Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/_LdyI__CtBUyN3KKHO7DmbRhOVc.roa
File:                     _LdyI__CtBUyN3KKHO7DmbRhOVc.roa (raw, json)
Hash identifier:          BMSl9hLbGqGu2thmt7Hy6s7t4a2k9exnTVleWfEcqU4=
Subject key identifier:   FC:B7:72:23:FF:C2:B4:15:32:37:72:8A:1C:EE:C3:99:B4:61:39:57
Certificate issuer:       /CN=313ebe436a75629b8f3db74a9a3fa1d5d30ad37f
Certificate serial:       019423D7E909AB99BF58621878C44C0AD271
Authority key identifier: 31:3E:BE:43:6A:75:62:9B:8F:3D:B7:4A:9A:3F:A1:D5:D3:0A:D3:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MT6-Q2p1YpuPPbdKmj-h1dMK038.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/_LdyI__CtBUyN3KKHO7DmbRhOVc.roa
Signing time:             Wed 01 Jan 2025 21:48:59 +0000
ROA not before:           Wed 01 Jan 2025 21:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202874
IP address blocks:        185.150.124.0/22 maxlen: 22
                          2a13:a540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/MT6-Q2p1YpuPPbdKmj-h1dMK038.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/MT6-Q2p1YpuPPbdKmj-h1dMK038.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MT6-Q2p1YpuPPbdKmj-h1dMK038.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e9:09:ab:99:bf:58:62:18:78:c4:4c:0a:d2:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=313ebe436a75629b8f3db74a9a3fa1d5d30ad37f
        Validity
            Not Before: Jan  1 21:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcb77223ffc2b4153237728a1ceec399b4613957
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2c:aa:14:81:38:6c:8c:e1:62:fb:13:30:ea:
                    5c:80:87:29:49:48:25:25:62:27:da:6e:c2:05:a5:
                    fa:c9:dd:aa:11:df:45:44:53:7a:8b:ff:0b:68:98:
                    d0:0c:38:e1:f6:39:24:cf:32:bb:8d:9a:b8:c3:af:
                    c5:5b:e6:e9:6c:bb:b1:ab:c7:45:ca:37:8a:86:f7:
                    f7:dd:2c:1b:51:ab:3b:17:a4:39:97:b5:1b:57:de:
                    a3:52:bf:ff:e5:e7:91:c3:28:77:52:42:9a:da:2b:
                    28:9f:f2:3a:ff:d6:68:e1:bc:35:3f:04:5a:6a:52:
                    d6:32:bd:70:5e:3b:da:fd:f4:ac:e3:3c:a6:e6:d9:
                    d2:32:c0:ef:94:bb:a9:f1:3b:59:6b:9a:a1:e2:8a:
                    4e:1c:81:d2:bd:cd:ca:93:44:3e:3e:b8:c4:7d:73:
                    7a:f9:b1:2f:98:5d:fa:c6:ba:00:d5:7c:3a:a8:6f:
                    b1:c1:be:61:da:5a:0e:1c:4c:6c:fd:76:e5:18:44:
                    3e:f3:d8:0d:70:c2:f4:7c:ad:ab:2e:48:d0:ea:fd:
                    f7:68:06:89:95:a8:7c:c7:bc:f3:a7:64:0e:c2:cc:
                    00:e6:cc:fc:9d:95:d2:ce:01:05:9f:f2:09:fa:58:
                    1d:29:35:e6:59:0c:81:24:8a:16:bf:ad:df:43:2d:
                    33:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:B7:72:23:FF:C2:B4:15:32:37:72:8A:1C:EE:C3:99:B4:61:39:57
            X509v3 Authority Key Identifier:
                keyid:31:3E:BE:43:6A:75:62:9B:8F:3D:B7:4A:9A:3F:A1:D5:D3:0A:D3:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MT6-Q2p1YpuPPbdKmj-h1dMK038.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/_LdyI__CtBUyN3KKHO7DmbRhOVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/MT6-Q2p1YpuPPbdKmj-h1dMK038.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.124.0/22
                IPv6:
                  2a13:a540::/29

    Signature Algorithm: sha256WithRSAEncryption
         61:90:ee:a8:e3:0a:3b:d2:5f:cf:07:28:01:8a:5a:9e:a6:b0:
         b2:f6:8f:15:31:e9:8d:31:e1:50:de:0a:99:f3:41:3b:54:3c:
         67:9f:49:4e:fc:fb:44:b0:8a:c0:8e:82:9c:12:fc:e2:08:fd:
         c4:14:c2:57:b6:ba:89:be:f7:11:e8:1a:5e:ce:88:61:fb:fc:
         48:a8:1c:2d:ad:98:a1:65:3a:f1:d5:4d:d2:f2:16:1a:e4:42:
         19:05:78:4f:20:f7:3a:5e:03:73:d2:54:12:64:0d:95:ff:84:
         69:ac:b9:ed:88:84:19:72:35:47:1a:a1:6a:d7:d8:87:a8:30:
         4a:db:49:57:ca:b2:26:0b:fd:7c:39:db:05:85:ee:44:6f:4a:
         14:b0:26:97:1b:47:ac:f3:57:73:d5:ca:77:2f:ac:4b:56:5f:
         66:e7:e9:3e:fd:09:34:7d:9d:43:6c:4f:60:d5:52:49:90:6e:
         af:0b:4b:83:b5:be:7d:60:f9:ff:2e:aa:24:78:b6:7d:8b:9e:
         99:e8:97:7f:61:38:c2:0c:66:4b:09:05:1b:48:a4:fe:96:3f:
         50:9c:3f:2d:d3:0a:a7:63:19:01:44:49:7c:fc:1a:90:19:7a:
         aa:48:23:49:9a:6a:6c:9f:34:2b:7d:47:f1:65:48:30:2d:28:
         af:db:ab:28
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1+kJq5m/WGIYeMRMCtJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxM2ViZTQzNmE3NTYyOWI4ZjNkYjc0YTlhM2ZhMWQ1ZDMw
YWQzN2YwHhcNMjUwMTAxMjE0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2I3NzIyM2ZmYzJiNDE1MzIzNzcyOGExY2VlYzM5OWI0NjEzOTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSyqFIE4bIzhYvsTMOpcgIcpSUgl
JWIn2m7CBaX6yd2qEd9FRFN6i/8LaJjQDDjh9jkkzzK7jZq4w6/FW+bpbLuxq8dF
yjeKhvf33SwbUas7F6Q5l7UbV96jUr//5eeRwyh3UkKa2ison/I6/9Zo4bw1PwRa
alLWMr1wXjva/fSs4zym5tnSMsDvlLup8TtZa5qh4opOHIHSvc3Kk0Q+PrjEfXN6
+bEvmF36xroA1Xw6qG+xwb5h2loOHExs/XblGEQ+89gNcML0fK2rLkjQ6v33aAaJ
lah8x7zzp2QOwswA5sz8nZXSzgEFn/IJ+lgdKTXmWQyBJIoWv63fQy0zCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPy3ciP/wrQVMjdyihzuw5m0YTlXMB8GA1UdIwQY
MBaAFDE+vkNqdWKbjz23Spo/odXTCtN/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVQ2LVEycDFZcHVQUGJkS21qLWgxZE1LMDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy83MmNjMmItN2MxZi00YTM2LWE3MDAt
OTYwYzhmMGE5NWIyLzEvX0xkeUlfX0N0QlV5TjNLS0hPN0RtYlJoT1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy83MmNjMmItN2MxZi00YTM2LWE3MDAtOTYwYzhmMGE5NWIy
LzEvTVQ2LVEycDFZcHVQUGJkS21qLWgxZE1LMDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZZ8MA0E
AgACMAcDBQMqE6VAMA0GCSqGSIb3DQEBCwUAA4IBAQBhkO6o4wo70l/PBygBilqe
prCy9o8VMemNMeFQ3gqZ80E7VDxnn0lO/PtEsIrAjoKcEvziCP3EFMJXtrqJvvcR
6Bpezohh+/xIqBwtrZihZTrx1U3S8hYa5EIZBXhPIPc6XgNz0lQSZA2V/4RprLnt
iIQZcjVHGqFq19iHqDBK20lXyrImC/18OdsFhe5Eb0oUsCaXG0es81dz1cp3L6xL
Vl9m5+k+/Qk0fZ1DbE9g1VJJkG6vC0uDtb59YPn/LqokeLZ9i56Z6Jd/YTjCDGZL
CQUbSKT+lj9QnD8t0wqnYxkBREl8/BqQGXqqSCNJmmpsnzQrfUfxZUgwLSiv26so
-----END CERTIFICATE-----