Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/2de324-86c7-43d6-9df2-f8ae0dbc5df2/1/X6zK_zIJEJ4ZvUFy-bZ0YYb3PXk.roa
File:                     X6zK_zIJEJ4ZvUFy-bZ0YYb3PXk.roa (raw, json)
Hash identifier:          73bfs58Aeh5k14l65MP0sPTsNd9XJmQVqU0en4/SkEQ=
Subject key identifier:   5F:AC:CA:FF:32:09:10:9E:19:BD:41:72:F9:B6:74:61:86:F7:3D:79
Certificate issuer:       /CN=e0d1a8366c21159f079478a9030843fbf60631b9
Certificate serial:       0194214450DF3C4FDCC5A20A9A682E65A7F6
Authority key identifier: E0:D1:A8:36:6C:21:15:9F:07:94:78:A9:03:08:43:FB:F6:06:31:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4NGoNmwhFZ8HlHipAwhD-_YGMbk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/2de324-86c7-43d6-9df2-f8ae0dbc5df2/1/X6zK_zIJEJ4ZvUFy-bZ0YYb3PXk.roa
Signing time:             Wed 01 Jan 2025 09:48:32 +0000
ROA not before:           Wed 01 Jan 2025 09:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        194.76.30.0/23 maxlen: 23
                          194.76.30.0/24 maxlen: 24
                          194.76.31.0/24 maxlen: 24
                          194.127.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/2de324-86c7-43d6-9df2-f8ae0dbc5df2/1/4NGoNmwhFZ8HlHipAwhD-_YGMbk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/2de324-86c7-43d6-9df2-f8ae0dbc5df2/1/4NGoNmwhFZ8HlHipAwhD-_YGMbk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4NGoNmwhFZ8HlHipAwhD-_YGMbk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:50:df:3c:4f:dc:c5:a2:0a:9a:68:2e:65:a7:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0d1a8366c21159f079478a9030843fbf60631b9
        Validity
            Not Before: Jan  1 09:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5faccaff3209109e19bd4172f9b6746186f73d79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d2:b3:55:09:97:45:46:9e:47:99:ad:5d:00:
                    24:86:79:5d:be:9c:64:67:eb:24:75:0d:fd:9e:3f:
                    6b:a4:c0:7c:8f:b4:47:00:ca:b9:3a:9f:86:db:ea:
                    ec:f4:58:3f:95:48:d9:3e:a4:21:a3:18:c2:30:35:
                    04:2a:fc:42:a1:93:bc:77:b0:0f:1b:60:5b:cf:26:
                    97:e6:0a:16:14:35:e9:8d:41:c5:4d:42:8e:aa:df:
                    f5:01:2a:7b:57:23:5c:69:08:92:db:51:14:08:df:
                    45:53:e6:55:ca:36:01:1e:8d:de:9a:b6:d2:fb:f1:
                    b7:6f:f3:de:80:5e:bd:5a:46:94:0d:99:cc:fa:70:
                    b5:57:e1:1d:5f:ab:1b:34:ef:85:77:06:d4:e8:59:
                    65:46:51:a4:de:b8:28:0b:73:62:73:ee:83:5e:8f:
                    12:63:8f:24:3e:4a:54:e0:f0:9a:32:d9:7e:d8:ec:
                    e7:50:ed:5d:dd:2e:16:61:23:12:49:cc:71:b9:e7:
                    dc:a4:4f:6e:b1:14:8a:93:2e:ca:7b:15:d7:cb:bb:
                    21:c2:ae:69:df:85:e0:a4:e6:2a:95:4b:4c:0f:31:
                    6e:7a:49:a3:fc:11:bf:14:5c:ec:1a:16:44:37:51:
                    61:f8:18:b5:c5:e3:9f:d0:a8:ec:80:5f:db:79:71:
                    cd:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:AC:CA:FF:32:09:10:9E:19:BD:41:72:F9:B6:74:61:86:F7:3D:79
            X509v3 Authority Key Identifier:
                keyid:E0:D1:A8:36:6C:21:15:9F:07:94:78:A9:03:08:43:FB:F6:06:31:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4NGoNmwhFZ8HlHipAwhD-_YGMbk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/2de324-86c7-43d6-9df2-f8ae0dbc5df2/1/X6zK_zIJEJ4ZvUFy-bZ0YYb3PXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/2de324-86c7-43d6-9df2-f8ae0dbc5df2/1/4NGoNmwhFZ8HlHipAwhD-_YGMbk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.30.0/23
                  194.127.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:b7:63:39:ad:bc:a1:69:c9:ff:1e:06:56:c9:4a:4f:c9:d5:
         56:7a:24:4e:e9:44:db:97:35:bf:f6:73:b4:2c:ae:00:85:d0:
         03:80:72:cb:7c:b8:6c:cd:6d:1b:de:8d:23:57:0a:97:55:d9:
         97:5c:5d:fd:43:70:aa:8d:36:37:8c:d7:a9:76:ab:0d:b6:53:
         a7:13:eb:f8:23:0a:65:7b:ca:eb:30:ab:9a:9b:a1:f6:fd:9d:
         ea:38:eb:88:f7:50:2d:4c:02:ca:9a:ba:70:3c:8c:be:05:29:
         8c:c7:c6:32:11:88:50:8b:a8:1d:75:fc:78:52:c1:0d:1e:04:
         fa:58:60:25:07:8f:5b:ac:5c:9e:dd:d8:3d:4b:23:99:c6:3e:
         da:8b:41:3d:3a:a9:59:c0:7b:2f:fb:7b:99:da:94:f3:41:65:
         37:aa:ec:a3:96:7f:23:8f:b8:ac:62:17:1c:31:93:10:49:c4:
         a6:72:f8:aa:af:19:a7:ad:86:9f:db:0d:9a:e5:2b:90:9e:97:
         b5:5f:ab:bc:7d:b3:83:04:8f:6a:c4:0e:12:3d:1d:39:0b:38:
         58:e4:b1:3d:2a:41:73:3e:13:fb:b2:23:b4:a9:05:6f:e0:a4:
         3d:b8:27:57:ad:7a:e8:25:ad:f2:bf:93:5c:14:f1:bf:92:44:
         62:09:92:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRFDfPE/cxaIKmmguZaf2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZDFhODM2NmMyMTE1OWYwNzk0NzhhOTAzMDg0M2ZiZjYw
NjMxYjkwHhcNMjUwMTAxMDk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmFjY2FmZjMyMDkxMDllMTliZDQxNzJmOWI2NzQ2MTg2ZjczZDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdKzVQmXRUaeR5mtXQAkhnldvpxk
Z+skdQ39nj9rpMB8j7RHAMq5Op+G2+rs9Fg/lUjZPqQhoxjCMDUEKvxCoZO8d7AP
G2BbzyaX5goWFDXpjUHFTUKOqt/1ASp7VyNcaQiS21EUCN9FU+ZVyjYBHo3emrbS
+/G3b/PegF69WkaUDZnM+nC1V+EdX6sbNO+FdwbU6FllRlGk3rgoC3Nic+6DXo8S
Y48kPkpU4PCaMtl+2OznUO1d3S4WYSMSScxxuefcpE9usRSKky7KexXXy7shwq5p
34XgpOYqlUtMDzFuekmj/BG/FFzsGhZEN1Fh+Bi1xeOf0KjsgF/beXHNFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF+syv8yCRCeGb1Bcvm2dGGG9z15MB8GA1UdIwQY
MBaAFODRqDZsIRWfB5R4qQMIQ/v2BjG5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE5Hb05td2hGWjhIbEhpcEF3aEQtX1lHTWJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8yZGUzMjQtODZjNy00M2Q2LTlkZjIt
ZjhhZTBkYmM1ZGYyLzEvWDZ6S196SUpFSjRadlVGeS1iWjBZWWIzUFhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8yZGUzMjQtODZjNy00M2Q2LTlkZjItZjhhZTBkYmM1ZGYy
LzEvNE5Hb05td2hGWjhIbEhpcEF3aEQtX1lHTWJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwkweAwQA
wn+GMA0GCSqGSIb3DQEBCwUAA4IBAQCjt2M5rbyhacn/HgZWyUpPydVWeiRO6UTb
lzW/9nO0LK4AhdADgHLLfLhszW0b3o0jVwqXVdmXXF39Q3CqjTY3jNepdqsNtlOn
E+v4Iwple8rrMKuam6H2/Z3qOOuI91AtTALKmrpwPIy+BSmMx8YyEYhQi6gddfx4
UsENHgT6WGAlB49brFye3dg9SyOZxj7ai0E9OqlZwHsv+3uZ2pTzQWU3quyjln8j
j7isYhccMZMQScSmcviqrxmnrYaf2w2a5SuQnpe1X6u8fbODBI9qxA4SPR05CzhY
5LE9KkFzPhP7siO0qQVv4KQ9uCdXrXroJa3yv5NcFPG/kkRiCZK3
-----END CERTIFICATE-----