Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/2d8efc-b9fa-432c-9727-8b85b28fbb79/1/g6X_lRYXDJRZnC8lMpbRmD7fpGU.roa
File:                     g6X_lRYXDJRZnC8lMpbRmD7fpGU.roa (raw, json)
Hash identifier:          hq/bivbA56Qmzu+4HRNaps/x/ti0y7YbNHmOsoCnEhw=
Subject key identifier:   83:A5:FF:95:16:17:0C:94:59:9C:2F:25:32:96:D1:98:3E:DF:A4:65
Certificate issuer:       /CN=daaec597d1b379ea83236312c6f8b2bce7439773
Certificate serial:       01941FFA207C8352DACF5AAF7D6EDC87ED3C
Authority key identifier: DA:AE:C5:97:D1:B3:79:EA:83:23:63:12:C6:F8:B2:BC:E7:43:97:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q7Fl9GzeeqDI2MSxviyvOdDl3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/2d8efc-b9fa-432c-9727-8b85b28fbb79/1/g6X_lRYXDJRZnC8lMpbRmD7fpGU.roa
Signing time:             Wed 01 Jan 2025 03:47:53 +0000
ROA not before:           Wed 01 Jan 2025 03:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28820
IP address blocks:        193.29.55.0/24 maxlen: 24
                          195.225.252.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/2d8efc-b9fa-432c-9727-8b85b28fbb79/1/2q7Fl9GzeeqDI2MSxviyvOdDl3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/2d8efc-b9fa-432c-9727-8b85b28fbb79/1/2q7Fl9GzeeqDI2MSxviyvOdDl3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q7Fl9GzeeqDI2MSxviyvOdDl3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:20:7c:83:52:da:cf:5a:af:7d:6e:dc:87:ed:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaec597d1b379ea83236312c6f8b2bce7439773
        Validity
            Not Before: Jan  1 03:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83a5ff9516170c94599c2f253296d1983edfa465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ab:3d:56:e8:d7:73:7e:a4:70:c2:ef:66:ef:
                    e1:25:a8:48:95:aa:df:be:e8:58:79:d4:7e:6c:6e:
                    92:cc:7c:54:b1:56:da:75:8a:ea:93:38:e7:d2:5d:
                    57:ab:ac:52:93:3f:85:5f:d5:cd:d0:69:75:36:18:
                    46:67:89:1c:5a:90:5c:84:f4:d4:28:48:7c:f4:24:
                    1f:f8:c9:29:24:a4:92:5f:af:3a:b4:93:e1:a3:1a:
                    69:27:fd:3a:fe:4c:57:31:5e:6e:2d:9f:54:39:df:
                    1d:d9:05:34:57:92:f4:0a:33:69:9f:e2:4f:b1:ad:
                    9d:c9:6d:4d:e6:68:a9:9f:df:ac:46:31:76:b8:b8:
                    3a:cd:ec:5c:31:c9:82:34:2d:28:53:57:91:77:20:
                    c2:47:9e:50:e6:ca:3f:d1:aa:59:c6:83:22:20:d7:
                    88:39:2e:35:e0:d0:38:2a:19:0e:cf:3f:72:99:b4:
                    fd:cd:7f:61:21:9c:2f:a3:c4:0e:f2:3a:64:86:7b:
                    4d:e8:4c:4c:43:b0:81:b7:af:25:af:2c:0a:06:7a:
                    91:7f:51:4f:08:28:07:ed:57:a8:af:d6:e3:40:32:
                    a5:c4:57:7d:71:b3:68:25:97:08:49:26:8d:9a:c9:
                    15:f7:ad:b5:e9:64:29:ce:0c:80:8b:10:5b:57:ee:
                    d7:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:A5:FF:95:16:17:0C:94:59:9C:2F:25:32:96:D1:98:3E:DF:A4:65
            X509v3 Authority Key Identifier:
                keyid:DA:AE:C5:97:D1:B3:79:EA:83:23:63:12:C6:F8:B2:BC:E7:43:97:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q7Fl9GzeeqDI2MSxviyvOdDl3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2d8efc-b9fa-432c-9727-8b85b28fbb79/1/g6X_lRYXDJRZnC8lMpbRmD7fpGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2d8efc-b9fa-432c-9727-8b85b28fbb79/1/2q7Fl9GzeeqDI2MSxviyvOdDl3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.55.0/24
                  195.225.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:c3:5c:c5:fd:a5:40:d7:84:40:e4:e3:51:9e:ac:54:60:2b:
         bd:66:ef:c2:b2:dc:a1:d5:91:a2:b2:c2:49:92:22:a6:e8:c9:
         92:24:1c:c5:a5:ee:f8:80:f0:8a:76:bf:e5:85:d1:98:5b:db:
         9d:65:74:3f:70:d7:24:d6:05:75:e0:ba:b1:8e:2f:90:a1:4e:
         6f:44:ec:f6:f0:d6:79:2a:b0:14:3d:07:66:31:16:29:ce:7e:
         e5:81:99:50:6a:c9:45:f8:e5:a0:dc:0b:30:c8:5b:c2:a9:4a:
         42:d7:02:70:f6:84:b4:ef:29:e2:ee:55:3d:0e:fc:1e:94:df:
         c3:24:9d:a2:58:76:c2:c2:9a:cf:fb:2c:75:c0:d6:03:4c:76:
         a3:40:79:32:1a:28:d4:d0:8c:de:5f:56:36:92:50:9b:2c:75:
         4d:02:e0:48:f0:c4:87:1e:a1:21:20:16:56:88:f6:5b:af:4f:
         54:f0:70:60:2e:75:8c:29:3a:76:38:e9:09:ec:67:ef:c6:bb:
         ef:4b:c6:ac:06:09:26:8c:2d:6c:1b:0d:71:fa:5f:e3:5a:7e:
         70:c3:69:c1:5e:a7:8e:88:ce:6c:bc:56:ae:9b:2f:36:27:60:
         7c:e5:5b:73:60:ec:1f:78:cd:8d:ab:72:0b:d2:a6:e1:ba:cb:
         c7:74:f6:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+iB8g1Laz1qvfW7ch+08MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWVjNTk3ZDFiMzc5ZWE4MzIzNjMxMmM2ZjhiMmJjZTc0
Mzk3NzMwHhcNMjUwMTAxMDM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2E1ZmY5NTE2MTcwYzk0NTk5YzJmMjUzMjk2ZDE5ODNlZGZhNDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6s9VujXc36kcMLvZu/hJahIlarf
vuhYedR+bG6SzHxUsVbadYrqkzjn0l1Xq6xSkz+FX9XN0Gl1NhhGZ4kcWpBchPTU
KEh89CQf+MkpJKSSX686tJPhoxppJ/06/kxXMV5uLZ9UOd8d2QU0V5L0CjNpn+JP
sa2dyW1N5mipn9+sRjF2uLg6zexcMcmCNC0oU1eRdyDCR55Q5so/0apZxoMiINeI
OS414NA4KhkOzz9ymbT9zX9hIZwvo8QO8jpkhntN6ExMQ7CBt68lrywKBnqRf1FP
CCgH7Veor9bjQDKlxFd9cbNoJZcISSaNmskV96216WQpzgyAixBbV+7XwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIOl/5UWFwyUWZwvJTKW0Zg+36RlMB8GA1UdIwQY
MBaAFNquxZfRs3nqgyNjEsb4srznQ5dzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE3Rmw5R3plZXFESTJNU3h2aXl2T2REbDNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8yZDhlZmMtYjlmYS00MzJjLTk3Mjct
OGI4NWIyOGZiYjc5LzEvZzZYX2xSWVhESlJabkM4bE1wYlJtRDdmcEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8yZDhlZmMtYjlmYS00MzJjLTk3MjctOGI4NWIyOGZiYjc5
LzEvMnE3Rmw5R3plZXFESTJNU3h2aXl2T2REbDNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwR03AwQC
w+H8MA0GCSqGSIb3DQEBCwUAA4IBAQACw1zF/aVA14RA5ONRnqxUYCu9Zu/Cstyh
1ZGissJJkiKm6MmSJBzFpe74gPCKdr/lhdGYW9udZXQ/cNck1gV14Lqxji+QoU5v
ROz28NZ5KrAUPQdmMRYpzn7lgZlQaslF+OWg3AswyFvCqUpC1wJw9oS07yni7lU9
DvwelN/DJJ2iWHbCwprP+yx1wNYDTHajQHkyGijU0IzeX1Y2klCbLHVNAuBI8MSH
HqEhIBZWiPZbr09U8HBgLnWMKTp2OOkJ7GfvxrvvS8asBgkmjC1sGw1x+l/jWn5w
w2nBXqeOiM5svFaumy82J2B85VtzYOwfeM2Nq3IL0qbhusvHdPYV
-----END CERTIFICATE-----