Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/6FhDGvyiE15m5in3JxEtWm2LQvU.roa
File:                     6FhDGvyiE15m5in3JxEtWm2LQvU.roa (raw, json)
Hash identifier:          Qb2nBgiw2wjL0NKInr8G6lRKGlTQkFAoRZAC/5y/JJ8=
Subject key identifier:   E8:58:43:1A:FC:A2:13:5E:66:E6:29:F7:27:11:2D:5A:6D:8B:42:F5
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019424455DB6303F64846E216D78AF8DD24A
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/6FhDGvyiE15m5in3JxEtWm2LQvU.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8659
IP address blocks:        195.55.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 02:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5d:b6:30:3f:64:84:6e:21:6d:78:af:8d:d2:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e858431afca2135e66e629f727112d5a6d8b42f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a0:65:b0:61:1e:ee:d4:8f:72:29:95:38:31:
                    1c:2c:cf:fe:2b:9d:c1:81:c2:02:4e:16:7f:bb:85:
                    cc:a9:19:f8:21:01:b4:25:b8:9a:67:95:2c:b3:de:
                    42:a3:94:e9:b3:f0:7b:99:0d:c9:c8:22:ba:c8:e0:
                    22:8e:f7:64:18:89:81:1f:50:ac:d3:f4:a1:20:ff:
                    0a:5b:3d:6e:11:70:f8:87:ae:a0:7a:10:38:21:52:
                    ef:cb:33:b9:c9:77:c1:c3:6a:f6:11:ec:73:02:7d:
                    58:09:bf:30:36:7e:d7:e4:ce:d9:7d:5f:44:3f:86:
                    eb:52:33:bd:04:2d:12:e4:13:76:7b:73:08:36:af:
                    29:2c:54:ca:e1:3a:13:ae:a7:9f:cc:f5:58:1d:61:
                    24:0c:2e:56:1a:b3:92:ed:8b:df:12:15:0a:38:e8:
                    8c:2a:df:e6:69:cd:99:3c:bb:6d:77:47:c0:ec:ca:
                    b9:9d:99:6d:c3:5b:ec:8d:ab:ae:0b:69:13:ba:21:
                    e2:a2:93:ff:46:29:ca:da:1d:a4:8f:cf:09:df:5a:
                    00:bd:f7:ae:0a:28:6c:03:1f:80:14:5a:58:96:46:
                    c2:19:eb:ce:db:e6:b6:2c:b1:a6:94:1f:1c:4a:d4:
                    0f:d2:ff:23:c1:8a:c9:69:55:5a:2e:98:50:fc:2b:
                    3e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:58:43:1A:FC:A2:13:5E:66:E6:29:F7:27:11:2D:5A:6D:8B:42:F5
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/6FhDGvyiE15m5in3JxEtWm2LQvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.55.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:67:b2:0d:b6:a0:5a:ef:69:72:21:44:4f:b2:1f:d9:0a:50:
         89:b5:5a:11:47:37:a7:28:b7:ad:39:29:08:ba:58:ac:e5:b5:
         88:0e:db:a7:0c:ff:11:f1:5d:46:b7:01:fc:79:6d:10:bb:3a:
         34:f0:ec:7b:b7:13:2d:c7:19:89:84:5e:b9:92:98:7a:33:7b:
         92:bc:15:43:e5:d8:71:94:6b:44:eb:14:60:ea:22:98:ad:94:
         b2:26:52:70:b7:52:27:72:3a:b4:a1:c0:e2:ce:10:c9:48:9d:
         ef:cb:a7:b8:7d:b1:e3:3d:5f:8e:af:05:cb:d9:fd:4e:9a:1f:
         6d:2a:9b:7a:ec:65:0c:ab:99:08:cd:d7:fb:96:4d:95:c0:64:
         67:17:f4:2e:da:7f:df:c7:8b:7a:ef:ca:da:64:d6:cd:9a:38:
         a2:d6:03:7e:61:5f:a2:a3:0f:6a:a9:7d:65:83:f1:eb:cc:2e:
         59:90:5d:78:d2:53:32:04:10:a0:d7:c3:54:0f:32:d4:b5:4d:
         dc:1d:58:8d:d1:85:a5:67:29:26:7d:9a:0f:40:0b:75:f3:d3:
         ed:8b:cd:38:7b:3d:23:c6:cf:35:cc:5c:22:13:d5:ba:56:e0:
         0f:dd:dc:af:a7:97:2f:88:81:c9:29:99:13:e0:6e:d2:b8:fb:
         3c:45:1b:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRV22MD9khG4hbXivjdJKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODU4NDMxYWZjYTIxMzVlNjZlNjI5ZjcyNzExMmQ1YTZkOGI0MmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKBlsGEe7tSPcimVODEcLM/+K53B
gcICThZ/u4XMqRn4IQG0JbiaZ5Uss95Co5Tps/B7mQ3JyCK6yOAijvdkGImBH1Cs
0/ShIP8KWz1uEXD4h66gehA4IVLvyzO5yXfBw2r2EexzAn1YCb8wNn7X5M7ZfV9E
P4brUjO9BC0S5BN2e3MINq8pLFTK4ToTrqefzPVYHWEkDC5WGrOS7YvfEhUKOOiM
Kt/mac2ZPLttd0fA7Mq5nZltw1vsjauuC2kTuiHiopP/RinK2h2kj88J31oAvfeu
CihsAx+AFFpYlkbCGevO2+a2LLGmlB8cStQP0v8jwYrJaVVaLphQ/Cs+cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhYQxr8ohNeZuYp9ycRLVpti0L1MB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvNkZoREd2eWlFMTVtNWluM0p4RXRXbTJMUXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzdAMA0G
CSqGSIb3DQEBCwUAA4IBAQChZ7INtqBa72lyIURPsh/ZClCJtVoRRzenKLetOSkI
ulis5bWIDtunDP8R8V1GtwH8eW0Quzo08Ox7txMtxxmJhF65kph6M3uSvBVD5dhx
lGtE6xRg6iKYrZSyJlJwt1Incjq0ocDizhDJSJ3vy6e4fbHjPV+OrwXL2f1Omh9t
Kpt67GUMq5kIzdf7lk2VwGRnF/Qu2n/fx4t678raZNbNmjii1gN+YV+iow9qqX1l
g/HrzC5ZkF140lMyBBCg18NUDzLUtU3cHViN0YWlZykmfZoPQAt189Pti804ez0j
xs81zFwiE9W6VuAP3dyvp5cviIHJKZkT4G7SuPs8RRtk
-----END CERTIFICATE-----