Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/SVN8chXXLiylZ6iSzxPfIxpS6Wc.roa
File:                     SVN8chXXLiylZ6iSzxPfIxpS6Wc.roa (raw, json)
Hash identifier:          S3c0fzdOzI2koB/V4F0MudazfO5SBRZZKt7wV9ucqpI=
Subject key identifier:   49:53:7C:72:15:D7:2E:2C:A5:67:A8:92:CF:13:DF:23:1A:52:E9:67
Certificate issuer:       /CN=6f108bd5addfabf151d9079e3d3d341269666fa7
Certificate serial:       019427480772C0C4CB713071B2D652E30529
Authority key identifier: 6F:10:8B:D5:AD:DF:AB:F1:51:D9:07:9E:3D:3D:34:12:69:66:6F:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/SVN8chXXLiylZ6iSzxPfIxpS6Wc.roa
Signing time:             Thu 02 Jan 2025 13:50:19 +0000
ROA not before:           Thu 02 Jan 2025 13:50:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199533
IP address blocks:        89.34.124.0/24 maxlen: 24
                          185.144.115.0/24 maxlen: 24
                          2a0f:ac80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:07:72:c0:c4:cb:71:30:71:b2:d6:52:e3:05:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f108bd5addfabf151d9079e3d3d341269666fa7
        Validity
            Not Before: Jan  2 13:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49537c7215d72e2ca567a892cf13df231a52e967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:01:d3:3a:65:bb:98:01:a7:16:9d:bb:50:29:
                    7e:21:c9:c1:be:74:e1:02:63:55:8e:9b:f5:df:97:
                    aa:59:ef:75:50:f7:e0:27:92:fe:d5:d6:84:b1:e9:
                    0e:db:64:0c:af:ab:1f:aa:77:d8:1e:b7:23:cc:8f:
                    a9:59:39:21:04:76:e1:4d:93:23:e8:41:8e:63:f0:
                    23:b8:7e:d9:2b:5a:aa:e3:26:cf:94:f3:80:7a:87:
                    20:a2:42:7c:6e:b3:6a:58:f6:ee:0b:78:8c:3b:50:
                    6d:7e:d8:17:b7:50:08:36:4d:0f:c8:14:e1:ee:bf:
                    30:ee:12:5c:f6:98:81:6f:f1:f7:3d:d3:1f:e9:27:
                    63:b1:35:40:40:3b:bd:1d:8a:01:d2:a1:ff:6e:24:
                    71:85:c0:2d:6a:c8:95:03:f8:48:6c:67:2a:87:97:
                    dd:71:e9:93:04:1e:14:c3:88:39:c0:be:f5:77:8a:
                    bb:99:b3:b3:c4:97:6a:e9:ba:96:60:38:af:b8:aa:
                    c5:5f:02:7e:90:52:9e:05:3f:7e:04:07:e2:69:36:
                    bd:be:cc:19:cd:74:69:d4:e3:85:71:6d:b2:d7:46:
                    3e:1c:24:bd:4b:a8:e4:25:6c:ff:46:21:a0:1d:95:
                    de:1b:d5:1c:de:d0:99:18:33:83:42:ee:2e:34:88:
                    15:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:53:7C:72:15:D7:2E:2C:A5:67:A8:92:CF:13:DF:23:1A:52:E9:67
            X509v3 Authority Key Identifier:
                keyid:6F:10:8B:D5:AD:DF:AB:F1:51:D9:07:9E:3D:3D:34:12:69:66:6F:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bxCL1a3fq_FR2QeePT00Emlmb6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/SVN8chXXLiylZ6iSzxPfIxpS6Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b7b7fa-13d0-4ffc-9878-097b4d6d81e4/1/bxCL1a3fq_FR2QeePT00Emlmb6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.124.0/24
                  185.144.115.0/24
                IPv6:
                  2a0f:ac80::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:ee:e8:b7:c0:be:b5:cd:62:d4:9a:15:92:48:a6:8d:1a:e9:
         1d:ff:9b:f3:b0:de:99:db:e2:da:93:e4:a4:0b:33:74:92:f4:
         0c:39:04:39:66:5e:4a:ce:b2:a9:a7:0f:84:c2:40:12:78:80:
         f3:ae:a2:5e:c8:f9:8d:f6:1d:91:1e:b9:c4:0c:06:9c:48:12:
         e9:27:a9:90:66:79:06:31:31:28:3e:f5:bd:82:4f:ec:6f:21:
         95:8c:91:b2:7f:41:bb:d7:a3:00:69:94:cd:63:af:26:44:8c:
         8c:5e:f7:01:ae:34:a0:ac:48:05:42:70:b3:c3:50:63:43:c7:
         d4:54:6b:9f:fd:3a:b0:e2:53:bd:cb:0b:02:d4:bd:78:c2:73:
         47:9c:30:68:e5:a6:c7:9f:30:9e:b4:ac:aa:97:46:5a:25:c9:
         6c:dd:f2:7f:ca:cf:f8:b5:d9:4c:b3:81:66:91:8a:a9:88:19:
         35:83:fe:23:48:e0:67:8d:eb:cd:8e:ce:74:7b:c9:c9:e4:d1:
         3a:c0:62:13:2d:a3:9e:32:14:d8:e6:8f:b2:72:12:8d:47:39:
         36:3c:9e:7d:0b:7c:39:33:b5:3f:b3:fd:e0:f7:ea:9e:2b:0a:
         a2:08:de:15:7c:3a:37:5d:ea:6c:10:de:8b:56:38:1f:08:00:
         82:95:4e:2d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnSAdywMTLcTBxstZS4wUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMTA4YmQ1YWRkZmFiZjE1MWQ5MDc5ZTNkM2QzNDEyNjk2
NjZmYTcwHhcNMjUwMTAyMTM1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTUzN2M3MjE1ZDcyZTJjYTU2N2E4OTJjZjEzZGYyMzFhNTJlOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQHTOmW7mAGnFp27UCl+IcnBvnTh
AmNVjpv135eqWe91UPfgJ5L+1daEsekO22QMr6sfqnfYHrcjzI+pWTkhBHbhTZMj
6EGOY/AjuH7ZK1qq4ybPlPOAeocgokJ8brNqWPbuC3iMO1BtftgXt1AINk0PyBTh
7r8w7hJc9piBb/H3PdMf6SdjsTVAQDu9HYoB0qH/biRxhcAtasiVA/hIbGcqh5fd
cemTBB4Uw4g5wL71d4q7mbOzxJdq6bqWYDivuKrFXwJ+kFKeBT9+BAfiaTa9vswZ
zXRp1OOFcW2y10Y+HCS9S6jkJWz/RiGgHZXeG9Uc3tCZGDODQu4uNIgV8wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFElTfHIV1y4spWeoks8T3yMaUulnMB8GA1UdIwQY
MBaAFG8Qi9Wt36vxUdkHnj09NBJpZm+nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnhDTDFhM2ZxX0ZSMlFlZVBUMDBFbWxtYjZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9iN2I3ZmEtMTNkMC00ZmZjLTk4Nzgt
MDk3YjRkNmQ4MWU0LzEvU1ZOOGNoWFhMaXlsWjZpU3p4UGZJeHBTNldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9iN2I3ZmEtMTNkMC00ZmZjLTk4NzgtMDk3YjRkNmQ4MWU0
LzEvYnhDTDFhM2ZxX0ZSMlFlZVBUMDBFbWxtYjZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAWSJ8AwQA
uZBzMA0EAgACMAcDBQMqD6yAMA0GCSqGSIb3DQEBCwUAA4IBAQBx7ui3wL61zWLU
mhWSSKaNGukd/5vzsN6Z2+Lak+SkCzN0kvQMOQQ5Zl5KzrKppw+EwkASeIDzrqJe
yPmN9h2RHrnEDAacSBLpJ6mQZnkGMTEoPvW9gk/sbyGVjJGyf0G716MAaZTNY68m
RIyMXvcBrjSgrEgFQnCzw1BjQ8fUVGuf/Tqw4lO9ywsC1L14wnNHnDBo5abHnzCe
tKyql0ZaJcls3fJ/ys/4tdlMs4FmkYqpiBk1g/4jSOBnjevNjs50e8nJ5NE6wGIT
LaOeMhTY5o+ychKNRzk2PJ59C3w5M7U/s/3g9+qeKwqiCN4VfDo3XepsEN6LVjgf
CACClU4t
-----END CERTIFICATE-----