Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/e_fKzyMGP2BAukkTPFbz9htGhsU.roa
File:                     e_fKzyMGP2BAukkTPFbz9htGhsU.roa (raw, json)
Hash identifier:          R8piax2BZXmCIRcmiQxJAzyQx3Kr2idqCRP3833Mldo=
Subject key identifier:   7B:F7:CA:CF:23:06:3F:60:40:BA:49:13:3C:56:F3:F6:1B:46:86:C5
Certificate issuer:       /CN=6d7ea43a1c4755787d491fba563b88811dccc5f8
Certificate serial:       019425FC4487E2B7ED9DF0FB040C972BF3C9
Authority key identifier: 6D:7E:A4:3A:1C:47:55:78:7D:49:1F:BA:56:3B:88:81:1D:CC:C5:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/e_fKzyMGP2BAukkTPFbz9htGhsU.roa
Signing time:             Thu 02 Jan 2025 07:47:57 +0000
ROA not before:           Thu 02 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29686
IP address blocks:        91.199.225.0/24 maxlen: 24
                          195.28.12.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:44:87:e2:b7:ed:9d:f0:fb:04:0c:97:2b:f3:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d7ea43a1c4755787d491fba563b88811dccc5f8
        Validity
            Not Before: Jan  2 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bf7cacf23063f6040ba49133c56f3f61b4686c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ce:62:8d:0d:8b:46:22:de:09:c9:b7:58:cb:
                    f6:ad:16:ea:45:c6:93:cf:f1:1d:e6:1e:b0:77:b4:
                    54:02:d7:4d:ca:a7:5e:af:43:6c:ec:42:01:77:88:
                    17:03:5e:b2:0c:ba:b4:ec:a8:18:a7:74:d9:01:04:
                    dd:2b:fd:99:fc:23:2e:8b:31:45:26:fd:7b:11:65:
                    40:dd:18:4a:dd:cf:74:58:67:15:37:f5:7e:2e:97:
                    6f:e1:41:b6:95:5c:70:3a:7b:01:99:19:17:03:aa:
                    48:a4:d4:6b:34:49:77:f4:b1:13:01:b7:10:b2:ee:
                    df:d4:a8:fc:28:b6:25:12:8f:f7:84:21:44:fd:71:
                    ab:db:ac:e6:03:64:a8:4f:5b:b2:61:e1:4f:05:60:
                    49:69:fb:05:ea:55:2c:89:5c:b6:bc:5d:e9:86:aa:
                    49:c8:56:14:60:01:c9:25:92:0f:dc:fa:86:8c:ba:
                    67:9d:d1:f8:22:3f:b5:36:76:bb:53:36:0d:42:99:
                    dc:3c:08:d2:7d:3b:89:57:7f:c8:b5:72:38:c9:fa:
                    f5:fe:af:a3:0d:d8:bc:0b:a9:90:1f:83:d4:53:db:
                    1d:8d:53:87:8e:e3:1b:b7:e6:0c:70:89:f1:f9:41:
                    6a:fa:67:b7:ce:44:d0:fd:ef:7c:f5:6c:b0:f8:34:
                    e8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:F7:CA:CF:23:06:3F:60:40:BA:49:13:3C:56:F3:F6:1B:46:86:C5
            X509v3 Authority Key Identifier:
                keyid:6D:7E:A4:3A:1C:47:55:78:7D:49:1F:BA:56:3B:88:81:1D:CC:C5:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/e_fKzyMGP2BAukkTPFbz9htGhsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.225.0/24
                  195.28.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:bb:3c:f9:2e:eb:3f:02:ce:3c:33:ff:91:d7:08:ba:e3:51:
         47:d2:fc:b8:71:f0:1c:b7:7a:50:61:a4:2f:7e:da:28:29:61:
         06:eb:a3:df:53:4e:7d:0c:92:f7:06:78:ce:89:e1:86:66:70:
         c0:e7:34:69:72:27:1b:1c:bd:c4:f8:c7:62:8c:da:6b:1f:26:
         50:64:0d:1e:43:d7:7c:ad:6c:ae:7c:ee:c1:d9:b2:28:12:cf:
         e8:d1:2d:18:21:98:70:21:b3:e8:70:89:6b:5b:87:51:26:2d:
         a6:7d:ba:65:8d:d9:74:8b:ea:c0:07:18:5b:f4:e5:81:64:67:
         a1:bf:ae:ba:d3:98:28:b3:ee:f6:42:60:fe:07:0c:0c:4c:73:
         93:29:21:3c:20:f3:b6:b8:41:08:ad:c8:a7:67:bc:bd:90:f1:
         7d:d3:6e:8e:1e:ab:61:29:b5:53:2d:c7:e0:c6:84:3c:58:a7:
         96:6b:e6:3a:b1:38:82:a7:16:5e:55:e8:37:52:46:9b:34:e0:
         53:09:c4:76:4e:99:9d:a3:3d:f9:25:a9:25:de:80:1c:5d:ac:
         eb:89:34:59:03:ca:13:3e:5f:da:57:10:94:e2:63:5b:98:f8:
         92:7e:b0:cf:34:2b:8a:6d:7b:10:26:cf:24:bf:00:6f:17:17:
         73:e6:2f:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/ESH4rftnfD7BAyXK/PJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkN2VhNDNhMWM0NzU1Nzg3ZDQ5MWZiYTU2M2I4ODgxMWRj
Y2M1ZjgwHhcNMjUwMTAyMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmY3Y2FjZjIzMDYzZjYwNDBiYTQ5MTMzYzU2ZjNmNjFiNDY4NmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv85ijQ2LRiLeCcm3WMv2rRbqRcaT
z/Ed5h6wd7RUAtdNyqder0Ns7EIBd4gXA16yDLq07KgYp3TZAQTdK/2Z/CMuizFF
Jv17EWVA3RhK3c90WGcVN/V+Lpdv4UG2lVxwOnsBmRkXA6pIpNRrNEl39LETAbcQ
su7f1Kj8KLYlEo/3hCFE/XGr26zmA2SoT1uyYeFPBWBJafsF6lUsiVy2vF3phqpJ
yFYUYAHJJZIP3PqGjLpnndH4Ij+1Nna7UzYNQpncPAjSfTuJV3/ItXI4yfr1/q+j
Ddi8C6mQH4PUU9sdjVOHjuMbt+YMcInx+UFq+me3zkTQ/e989Wyw+DToDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHv3ys8jBj9gQLpJEzxW8/YbRobFMB8GA1UdIwQY
MBaAFG1+pDocR1V4fUkfulY7iIEdzMX4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlg2a09oeEhWWGg5U1ItNlZqdUlnUjNNeGZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi81Yzk5OTYtNmY2Yi00YzMxLTg2M2Ut
NTg5ZDMwZmZhYThjLzEvZV9mS3p5TUdQMkJBdWtrVFBGYno5aHRHaHNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi81Yzk5OTYtNmY2Yi00YzMxLTg2M2UtNTg5ZDMwZmZhYThj
LzEvYlg2a09oeEhWWGg5U1ItNlZqdUlnUjNNeGZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8fhAwQB
wxwMMA0GCSqGSIb3DQEBCwUAA4IBAQCSuzz5Lus/As48M/+R1wi641FH0vy4cfAc
t3pQYaQvftooKWEG66PfU059DJL3BnjOieGGZnDA5zRpcicbHL3E+MdijNprHyZQ
ZA0eQ9d8rWyufO7B2bIoEs/o0S0YIZhwIbPocIlrW4dRJi2mfbpljdl0i+rABxhb
9OWBZGehv66605gos+72QmD+BwwMTHOTKSE8IPO2uEEIrcinZ7y9kPF9026OHqth
KbVTLcfgxoQ8WKeWa+Y6sTiCpxZeVeg3UkabNOBTCcR2Tpmdoz35Jakl3oAcXazr
iTRZA8oTPl/aVxCU4mNbmPiSfrDPNCuKbXsQJs8kvwBvFxdz5i9E
-----END CERTIFICATE-----