Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/acsdEgh-dFdAGSqAE_lAYWdPdzo.roa
File:                     acsdEgh-dFdAGSqAE_lAYWdPdzo.roa (raw, json)
Hash identifier:          lIvBIoA3FQRV1Et4CF8cBr7OP+IuEmQHKzZDW4s0Y6A=
Subject key identifier:   69:CB:1D:12:08:7E:74:57:40:19:2A:80:13:F9:40:61:67:4F:77:3A
Certificate issuer:       /CN=6f3030a4b67f95c2fed902d56657faa2494b5129
Certificate serial:       019420684FB935C60C25FDF1681BEF4E1836
Authority key identifier: 6F:30:30:A4:B6:7F:95:C2:FE:D9:02:D5:66:57:FA:A2:49:4B:51:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/acsdEgh-dFdAGSqAE_lAYWdPdzo.roa
Signing time:             Wed 01 Jan 2025 05:48:14 +0000
ROA not before:           Wed 01 Jan 2025 05:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205833
IP address blocks:        188.0.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4f:b9:35:c6:0c:25:fd:f1:68:1b:ef:4e:18:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f3030a4b67f95c2fed902d56657faa2494b5129
        Validity
            Not Before: Jan  1 05:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69cb1d12087e745740192a8013f94061674f773a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:63:39:ee:8c:39:e1:d2:1f:fa:08:1d:5a:f0:
                    da:6c:84:49:b8:ae:0d:00:96:bb:ce:5d:59:c1:9e:
                    43:21:60:7c:36:30:b1:85:9f:21:0d:35:d8:d5:c0:
                    19:65:cd:26:ff:65:8b:81:3c:69:9c:f2:54:ec:ae:
                    ac:01:fe:8d:4c:92:a0:8c:a3:0a:db:98:c8:3d:1d:
                    e3:6b:40:a0:a0:49:57:3b:57:1a:aa:cd:9c:21:5c:
                    d7:c2:c5:b7:60:d9:04:aa:98:b9:46:84:3a:32:65:
                    ac:71:39:90:87:7b:12:a1:c7:31:08:aa:8a:c5:50:
                    59:3a:bb:22:c9:e2:3a:a5:7c:a5:a9:53:1a:df:15:
                    3d:28:1d:b1:f7:29:bc:e1:35:55:a8:74:2c:29:a3:
                    f1:0c:79:d7:30:e3:4c:a7:84:e0:79:63:53:f1:ac:
                    19:07:86:e6:32:27:30:5d:9b:90:63:f9:60:de:08:
                    50:45:74:35:b0:08:83:85:43:71:b7:28:6b:35:44:
                    2d:4d:5d:bb:a5:b3:0f:71:b0:b7:86:d7:36:6e:39:
                    7e:66:3e:47:2a:b4:80:5a:f9:e5:a7:4d:66:81:aa:
                    e6:51:e2:bd:96:51:f6:8a:9b:67:69:25:a7:27:b5:
                    29:f2:bd:81:26:e8:05:3f:89:c8:bd:c9:d3:b3:34:
                    81:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:CB:1D:12:08:7E:74:57:40:19:2A:80:13:F9:40:61:67:4F:77:3A
            X509v3 Authority Key Identifier:
                keyid:6F:30:30:A4:B6:7F:95:C2:FE:D9:02:D5:66:57:FA:A2:49:4B:51:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/acsdEgh-dFdAGSqAE_lAYWdPdzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.0.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:c3:06:bc:f5:67:fc:aa:49:e3:4c:e1:bc:e4:fd:cd:1a:25:
         a0:a0:e7:e2:b3:df:8e:45:ea:1b:b7:d3:b0:87:34:b9:dc:85:
         09:4b:72:89:f8:b9:72:e2:89:71:e1:b5:60:0f:a7:88:0c:75:
         5b:15:bb:33:18:58:41:d0:98:7b:32:a4:02:30:7f:be:90:02:
         d9:16:49:76:77:8d:8b:8d:5f:37:96:6a:b0:79:c7:a7:0b:6b:
         13:e6:66:58:ee:f9:d3:5c:d4:02:1e:a6:c0:bc:cf:e7:b8:68:
         b2:80:5f:f0:d5:ae:be:9c:24:d6:7c:97:9b:30:fa:c1:b0:78:
         dd:38:a6:8a:8a:9f:86:ff:79:9d:11:4f:b8:83:82:4e:9e:71:
         cc:49:31:f0:ea:7d:8d:bf:ab:59:0d:28:51:b7:22:04:3a:90:
         05:61:34:92:5e:be:28:78:44:e5:96:05:6f:5b:51:b7:e7:73:
         af:3d:a1:e2:c2:1a:d0:00:36:9f:9e:a3:77:82:08:d2:50:d1:
         91:91:db:07:87:97:81:2a:48:9e:9e:a0:ba:96:2c:a3:ca:8c:
         e4:6a:8f:69:ed:2b:74:fd:e6:a3:cd:43:d4:c6:8b:a5:ef:bf:
         1a:88:77:d3:ba:2c:90:81:bf:7d:0c:a8:da:68:a1:6c:cc:6c:
         8e:96:30:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaE+5NcYMJf3xaBvvThg2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMzAzMGE0YjY3Zjk1YzJmZWQ5MDJkNTY2NTdmYWEyNDk0
YjUxMjkwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWNiMWQxMjA4N2U3NDU3NDAxOTJhODAxM2Y5NDA2MTY3NGY3NzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWM57ow54dIf+ggdWvDabIRJuK4N
AJa7zl1ZwZ5DIWB8NjCxhZ8hDTXY1cAZZc0m/2WLgTxpnPJU7K6sAf6NTJKgjKMK
25jIPR3ja0CgoElXO1caqs2cIVzXwsW3YNkEqpi5RoQ6MmWscTmQh3sSoccxCKqK
xVBZOrsiyeI6pXylqVMa3xU9KB2x9ym84TVVqHQsKaPxDHnXMONMp4TgeWNT8awZ
B4bmMicwXZuQY/lg3ghQRXQ1sAiDhUNxtyhrNUQtTV27pbMPcbC3htc2bjl+Zj5H
KrSAWvnlp01mgarmUeK9llH2iptnaSWnJ7Up8r2BJugFP4nIvcnTszSBTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnLHRIIfnRXQBkqgBP5QGFnT3c6MB8GA1UdIwQY
MBaAFG8wMKS2f5XC/tkC1WZX+qJJS1EpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnpBd3BMWl9sY0wtMlFMVlpsZjZva2xMVVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yYjk5YTMtZGQ1Zi00ZmZlLTgyZWYt
YmYzYjIxYTI3MGYyLzEvYWNzZEVnaC1kRmRBR1NxQUVfbEFZV2RQZHpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yYjk5YTMtZGQ1Zi00ZmZlLTgyZWYtYmYzYjIxYTI3MGYy
LzEvYnpBd3BMWl9sY0wtMlFMVlpsZjZva2xMVVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvAD1MA0G
CSqGSIb3DQEBCwUAA4IBAQAJwwa89Wf8qknjTOG85P3NGiWgoOfis9+OReobt9Ow
hzS53IUJS3KJ+Lly4olx4bVgD6eIDHVbFbszGFhB0Jh7MqQCMH++kALZFkl2d42L
jV83lmqwecenC2sT5mZY7vnTXNQCHqbAvM/nuGiygF/w1a6+nCTWfJebMPrBsHjd
OKaKip+G/3mdEU+4g4JOnnHMSTHw6n2Nv6tZDShRtyIEOpAFYTSSXr4oeETllgVv
W1G353OvPaHiwhrQADafnqN3ggjSUNGRkdsHh5eBKkienqC6liyjyozkao9p7St0
/eajzUPUxoul778aiHfTuiyQgb99DKjaaKFszGyOljDO
-----END CERTIFICATE-----