Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ky6_9R6eveNvLuCWPAC-r7adSS0.roa
File:                     ky6_9R6eveNvLuCWPAC-r7adSS0.roa (raw, json)
Hash identifier:          U6nC3qpfku8imjHFuiezWbVoq5/CNzst9vKAejsjQls=
Subject key identifier:   93:2E:BF:F5:1E:9E:BD:E3:6F:2E:E0:96:3C:00:BE:AF:B6:9D:49:2D
Certificate issuer:       /CN=65516ddc7331e2e269dc57d9c7632f25de7d0c6e
Certificate serial:       019420D5B9E2E6873D359F4231C6731E8394
Authority key identifier: 65:51:6D:DC:73:31:E2:E2:69:DC:57:D9:C7:63:2F:25:DE:7D:0C:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZVFt3HMx4uJp3FfZx2MvJd59DG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ky6_9R6eveNvLuCWPAC-r7adSS0.roa
Signing time:             Wed 01 Jan 2025 07:47:45 +0000
ROA not before:           Wed 01 Jan 2025 07:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207988
IP address blocks:        193.7.212.0/22 maxlen: 22
                          2a07:cc00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ZVFt3HMx4uJp3FfZx2MvJd59DG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ZVFt3HMx4uJp3FfZx2MvJd59DG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZVFt3HMx4uJp3FfZx2MvJd59DG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b9:e2:e6:87:3d:35:9f:42:31:c6:73:1e:83:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65516ddc7331e2e269dc57d9c7632f25de7d0c6e
        Validity
            Not Before: Jan  1 07:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=932ebff51e9ebde36f2ee0963c00beafb69d492d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:eb:cf:13:5b:ee:71:96:65:65:10:09:e6:17:
                    16:c6:79:2d:15:df:4d:8f:80:68:7f:47:70:47:a4:
                    5b:07:fc:1b:8d:36:1c:53:b5:79:87:ee:b6:9d:cd:
                    ae:61:c9:ef:02:b1:d3:3f:5d:48:a4:d8:f4:d9:33:
                    70:f4:5f:03:7e:e0:85:1a:4c:01:84:c2:8e:85:4a:
                    93:b7:ed:14:51:aa:94:4a:81:69:e3:11:00:62:81:
                    02:13:d4:fe:9e:69:89:99:f1:91:a7:d5:d0:b8:11:
                    7d:27:72:74:0c:db:2a:b8:05:0c:c2:4e:d2:56:ef:
                    06:bf:ed:04:aa:1b:d8:8c:58:b7:53:b6:3d:21:f0:
                    fe:05:41:67:fc:34:f8:08:4b:43:c5:93:7e:77:65:
                    a3:9e:aa:61:70:9f:37:ce:49:05:39:e2:d8:36:2d:
                    08:ca:44:13:ef:50:3b:12:2e:89:27:49:35:8c:27:
                    95:13:69:2b:43:ea:5d:a9:d8:2a:b0:68:59:86:7a:
                    8b:b5:89:c5:3e:c2:54:86:bb:07:ec:ae:a1:93:60:
                    74:64:04:06:0f:65:b5:f4:21:77:28:fb:32:8f:47:
                    9b:1d:76:b3:4a:ac:19:26:a9:a0:eb:11:81:71:e4:
                    be:f9:01:e4:96:72:78:62:df:74:dd:83:9e:a5:ce:
                    21:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:2E:BF:F5:1E:9E:BD:E3:6F:2E:E0:96:3C:00:BE:AF:B6:9D:49:2D
            X509v3 Authority Key Identifier:
                keyid:65:51:6D:DC:73:31:E2:E2:69:DC:57:D9:C7:63:2F:25:DE:7D:0C:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZVFt3HMx4uJp3FfZx2MvJd59DG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ky6_9R6eveNvLuCWPAC-r7adSS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/8def12-897e-4e22-aa8b-834b9c10bf48/1/ZVFt3HMx4uJp3FfZx2MvJd59DG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.212.0/22
                IPv6:
                  2a07:cc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:d3:66:4e:a2:5f:ca:58:4c:e0:34:78:fc:b4:33:91:25:94:
         8b:71:89:b9:52:03:6f:f9:4a:37:d4:e0:32:cf:bb:e4:a9:f1:
         ba:24:fe:1b:43:41:bc:c2:ca:1b:06:25:e5:22:02:97:03:78:
         be:d7:5b:14:67:aa:42:73:f8:d9:a1:24:46:69:50:b4:ae:78:
         63:02:be:8a:c7:ac:8e:3d:82:6d:44:64:f5:41:6a:91:54:16:
         6a:dd:18:e4:34:18:50:c5:93:0b:4c:56:f2:f8:48:b7:d5:4b:
         87:3e:fd:ef:71:6a:56:d1:28:3c:a3:9e:f9:8b:9d:17:84:8e:
         94:bd:e4:44:6e:6c:2e:c4:d7:c6:54:7b:b3:ed:00:1a:8a:0c:
         86:8e:0d:1c:1d:86:45:9c:c7:69:17:10:7e:75:d4:f5:3d:22:
         a0:0c:53:d2:33:76:dc:9c:1e:b7:d5:a1:76:76:e1:00:46:aa:
         64:05:66:b5:c9:ae:40:0a:7e:4c:83:6a:2e:83:33:a4:b8:57:
         34:c8:1f:92:42:13:83:2b:e2:a9:03:31:b2:ae:99:54:70:0e:
         fd:25:be:2c:6f:b0:12:52:07:28:6a:34:3b:41:ff:ba:c2:f2:
         50:0b:93:88:cd:69:41:36:85:71:46:29:a0:72:e6:60:4f:28:
         88:22:b6:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1bni5oc9NZ9CMcZzHoOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NTE2ZGRjNzMzMWUyZTI2OWRjNTdkOWM3NjMyZjI1ZGU3
ZDBjNmUwHhcNMjUwMTAxMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzJlYmZmNTFlOWViZGUzNmYyZWUwOTYzYzAwYmVhZmI2OWQ0OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7+vPE1vucZZlZRAJ5hcWxnktFd9N
j4Bof0dwR6RbB/wbjTYcU7V5h+62nc2uYcnvArHTP11IpNj02TNw9F8DfuCFGkwB
hMKOhUqTt+0UUaqUSoFp4xEAYoECE9T+nmmJmfGRp9XQuBF9J3J0DNsquAUMwk7S
Vu8Gv+0EqhvYjFi3U7Y9IfD+BUFn/DT4CEtDxZN+d2WjnqphcJ83zkkFOeLYNi0I
ykQT71A7Ei6JJ0k1jCeVE2krQ+pdqdgqsGhZhnqLtYnFPsJUhrsH7K6hk2B0ZAQG
D2W19CF3KPsyj0ebHXazSqwZJqmg6xGBceS++QHklnJ4Yt903YOepc4hDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJMuv/Uenr3jby7gljwAvq+2nUktMB8GA1UdIwQY
MBaAFGVRbdxzMeLiadxX2cdjLyXefQxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlZGdDNITXg0dUpwM0ZmWngyTXZKZDU5REc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi84ZGVmMTItODk3ZS00ZTIyLWFhOGIt
ODM0YjljMTBiZjQ4LzEva3k2XzlSNmV2ZU52THVDV1BBQy1yN2FkU1MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi84ZGVmMTItODk3ZS00ZTIyLWFhOGItODM0YjljMTBiZjQ4
LzEvWlZGdDNITXg0dUpwM0ZmWngyTXZKZDU5REc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwQfUMA0E
AgACMAcDBQMqB8wAMA0GCSqGSIb3DQEBCwUAA4IBAQAb02ZOol/KWEzgNHj8tDOR
JZSLcYm5UgNv+Uo31OAyz7vkqfG6JP4bQ0G8wsobBiXlIgKXA3i+11sUZ6pCc/jZ
oSRGaVC0rnhjAr6Kx6yOPYJtRGT1QWqRVBZq3RjkNBhQxZMLTFby+Ei31UuHPv3v
cWpW0Sg8o575i50XhI6UveREbmwuxNfGVHuz7QAaigyGjg0cHYZFnMdpFxB+ddT1
PSKgDFPSM3bcnB631aF2duEARqpkBWa1ya5ACn5Mg2ougzOkuFc0yB+SQhODK+Kp
AzGyrplUcA79Jb4sb7ASUgcoajQ7Qf+6wvJQC5OIzWlBNoVxRimgcuZgTyiIIraI
-----END CERTIFICATE-----