Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/B0nI6fOws8P3pqodL4PU8KT7DmU.roa
File:                     B0nI6fOws8P3pqodL4PU8KT7DmU.roa (raw, json)
Hash identifier:          nGQOoanXiIa97PP5tOpyO+UWP7GNwTyEKohGtmNn4G4=
Subject key identifier:   07:49:C8:E9:F3:B0:B3:C3:F7:A6:AA:1D:2F:83:D4:F0:A4:FB:0E:65
Certificate issuer:       /CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
Certificate serial:       0194258FA6DDE3D99C2E1DAB57465FC6A1D5
Authority key identifier: 5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/B0nI6fOws8P3pqodL4PU8KT7DmU.roa
Signing time:             Thu 02 Jan 2025 05:49:18 +0000
ROA not before:           Thu 02 Jan 2025 05:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216074
IP address blocks:        78.158.166.0/24 maxlen: 24
                          188.136.204.0/22 maxlen: 24
                          213.195.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:a6:dd:e3:d9:9c:2e:1d:ab:57:46:5f:c6:a1:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
        Validity
            Not Before: Jan  2 05:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0749c8e9f3b0b3c3f7a6aa1d2f83d4f0a4fb0e65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:95:20:92:0b:54:ca:e0:f5:ca:68:e6:1e:d1:
                    fd:9a:31:c8:20:1b:cb:58:fd:c1:ff:61:0c:81:ef:
                    b4:d2:5e:7a:16:08:48:76:d6:33:f4:a0:47:04:31:
                    80:5d:8b:b4:ec:28:0c:3d:76:45:c7:61:55:af:94:
                    19:1f:a3:92:9d:92:ed:c8:b0:16:b2:4d:9e:7d:2d:
                    39:5d:f2:66:df:bd:3e:95:a8:13:1f:de:8d:66:93:
                    65:6f:e9:63:88:d0:b9:ee:58:27:ec:d9:7e:93:bc:
                    d4:f1:5a:ac:3c:08:b3:43:f6:02:c5:4e:54:6b:04:
                    c4:86:2f:19:46:1b:91:ad:e3:99:83:6e:b5:64:94:
                    85:e8:89:54:70:37:34:cc:f9:db:06:ac:af:5d:e7:
                    2c:a0:7d:87:58:3c:65:99:45:40:e6:41:9f:f4:8c:
                    14:96:a8:5b:be:e0:40:56:91:e6:ca:a6:b3:3d:7e:
                    00:0c:6b:01:85:bd:d4:82:5c:8e:13:25:d5:56:1c:
                    8d:2b:6a:f1:0a:00:93:35:1a:25:4a:23:9f:c4:1c:
                    87:12:5a:46:61:ea:82:e7:73:14:d8:d9:5b:bf:94:
                    db:73:3e:6a:2b:f7:e5:ac:24:0d:94:e0:98:84:d5:
                    be:b8:5b:8b:47:c1:84:db:98:68:07:ff:7f:bb:bd:
                    7e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:49:C8:E9:F3:B0:B3:C3:F7:A6:AA:1D:2F:83:D4:F0:A4:FB:0E:65
            X509v3 Authority Key Identifier:
                keyid:5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/B0nI6fOws8P3pqodL4PU8KT7DmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.158.166.0/24
                  188.136.204.0/22
                  213.195.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:36:29:26:b6:a7:1a:5e:59:f7:f2:b4:b8:ae:44:6e:7a:08:
         5d:d0:dc:26:d7:ad:0f:1e:07:4b:25:b3:98:5e:43:57:c8:b0:
         c0:9d:05:b0:03:4b:ff:1c:08:e4:42:5d:25:65:58:1b:25:f8:
         e5:45:c6:0c:d4:80:78:a9:4a:09:7e:2e:90:53:28:a4:9f:63:
         f1:c4:7b:2e:04:3c:c1:a0:f1:3d:f2:98:1d:66:14:99:ee:28:
         4a:09:82:be:77:9f:1a:c3:b9:88:18:83:fe:ef:8f:d3:b4:0d:
         39:77:52:db:4f:7e:ef:e5:30:1d:7a:7d:f7:8a:27:65:01:56:
         d4:fc:da:3a:f2:24:6d:dd:3e:5c:aa:6d:0b:b2:75:24:7d:4f:
         cc:e5:45:23:59:0e:ce:1e:6a:2e:c1:59:5c:24:62:ca:e3:d3:
         51:5b:7b:31:8a:60:aa:7e:6f:01:45:91:13:c1:0e:0c:0a:af:
         e1:e8:dc:f4:eb:88:f1:12:0e:ed:db:f1:db:14:8d:24:2f:0b:
         6f:08:0c:ea:58:d3:2a:d5:b4:dc:67:6f:4d:0a:00:8f:9f:26:
         6b:8d:5c:a3:c6:c5:6a:cd:1c:52:3c:79:7f:36:8a:d1:31:70:
         3f:a9:94:e3:3e:90:cc:bb:65:3d:ce:e6:7a:09:1e:14:cf:1f:
         de:b4:3a:c9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlj6bd49mcLh2rV0ZfxqHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNjk4YzRiNjEyYWZlZTJjYmIxY2RkNTA5ZTRmMDI0NmZi
YjgwZTEwHhcNMjUwMTAyMDU0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzQ5YzhlOWYzYjBiM2MzZjdhNmFhMWQyZjgzZDRmMGE0ZmIwZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5UgkgtUyuD1ymjmHtH9mjHIIBvL
WP3B/2EMge+00l56FghIdtYz9KBHBDGAXYu07CgMPXZFx2FVr5QZH6OSnZLtyLAW
sk2efS05XfJm370+lagTH96NZpNlb+ljiNC57lgn7Nl+k7zU8VqsPAizQ/YCxU5U
awTEhi8ZRhuRreOZg261ZJSF6IlUcDc0zPnbBqyvXecsoH2HWDxlmUVA5kGf9IwU
lqhbvuBAVpHmyqazPX4ADGsBhb3UglyOEyXVVhyNK2rxCgCTNRolSiOfxByHElpG
YeqC53MU2Nlbv5Tbcz5qK/flrCQNlOCYhNW+uFuLR8GE25hoB/9/u71+/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAdJyOnzsLPD96aqHS+D1PCk+w5lMB8GA1UdIwQY
MBaAFFtpjEthKv7iy7HN1Qnk8CRvu4DhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMt
Y2MyZmFmZTNhOGI0LzEvQjBuSTZmT3dzOFAzcHFvZEw0UFU4S1Q3RG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMtY2MyZmFmZTNhOGI0
LzEvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATp6mAwQC
vIjMAwQA1cMXMA0GCSqGSIb3DQEBCwUAA4IBAQBqNikmtqcaXln38rS4rkRueghd
0Nwm160PHgdLJbOYXkNXyLDAnQWwA0v/HAjkQl0lZVgbJfjlRcYM1IB4qUoJfi6Q
Uyikn2PxxHsuBDzBoPE98pgdZhSZ7ihKCYK+d58aw7mIGIP+74/TtA05d1LbT37v
5TAden33iidlAVbU/No68iRt3T5cqm0LsnUkfU/M5UUjWQ7OHmouwVlcJGLK49NR
W3sximCqfm8BRZETwQ4MCq/h6Nz064jxEg7t2/HbFI0kLwtvCAzqWNMq1bTcZ29N
CgCPnyZrjVyjxsVqzRxSPHl/NorRMXA/qZTjPpDMu2U9zuZ6CR4Uzx/etDrJ
-----END CERTIFICATE-----