Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/139lyeNlCTZU0BOy4AWB3XIegPQ.roa
File:                     139lyeNlCTZU0BOy4AWB3XIegPQ.roa (raw, json)
Hash identifier:          VzrpaxikQ2FR1JamVqwQwq75MdkFdQ6cyhvfG8bUdXQ=
Subject key identifier:   D7:7F:65:C9:E3:65:09:36:54:D0:13:B2:E0:05:81:DD:72:1E:80:F4
Certificate issuer:       /CN=6b66c53b13566d01c4a893adf130bbb4fa1653aa
Certificate serial:       01942746E56D5E83FA03C2ADF0E8AE3CB772
Authority key identifier: 6B:66:C5:3B:13:56:6D:01:C4:A8:93:AD:F1:30:BB:B4:FA:16:53:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a2bFOxNWbQHEqJOt8TC7tPoWU6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/139lyeNlCTZU0BOy4AWB3XIegPQ.roa
Signing time:             Thu 02 Jan 2025 13:49:05 +0000
ROA not before:           Thu 02 Jan 2025 13:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204817
IP address blocks:        185.219.8.0/22 maxlen: 24
                          2a0b:dd40::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/a2bFOxNWbQHEqJOt8TC7tPoWU6o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/a2bFOxNWbQHEqJOt8TC7tPoWU6o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a2bFOxNWbQHEqJOt8TC7tPoWU6o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:e5:6d:5e:83:fa:03:c2:ad:f0:e8:ae:3c:b7:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b66c53b13566d01c4a893adf130bbb4fa1653aa
        Validity
            Not Before: Jan  2 13:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d77f65c9e365093654d013b2e00581dd721e80f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:45:be:50:1a:1e:30:57:21:48:1e:7b:43:9f:
                    68:bc:cd:ef:98:88:da:55:97:e8:04:d4:b6:fd:e7:
                    9a:5d:54:3c:07:33:2f:4c:c3:7b:c1:0d:04:2d:6e:
                    f5:a7:55:88:f5:9f:15:df:51:93:03:35:c2:4b:28:
                    95:61:a3:76:55:d4:4c:aa:fc:93:e4:58:f2:e0:b5:
                    bf:1c:2e:f7:9d:b8:28:a1:77:66:03:64:5d:28:f5:
                    68:f4:8b:ce:d3:57:36:13:48:8b:e7:b1:f2:9f:1d:
                    ed:36:01:fd:fd:c3:2e:25:b6:0d:82:2d:05:d4:61:
                    a4:69:13:1d:5a:a6:57:3f:34:7f:05:e1:2e:74:95:
                    b3:0c:63:24:85:4a:aa:f9:9a:01:03:3c:c9:1a:3a:
                    a1:31:67:6c:cf:8f:5d:14:04:eb:f4:07:6d:de:b2:
                    ba:31:85:7a:ec:30:bd:bf:2e:bc:b6:95:75:52:f8:
                    16:72:5f:82:f7:eb:70:fc:d3:60:c0:10:ea:62:3e:
                    b2:62:22:ec:da:55:13:14:e5:85:74:89:c8:78:4e:
                    8c:24:ac:73:48:66:d4:a8:47:88:27:98:b6:3a:ac:
                    58:8d:0d:6b:a6:c3:3e:3b:a1:47:f8:c5:d8:dc:35:
                    25:e7:1c:9f:d1:c1:c6:b0:78:bb:7b:db:81:82:84:
                    5b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7F:65:C9:E3:65:09:36:54:D0:13:B2:E0:05:81:DD:72:1E:80:F4
            X509v3 Authority Key Identifier:
                keyid:6B:66:C5:3B:13:56:6D:01:C4:A8:93:AD:F1:30:BB:B4:FA:16:53:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2bFOxNWbQHEqJOt8TC7tPoWU6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/139lyeNlCTZU0BOy4AWB3XIegPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/a2bFOxNWbQHEqJOt8TC7tPoWU6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.8.0/22
                IPv6:
                  2a0b:dd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:6e:c3:ac:1d:6e:b0:62:16:ef:0d:f9:58:4e:d1:73:f8:31:
         58:86:95:34:2a:28:86:2f:b8:65:07:9b:58:f2:c7:76:df:f3:
         9a:c2:ec:5d:41:10:36:17:57:e1:57:3f:fb:ae:bb:a6:85:c8:
         fb:a9:fd:56:46:50:93:f4:f7:88:6f:04:59:82:ba:d7:87:ad:
         8c:f9:12:d8:89:61:d6:06:af:0f:77:de:5a:98:92:df:4f:33:
         00:6b:e5:47:29:7a:76:d6:fa:2d:e3:fd:df:0a:51:c4:b4:02:
         68:d7:81:18:cf:a1:87:95:ef:a8:20:31:55:d4:83:30:31:19:
         b4:16:d6:ee:43:58:e9:6c:23:c2:5d:b8:fa:42:7c:c6:c9:ff:
         49:c0:63:e7:4a:7d:3d:5a:81:39:c0:93:1e:2f:50:f7:2c:f4:
         eb:82:38:de:ed:9e:91:8b:b7:da:84:98:64:04:c6:82:c0:92:
         c1:f0:67:f8:65:72:b6:af:da:d9:84:e5:df:58:dc:79:0e:90:
         7e:e4:97:17:69:53:ba:41:33:26:f8:5a:70:10:39:10:11:9a:
         91:99:ae:4b:cf:a6:e1:fd:18:82:4b:bb:fb:1b:f1:61:44:64:
         b5:32:97:51:e1:ce:36:03:db:0a:9f:82:f0:52:09:a4:ef:1e:
         b9:2e:a0:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnRuVtXoP6A8Kt8OiuPLdyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNjZjNTNiMTM1NjZkMDFjNGE4OTNhZGYxMzBiYmI0ZmEx
NjUzYWEwHhcNMjUwMTAyMTM0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdmNjVjOWUzNjUwOTM2NTRkMDEzYjJlMDA1ODFkZDcyMWU4MGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEW+UBoeMFchSB57Q59ovM3vmIja
VZfoBNS2/eeaXVQ8BzMvTMN7wQ0ELW71p1WI9Z8V31GTAzXCSyiVYaN2VdRMqvyT
5Fjy4LW/HC73nbgooXdmA2RdKPVo9IvO01c2E0iL57Hynx3tNgH9/cMuJbYNgi0F
1GGkaRMdWqZXPzR/BeEudJWzDGMkhUqq+ZoBAzzJGjqhMWdsz49dFATr9Adt3rK6
MYV67DC9vy68tpV1UvgWcl+C9+tw/NNgwBDqYj6yYiLs2lUTFOWFdInIeE6MJKxz
SGbUqEeIJ5i2OqxYjQ1rpsM+O6FH+MXY3DUl5xyf0cHGsHi7e9uBgoRbAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNd/ZcnjZQk2VNATsuAFgd1yHoD0MB8GA1UdIwQY
MBaAFGtmxTsTVm0BxKiTrfEwu7T6FlOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTJiRk94TldiUUhFcUpPdDhUQzd0UG9XVTZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC82ZTVmZjEtMzlmOS00NjZiLTgyN2Yt
N2JjMjY4YTBiNTE3LzEvMTM5bHllTmxDVFpVMEJPeTRBV0IzWEllZ1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC82ZTVmZjEtMzlmOS00NjZiLTgyN2YtN2JjMjY4YTBiNTE3
LzEvYTJiRk94TldiUUhFcUpPdDhUQzd0UG9XVTZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudsIMA0E
AgACMAcDBQMqC91AMA0GCSqGSIb3DQEBCwUAA4IBAQCNbsOsHW6wYhbvDflYTtFz
+DFYhpU0KiiGL7hlB5tY8sd23/OawuxdQRA2F1fhVz/7rrumhcj7qf1WRlCT9PeI
bwRZgrrXh62M+RLYiWHWBq8Pd95amJLfTzMAa+VHKXp21vot4/3fClHEtAJo14EY
z6GHle+oIDFV1IMwMRm0FtbuQ1jpbCPCXbj6QnzGyf9JwGPnSn09WoE5wJMeL1D3
LPTrgjje7Z6Ri7fahJhkBMaCwJLB8Gf4ZXK2r9rZhOXfWNx5DpB+5JcXaVO6QTMm
+FpwEDkQEZqRma5Lz6bh/RiCS7v7G/FhRGS1MpdR4c42A9sKn4LwUgmk7x65LqAb
-----END CERTIFICATE-----