Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/6qanCjcucoDvogEjoEibMas1xCw.roa
File:                     6qanCjcucoDvogEjoEibMas1xCw.roa (raw, json)
Hash identifier:          iHrFUYTwZPBriNgyEwpJfBAHJGESvwJ6/vI6y1aBDEY=
Subject key identifier:   EA:A6:A7:0A:37:2E:72:80:EF:A2:01:23:A0:48:9B:31:AB:35:C4:2C
Certificate issuer:       /CN=5643415c22e141972c0d7e76c24e88b22427b024
Certificate serial:       019427B69AEE2B5BFD48FB7CB90D256FF72C
Authority key identifier: 56:43:41:5C:22:E1:41:97:2C:0D:7E:76:C2:4E:88:B2:24:27:B0:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VkNBXCLhQZcsDX52wk6IsiQnsCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/6qanCjcucoDvogEjoEibMas1xCw.roa
Signing time:             Thu 02 Jan 2025 15:51:06 +0000
ROA not before:           Thu 02 Jan 2025 15:51:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8265
IP address blocks:        185.28.52.0/22 maxlen: 24
                          195.96.192.0/19 maxlen: 24
                          2a02:2888::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/VkNBXCLhQZcsDX52wk6IsiQnsCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/VkNBXCLhQZcsDX52wk6IsiQnsCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VkNBXCLhQZcsDX52wk6IsiQnsCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 12:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:9a:ee:2b:5b:fd:48:fb:7c:b9:0d:25:6f:f7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5643415c22e141972c0d7e76c24e88b22427b024
        Validity
            Not Before: Jan  2 15:51:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eaa6a70a372e7280efa20123a0489b31ab35c42c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:23:97:06:a0:aa:92:25:8f:b5:b6:e3:0e:8a:
                    c5:b6:e4:c3:e6:17:51:0c:e0:d0:28:28:0b:9f:35:
                    47:75:d4:19:33:c2:e3:24:89:cc:94:12:01:d5:bb:
                    73:eb:2f:da:39:65:cc:3f:9c:ec:b7:a4:48:47:60:
                    d1:5f:07:49:6d:54:47:4b:7a:be:57:8b:ad:c8:4b:
                    2c:28:42:1c:0c:3a:be:b7:da:90:9e:70:64:c6:c2:
                    59:69:13:c4:1e:b5:0a:0d:d2:da:c2:a2:b5:ba:ab:
                    7b:b9:44:e6:81:31:30:a5:05:aa:d2:c9:19:9d:a4:
                    d1:6e:b9:a6:df:ac:69:e7:07:49:b1:92:1c:29:27:
                    ee:d3:94:c3:9d:7f:03:37:b1:f9:ff:d8:da:86:64:
                    f1:eb:76:3c:f4:4a:29:d6:ca:6e:10:bb:18:e0:ac:
                    dc:d7:6b:1c:f4:c3:40:5f:34:2c:04:38:ab:9f:5c:
                    78:a7:e7:ed:9d:9d:9c:44:8d:50:00:e9:5d:42:b9:
                    b8:b4:56:ed:96:db:73:78:48:cb:80:e3:07:cb:e3:
                    b8:cc:3a:6c:26:8c:85:09:95:8f:87:ce:7e:39:aa:
                    5d:43:ec:60:3b:8d:1f:9e:44:75:cc:38:cc:eb:ad:
                    cb:f7:ae:98:cc:58:3b:1d:10:cc:84:00:9f:e6:77:
                    9c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:A6:A7:0A:37:2E:72:80:EF:A2:01:23:A0:48:9B:31:AB:35:C4:2C
            X509v3 Authority Key Identifier:
                keyid:56:43:41:5C:22:E1:41:97:2C:0D:7E:76:C2:4E:88:B2:24:27:B0:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VkNBXCLhQZcsDX52wk6IsiQnsCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/6qanCjcucoDvogEjoEibMas1xCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/VkNBXCLhQZcsDX52wk6IsiQnsCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.52.0/22
                  195.96.192.0/19
                IPv6:
                  2a02:2888::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:35:4c:d5:d5:f1:7a:39:ed:3a:82:e6:17:94:5e:0e:f1:d0:
         de:dc:42:34:c2:e5:7f:88:03:fe:ac:9b:dc:e2:08:de:53:98:
         0b:25:bd:4b:ad:54:88:66:86:cc:82:0a:fd:94:ed:94:ba:f5:
         be:7d:2f:65:44:27:b7:d8:d8:f9:0f:04:48:81:62:6f:68:c5:
         e2:8b:70:e2:8e:6d:0d:cf:ed:75:51:18:6a:20:ac:a8:49:e6:
         e4:e8:26:dd:d4:8f:4f:6d:cc:df:ef:ef:5c:c4:45:66:de:5c:
         be:3e:ff:54:e7:86:fa:5e:22:ff:f6:69:0c:f6:d0:b2:e8:7e:
         4b:c4:14:5f:08:3a:2f:e8:48:70:af:1c:b6:fd:46:40:2e:0b:
         ee:2f:18:a2:bf:be:a0:a3:79:29:28:49:54:44:3e:76:ee:ce:
         0c:64:86:10:8b:3f:45:e8:de:2f:12:fc:2f:c5:bb:ec:c4:bd:
         18:a4:06:92:46:0b:fc:4f:32:dd:c7:a2:6f:e8:bb:86:c1:85:
         c6:2f:b1:66:29:c6:a4:4b:03:fc:4f:13:ab:f1:7f:9f:59:2b:
         93:e2:25:4b:8c:26:66:4f:5c:5c:00:f8:d1:3c:af:12:91:05:
         8c:59:06:5c:32:ab:29:f9:d5:05:69:eb:1c:7d:c2:6a:09:ab:
         a3:82:07:2d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQntpruK1v9SPt8uQ0lb/csMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NDM0MTVjMjJlMTQxOTcyYzBkN2U3NmMyNGU4OGIyMjQy
N2IwMjQwHhcNMjUwMTAyMTU1MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWE2YTcwYTM3MmU3MjgwZWZhMjAxMjNhMDQ4OWIzMWFiMzVjNDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSOXBqCqkiWPtbbjDorFtuTD5hdR
DODQKCgLnzVHddQZM8LjJInMlBIB1btz6y/aOWXMP5zst6RIR2DRXwdJbVRHS3q+
V4utyEssKEIcDDq+t9qQnnBkxsJZaRPEHrUKDdLawqK1uqt7uUTmgTEwpQWq0skZ
naTRbrmm36xp5wdJsZIcKSfu05TDnX8DN7H5/9jahmTx63Y89Eop1spuELsY4Kzc
12sc9MNAXzQsBDirn1x4p+ftnZ2cRI1QAOldQrm4tFbtlttzeEjLgOMHy+O4zDps
JoyFCZWPh85+OapdQ+xgO40fnkR1zDjM663L966YzFg7HRDMhACf5neccwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOqmpwo3LnKA76IBI6BImzGrNcQsMB8GA1UdIwQY
MBaAFFZDQVwi4UGXLA1+dsJOiLIkJ7AkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmtOQlhDTGhRWmNzRFg1MndrNklzaVFuc0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9iNGM3NGEtZTNiMi00ZTA5LTg2N2Mt
Zjk5NjdjM2FkM2U0LzEvNnFhbkNqY3Vjb0R2b2dFam9FaWJNYXMxeEN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9iNGM3NGEtZTNiMi00ZTA5LTg2N2MtZjk5NjdjM2FkM2U0
LzEvVmtOQlhDTGhRWmNzRFg1MndrNklzaVFuc0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRw0AwQF
w2DAMA0EAgACMAcDBQAqAiiIMA0GCSqGSIb3DQEBCwUAA4IBAQAZNUzV1fF6Oe06
guYXlF4O8dDe3EI0wuV/iAP+rJvc4gjeU5gLJb1LrVSIZobMggr9lO2UuvW+fS9l
RCe32Nj5DwRIgWJvaMXii3Dijm0Nz+11URhqIKyoSebk6Cbd1I9Pbczf7+9cxEVm
3ly+Pv9U54b6XiL/9mkM9tCy6H5LxBRfCDov6Ehwrxy2/UZALgvuLxiiv76go3kp
KElURD527s4MZIYQiz9F6N4vEvwvxbvsxL0YpAaSRgv8TzLdx6Jv6LuGwYXGL7Fm
KcakSwP8TxOr8X+fWSuT4iVLjCZmT1xcAPjRPK8SkQWMWQZcMqsp+dUFaescfcJq
Caujggct
-----END CERTIFICATE-----