Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1ee7af-7f61-4dc9-bc3e-b4e5cad0dc52/1/0ynUtcdrZoFD9vDgvms_RvZLzpE.roa
File:                     0ynUtcdrZoFD9vDgvms_RvZLzpE.roa (raw, json)
Hash identifier:          kXW+28pmDckAg0UwaXXwWai8X6dWIU++KjYA3KRsalg=
Subject key identifier:   D3:29:D4:B5:C7:6B:66:81:43:F6:F0:E0:BE:6B:3F:46:F6:4B:CE:91
Certificate issuer:       /CN=0babfb67a0975384efb8b7b7ca807f714f75f84a
Certificate serial:       019424448BFCB7CA1C2938579E8D5C7E77D9
Authority key identifier: 0B:AB:FB:67:A0:97:53:84:EF:B8:B7:B7:CA:80:7F:71:4F:75:F8:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6v7Z6CXU4TvuLe3yoB_cU91-Eo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/1ee7af-7f61-4dc9-bc3e-b4e5cad0dc52/1/0ynUtcdrZoFD9vDgvms_RvZLzpE.roa
Signing time:             Wed 01 Jan 2025 23:47:39 +0000
ROA not before:           Wed 01 Jan 2025 23:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57575
IP address blocks:        109.205.197.0/24 maxlen: 24
                          185.153.54.0/24 maxlen: 24
                          2a13:9a40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/1ee7af-7f61-4dc9-bc3e-b4e5cad0dc52/1/C6v7Z6CXU4TvuLe3yoB_cU91-Eo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/1ee7af-7f61-4dc9-bc3e-b4e5cad0dc52/1/C6v7Z6CXU4TvuLe3yoB_cU91-Eo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6v7Z6CXU4TvuLe3yoB_cU91-Eo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:8b:fc:b7:ca:1c:29:38:57:9e:8d:5c:7e:77:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0babfb67a0975384efb8b7b7ca807f714f75f84a
        Validity
            Not Before: Jan  1 23:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d329d4b5c76b668143f6f0e0be6b3f46f64bce91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b9:c6:0f:27:4b:5b:07:55:d5:4a:c3:69:22:
                    d3:36:29:fc:37:7e:54:cc:a4:c7:27:87:b7:68:ab:
                    44:81:89:b4:5b:e2:af:4c:05:5e:0e:de:c6:f7:e8:
                    36:05:50:c7:45:ae:aa:ec:ac:86:57:60:78:ce:42:
                    20:74:48:e7:42:eb:b7:ab:a2:87:09:9b:60:17:61:
                    36:ee:be:6b:5c:6c:f6:4c:56:eb:d1:6b:23:76:f4:
                    73:65:1f:7b:3c:8c:d3:d5:b0:19:55:35:00:18:46:
                    5e:8c:ad:59:b7:ec:4b:89:57:b8:a3:1e:22:9a:48:
                    b4:05:7f:db:6a:9c:af:69:41:aa:bd:c1:4a:45:ac:
                    db:0c:2d:b7:77:9e:f6:67:c3:5f:96:93:1b:95:a0:
                    36:fa:f1:34:d7:96:a8:24:65:41:50:1d:35:d2:0b:
                    03:92:31:69:4c:57:bc:77:f1:00:81:ab:bb:2b:e3:
                    86:c3:8e:9f:71:5d:51:12:13:34:e6:6e:d0:b6:fa:
                    b5:f3:48:da:a9:14:4b:0f:7a:ee:05:0d:1e:4f:ba:
                    13:af:7a:85:d1:73:03:f4:8a:24:11:3e:83:c9:4e:
                    ab:34:ac:42:f1:bb:68:82:e5:a5:4b:b0:c9:fc:12:
                    af:34:c0:cc:39:a7:e6:f8:b0:45:92:7d:5e:e2:e3:
                    b3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:29:D4:B5:C7:6B:66:81:43:F6:F0:E0:BE:6B:3F:46:F6:4B:CE:91
            X509v3 Authority Key Identifier:
                keyid:0B:AB:FB:67:A0:97:53:84:EF:B8:B7:B7:CA:80:7F:71:4F:75:F8:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6v7Z6CXU4TvuLe3yoB_cU91-Eo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1ee7af-7f61-4dc9-bc3e-b4e5cad0dc52/1/0ynUtcdrZoFD9vDgvms_RvZLzpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1ee7af-7f61-4dc9-bc3e-b4e5cad0dc52/1/C6v7Z6CXU4TvuLe3yoB_cU91-Eo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.197.0/24
                  185.153.54.0/24
                IPv6:
                  2a13:9a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:6c:d1:53:bf:64:c3:10:86:ed:ef:e0:8f:c9:a7:46:c5:2e:
         de:9c:89:c1:2a:08:26:5a:ab:d3:0d:22:5e:c5:02:b0:10:1e:
         8c:cf:ef:5f:b5:11:82:a9:7c:f7:3c:39:40:93:75:32:9f:cf:
         14:e2:ba:f4:72:c4:25:f0:44:9b:5c:2b:45:d4:8e:d8:c5:0e:
         85:40:a7:c7:78:41:ba:67:44:38:f2:13:7f:85:a1:d3:26:22:
         38:3f:51:c5:6d:e9:82:33:3a:67:cc:76:cc:e0:26:39:85:68:
         36:91:48:72:da:f6:33:ef:f8:f7:2b:01:f4:3f:a0:43:43:77:
         3c:58:e2:24:c6:f8:e0:d3:82:52:45:da:f2:e9:b8:19:16:a9:
         69:3c:5b:22:0f:1e:8e:3b:5b:04:a5:a9:76:8f:2e:01:e6:37:
         64:76:e7:2e:21:98:d4:42:87:e5:fe:ed:0c:81:bd:0e:de:3e:
         6b:7b:5b:2e:1d:7b:19:6a:77:eb:3b:7f:75:15:00:8b:d2:60:
         58:18:05:cf:d1:2b:1f:ea:8e:27:06:02:3d:65:18:7c:f6:9f:
         c1:ab:13:33:43:38:22:e5:4f:bb:9c:1e:95:ff:2d:ca:08:6e:
         4d:05:e9:4e:9a:22:48:48:a7:77:e5:ed:a2:3d:3d:e4:ec:84:
         8c:a5:1e:0f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRIv8t8ocKThXno1cfnfZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWJmYjY3YTA5NzUzODRlZmI4YjdiN2NhODA3ZjcxNGY3
NWY4NGEwHhcNMjUwMTAxMjM0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzI5ZDRiNWM3NmI2NjgxNDNmNmYwZTBiZTZiM2Y0NmY2NGJjZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7nGDydLWwdV1UrDaSLTNin8N35U
zKTHJ4e3aKtEgYm0W+KvTAVeDt7G9+g2BVDHRa6q7KyGV2B4zkIgdEjnQuu3q6KH
CZtgF2E27r5rXGz2TFbr0WsjdvRzZR97PIzT1bAZVTUAGEZejK1Zt+xLiVe4ox4i
mki0BX/bapyvaUGqvcFKRazbDC23d572Z8NflpMblaA2+vE015aoJGVBUB010gsD
kjFpTFe8d/EAgau7K+OGw46fcV1REhM05m7Qtvq180jaqRRLD3ruBQ0eT7oTr3qF
0XMD9IokET6DyU6rNKxC8btoguWlS7DJ/BKvNMDMOafm+LBFkn1e4uOzBQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNMp1LXHa2aBQ/bw4L5rP0b2S86RMB8GA1UdIwQY
MBaAFAur+2egl1OE77i3t8qAf3FPdfhKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ2N1o2Q1hVNFR2dUxlM3lvQl9jVTkxLUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xZWU3YWYtN2Y2MS00ZGM5LWJjM2Ut
YjRlNWNhZDBkYzUyLzEvMHluVXRjZHJab0ZEOXZEZ3Ztc19SdlpMenBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xZWU3YWYtN2Y2MS00ZGM5LWJjM2UtYjRlNWNhZDBkYzUy
LzEvQzZ2N1o2Q1hVNFR2dUxlM3lvQl9jVTkxLUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAbc3FAwQA
uZk2MA0EAgACMAcDBQAqE5pAMA0GCSqGSIb3DQEBCwUAA4IBAQCZbNFTv2TDEIbt
7+CPyadGxS7enInBKggmWqvTDSJexQKwEB6Mz+9ftRGCqXz3PDlAk3Uyn88U4rr0
csQl8ESbXCtF1I7YxQ6FQKfHeEG6Z0Q48hN/haHTJiI4P1HFbemCMzpnzHbM4CY5
hWg2kUhy2vYz7/j3KwH0P6BDQ3c8WOIkxvjg04JSRdry6bgZFqlpPFsiDx6OO1sE
pal2jy4B5jdkducuIZjUQofl/u0Mgb0O3j5re1suHXsZanfrO391FQCL0mBYGAXP
0Ssf6o4nBgI9ZRh89p/BqxMzQzgi5U+7nB6V/y3KCG5NBelOmiJISKd35e2iPT3k
7ISMpR4P
-----END CERTIFICATE-----