Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bQYL7CS6Wmwh_Wiu6BMmGj0kiCg.roa
File:                     bQYL7CS6Wmwh_Wiu6BMmGj0kiCg.roa (raw, json)
Hash identifier:          38/TJOeKb5atrScxgyPeLNXd8DOPfEy2ep0eDnYP4BI=
Subject key identifier:   6D:06:0B:EC:24:BA:5A:6C:21:FD:68:AE:E8:13:26:1A:3D:24:88:28
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DAC4EB50970DA53F2283594E13F2D
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bQYL7CS6Wmwh_Wiu6BMmGj0kiCg.roa
Signing time:             Wed 01 Jan 2025 15:48:17 +0000
ROA not before:           Wed 01 Jan 2025 15:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203445
IP address blocks:        213.14.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:ac:4e:b5:09:70:da:53:f2:28:35:94:e1:3f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d060bec24ba5a6c21fd68aee813261a3d248828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7c:ee:e0:5c:6a:e6:83:2c:3d:a7:60:3c:3a:
                    1f:56:e4:aa:6c:26:92:79:b8:ae:48:91:16:7d:2a:
                    f3:68:14:48:9f:4e:1e:8f:46:2a:e3:8a:46:bb:a9:
                    72:f1:60:ed:e9:fe:9e:c0:ab:4c:c2:ad:3e:23:73:
                    85:98:c0:f4:5c:6f:6c:86:68:14:89:d5:77:7b:8e:
                    72:be:c4:7b:af:55:37:5e:0c:ca:49:bb:d7:66:59:
                    04:77:95:25:48:4a:07:5c:6e:69:1f:03:f5:e9:7a:
                    18:a8:c2:70:96:b2:20:f6:38:78:96:f7:16:20:e0:
                    1e:1e:25:33:48:08:31:9f:38:23:80:9c:7b:0e:45:
                    1b:42:e1:59:08:7f:af:c8:b7:81:a6:82:97:3a:e1:
                    a9:9c:18:3c:95:44:e8:b0:47:38:26:63:1e:f5:f5:
                    76:80:a1:ee:18:60:9a:20:13:d9:05:e9:db:aa:6a:
                    6a:47:bb:e9:e4:51:3b:1c:f8:6d:a5:8b:aa:81:54:
                    22:b0:25:b2:63:ce:a1:28:6a:2b:30:ad:29:af:0a:
                    3e:5a:ba:15:ed:d0:e6:77:c7:21:08:3f:47:aa:99:
                    94:e7:59:fe:01:c0:ce:eb:74:c4:2f:86:b2:4f:36:
                    f1:2d:0e:db:c6:dc:24:f8:2d:50:15:db:12:62:86:
                    8a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:06:0B:EC:24:BA:5A:6C:21:FD:68:AE:E8:13:26:1A:3D:24:88:28
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bQYL7CS6Wmwh_Wiu6BMmGj0kiCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.14.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:ea:3f:14:7c:b0:bb:b9:63:3d:f9:59:ae:6b:2e:f9:87:6e:
         d5:ad:3e:ed:9d:21:6f:90:2f:24:0e:dd:d0:18:02:e7:18:6a:
         7e:8e:69:8a:69:7f:a3:a7:7e:10:4c:e1:15:ea:06:b1:91:8a:
         96:d8:46:e9:75:18:ec:7a:c3:e8:5a:ad:d1:39:29:e6:1d:50:
         14:c2:33:4a:73:82:12:29:35:0b:0f:d6:ea:4f:42:0a:86:03:
         91:c7:19:2b:76:89:07:b1:9f:f4:be:fb:f1:b6:6a:cb:72:96:
         c3:bc:67:6a:76:f9:a3:86:84:31:c9:4e:83:cd:bc:c3:cc:92:
         5f:91:0d:fe:3b:0a:ce:14:47:34:59:34:6f:85:6d:10:2b:b2:
         27:c0:b2:e4:16:5e:f1:5e:59:a1:a8:d7:6d:c6:58:cd:1c:3d:
         d5:85:bc:ba:46:8a:28:23:11:2c:bd:3a:77:0e:8f:c0:39:50:
         f2:30:25:dc:95:bc:9c:18:69:09:50:44:67:79:87:64:62:6f:
         14:66:4c:3d:f6:0f:aa:6e:bf:25:4d:46:6d:15:81:b6:b0:65:
         49:48:21:a4:81:48:e4:5f:92:cc:2d:02:6e:9e:aa:27:d6:cf:
         7c:8e:ee:c2:4c:0e:9d:4f:72:ae:06:7c:ee:6c:ed:e0:39:c8:
         d3:eb:24:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijaxOtQlw2lPyKDWU4T8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA2MGJlYzI0YmE1YTZjMjFmZDY4YWVlODEzMjYxYTNkMjQ4ODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHzu4Fxq5oMsPadgPDofVuSqbCaS
ebiuSJEWfSrzaBRIn04ej0Yq44pGu6ly8WDt6f6ewKtMwq0+I3OFmMD0XG9shmgU
idV3e45yvsR7r1U3XgzKSbvXZlkEd5UlSEoHXG5pHwP16XoYqMJwlrIg9jh4lvcW
IOAeHiUzSAgxnzgjgJx7DkUbQuFZCH+vyLeBpoKXOuGpnBg8lUTosEc4JmMe9fV2
gKHuGGCaIBPZBenbqmpqR7vp5FE7HPhtpYuqgVQisCWyY86hKGorMK0prwo+WroV
7dDmd8chCD9HqpmU51n+AcDO63TEL4ayTzbxLQ7bxtwk+C1QFdsSYoaKLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0GC+wkulpsIf1orugTJho9JIgoMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvYlFZTDdDUzZXbXdoX1dpdTZCTW1HajBraUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Q74MA0G
CSqGSIb3DQEBCwUAA4IBAQAr6j8UfLC7uWM9+Vmuay75h27VrT7tnSFvkC8kDt3Q
GALnGGp+jmmKaX+jp34QTOEV6gaxkYqW2EbpdRjsesPoWq3ROSnmHVAUwjNKc4IS
KTULD9bqT0IKhgORxxkrdokHsZ/0vvvxtmrLcpbDvGdqdvmjhoQxyU6DzbzDzJJf
kQ3+OwrOFEc0WTRvhW0QK7InwLLkFl7xXlmhqNdtxljNHD3Vhby6RoooIxEsvTp3
Do/AOVDyMCXclbycGGkJUERneYdkYm8UZkw99g+qbr8lTUZtFYG2sGVJSCGkgUjk
X5LMLQJunqon1s98ju7CTA6dT3KuBnzubO3gOcjT6yRi
-----END CERTIFICATE-----