Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/bvafkdXWZnMB_mvjbu-MAxSD4Yo.roa
File:                     bvafkdXWZnMB_mvjbu-MAxSD4Yo.roa (raw, json)
Hash identifier:          GpeEOD6j0SJeb7dFldEdJfdSWaMlKEyCXikEQdhGnF0=
Subject key identifier:   6E:F6:9F:91:D5:D6:66:73:01:FE:6B:E3:6E:EF:8C:03:14:83:E1:8A
Certificate issuer:       /CN=a5e69bd82d5ec0c7bd3d5dc9f92902f35e357a45
Certificate serial:       019427B4B5AFF695FC01348500EDD89C6C83
Authority key identifier: A5:E6:9B:D8:2D:5E:C0:C7:BD:3D:5D:C9:F9:29:02:F3:5E:35:7A:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/peab2C1ewMe9PV3J-SkC8141ekU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/bvafkdXWZnMB_mvjbu-MAxSD4Yo.roa
Signing time:             Thu 02 Jan 2025 15:49:01 +0000
ROA not before:           Thu 02 Jan 2025 15:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207932
IP address blocks:        194.127.200.0/24 maxlen: 24
                          194.127.201.0/24 maxlen: 24
                          194.127.212.0/24 maxlen: 24
                          194.127.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/peab2C1ewMe9PV3J-SkC8141ekU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/peab2C1ewMe9PV3J-SkC8141ekU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/peab2C1ewMe9PV3J-SkC8141ekU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:b5:af:f6:95:fc:01:34:85:00:ed:d8:9c:6c:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5e69bd82d5ec0c7bd3d5dc9f92902f35e357a45
        Validity
            Not Before: Jan  2 15:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ef69f91d5d6667301fe6be36eef8c031483e18a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5f:6d:45:3b:fe:21:df:78:0a:8f:18:1b:28:
                    84:01:6c:da:9d:9e:d3:a7:fa:3e:13:5a:41:ed:94:
                    50:eb:e8:d4:66:38:cb:ef:eb:3c:52:c9:3e:b2:2d:
                    42:91:a8:b8:c4:ac:a3:c1:3d:97:02:38:c9:5f:d6:
                    3d:4d:88:85:81:ee:c3:ae:60:16:2b:b4:db:c3:85:
                    70:af:ea:f2:c7:7e:43:ca:94:63:5f:38:da:6f:fd:
                    46:b7:36:0b:52:1d:be:48:84:af:3f:ac:d5:c8:6c:
                    68:18:be:a6:0a:e0:80:56:cc:af:35:ef:8e:f9:32:
                    07:9c:eb:1c:2b:e6:ca:62:0c:53:b3:f9:1b:41:ab:
                    50:0d:d0:ac:d1:e5:5c:93:4c:3d:7d:54:38:d6:76:
                    80:c2:1d:7d:c1:98:1c:35:12:aa:d4:ea:e0:17:55:
                    29:b7:d4:a7:4a:de:66:3f:b1:f7:25:32:34:9a:8e:
                    d0:a6:70:dc:91:ca:e7:6b:a0:a7:50:70:92:47:92:
                    9f:98:1b:40:ab:5f:45:9a:67:10:85:41:65:3d:fb:
                    94:36:63:9a:ec:fa:b6:03:c7:c6:12:a2:b1:43:94:
                    22:a2:e0:05:14:f6:2f:b4:9f:1e:b0:ae:cd:a8:c6:
                    df:1d:43:58:44:c8:8d:dd:e5:67:7c:21:1b:1a:3f:
                    c9:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:F6:9F:91:D5:D6:66:73:01:FE:6B:E3:6E:EF:8C:03:14:83:E1:8A
            X509v3 Authority Key Identifier:
                keyid:A5:E6:9B:D8:2D:5E:C0:C7:BD:3D:5D:C9:F9:29:02:F3:5E:35:7A:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/peab2C1ewMe9PV3J-SkC8141ekU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/bvafkdXWZnMB_mvjbu-MAxSD4Yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/98149a-b996-45dc-8fcc-53e6c14fcc0c/1/peab2C1ewMe9PV3J-SkC8141ekU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.200.0/23
                  194.127.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:68:d6:57:5d:54:56:a9:a0:bb:90:61:dc:70:42:65:a7:76:
         e3:a9:89:1c:7b:6b:32:b7:ef:6f:f3:06:f0:64:64:de:09:87:
         ed:04:87:c6:fe:3c:8a:a3:4f:82:bf:f2:26:bd:cd:fe:f6:19:
         82:3e:10:42:38:4a:b3:23:c6:ab:9a:ad:c8:a6:c1:7e:95:cc:
         ac:15:3c:04:21:76:03:41:e2:4d:56:48:8e:03:30:ec:47:e4:
         95:6d:3e:61:83:1d:7a:9b:bf:ef:ba:6b:92:20:77:79:a6:a4:
         4a:da:bd:0e:d6:c4:44:df:32:97:49:8d:d4:a6:6e:02:c9:78:
         b0:c4:c2:94:74:33:81:8a:b9:6d:24:96:de:f3:8a:e2:26:32:
         bd:f5:87:36:54:aa:f9:5c:39:73:a3:1a:ee:10:18:54:00:d5:
         01:3e:04:81:f3:81:8c:3a:39:15:eb:b8:a6:85:ca:36:bb:d5:
         7b:78:03:36:66:cd:e4:eb:74:2c:1d:90:08:35:57:b0:74:2b:
         7a:3a:b9:91:38:bf:3a:fc:1f:8d:5c:d4:ae:d5:e2:aa:d9:d7:
         f6:61:d8:79:90:00:74:6b:dd:cd:c2:2a:c3:90:23:1e:17:18:
         64:bd:80:67:ae:73:55:d8:bd:2a:1d:f4:49:83:0e:58:7a:0a:
         29:dd:3e:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntLWv9pX8ATSFAO3YnGyDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1ZTY5YmQ4MmQ1ZWMwYzdiZDNkNWRjOWY5MjkwMmYzNWUz
NTdhNDUwHhcNMjUwMTAyMTU0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWY2OWY5MWQ1ZDY2NjczMDFmZTZiZTM2ZWVmOGMwMzE0ODNlMThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx19tRTv+Id94Co8YGyiEAWzanZ7T
p/o+E1pB7ZRQ6+jUZjjL7+s8Usk+si1Ckai4xKyjwT2XAjjJX9Y9TYiFge7DrmAW
K7Tbw4Vwr+ryx35DypRjXzjab/1GtzYLUh2+SISvP6zVyGxoGL6mCuCAVsyvNe+O
+TIHnOscK+bKYgxTs/kbQatQDdCs0eVck0w9fVQ41naAwh19wZgcNRKq1OrgF1Up
t9SnSt5mP7H3JTI0mo7QpnDckcrna6CnUHCSR5KfmBtAq19FmmcQhUFlPfuUNmOa
7Pq2A8fGEqKxQ5QiouAFFPYvtJ8esK7NqMbfHUNYRMiN3eVnfCEbGj/JOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG72n5HV1mZzAf5r427vjAMUg+GKMB8GA1UdIwQY
MBaAFKXmm9gtXsDHvT1dyfkpAvNeNXpFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGVhYjJDMWV3TWU5UFYzSi1Ta0M4MTQxZWtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS85ODE0OWEtYjk5Ni00NWRjLThmY2Mt
NTNlNmMxNGZjYzBjLzEvYnZhZmtkWFdabk1CX212amJ1LU1BeFNENFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS85ODE0OWEtYjk5Ni00NWRjLThmY2MtNTNlNmMxNGZjYzBj
LzEvcGVhYjJDMWV3TWU5UFYzSi1Ta0M4MTQxZWtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwn/IAwQB
wn/UMA0GCSqGSIb3DQEBCwUAA4IBAQCtaNZXXVRWqaC7kGHccEJlp3bjqYkce2sy
t+9v8wbwZGTeCYftBIfG/jyKo0+Cv/Imvc3+9hmCPhBCOEqzI8armq3IpsF+lcys
FTwEIXYDQeJNVkiOAzDsR+SVbT5hgx16m7/vumuSIHd5pqRK2r0O1sRE3zKXSY3U
pm4CyXiwxMKUdDOBirltJJbe84riJjK99Yc2VKr5XDlzoxruEBhUANUBPgSB84GM
OjkV67imhco2u9V7eAM2Zs3k63QsHZAINVewdCt6OrmROL86/B+NXNSu1eKq2df2
Ydh5kAB0a93NwirDkCMeFxhkvYBnrnNV2L0qHfRJgw5Yegop3T41
-----END CERTIFICATE-----