NjI4LTk0NmIt
MjIyOWNkODNmM2U1LzEvaGI2cnlpMHpsYXJHYmljd0E2NjBjQWRPMXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC81YjYwZTUtODIzNy00NjI4LTk0NmItMjIyOWNkODNmM2U1
LzEvX1o5OXhRbGF2YlJGMFltRmZURUJxSzdpbmZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwCGqwME
BIarQDANBgkqhkiG9w0BAQsFAAOCAQEAXu0BqeXO28zInxAPCaAPo2icB5MOBTsF
EdJBLXizkrrCk2RdA8o8wSrORwiEM7opXI2kE1sx8TYcpjv+FKAj2iLsOTzh9ErQ
PJhaC93KZIWnerBd+Pp4E/z/YM8owGIClsk5gmlUHRTGRWm/XxUdEjjK72MhQOBZ
YreAZG8bbHkbaET3u1t9xmLKAFGx3tQn+Wau9bEHR4NdL0PJb0EwvgePq4cBqdDr
ZbjD8gYsDr7QDPNj8Ulbz0Qq5EhWK6hIELPi5iGj5dL42VusWUGM4Is4cNqfj+eZ
VybW2VPo4rsh4gkzXspexdYHeaYDqNSj39eIqzHirOffRvgktCAO+g==
-----END CERTIFICATE-----