Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/6ef47TXoBdfjKnlsNsow8DBixKo.roa
File:                     6ef47TXoBdfjKnlsNsow8DBixKo.roa (raw, json)
Hash identifier:          CJVWo8/zfulxwmsfO0I8Hpt8eJudz4hqVHD23gptH10=
Subject key identifier:   E9:E7:F8:ED:35:E8:05:D7:E3:2A:79:6C:36:CA:30:F0:30:62:C4:AA
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       01941F8C0A3213077375F8317004468B31CF
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/6ef47TXoBdfjKnlsNsow8DBixKo.roa
Signing time:             Wed 01 Jan 2025 01:47:38 +0000
ROA not before:           Wed 01 Jan 2025 01:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199614
IP address blocks:        192.145.53.0/24 maxlen: 24
                          192.145.54.0/24 maxlen: 24
                          192.145.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:0a:32:13:07:73:75:f8:31:70:04:46:8b:31:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Jan  1 01:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9e7f8ed35e805d7e32a796c36ca30f03062c4aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ec:62:66:b7:c0:8f:25:58:8d:3b:5c:2d:ba:
                    f7:b3:fc:85:ca:be:ae:38:ef:96:7e:1d:6c:5c:4a:
                    81:eb:ad:5b:8a:65:b8:c6:8e:1e:9b:25:ce:c3:d0:
                    cf:f1:2e:7f:f8:35:90:01:f7:3e:7e:25:28:d0:cf:
                    94:54:4b:ac:65:b1:7b:d9:5c:6b:ba:b6:5b:59:2f:
                    ba:80:0b:ad:f2:d2:87:99:e9:64:1b:76:b6:bf:e2:
                    b7:93:51:13:ed:1e:f2:c2:21:56:7d:f7:87:7b:43:
                    5f:1c:88:55:bd:27:75:e5:b3:1f:20:9d:f2:d3:8b:
                    1b:1f:0e:d3:b0:d2:c7:4b:30:84:a2:73:a8:a4:37:
                    e1:79:b1:ee:39:2d:7a:06:3b:15:7b:5d:de:9a:5d:
                    fa:b6:b6:d6:bc:4c:52:4c:33:a5:80:17:c1:64:d1:
                    99:d1:c6:8c:6e:96:cc:d5:27:29:71:0d:20:7b:56:
                    7f:75:81:91:96:ac:b5:59:cf:0d:8a:ea:97:53:55:
                    b8:b7:57:21:c9:89:08:30:de:67:85:69:fa:4b:33:
                    74:2f:0c:69:47:8f:eb:23:ac:df:57:ce:51:6e:8c:
                    fb:bf:73:2a:0e:ca:a4:d4:98:ae:55:6e:90:d3:e9:
                    1f:5e:08:aa:e4:00:0e:91:ed:ea:8b:c3:7c:b6:ac:
                    cb:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:E7:F8:ED:35:E8:05:D7:E3:2A:79:6C:36:CA:30:F0:30:62:C4:AA
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/6ef47TXoBdfjKnlsNsow8DBixKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.53.0-192.145.55.255

    Signature Algorithm: sha256WithRSAEncryption
         52:c4:74:ef:63:67:5f:18:1e:2a:95:5b:43:45:51:2c:f7:1e:
         0b:19:5b:5f:bc:55:94:e9:e6:a9:e1:ee:0f:ee:ad:69:a6:21:
         3a:46:2f:9e:a2:51:23:9c:2d:e3:49:23:91:00:aa:c2:93:aa:
         ee:e6:79:ab:77:5b:19:85:81:5d:24:86:1c:d1:d1:0a:95:ed:
         54:c4:4e:59:34:5f:e0:49:ef:2c:fe:8e:0b:b4:d7:4f:19:32:
         c5:a2:8d:cb:ab:a0:a9:6b:23:8c:d8:12:27:d2:34:ed:1f:ea:
         1f:cd:80:98:d2:c1:de:74:42:a2:89:8b:5b:0b:a3:12:bc:f0:
         78:74:bf:c4:c4:83:3e:d2:b5:cf:c8:93:20:6d:8a:2f:eb:ea:
         3e:e9:50:5a:17:d9:9a:f7:d3:28:dd:17:f6:bb:b0:05:98:f6:
         7d:6d:e0:a3:90:09:5c:8a:0e:ed:83:fc:46:d1:04:63:d4:95:
         14:ab:51:79:d1:6a:ed:49:69:f0:23:ce:23:4f:b9:4a:3b:ba:
         fb:53:8a:bf:af:7b:6c:41:6b:f2:67:66:e6:16:4c:8d:b5:c4:
         55:b2:f2:b9:9f:cc:2c:4d:3b:01:fe:08:05:22:1d:70:b5:75:
         32:96:44:f0:a0:f2:56:92:1d:58:b4:d1:9d:26:80:4c:29:b6:
         db:9a:96:11
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQfjAoyEwdzdfgxcARGizHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUwMTAxMDE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWU3ZjhlZDM1ZTgwNWQ3ZTMyYTc5NmMzNmNhMzBmMDMwNjJjNGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5OxiZrfAjyVYjTtcLbr3s/yFyr6u
OO+Wfh1sXEqB661bimW4xo4emyXOw9DP8S5/+DWQAfc+fiUo0M+UVEusZbF72Vxr
urZbWS+6gAut8tKHmelkG3a2v+K3k1ET7R7ywiFWffeHe0NfHIhVvSd15bMfIJ3y
04sbHw7TsNLHSzCEonOopDfhebHuOS16BjsVe13eml36trbWvExSTDOlgBfBZNGZ
0caMbpbM1ScpcQ0ge1Z/dYGRlqy1Wc8NiuqXU1W4t1chyYkIMN5nhWn6SzN0Lwxp
R4/rI6zfV85Rboz7v3MqDsqk1JiuVW6Q0+kfXgiq5AAOke3qi8N8tqzLKQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOnn+O016AXX4yp5bDbKMPAwYsSqMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvNmVmNDdUWG9CZGZqS25sc05zb3c4REJpeEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADAkTUD
BAPAkTAwDQYJKoZIhvcNAQELBQADggEBAFLEdO9jZ18YHiqVW0NFUSz3HgsZW1+8
VZTp5qnh7g/urWmmITpGL56iUSOcLeNJI5EAqsKTqu7meat3WxmFgV0khhzR0QqV
7VTETlk0X+BJ7yz+jgu0108ZMsWijcuroKlrI4zYEifSNO0f6h/NgJjSwd50QqKJ
i1sLoxK88Hh0v8TEgz7Stc/IkyBtii/r6j7pUFoX2Zr30yjdF/a7sAWY9n1t4KOQ
CVyKDu2D/EbRBGPUlRSrUXnRau1JafAjziNPuUo7uvtTir+ve2xBa/JnZuYWTI21
xFWy8rmfzCxNOwH+CAUiHXC1dTKWRPCg8laSHVi00Z0mgEwpttualhE=
-----END CERTIFICATE-----