Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/f0YSDbM5Fp4SqEnB7Svlvk1Cg-M.roa
File:                     f0YSDbM5Fp4SqEnB7Svlvk1Cg-M.roa (raw, json)
Hash identifier:          3R84lvwDdPg0KG2eSA0cCdxuOFb1Dl8Y/DbEXSQVXcw=
Subject key identifier:   7F:46:12:0D:B3:39:16:9E:12:A8:49:C1:ED:2B:E5:BE:4D:42:83:E3
Certificate issuer:       /CN=f030658f16d2d88d34164592fcd4de13131f1695
Certificate serial:       0194221FA5B4CDC6B620ADD1189AA10DA71B
Authority key identifier: F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/f0YSDbM5Fp4SqEnB7Svlvk1Cg-M.roa
Signing time:             Wed 01 Jan 2025 13:48:06 +0000
ROA not before:           Wed 01 Jan 2025 13:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        217.196.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a5:b4:cd:c6:b6:20:ad:d1:18:9a:a1:0d:a7:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f030658f16d2d88d34164592fcd4de13131f1695
        Validity
            Not Before: Jan  1 13:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f46120db339169e12a849c1ed2be5be4d4283e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c0:3a:3e:ca:0b:c3:49:4f:e4:9c:00:23:e2:
                    36:06:1b:87:4e:cd:a7:d0:cb:81:eb:0e:42:e8:d4:
                    6b:7a:25:17:64:22:17:f9:3f:d2:3a:23:52:aa:a2:
                    ed:16:b0:ce:34:b4:66:81:41:15:af:da:e5:21:f5:
                    dd:6f:74:36:ff:30:9c:92:b8:6c:bd:84:28:b8:8f:
                    93:62:89:5d:63:1b:bb:a8:cd:ba:3d:f9:66:45:15:
                    44:dd:7c:a1:32:1b:0d:21:a8:2e:00:77:0e:0d:52:
                    72:41:e5:ff:96:7a:11:7d:d2:8b:28:be:50:25:bf:
                    b6:a1:25:8f:f9:4e:ea:50:1e:61:4d:cb:c5:59:bb:
                    d6:71:f3:df:a6:d3:69:60:74:41:3a:70:25:35:9b:
                    82:13:00:a7:0a:04:c7:a1:76:34:49:54:89:52:31:
                    9d:22:1f:cf:01:e5:23:18:bf:d6:8c:13:83:2a:2c:
                    41:da:3c:0a:60:59:ad:4b:65:43:0e:a8:d6:9a:b3:
                    4c:4e:f4:51:e7:e5:9d:a6:56:a1:1f:ec:11:33:75:
                    03:a9:f5:e5:32:c7:32:2b:e1:c1:ae:14:e0:11:05:
                    65:aa:d5:9f:4b:25:b9:c1:84:4a:20:02:ab:86:6f:
                    6d:3f:c5:e1:ae:f4:b2:a7:c0:0f:b7:2a:96:f3:e6:
                    c6:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:46:12:0D:B3:39:16:9E:12:A8:49:C1:ED:2B:E5:BE:4D:42:83:E3
            X509v3 Authority Key Identifier:
                keyid:F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/f0YSDbM5Fp4SqEnB7Svlvk1Cg-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.196.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:1c:d5:01:4c:bd:2d:3f:a5:8b:41:34:6e:00:fd:2b:c6:99:
         39:91:6d:22:44:af:04:1e:c9:ba:58:50:fd:2c:d2:f7:f3:92:
         45:28:d8:5a:4e:fc:9e:c4:e3:93:b9:f8:e5:d4:7c:b3:3a:06:
         89:b6:27:c9:b2:78:96:e1:05:64:9c:ab:6f:91:51:c6:c3:b5:
         9d:a4:77:fe:77:34:d8:e1:c7:7b:fb:8a:62:0b:d1:19:14:b9:
         03:49:67:b5:39:bf:9f:4c:42:25:45:01:3c:9b:54:20:b3:73:
         3d:27:30:a6:f0:9e:8a:32:00:15:8d:e3:98:26:76:90:de:c5:
         8a:91:f8:87:4f:49:4e:93:87:97:86:95:2d:a9:23:43:8d:6a:
         f7:2b:6a:09:51:34:dd:dd:45:46:85:43:d2:d5:81:2b:42:48:
         77:bf:e5:83:a1:1f:52:e0:e4:c9:fd:85:07:f8:cf:1b:d9:28:
         c0:e5:be:58:02:27:3d:c9:cf:9a:d3:45:e6:88:32:c2:87:b9:
         3b:9f:68:c1:96:98:43:5a:ed:61:e6:5c:ec:e6:00:21:82:6e:
         29:cc:4a:08:71:30:dd:67:fc:73:7e:78:0e:30:82:c0:b9:16:
         58:74:a2:06:0c:54:6e:5a:53:38:87:a3:f5:c1:ea:e7:a6:54:
         9a:bc:5a:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6W0zca2IK3RGJqhDacbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMzA2NThmMTZkMmQ4OGQzNDE2NDU5MmZjZDRkZTEzMTMx
ZjE2OTUwHhcNMjUwMTAxMTM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjQ2MTIwZGIzMzkxNjllMTJhODQ5YzFlZDJiZTViZTRkNDI4M2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMA6PsoLw0lP5JwAI+I2BhuHTs2n
0MuB6w5C6NRreiUXZCIX+T/SOiNSqqLtFrDONLRmgUEVr9rlIfXdb3Q2/zCckrhs
vYQouI+TYoldYxu7qM26PflmRRVE3XyhMhsNIaguAHcODVJyQeX/lnoRfdKLKL5Q
Jb+2oSWP+U7qUB5hTcvFWbvWcfPfptNpYHRBOnAlNZuCEwCnCgTHoXY0SVSJUjGd
Ih/PAeUjGL/WjBODKixB2jwKYFmtS2VDDqjWmrNMTvRR5+WdplahH+wRM3UDqfXl
MscyK+HBrhTgEQVlqtWfSyW5wYRKIAKrhm9tP8XhrvSyp8APtyqW8+bGtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH9GEg2zORaeEqhJwe0r5b5NQoPjMB8GA1UdIwQY
MBaAFPAwZY8W0tiNNBZFkvzU3hMTHxaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYt
ODk0ODA1Mjg5Y2MwLzEvZjBZU0RiTTVGcDRTcUVuQjdTdmx2azFDZy1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYtODk0ODA1Mjg5Y2Mw
LzEvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cRjMA0G
CSqGSIb3DQEBCwUAA4IBAQBqHNUBTL0tP6WLQTRuAP0rxpk5kW0iRK8EHsm6WFD9
LNL385JFKNhaTvyexOOTufjl1HyzOgaJtifJsniW4QVknKtvkVHGw7WdpHf+dzTY
4cd7+4piC9EZFLkDSWe1Ob+fTEIlRQE8m1Qgs3M9JzCm8J6KMgAVjeOYJnaQ3sWK
kfiHT0lOk4eXhpUtqSNDjWr3K2oJUTTd3UVGhUPS1YErQkh3v+WDoR9S4OTJ/YUH
+M8b2SjA5b5YAic9yc+a00XmiDLCh7k7n2jBlphDWu1h5lzs5gAhgm4pzEoIcTDd
Z/xzfngOMILAuRZYdKIGDFRuWlM4h6P1wernplSavFqF
-----END CERTIFICATE-----