Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/anw1NRVqJhcvbR05D8CPmFXceUM.roa
File:                     anw1NRVqJhcvbR05D8CPmFXceUM.roa (raw, json)
Hash identifier:          MGpGUjjkVM0ieVYUilgRFIlIrxQLewf7yswdwtyi/9c=
Subject key identifier:   6A:7C:35:35:15:6A:26:17:2F:6D:1D:39:0F:C0:8F:98:55:DC:79:43
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019503011860123BCA550050B710F109BA0E
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/anw1NRVqJhcvbR05D8CPmFXceUM.roa
Signing time:             Fri 14 Feb 2025 05:49:18 +0000
ROA not before:           Fri 14 Feb 2025 05:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214794
IP address blocks:        185.193.100.0/24 maxlen: 24
                          185.193.101.0/24 maxlen: 24
                          185.254.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 19:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:03:01:18:60:12:3b:ca:55:00:50:b7:10:f1:09:ba:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Feb 14 05:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a7c3535156a26172f6d1d390fc08f9855dc7943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:28:d4:2a:71:ac:88:0b:5c:e0:7d:c7:84:7e:
                    ec:4f:af:29:c2:3f:aa:07:af:f4:de:90:3f:83:cd:
                    8b:a8:7b:20:5f:3d:25:14:10:94:63:f6:09:40:81:
                    1d:6c:d2:25:be:ba:08:6d:55:24:ee:33:ca:c8:89:
                    28:66:8f:30:bc:23:51:98:23:db:79:50:34:8e:98:
                    ad:98:b7:02:22:91:6e:4c:3a:a3:0d:9b:4e:d1:87:
                    da:34:32:50:62:e1:23:8e:45:5a:6b:49:e6:00:7f:
                    fb:35:af:f9:ed:fc:3f:01:06:52:93:26:18:9d:a4:
                    15:e6:4a:82:26:a1:77:45:bc:60:9d:f9:7e:c3:49:
                    bc:44:cb:1d:ce:ce:1f:a5:60:5d:3c:b8:ab:e9:0b:
                    89:20:83:95:54:43:21:2b:65:91:e5:9c:ec:ff:d1:
                    6d:28:2f:38:5a:e8:37:37:84:9c:22:54:3c:29:a2:
                    05:a8:d3:59:11:ef:72:7d:17:db:0c:bd:63:de:e3:
                    e8:aa:17:85:77:a3:cb:87:9d:8a:0a:52:54:ea:51:
                    2b:12:7a:74:5b:36:f2:0a:77:98:6a:32:7a:1b:d4:
                    5e:3e:73:68:18:9a:8c:51:9f:31:d4:12:d3:1e:96:
                    6d:14:c2:2c:5d:4e:17:33:02:0e:99:7e:70:88:46:
                    fc:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:7C:35:35:15:6A:26:17:2F:6D:1D:39:0F:C0:8F:98:55:DC:79:43
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/anw1NRVqJhcvbR05D8CPmFXceUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.100.0/23
                  185.254.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:c5:72:ef:4b:51:09:16:bf:74:bf:19:c6:dc:b1:36:ad:7b:
         f3:e4:42:38:33:3f:ed:0b:57:56:3b:51:d7:28:6b:16:6c:0c:
         94:a2:55:06:83:75:a1:a4:37:3d:89:a6:2e:66:92:47:21:d8:
         65:19:3a:52:7b:2c:d2:32:d3:d9:e8:ef:04:d5:0b:df:f6:d8:
         ba:ce:43:ac:c0:db:88:ec:34:df:5d:8f:ae:41:e2:7a:66:2e:
         90:40:ee:c4:d2:1e:e6:24:60:c4:89:0a:05:eb:94:3e:58:30:
         fd:d6:ef:16:27:b0:c9:99:21:34:31:89:d7:d4:17:44:9d:2e:
         b9:37:64:fe:f9:b5:c5:5f:01:1e:33:b1:15:87:d7:c5:f5:20:
         fa:90:92:f6:5e:5d:c0:57:fe:77:64:de:46:f4:5a:de:8c:4e:
         c1:14:9e:21:59:fa:71:bb:d8:54:86:32:d8:4f:f9:1f:09:f8:
         9d:5f:41:b8:bf:ec:22:a6:90:d1:29:19:52:fb:ba:ef:25:74:
         73:ed:0c:f6:e5:4f:57:8b:65:91:c9:7b:2b:f0:ca:dc:48:07:
         13:f0:06:77:cd:3e:f6:39:b2:b8:4d:f3:eb:76:99:58:c9:9f:
         38:06:89:01:75:a4:2e:2c:27:f8:99:e2:19:e6:46:6b:59:b7:
         4c:de:86:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZUDARhgEjvKVQBQtxDxCboOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMjE0MDU0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTdjMzUzNTE1NmEyNjE3MmY2ZDFkMzkwZmMwOGY5ODU1ZGM3OTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnijUKnGsiAtc4H3HhH7sT68pwj+q
B6/03pA/g82LqHsgXz0lFBCUY/YJQIEdbNIlvroIbVUk7jPKyIkoZo8wvCNRmCPb
eVA0jpitmLcCIpFuTDqjDZtO0YfaNDJQYuEjjkVaa0nmAH/7Na/57fw/AQZSkyYY
naQV5kqCJqF3Rbxgnfl+w0m8RMsdzs4fpWBdPLir6QuJIIOVVEMhK2WR5Zzs/9Ft
KC84Wug3N4ScIlQ8KaIFqNNZEe9yfRfbDL1j3uPoqheFd6PLh52KClJU6lErEnp0
WzbyCneYajJ6G9RePnNoGJqMUZ8x1BLTHpZtFMIsXU4XMwIOmX5wiEb8xQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGp8NTUVaiYXL20dOQ/Aj5hV3HlDMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvYW53MU5SVnFKaGN2YlIwNUQ4Q1BtRlhjZVVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBucFkAwQA
uf5CMA0GCSqGSIb3DQEBCwUAA4IBAQB3xXLvS1EJFr90vxnG3LE2rXvz5EI4Mz/t
C1dWO1HXKGsWbAyUolUGg3WhpDc9iaYuZpJHIdhlGTpSeyzSMtPZ6O8E1Qvf9ti6
zkOswNuI7DTfXY+uQeJ6Zi6QQO7E0h7mJGDEiQoF65Q+WDD91u8WJ7DJmSE0MYnX
1BdEnS65N2T++bXFXwEeM7EVh9fF9SD6kJL2Xl3AV/53ZN5G9FrejE7BFJ4hWfpx
u9hUhjLYT/kfCfidX0G4v+wippDRKRlS+7rvJXRz7Qz25U9Xi2WRyXsr8MrcSAcT
8AZ3zT72ObK4TfPrdplYyZ84BokBdaQuLCf4meIZ5kZrWbdM3oZ4
-----END CERTIFICATE-----