Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/a3SyScX72L5TkWnjrj7OuShiBm0.roa
File:                     a3SyScX72L5TkWnjrj7OuShiBm0.roa (raw, json)
Hash identifier:          EcnC4sDg2JzNdW4ec0ThJsTXhRWMy/yu92wkqgkxq6Y=
Subject key identifier:   6B:74:B2:49:C5:FB:D8:BE:53:91:69:E3:AE:3E:CE:B9:28:62:06:6D
Certificate issuer:       /CN=f5cb856d4269219ed3a0c0dc47333236f155953a
Certificate serial:       0196D42D72711BF7B8398496802BE7113FF6
Authority key identifier: F5:CB:85:6D:42:69:21:9E:D3:A0:C0:DC:47:33:32:36:F1:55:95:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9cuFbUJpIZ7ToMDcRzMyNvFVlTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/a3SyScX72L5TkWnjrj7OuShiBm0.roa
Signing time:             Thu 15 May 2025 13:41:10 +0000
ROA not before:           Thu 15 May 2025 13:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3269
IP address blocks:        94.199.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/9cuFbUJpIZ7ToMDcRzMyNvFVlTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/9cuFbUJpIZ7ToMDcRzMyNvFVlTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9cuFbUJpIZ7ToMDcRzMyNvFVlTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d4:2d:72:71:1b:f7:b8:39:84:96:80:2b:e7:11:3f:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5cb856d4269219ed3a0c0dc47333236f155953a
        Validity
            Not Before: May 15 13:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b74b249c5fbd8be539169e3ae3eceb92862066d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:3d:75:00:53:e3:1f:75:bf:b0:96:32:78:d1:
                    fd:43:24:b3:0d:8c:0a:6b:d0:ff:60:98:d2:00:f9:
                    35:41:de:96:99:1f:3e:ee:16:3d:f8:41:51:0e:2a:
                    17:d1:37:1f:83:e6:81:07:2f:12:68:8c:8c:87:6f:
                    ee:10:94:50:26:72:15:6b:07:d9:af:04:39:96:86:
                    3f:83:a3:8a:b8:6f:31:bc:23:66:b0:04:d3:90:63:
                    9b:ed:3a:41:28:66:49:98:5d:9e:88:aa:31:18:d7:
                    fd:3e:e9:a6:61:04:f8:09:0b:84:53:e9:0b:fe:64:
                    d4:9e:47:9e:71:bc:25:e5:27:d0:7c:5b:7f:ea:3b:
                    a4:8f:e1:23:93:b6:f9:1d:8c:b2:0b:53:03:5c:67:
                    60:f9:7e:65:79:0c:0c:01:75:f2:af:a9:79:8c:32:
                    10:ef:d9:d4:fc:38:77:3a:32:94:ed:39:30:0c:bc:
                    b4:4a:2c:c1:2d:20:f7:c7:66:1f:ce:41:a4:05:ac:
                    e2:1b:9a:81:3b:42:c1:8a:26:8b:57:f0:84:6c:8e:
                    47:8c:a9:f1:14:0a:d2:a2:86:85:47:06:bf:ef:2f:
                    4d:99:cb:1c:23:3c:de:1f:6a:1e:26:a2:19:cf:3f:
                    1b:bc:d7:d1:ed:7d:59:d5:54:f1:e8:f4:e5:9c:ff:
                    b5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:74:B2:49:C5:FB:D8:BE:53:91:69:E3:AE:3E:CE:B9:28:62:06:6D
            X509v3 Authority Key Identifier:
                keyid:F5:CB:85:6D:42:69:21:9E:D3:A0:C0:DC:47:33:32:36:F1:55:95:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9cuFbUJpIZ7ToMDcRzMyNvFVlTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/a3SyScX72L5TkWnjrj7OuShiBm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/9cuFbUJpIZ7ToMDcRzMyNvFVlTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         48:2f:13:4e:b2:82:a3:65:2a:ab:e3:ac:45:bb:df:29:ae:b7:
         1c:84:91:8e:6c:ee:ba:11:15:59:a7:c8:39:ef:c0:29:02:3b:
         cf:eb:17:f8:75:b6:eb:27:02:b5:91:79:ec:cf:6e:a3:d6:aa:
         d2:ed:49:c8:41:14:08:8f:b1:ec:b0:11:8e:1a:86:64:0f:15:
         85:0f:c1:41:4d:63:09:0a:41:78:cc:79:6c:97:98:1e:97:99:
         fa:7c:4d:e8:24:23:fb:fe:4f:0c:21:e3:5e:24:61:00:a9:85:
         2b:8d:2d:77:c9:80:a3:71:96:95:39:b5:9b:b6:89:ff:93:6f:
         f0:55:5a:bc:00:90:4e:53:c4:14:16:99:04:fe:b5:d0:eb:8b:
         b8:ad:16:28:18:d4:02:c8:5d:d0:30:4f:58:de:13:79:2a:40:
         94:bf:dd:d4:c7:2e:2f:f3:ef:5c:7f:3f:32:8c:1c:37:98:e9:
         95:de:78:72:23:16:74:b1:f8:9c:e8:78:50:17:e9:63:c3:4c:
         d9:2a:4b:38:f3:02:db:20:b9:52:a8:8f:fa:da:f2:23:86:c6:
         a9:2c:f1:9c:71:73:ac:98:31:10:ab:17:8d:be:03:5b:42:56:
         e9:70:67:0f:39:a6:48:84:7e:58:76:8b:cc:34:bf:b7:00:9d:
         7f:1b:b3:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbULXJxG/e4OYSWgCvnET/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1Y2I4NTZkNDI2OTIxOWVkM2EwYzBkYzQ3MzMzMjM2ZjE1
NTk1M2EwHhcNMjUwNTE1MTM0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjc0YjI0OWM1ZmJkOGJlNTM5MTY5ZTNhZTNlY2ViOTI4NjIwNjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0D11AFPjH3W/sJYyeNH9QySzDYwK
a9D/YJjSAPk1Qd6WmR8+7hY9+EFRDioX0Tcfg+aBBy8SaIyMh2/uEJRQJnIVawfZ
rwQ5loY/g6OKuG8xvCNmsATTkGOb7TpBKGZJmF2eiKoxGNf9PummYQT4CQuEU+kL
/mTUnkeecbwl5SfQfFt/6jukj+Ejk7b5HYyyC1MDXGdg+X5leQwMAXXyr6l5jDIQ
79nU/Dh3OjKU7TkwDLy0SizBLSD3x2YfzkGkBaziG5qBO0LBiiaLV/CEbI5HjKnx
FArSooaFRwa/7y9NmcscIzzeH2oeJqIZzz8bvNfR7X1Z1VTx6PTlnP+1owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGt0sknF+9i+U5Fp464+zrkoYgZtMB8GA1UdIwQY
MBaAFPXLhW1CaSGe06DA3EczMjbxVZU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWN1RmJVSnBJWjdUb01EY1J6TXlOdkZWbFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS83NGIyODAtZTFiNC00MzEwLTgwODUt
ZDY1NjE3YmQzYjRmLzEvYTNTeVNjWDcyTDVUa1duanJqN091U2hpQm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS83NGIyODAtZTFiNC00MzEwLTgwODUtZDY1NjE3YmQzYjRm
LzEvOWN1RmJVSnBJWjdUb01EY1J6TXlOdkZWbFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXscIMA0G
CSqGSIb3DQEBCwUAA4IBAQBILxNOsoKjZSqr46xFu98prrcchJGObO66ERVZp8g5
78ApAjvP6xf4dbbrJwK1kXnsz26j1qrS7UnIQRQIj7HssBGOGoZkDxWFD8FBTWMJ
CkF4zHlsl5gel5n6fE3oJCP7/k8MIeNeJGEAqYUrjS13yYCjcZaVObWbton/k2/w
VVq8AJBOU8QUFpkE/rXQ64u4rRYoGNQCyF3QME9Y3hN5KkCUv93Uxy4v8+9cfz8y
jBw3mOmV3nhyIxZ0sfic6HhQF+ljw0zZKks48wLbILlSqI/62vIjhsapLPGccXOs
mDEQqxeNvgNbQlbpcGcPOaZIhH5YdovMNL+3AJ1/G7O+
-----END CERTIFICATE-----