Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/WkUeJeS2VIWyHMQB6OP6WxpRtuE.roa
File:                     WkUeJeS2VIWyHMQB6OP6WxpRtuE.roa (raw, json)
Hash identifier:          moR9C1uw6Uz7LXM37ENpKv40O3dD16LP7ICWKr7IDI0=
Subject key identifier:   5A:45:1E:25:E4:B6:54:85:B2:1C:C4:01:E8:E3:FA:5B:1A:51:B6:E1
Certificate issuer:       /CN=943e3f4856dac2a005c3a52347114dec453934b8
Certificate serial:       019423D6BD07F41927BE7BC3F435636578E2
Authority key identifier: 94:3E:3F:48:56:DA:C2:A0:05:C3:A5:23:47:11:4D:EC:45:39:34:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/WkUeJeS2VIWyHMQB6OP6WxpRtuE.roa
Signing time:             Wed 01 Jan 2025 21:47:43 +0000
ROA not before:           Wed 01 Jan 2025 21:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60633
IP address blocks:        178.197.0.0/16 maxlen: 24
                          213.3.80.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:bd:07:f4:19:27:be:7b:c3:f4:35:63:65:78:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=943e3f4856dac2a005c3a52347114dec453934b8
        Validity
            Not Before: Jan  1 21:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a451e25e4b65485b21cc401e8e3fa5b1a51b6e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bb:f0:85:37:d8:4b:eb:fb:f3:2e:ff:2d:ba:
                    32:52:47:56:ea:74:87:7d:4c:38:98:b2:89:eb:79:
                    82:0a:d4:71:fd:88:76:c4:29:2a:5f:de:d3:50:27:
                    da:61:84:8d:24:c9:52:11:53:71:e8:15:25:83:6d:
                    cd:f1:7e:c4:b0:47:09:7a:58:7c:f4:a3:b5:43:6e:
                    14:56:96:35:e6:e7:0b:56:9c:55:f8:20:b4:92:db:
                    cc:b0:a3:db:29:bf:08:9b:79:34:fc:4f:67:3f:ca:
                    95:55:02:85:da:a9:9c:59:55:e0:0a:4f:f6:d3:c1:
                    96:64:52:e5:a2:99:e5:e5:95:60:7d:f3:ab:92:50:
                    b5:e4:ef:1f:e2:08:f8:24:59:5f:7f:c3:d6:84:b8:
                    ba:a6:11:3f:4f:c0:39:69:15:2a:cc:90:da:72:fb:
                    7d:b9:3f:28:65:60:44:9e:80:fc:c7:88:69:f5:b5:
                    8f:ee:46:c1:f6:1d:26:fc:cd:aa:e7:7e:7a:75:09:
                    cd:4b:88:a5:3f:88:d2:1d:7d:32:72:d3:99:d3:4f:
                    fb:0f:1a:5f:a1:15:e6:9b:ff:7c:d6:80:9d:d1:a9:
                    ae:1e:ce:04:00:5a:94:56:29:40:0b:75:6a:a2:62:
                    65:01:55:dd:a5:74:11:27:42:c1:3c:09:2a:5d:fa:
                    78:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:45:1E:25:E4:B6:54:85:B2:1C:C4:01:E8:E3:FA:5B:1A:51:B6:E1
            X509v3 Authority Key Identifier:
                keyid:94:3E:3F:48:56:DA:C2:A0:05:C3:A5:23:47:11:4D:EC:45:39:34:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/WkUeJeS2VIWyHMQB6OP6WxpRtuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.197.0.0/16
                  213.3.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         98:cd:bf:eb:f8:dd:d6:10:e1:13:72:30:4c:8f:6f:03:98:fc:
         b0:c2:66:e2:f7:33:b3:6a:8f:8e:14:fe:95:f4:eb:52:b7:9b:
         31:84:d7:89:df:b4:ac:cf:15:a5:85:2a:a8:71:5d:9b:d8:13:
         22:6a:c7:f8:f3:f8:11:ea:7e:db:6d:e5:8c:26:0d:e4:f8:60:
         b4:fc:a6:04:60:04:02:c3:10:df:11:e7:5c:38:04:90:4a:04:
         5c:79:ae:8b:4c:1c:2a:e1:cc:7c:3c:30:23:3c:6f:c8:df:4f:
         8c:0e:ef:f2:fe:16:a2:ac:d1:70:ad:61:4b:8b:f0:28:da:cc:
         84:b4:86:f5:1f:a1:ed:1e:6d:8b:1e:32:6d:c1:f6:38:80:9f:
         2c:83:bd:aa:03:e5:64:08:c0:cf:c3:f9:0b:4a:38:1e:23:25:
         87:02:7b:ab:e6:53:c9:83:60:cf:92:13:67:61:50:dc:6f:83:
         e7:ed:0d:04:a5:78:68:fe:6b:96:98:76:db:31:b1:6c:1a:ed:
         94:f6:70:6d:f7:4a:11:f0:99:cb:c9:8d:8b:11:d8:72:20:dc:
         ff:0f:5c:27:bd:5d:21:d0:ef:0c:7f:7e:9a:73:0b:f8:0b:eb:
         06:35:3a:d2:64:d0:4e:78:d1:a5:40:5c:8f:5a:a0:f9:55:39:
         9b:62:11:22
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQj1r0H9BknvnvD9DVjZXjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0M2UzZjQ4NTZkYWMyYTAwNWMzYTUyMzQ3MTE0ZGVjNDUz
OTM0YjgwHhcNMjUwMTAxMjE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTQ1MWUyNWU0YjY1NDg1YjIxY2M0MDFlOGUzZmE1YjFhNTFiNmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrvwhTfYS+v78y7/LboyUkdW6nSH
fUw4mLKJ63mCCtRx/Yh2xCkqX97TUCfaYYSNJMlSEVNx6BUlg23N8X7EsEcJelh8
9KO1Q24UVpY15ucLVpxV+CC0ktvMsKPbKb8Im3k0/E9nP8qVVQKF2qmcWVXgCk/2
08GWZFLlopnl5ZVgffOrklC15O8f4gj4JFlff8PWhLi6phE/T8A5aRUqzJDacvt9
uT8oZWBEnoD8x4hp9bWP7kbB9h0m/M2q5356dQnNS4ilP4jSHX0yctOZ00/7Dxpf
oRXmm/981oCd0amuHs4EAFqUVilAC3VqomJlAVXdpXQRJ0LBPAkqXfp4WwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFFpFHiXktlSFshzEAejj+lsaUbbhMB8GA1UdIwQY
MBaAFJQ+P0hW2sKgBcOlI0cRTexFOTS4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEQ0X1NGYmF3cUFGdzZValJ4Rk43RVU1TkxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy84YzE1NDQtN2NmMi00ODcxLWExZGYt
MDI1M2QwNGZiOGZmLzEvV2tVZUplUzJWSVd5SE1RQjZPUDZXeHBSdHVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy84YzE1NDQtN2NmMi00ODcxLWExZGYtMDI1M2QwNGZiOGZm
LzEvbEQ0X1NGYmF3cUFGdzZValJ4Rk43RVU1TkxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAssUDBAPV
A1AwDQYJKoZIhvcNAQELBQADggEBAJjNv+v43dYQ4RNyMEyPbwOY/LDCZuL3M7Nq
j44U/pX061K3mzGE14nftKzPFaWFKqhxXZvYEyJqx/jz+BHqfttt5YwmDeT4YLT8
pgRgBALDEN8R51w4BJBKBFx5rotMHCrhzHw8MCM8b8jfT4wO7/L+FqKs0XCtYUuL
8CjazIS0hvUfoe0ebYseMm3B9jiAnyyDvaoD5WQIwM/D+QtKOB4jJYcCe6vmU8mD
YM+SE2dhUNxvg+ftDQSleGj+a5aYdtsxsWwa7ZT2cG33ShHwmcvJjYsR2HIg3P8P
XCe9XSHQ7wx/fppzC/gL6wY1OtJk0E540aVAXI9aoPlVOZtiESI=
-----END CERTIFICATE-----