Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/c10cd5-251a-476d-89dc-79497ee25984/1/C_tBNxeBdMQFQvAqAIQOAGk3NV0.roa
File:                     C_tBNxeBdMQFQvAqAIQOAGk3NV0.roa (raw, json)
Hash identifier:          ytHvNr9cmIrq9gpmtc0zxz6E+7ODTCXhvZEm/AZ4ML0=
Subject key identifier:   0B:FB:41:37:17:81:74:C4:05:42:F0:2A:00:84:0E:00:69:37:35:5D
Certificate issuer:       /CN=ad9d45f0292d312fd060a2740bd1e52750bb8c25
Certificate serial:       0194228D2BD4F025640ACCAE8FD6D788EA54
Authority key identifier: AD:9D:45:F0:29:2D:31:2F:D0:60:A2:74:0B:D1:E5:27:50:BB:8C:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rZ1F8CktMS_QYKJ0C9HlJ1C7jCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/c10cd5-251a-476d-89dc-79497ee25984/1/C_tBNxeBdMQFQvAqAIQOAGk3NV0.roa
Signing time:             Wed 01 Jan 2025 15:47:44 +0000
ROA not before:           Wed 01 Jan 2025 15:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207496
IP address blocks:        195.162.6.0/23 maxlen: 23
                          195.177.194.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/c10cd5-251a-476d-89dc-79497ee25984/1/rZ1F8CktMS_QYKJ0C9HlJ1C7jCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/c10cd5-251a-476d-89dc-79497ee25984/1/rZ1F8CktMS_QYKJ0C9HlJ1C7jCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rZ1F8CktMS_QYKJ0C9HlJ1C7jCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:2b:d4:f0:25:64:0a:cc:ae:8f:d6:d7:88:ea:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad9d45f0292d312fd060a2740bd1e52750bb8c25
        Validity
            Not Before: Jan  1 15:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bfb4137178174c40542f02a00840e006937355d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:1d:e1:83:d9:56:c3:51:41:94:ae:d6:be:dc:
                    3b:3f:5c:2c:f6:2d:bc:16:61:5e:de:68:e9:5d:f5:
                    d3:88:1c:46:42:11:9b:b6:79:2f:04:dd:67:de:19:
                    c7:7a:00:f6:f3:18:7a:36:66:e5:9f:ca:b6:c4:ef:
                    7f:b7:e8:6d:85:45:12:6b:4c:17:ec:2c:5c:69:53:
                    38:14:7a:aa:13:0f:2c:cc:d3:48:dc:c8:82:81:4d:
                    cb:6a:42:07:47:c9:e3:35:4f:8e:8e:18:32:4b:52:
                    1b:7b:cb:30:57:ba:75:eb:05:03:49:87:59:8a:bc:
                    a6:cb:93:23:3f:ef:c5:c8:f7:93:87:ca:6d:9b:fc:
                    d3:3f:3a:72:ad:a6:d3:3e:40:8f:a3:c2:d7:50:9c:
                    26:d3:a4:6f:11:49:8c:9f:b1:54:44:88:b6:eb:8f:
                    ee:15:e2:14:a9:58:37:8e:50:ec:30:2d:83:4e:3b:
                    40:e0:d1:4f:d0:ec:48:18:bb:73:85:ef:f8:74:29:
                    94:07:49:69:df:02:69:9c:cd:de:32:dd:3c:4e:76:
                    fb:d4:01:bc:87:d4:6d:15:69:5f:eb:83:c7:19:33:
                    e7:95:b8:49:1b:4c:97:cd:c3:33:c5:56:05:77:1e:
                    34:6d:8c:ef:1f:68:16:92:f5:69:b9:d4:93:36:ed:
                    c4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:FB:41:37:17:81:74:C4:05:42:F0:2A:00:84:0E:00:69:37:35:5D
            X509v3 Authority Key Identifier:
                keyid:AD:9D:45:F0:29:2D:31:2F:D0:60:A2:74:0B:D1:E5:27:50:BB:8C:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rZ1F8CktMS_QYKJ0C9HlJ1C7jCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/c10cd5-251a-476d-89dc-79497ee25984/1/C_tBNxeBdMQFQvAqAIQOAGk3NV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/c10cd5-251a-476d-89dc-79497ee25984/1/rZ1F8CktMS_QYKJ0C9HlJ1C7jCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.162.6.0/23
                  195.177.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:84:aa:9d:17:22:a1:45:0b:ea:a6:20:82:19:10:2c:7e:36:
         ab:af:57:66:b2:55:f5:7d:ed:fd:72:ec:e1:b9:70:58:c2:b8:
         b6:0f:46:bc:49:63:ed:8d:2d:e3:c2:5a:34:b0:cf:3d:8e:f4:
         05:55:e1:17:d0:70:48:71:90:a0:8a:9c:d6:a5:77:ea:7a:91:
         b0:29:be:75:3c:ea:63:36:be:3e:34:27:22:4c:f0:ab:6a:1e:
         37:7d:71:ac:0b:93:a6:c5:27:d7:7d:01:a2:9d:6a:7b:13:1e:
         4d:13:64:c5:a6:7e:ec:66:66:62:d1:4d:21:1c:34:9c:20:97:
         8e:f1:82:df:7d:2d:24:f9:4f:13:c3:02:cb:38:47:f7:ef:10:
         f8:ed:11:48:89:9c:a7:2f:d4:6b:07:19:56:1b:91:fd:1a:74:
         f4:bc:3b:ca:95:5e:85:6a:81:21:0a:83:d0:e4:e0:8f:76:0e:
         5d:f9:6b:42:28:2c:69:ad:04:d4:82:92:dd:5f:e4:c5:d7:a4:
         89:70:da:16:30:f4:c6:b8:54:48:a1:fe:d0:0d:c1:98:31:ed:
         a0:7e:b5:cd:ea:7e:b4:d1:d5:13:93:50:b0:19:ec:fd:4e:b4:
         c1:dd:39:f1:93:b1:17:82:b9:0e:b2:92:5e:2e:bc:f0:99:7b:
         8a:73:7f:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijSvU8CVkCsyuj9bXiOpUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkOWQ0NWYwMjkyZDMxMmZkMDYwYTI3NDBiZDFlNTI3NTBi
YjhjMjUwHhcNMjUwMTAxMTU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmZiNDEzNzE3ODE3NGM0MDU0MmYwMmEwMDg0MGUwMDY5MzczNTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyh3hg9lWw1FBlK7Wvtw7P1ws9i28
FmFe3mjpXfXTiBxGQhGbtnkvBN1n3hnHegD28xh6Nmbln8q2xO9/t+hthUUSa0wX
7CxcaVM4FHqqEw8szNNI3MiCgU3LakIHR8njNU+OjhgyS1Ibe8swV7p16wUDSYdZ
irymy5MjP+/FyPeTh8ptm/zTPzpyrabTPkCPo8LXUJwm06RvEUmMn7FURIi264/u
FeIUqVg3jlDsMC2DTjtA4NFP0OxIGLtzhe/4dCmUB0lp3wJpnM3eMt08Tnb71AG8
h9RtFWlf64PHGTPnlbhJG0yXzcMzxVYFdx40bYzvH2gWkvVpudSTNu3EiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAv7QTcXgXTEBULwKgCEDgBpNzVdMB8GA1UdIwQY
MBaAFK2dRfApLTEv0GCidAvR5SdQu4wlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcloxRjhDa3RNU19RWUtKMEM5SGxKMUM3akNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9jMTBjZDUtMjUxYS00NzZkLTg5ZGMt
Nzk0OTdlZTI1OTg0LzEvQ190Qk54ZUJkTVFGUXZBcUFJUU9BR2szTlYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9jMTBjZDUtMjUxYS00NzZkLTg5ZGMtNzk0OTdlZTI1OTg0
LzEvcloxRjhDa3RNU19RWUtKMEM5SGxKMUM3akNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw6IGAwQB
w7HCMA0GCSqGSIb3DQEBCwUAA4IBAQA+hKqdFyKhRQvqpiCCGRAsfjarr1dmslX1
fe39cuzhuXBYwri2D0a8SWPtjS3jwlo0sM89jvQFVeEX0HBIcZCgipzWpXfqepGw
Kb51POpjNr4+NCciTPCrah43fXGsC5OmxSfXfQGinWp7Ex5NE2TFpn7sZmZi0U0h
HDScIJeO8YLffS0k+U8TwwLLOEf37xD47RFIiZynL9RrBxlWG5H9GnT0vDvKlV6F
aoEhCoPQ5OCPdg5d+WtCKCxprQTUgpLdX+TF16SJcNoWMPTGuFRIof7QDcGYMe2g
frXN6n600dUTk1CwGez9TrTB3Tnxk7EXgrkOspJeLrzwmXuKc39s
-----END CERTIFICATE-----