Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/6bvZxxULuUAwxd6eAYmdH966b80.roa
File:                     6bvZxxULuUAwxd6eAYmdH966b80.roa (raw, json)
Hash identifier:          UhY3F2JnlJhsLB1FG3kdABwVVPcmvuwcVrV1nXeuwB0=
Subject key identifier:   E9:BB:D9:C7:15:0B:B9:40:30:C5:DE:9E:01:89:9D:1F:DE:BA:6F:CD
Certificate issuer:       /CN=00af9dda307cb525385ef90f506d0d57bb9d2bf2
Certificate serial:       01941F8C5E373C6C97B7BD139C3B538F6663
Authority key identifier: 00:AF:9D:DA:30:7C:B5:25:38:5E:F9:0F:50:6D:0D:57:BB:9D:2B:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/6bvZxxULuUAwxd6eAYmdH966b80.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24634
IP address blocks:        185.40.208.0/22 maxlen: 24
                          2a04:86c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/AK-d2jB8tSU4XvkPUG0NV7udK_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/AK-d2jB8tSU4XvkPUG0NV7udK_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5e:37:3c:6c:97:b7:bd:13:9c:3b:53:8f:66:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00af9dda307cb525385ef90f506d0d57bb9d2bf2
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9bbd9c7150bb94030c5de9e01899d1fdeba6fcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:35:35:3d:ca:91:2b:74:9b:8e:48:61:38:67:
                    d8:46:93:af:df:04:d2:b7:ae:5a:63:57:f9:83:cf:
                    e3:d2:a6:84:31:11:aa:44:ab:e7:4d:60:e7:a5:69:
                    f0:5e:13:38:6f:0f:58:6c:5d:fa:ef:91:c6:7f:f3:
                    c6:4d:f0:bf:71:ce:7a:d6:92:ae:33:df:dc:bd:38:
                    ec:59:29:72:a9:62:ec:03:c8:61:1b:20:ac:00:06:
                    1c:b0:b3:7c:cd:95:bd:f2:4a:c7:88:ff:27:45:6c:
                    a8:4e:46:ce:21:47:7d:31:c1:ba:ca:62:a4:90:86:
                    5c:6f:92:41:4b:6b:fc:f1:26:a1:85:24:81:a7:1f:
                    cd:1e:91:e4:d1:f5:5f:9b:60:70:ac:71:b6:b0:65:
                    89:83:82:d0:87:b8:20:c3:50:a3:29:01:06:df:91:
                    b8:d0:63:41:e7:11:76:be:cf:02:e5:19:24:5d:bb:
                    bc:ce:aa:79:85:f3:77:c1:99:93:78:6a:31:63:2c:
                    02:14:9c:b8:63:28:08:af:8c:0f:ef:82:69:ea:72:
                    fc:a7:74:53:74:90:c8:61:69:9f:d4:47:bc:0c:95:
                    96:18:6d:e2:24:80:52:41:6a:e6:ca:b1:de:2f:a6:
                    82:7d:b6:52:bf:32:94:cc:ef:a3:c1:ba:35:74:ba:
                    ec:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:BB:D9:C7:15:0B:B9:40:30:C5:DE:9E:01:89:9D:1F:DE:BA:6F:CD
            X509v3 Authority Key Identifier:
                keyid:00:AF:9D:DA:30:7C:B5:25:38:5E:F9:0F:50:6D:0D:57:BB:9D:2B:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/6bvZxxULuUAwxd6eAYmdH966b80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/AK-d2jB8tSU4XvkPUG0NV7udK_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.208.0/22
                IPv6:
                  2a04:86c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:d1:9d:d1:ec:3a:3d:d5:34:58:f5:8f:d1:26:c9:8d:42:92:
         50:30:62:42:bc:92:a2:56:90:be:28:97:60:67:e0:59:08:12:
         28:19:26:cf:ad:3a:c4:17:53:b6:43:9f:c9:06:01:3b:40:47:
         3a:55:91:22:ac:ae:a2:c5:fd:34:2e:27:fd:45:07:81:88:33:
         30:1e:fc:0c:13:0a:61:fe:0b:59:8f:e0:e8:0a:88:cb:7e:4a:
         b0:2d:76:85:bd:12:d9:e9:0c:5c:91:e9:d3:11:18:34:47:65:
         3d:2e:85:52:24:09:e9:ab:dd:ca:18:6b:29:28:40:f1:29:d0:
         8c:68:50:6d:db:39:53:52:18:04:0d:5b:8e:4b:2c:fa:b4:ec:
         52:3c:8a:1d:48:1d:d0:b1:71:2d:64:02:86:18:cc:ea:ab:7e:
         2f:c0:61:fe:e4:81:2d:93:50:4c:9e:61:9b:1b:7f:28:7e:c5:
         d0:2c:58:09:82:09:e5:43:ac:70:94:bc:31:f9:6e:b6:b6:04:
         39:4e:a7:37:13:e7:2e:fe:fe:46:15:f4:89:33:d4:54:6b:35:
         1a:1a:0f:ee:67:c6:62:37:78:87:db:03:61:5e:22:b5:49:94:
         9b:58:9e:e2:7a:3a:c4:ef:d7:97:3d:13:dc:0d:16:c0:91:ed:
         72:22:fc:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjF43PGyXt70TnDtTj2ZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWY5ZGRhMzA3Y2I1MjUzODVlZjkwZjUwNmQwZDU3YmI5
ZDJiZjIwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWJiZDljNzE1MGJiOTQwMzBjNWRlOWUwMTg5OWQxZmRlYmE2ZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDU1PcqRK3SbjkhhOGfYRpOv3wTS
t65aY1f5g8/j0qaEMRGqRKvnTWDnpWnwXhM4bw9YbF3675HGf/PGTfC/cc561pKu
M9/cvTjsWSlyqWLsA8hhGyCsAAYcsLN8zZW98krHiP8nRWyoTkbOIUd9McG6ymKk
kIZcb5JBS2v88SahhSSBpx/NHpHk0fVfm2BwrHG2sGWJg4LQh7ggw1CjKQEG35G4
0GNB5xF2vs8C5RkkXbu8zqp5hfN3wZmTeGoxYywCFJy4YygIr4wP74Jp6nL8p3RT
dJDIYWmf1Ee8DJWWGG3iJIBSQWrmyrHeL6aCfbZSvzKUzO+jwbo1dLrsjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOm72ccVC7lAMMXengGJnR/eum/NMB8GA1UdIwQY
MBaAFACvndowfLUlOF75D1BtDVe7nSvyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUstZDJqQjh0U1U0WHZrUFVHME5WN3VkS19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9kMGUyZjQtYjYwYS00MGIyLTkyZTkt
OTBlYWNlOWUwNTllLzEvNmJ2Wnh4VUx1VUF3eGQ2ZUFZbWRIOTY2YjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9kMGUyZjQtYjYwYS00MGIyLTkyZTktOTBlYWNlOWUwNTll
LzEvQUstZDJqQjh0U1U0WHZrUFVHME5WN3VkS19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSjQMA0E
AgACMAcDBQMqBIbAMA0GCSqGSIb3DQEBCwUAA4IBAQBa0Z3R7Do91TRY9Y/RJsmN
QpJQMGJCvJKiVpC+KJdgZ+BZCBIoGSbPrTrEF1O2Q5/JBgE7QEc6VZEirK6ixf00
Lif9RQeBiDMwHvwMEwph/gtZj+DoCojLfkqwLXaFvRLZ6QxckenTERg0R2U9LoVS
JAnpq93KGGspKEDxKdCMaFBt2zlTUhgEDVuOSyz6tOxSPIodSB3QsXEtZAKGGMzq
q34vwGH+5IEtk1BMnmGbG38ofsXQLFgJggnlQ6xwlLwx+W62tgQ5Tqc3E+cu/v5G
FfSJM9RUazUaGg/uZ8ZiN3iH2wNhXiK1SZSbWJ7iejrE79eXPRPcDRbAke1yIvza
-----END CERTIFICATE-----