Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/fp7iaq3w3IK7xxC4hTxOHXlgQdo.roa
File:                     fp7iaq3w3IK7xxC4hTxOHXlgQdo.roa (raw, json)
Hash identifier:          IIdoboRyB6xVt9Ub/S//LkCzsgiZ4eA93ZNjm/kWoFw=
Subject key identifier:   7E:9E:E2:6A:AD:F0:DC:82:BB:C7:10:B8:85:3C:4E:1D:79:60:41:DA
Certificate issuer:       /CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
Certificate serial:       019630876B4C3A1B114D0C45CB1C868AF6FF
Authority key identifier: D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/fp7iaq3w3IK7xxC4hTxOHXlgQdo.roa
Signing time:             Sun 13 Apr 2025 19:01:43 +0000
ROA not before:           Sun 13 Apr 2025 19:01:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216127
IP address blocks:        93.185.156.0/24 maxlen: 24
                          93.185.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 19:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:30:87:6b:4c:3a:1b:11:4d:0c:45:cb:1c:86:8a:f6:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
        Validity
            Not Before: Apr 13 19:01:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e9ee26aadf0dc82bbc710b8853c4e1d796041da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ad:5b:c4:bc:aa:28:bf:11:04:0c:f4:7d:c2:
                    22:4a:80:e1:28:be:a2:31:e5:f6:ca:98:7f:59:64:
                    3c:b1:d5:03:db:a1:80:78:81:91:c8:b5:ef:ca:db:
                    8a:4f:6f:9a:13:08:4c:ea:54:ed:a0:1e:37:bf:a1:
                    a0:fa:94:3f:a4:45:16:43:9a:c1:53:cd:c0:8a:87:
                    50:02:b6:bf:cd:cc:14:60:cc:c7:7f:20:de:b2:8e:
                    24:50:46:90:75:f4:24:d9:83:45:f9:df:b0:51:83:
                    07:13:c3:6d:63:c3:ea:97:24:04:bb:ef:7e:4c:43:
                    29:e8:12:8e:4e:17:af:46:e0:4e:f4:26:47:af:90:
                    a8:a1:c2:3b:d1:4b:34:8b:40:c5:22:13:4a:5c:76:
                    c6:77:31:e2:4f:95:bf:61:dc:53:46:f8:fd:cb:90:
                    36:9f:12:f9:68:da:38:83:63:fd:38:41:bf:7a:01:
                    38:95:6e:cb:d8:63:c4:c2:9b:52:45:1b:62:39:c0:
                    f2:85:f6:c0:db:74:2a:80:67:d4:cc:e6:b3:4d:e4:
                    10:5f:d0:8a:46:36:37:e8:4c:9c:4c:1a:08:b7:e7:
                    02:94:dc:60:92:56:6b:98:fd:43:a3:25:da:83:db:
                    ac:8c:f3:df:65:2e:70:55:ae:a2:7f:3f:b4:a1:8e:
                    58:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:9E:E2:6A:AD:F0:DC:82:BB:C7:10:B8:85:3C:4E:1D:79:60:41:DA
            X509v3 Authority Key Identifier:
                keyid:D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/fp7iaq3w3IK7xxC4hTxOHXlgQdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.156.0/24
                  93.185.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:d3:f9:93:45:af:44:e7:68:24:34:d5:c2:7d:e9:bc:02:a6:
         76:36:e0:17:e3:1c:67:78:46:ec:e2:af:37:b7:84:18:83:6a:
         63:7e:9e:ad:90:45:b6:5b:a1:89:13:87:ff:15:b7:43:b1:05:
         f4:3a:48:6a:df:df:9c:d7:0f:2d:c6:e5:d3:9a:39:3b:4f:2f:
         91:01:be:5d:bf:60:29:31:b5:6c:84:7d:b4:8a:bc:ac:61:d2:
         7b:26:72:ca:e1:19:4b:44:a6:d9:b8:3e:a9:12:3d:9c:eb:42:
         9a:21:d0:12:dc:41:bf:ba:a6:dc:85:9b:fd:be:16:59:85:6d:
         e2:0c:f0:68:b1:25:1c:de:26:b6:15:1f:32:9d:ef:8b:30:f2:
         4d:7d:7e:ae:0e:7e:88:4c:70:87:ca:18:61:50:0c:72:18:72:
         ea:59:cb:eb:fd:8a:af:32:02:c8:9d:16:e2:b8:e9:e6:84:62:
         bf:69:a0:2d:d5:72:c6:36:0e:29:77:11:53:d6:03:71:f6:1c:
         42:d0:ec:eb:28:ec:ed:35:4d:03:f4:e9:33:37:6d:01:f4:4d:
         8d:c8:7a:b4:96:d4:4d:96:99:86:74:2b:99:ca:1d:8f:1b:27:
         9e:c6:e1:b0:03:eb:da:f9:73:5a:61:e5:57:73:7a:dd:f9:f9:
         dd:01:84:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYwh2tMOhsRTQxFyxyGivb/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZTk3MDMzYTM2YWE5YmNjMGMyZjE2N2U2MjBkN2NhMTQ5
M2NiZWEwHhcNMjUwNDEzMTkwMTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTllZTI2YWFkZjBkYzgyYmJjNzEwYjg4NTNjNGUxZDc5NjA0MWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv61bxLyqKL8RBAz0fcIiSoDhKL6i
MeX2yph/WWQ8sdUD26GAeIGRyLXvytuKT2+aEwhM6lTtoB43v6Gg+pQ/pEUWQ5rB
U83AiodQAra/zcwUYMzHfyDeso4kUEaQdfQk2YNF+d+wUYMHE8NtY8PqlyQEu+9+
TEMp6BKOThevRuBO9CZHr5CoocI70Us0i0DFIhNKXHbGdzHiT5W/YdxTRvj9y5A2
nxL5aNo4g2P9OEG/egE4lW7L2GPEwptSRRtiOcDyhfbA23QqgGfUzOazTeQQX9CK
RjY36EycTBoIt+cClNxgklZrmP1DoyXag9usjPPfZS5wVa6ifz+0oY5Y1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH6e4mqt8NyCu8cQuIU8Th15YEHaMB8GA1UdIwQY
MBaAFNPpcDOjaqm8wMLxZ+Yg18oUk8vqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMt
ZGJmOWQ0MWYxNzk4LzEvZnA3aWFxM3czSUs3eHhDNGhUeE9IWGxnUWRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMtZGJmOWQ0MWYxNzk4
LzEvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXbmcAwQA
XbmfMA0GCSqGSIb3DQEBCwUAA4IBAQA80/mTRa9E52gkNNXCfem8AqZ2NuAX4xxn
eEbs4q83t4QYg2pjfp6tkEW2W6GJE4f/FbdDsQX0Okhq39+c1w8txuXTmjk7Ty+R
Ab5dv2ApMbVshH20irysYdJ7JnLK4RlLRKbZuD6pEj2c60KaIdAS3EG/uqbchZv9
vhZZhW3iDPBosSUc3ia2FR8yne+LMPJNfX6uDn6ITHCHyhhhUAxyGHLqWcvr/Yqv
MgLInRbiuOnmhGK/aaAt1XLGNg4pdxFT1gNx9hxC0OzrKOztNU0D9OkzN20B9E2N
yHq0ltRNlpmGdCuZyh2PGyeexuGwA+va+XNaYeVXc3rd+fndAYR2
-----END CERTIFICATE-----