Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/925259-2527-45eb-b916-5f2650c9012d/1/_ryT7JJRyl2zbDlcHLiieOVaWDE.roa
File:                     _ryT7JJRyl2zbDlcHLiieOVaWDE.roa (raw, json)
Hash identifier:          aYopHcEKoiKmgUw0u7ZqiunqjMA1+tPcCa/wAYiX86g=
Subject key identifier:   FE:BC:93:EC:92:51:CA:5D:B3:6C:39:5C:1C:B8:A2:78:E5:5A:58:31
Certificate issuer:       /CN=1734db5c41e711b73d8f29dac12e9b8364cd1fbd
Certificate serial:       01941F8C8368EFAB34BD903913372B919662
Authority key identifier: 17:34:DB:5C:41:E7:11:B7:3D:8F:29:DA:C1:2E:9B:83:64:CD:1F:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FzTbXEHnEbc9jynawS6bg2TNH70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/925259-2527-45eb-b916-5f2650c9012d/1/_ryT7JJRyl2zbDlcHLiieOVaWDE.roa
Signing time:             Wed 01 Jan 2025 01:48:09 +0000
ROA not before:           Wed 01 Jan 2025 01:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1945
IP address blocks:        140.77.0.0/16 maxlen: 16
                          192.33.153.0/24 maxlen: 24
                          192.33.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/925259-2527-45eb-b916-5f2650c9012d/1/FzTbXEHnEbc9jynawS6bg2TNH70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/925259-2527-45eb-b916-5f2650c9012d/1/FzTbXEHnEbc9jynawS6bg2TNH70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FzTbXEHnEbc9jynawS6bg2TNH70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 19:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:83:68:ef:ab:34:bd:90:39:13:37:2b:91:96:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1734db5c41e711b73d8f29dac12e9b8364cd1fbd
        Validity
            Not Before: Jan  1 01:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=febc93ec9251ca5db36c395c1cb8a278e55a5831
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e9:e0:2c:3f:4b:10:d2:25:a9:13:74:17:3d:
                    3c:3a:0b:05:15:6b:cf:27:8d:c6:a0:10:62:1a:62:
                    c5:eb:f1:f9:ae:ad:58:f3:eb:f4:a6:b8:d8:2f:d7:
                    7d:9b:23:83:9f:be:49:99:b9:4e:2c:43:f5:66:56:
                    77:17:fc:d1:cc:ec:3c:04:52:e4:50:20:8a:15:55:
                    60:d9:f4:c7:01:47:e0:0b:e2:9b:e7:94:3b:e6:68:
                    af:e5:58:a2:ab:3f:b2:ec:ae:80:8b:56:71:b5:cf:
                    eb:56:09:47:36:04:2c:73:12:4c:0f:f7:4d:6b:27:
                    97:da:d6:7f:f0:2c:66:17:a2:df:18:7b:0f:a0:05:
                    fc:7f:ea:b2:aa:ad:40:02:9f:be:82:db:44:f0:61:
                    d7:da:94:ce:3c:59:89:bc:0f:8b:77:cd:d1:e7:95:
                    02:80:dc:10:79:37:d8:89:45:d2:5b:e4:e0:71:c8:
                    07:a7:07:e3:47:13:d2:ed:ec:67:ce:95:16:87:80:
                    2f:95:bf:b5:ae:86:93:33:6b:dc:a8:f2:f9:77:e7:
                    0a:f7:8c:d6:2e:91:b8:2a:81:4b:83:8e:88:9c:f1:
                    d9:b5:fa:2b:1a:2e:e9:3d:73:87:7c:f8:70:e4:09:
                    06:56:20:3a:db:c3:9a:c9:95:e2:63:7b:fe:5d:38:
                    9e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:BC:93:EC:92:51:CA:5D:B3:6C:39:5C:1C:B8:A2:78:E5:5A:58:31
            X509v3 Authority Key Identifier:
                keyid:17:34:DB:5C:41:E7:11:B7:3D:8F:29:DA:C1:2E:9B:83:64:CD:1F:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FzTbXEHnEbc9jynawS6bg2TNH70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/925259-2527-45eb-b916-5f2650c9012d/1/_ryT7JJRyl2zbDlcHLiieOVaWDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/925259-2527-45eb-b916-5f2650c9012d/1/FzTbXEHnEbc9jynawS6bg2TNH70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.77.0.0/16
                  192.33.153.0/24
                  192.33.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:dd:ea:b0:5d:eb:02:5c:73:ea:95:6c:3f:c3:82:6e:62:d7:
         46:37:4e:5e:96:79:dd:d1:33:5f:e0:fd:ef:36:1d:58:ce:73:
         84:36:8f:3b:da:09:02:b1:67:89:8f:5c:bc:80:b1:00:50:9b:
         be:f7:b4:90:7c:ed:7d:a1:b3:ba:e9:98:65:42:78:89:af:a5:
         17:6a:c8:d9:9f:7f:2d:a3:46:82:c8:bc:f0:62:33:be:85:98:
         f0:ee:0d:8b:f6:30:49:fe:47:cb:e0:aa:53:90:63:41:3d:cd:
         db:7f:9c:93:db:58:21:b8:7d:bb:58:42:f8:4b:af:2d:54:24:
         80:b9:eb:5b:13:98:51:da:2f:e4:14:84:ac:9d:40:66:91:0d:
         dc:74:07:f9:a5:5a:31:b6:32:e8:25:00:d6:5a:17:f8:8b:2e:
         a4:89:cb:1c:7a:4b:39:b2:33:7a:ab:bd:6e:68:45:bc:49:a4:
         9f:87:3f:1f:e8:f4:65:9f:d5:f5:12:61:95:9a:92:5c:a2:eb:
         12:dc:bd:26:9b:34:f1:4b:44:94:c7:c4:2c:8e:14:b8:b8:3e:
         fe:3f:fe:24:42:33:1b:89:b7:42:67:08:6e:6a:8d:40:fb:0d:
         4b:53:58:a6:1d:02:54:25:a4:ad:fa:71:5a:63:7b:8b:fb:47:
         9c:8a:97:b6
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQfjINo76s0vZA5EzcrkZZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MzRkYjVjNDFlNzExYjczZDhmMjlkYWMxMmU5YjgzNjRj
ZDFmYmQwHhcNMjUwMTAxMDE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWJjOTNlYzkyNTFjYTVkYjM2YzM5NWMxY2I4YTI3OGU1NWE1ODMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOngLD9LENIlqRN0Fz08OgsFFWvP
J43GoBBiGmLF6/H5rq1Y8+v0prjYL9d9myODn75JmblOLEP1ZlZ3F/zRzOw8BFLk
UCCKFVVg2fTHAUfgC+Kb55Q75miv5Viiqz+y7K6Ai1Zxtc/rVglHNgQscxJMD/dN
ayeX2tZ/8CxmF6LfGHsPoAX8f+qyqq1AAp++gttE8GHX2pTOPFmJvA+Ld83R55UC
gNwQeTfYiUXSW+TgccgHpwfjRxPS7exnzpUWh4Avlb+1roaTM2vcqPL5d+cK94zW
LpG4KoFLg46InPHZtforGi7pPXOHfPhw5AkGViA628OayZXiY3v+XTie6QIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFP68k+ySUcpds2w5XBy4onjlWlgxMB8GA1UdIwQY
MBaAFBc021xB5xG3PY8p2sEum4NkzR+9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnpUYlhFSG5FYmM5anluYXdTNmJnMlROSDcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85MjUyNTktMjUyNy00NWViLWI5MTYt
NWYyNjUwYzkwMTJkLzEvX3J5VDdKSlJ5bDJ6YkRsY0hMaWllT1ZhV0RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85MjUyNTktMjUyNy00NWViLWI5MTYtNWYyNjUwYzkwMTJk
LzEvRnpUYlhFSG5FYmM5anluYXdTNmJnMlROSDcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAATARAwMAjE0DBADA
IZkDBADAIaIwDQYJKoZIhvcNAQELBQADggEBAFjd6rBd6wJcc+qVbD/Dgm5i10Y3
Tl6Wed3RM1/g/e82HVjOc4Q2jzvaCQKxZ4mPXLyAsQBQm773tJB87X2hs7rpmGVC
eImvpRdqyNmffy2jRoLIvPBiM76FmPDuDYv2MEn+R8vgqlOQY0E9zdt/nJPbWCG4
fbtYQvhLry1UJIC561sTmFHaL+QUhKydQGaRDdx0B/mlWjG2MuglANZaF/iLLqSJ
yxx6SzmyM3qrvW5oRbxJpJ+HPx/o9GWf1fUSYZWaklyi6xLcvSabNPFLRJTHxCyO
FLi4Pv4//iRCMxuJt0JnCG5qjUD7DUtTWKYdAlQlpK36cVpje4v7R5yKl7Y=
-----END CERTIFICATE-----