Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/6EnYKRUPOG0Bajz58Rzdix-x9Hs.roa
File:                     6EnYKRUPOG0Bajz58Rzdix-x9Hs.roa (raw, json)
Hash identifier:          hj5dsY/14wcoPQMYFN+FDqGIoYmYmbl7lzQUbFpSl9g=
Subject key identifier:   E8:49:D8:29:15:0F:38:6D:01:6A:3C:F9:F1:1C:DD:8B:1F:B1:F4:7B
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019424456ACAC4B87F698CE8848FD945317F
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/6EnYKRUPOG0Bajz58Rzdix-x9Hs.roa
Signing time:             Wed 01 Jan 2025 23:48:36 +0000
ROA not before:           Wed 01 Jan 2025 23:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206252
IP address blocks:        213.99.42.0/24 maxlen: 24
                          217.124.172.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:6a:ca:c4:b8:7f:69:8c:e8:84:8f:d9:45:31:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  1 23:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e849d829150f386d016a3cf9f11cdd8b1fb1f47b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:9f:aa:fd:d5:1f:85:ad:b3:a0:e2:42:c8:0a:
                    86:43:17:33:09:79:b5:3c:92:14:ba:67:8c:a2:6d:
                    3a:1d:ef:08:a2:b8:0e:dd:54:41:3e:31:d5:e5:57:
                    cc:8b:c9:ca:4a:e7:0e:c5:f3:8d:d2:22:13:06:41:
                    56:da:a9:8a:b6:72:de:8f:fb:54:46:1c:92:73:bb:
                    ea:65:01:99:91:e3:7a:40:9e:e3:3e:5f:2c:0f:ca:
                    79:54:c9:29:00:c1:48:8d:a2:25:40:84:f1:6b:f4:
                    74:5a:cf:69:c9:42:bd:6a:1d:d5:36:84:ce:1d:61:
                    88:a4:e2:9b:da:e3:8d:6b:8b:c7:21:cd:63:e4:07:
                    7f:e5:89:15:62:dc:8a:89:c8:44:74:c7:25:88:f4:
                    51:6a:a2:f3:12:24:ad:5a:99:93:77:74:d1:d2:c6:
                    03:db:90:53:26:ab:77:04:fe:3b:26:1f:f8:52:e4:
                    31:68:38:f9:03:42:74:02:8a:17:05:32:d7:0b:56:
                    9d:a4:af:76:47:ad:72:5c:d5:f4:c3:b1:19:5f:84:
                    b0:ea:5a:3a:25:78:15:bf:bc:5c:6c:62:2c:e0:4c:
                    b4:98:58:4c:b8:74:f3:b8:cc:ae:25:fa:97:12:2a:
                    05:9f:26:6f:bc:fd:a7:ff:f3:78:bd:84:f9:8f:fc:
                    dd:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:49:D8:29:15:0F:38:6D:01:6A:3C:F9:F1:1C:DD:8B:1F:B1:F4:7B
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/6EnYKRUPOG0Bajz58Rzdix-x9Hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.99.42.0/24
                  217.124.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:67:a5:0b:dc:93:44:c4:41:cd:29:97:15:63:cc:9d:73:54:
         80:09:e7:54:81:62:9a:02:97:a5:1f:0c:6b:1e:40:18:2f:c2:
         56:97:ef:a1:96:20:de:d6:aa:1b:13:f0:d9:04:99:90:94:89:
         3d:6e:c4:68:92:0f:a4:1c:08:2d:2c:b8:db:1f:23:db:5c:0b:
         1e:3a:c9:89:7d:d6:9a:bb:fb:0d:9e:51:33:c4:35:20:5e:49:
         ff:2e:51:7c:6f:96:b2:88:86:d9:bf:14:66:73:19:8e:12:ec:
         0c:34:4a:ca:99:e6:d7:60:13:21:c7:3e:b6:42:3d:71:fd:93:
         74:5b:26:2c:9f:1d:34:dc:5d:ef:af:44:98:1b:dd:5c:14:b3:
         fd:02:56:71:6b:2b:7d:9e:df:50:27:bc:d0:fd:86:d5:c1:7d:
         2a:fc:48:90:67:33:9b:26:e2:28:cc:76:5f:eb:f8:72:ee:fa:
         33:ea:bd:47:07:d2:f9:26:7d:6c:44:f5:d3:96:ea:77:46:27:
         ec:e7:a1:f7:1a:80:a1:84:c6:dd:00:49:d6:f1:32:40:65:97:
         24:66:74:ea:a4:96:3d:fa:e4:2b:37:2e:24:43:eb:89:f6:1f:
         92:a5:a2:fa:18:fb:b7:43:ef:b5:20:be:2c:15:7d:c2:3d:d3:
         15:a7:b1:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRWrKxLh/aYzohI/ZRTF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjUwMTAxMjM0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODQ5ZDgyOTE1MGYzODZkMDE2YTNjZjlmMTFjZGQ4YjFmYjFmNDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3J+q/dUfha2zoOJCyAqGQxczCXm1
PJIUumeMom06He8IorgO3VRBPjHV5VfMi8nKSucOxfON0iITBkFW2qmKtnLej/tU
RhySc7vqZQGZkeN6QJ7jPl8sD8p5VMkpAMFIjaIlQITxa/R0Ws9pyUK9ah3VNoTO
HWGIpOKb2uONa4vHIc1j5Ad/5YkVYtyKichEdMcliPRRaqLzEiStWpmTd3TR0sYD
25BTJqt3BP47Jh/4UuQxaDj5A0J0AooXBTLXC1adpK92R61yXNX0w7EZX4Sw6lo6
JXgVv7xcbGIs4Ey0mFhMuHTzuMyuJfqXEioFnyZvvP2n//N4vYT5j/zdbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOhJ2CkVDzhtAWo8+fEc3YsfsfR7MB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvNkVuWUtSVVBPRzBCYWp6NThSemRpeC14OUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1WMqAwQB
2XysMA0GCSqGSIb3DQEBCwUAA4IBAQBwZ6UL3JNExEHNKZcVY8ydc1SACedUgWKa
ApelHwxrHkAYL8JWl++hliDe1qobE/DZBJmQlIk9bsRokg+kHAgtLLjbHyPbXAse
OsmJfdaau/sNnlEzxDUgXkn/LlF8b5ayiIbZvxRmcxmOEuwMNErKmebXYBMhxz62
Qj1x/ZN0WyYsnx003F3vr0SYG91cFLP9AlZxayt9nt9QJ7zQ/YbVwX0q/EiQZzOb
JuIozHZf6/hy7voz6r1HB9L5Jn1sRPXTlup3Rifs56H3GoChhMbdAEnW8TJAZZck
ZnTqpJY9+uQrNy4kQ+uJ9h+SpaL6GPu3Q++1IL4sFX3CPdMVp7G2
-----END CERTIFICATE-----