Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/ayrwJOZcqXwPotZkkftDNJvjVWI.roa
File:                     ayrwJOZcqXwPotZkkftDNJvjVWI.roa (raw, json)
Hash identifier:          u8hehMe3mSy7WRp8JZKZ+vW+iYZYC7RSsKKYne4ZeUk=
Subject key identifier:   6B:2A:F0:24:E6:5C:A9:7C:0F:A2:D6:64:91:FB:43:34:9B:E3:55:62
Certificate issuer:       /CN=a389e7035b08e181a341f37eda7343d23f1cafa4
Certificate serial:       0194258F00F2A5BA6A4E892A45C39ACBFB16
Authority key identifier: A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/ayrwJOZcqXwPotZkkftDNJvjVWI.roa
Signing time:             Thu 02 Jan 2025 05:48:36 +0000
ROA not before:           Thu 02 Jan 2025 05:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9989
IP address blocks:        176.121.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:00:f2:a5:ba:6a:4e:89:2a:45:c3:9a:cb:fb:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a389e7035b08e181a341f37eda7343d23f1cafa4
        Validity
            Not Before: Jan  2 05:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b2af024e65ca97c0fa2d66491fb43349be35562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4e:b7:f2:d7:76:e3:b1:7a:43:30:3d:d8:4e:
                    7b:bd:e0:ce:5e:38:e2:e2:14:76:33:d1:f2:3e:c0:
                    5d:e2:c4:6e:eb:dc:26:b3:46:04:fc:1c:d1:68:f6:
                    2b:dd:3c:01:56:4d:4f:11:15:52:d8:98:65:7d:6f:
                    0b:54:28:72:7d:a2:9a:52:49:48:38:21:51:b8:47:
                    d5:16:f6:83:18:ec:69:a9:4b:d7:c3:90:8a:13:64:
                    7f:a7:66:e4:85:17:56:80:6d:a9:50:c6:6a:20:46:
                    8d:4c:27:b5:ef:17:59:ab:75:1f:7a:c5:f3:4b:69:
                    24:62:92:4d:87:e9:1e:c3:d9:78:52:0f:59:b8:5d:
                    60:b7:fc:1a:41:b4:a3:d6:b2:ca:f8:d3:9a:36:9d:
                    3a:8e:fd:14:18:90:06:89:b5:ad:9c:c9:a0:93:b8:
                    de:3e:2f:ee:a4:33:e5:60:ff:12:d0:52:d8:a2:5b:
                    19:58:6d:be:6f:c9:85:5d:04:54:4b:8a:2d:30:8a:
                    54:09:2e:e2:26:af:b9:d0:a2:2f:b4:78:df:5d:ec:
                    74:d1:78:7c:07:09:32:4e:f8:30:a8:e5:65:9e:b9:
                    9a:47:26:9b:13:6c:ad:f9:82:02:e3:03:16:1e:d9:
                    21:fb:a7:e5:89:46:56:2d:1b:80:af:5c:41:03:25:
                    90:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:2A:F0:24:E6:5C:A9:7C:0F:A2:D6:64:91:FB:43:34:9B:E3:55:62
            X509v3 Authority Key Identifier:
                keyid:A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/ayrwJOZcqXwPotZkkftDNJvjVWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:33:84:0a:46:f7:95:e7:09:2c:ad:43:e3:4a:af:ff:e0:64:
         71:2f:1c:5e:87:3f:97:51:3c:9f:ea:b3:be:9e:56:69:70:ce:
         c7:9d:02:eb:b7:52:64:dd:a2:2b:9e:a8:60:af:17:e6:1d:9d:
         f2:81:a3:d6:d3:87:2d:8b:3b:bc:18:e6:3a:bd:e3:54:cd:92:
         b8:7d:48:97:d2:ed:7b:77:68:23:f1:e8:d5:de:c5:0f:b5:46:
         fa:92:ac:59:54:a7:9e:b9:1d:73:df:e9:5b:99:08:fc:6a:ee:
         22:83:7c:f0:94:1a:2f:7b:bb:ec:5b:50:5f:05:8f:1c:93:cd:
         ff:88:22:d3:51:91:9e:02:54:49:4e:57:4e:ed:ac:fc:89:8f:
         e5:02:12:ac:94:0b:cb:67:9a:c3:b4:9b:c0:a3:1e:93:de:58:
         69:50:0e:81:c9:17:32:83:57:ff:8a:b2:0d:74:ef:81:c5:08:
         4e:61:e5:84:e3:62:a0:0c:a0:da:c2:5f:f1:82:6f:9a:b9:5a:
         ce:30:bd:76:62:dc:8d:86:a2:1d:94:89:58:ff:a7:1c:8d:92:
         14:b5:75:e4:c5:eb:d4:3e:24:17:53:bb:a3:2c:62:1d:be:fb:
         ee:3d:f5:8c:55:51:77:69:01:f0:0f:6d:90:6c:8f:c3:7e:55:
         d6:81:73:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwDypbpqTokqRcOay/sWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzODllNzAzNWIwOGUxODFhMzQxZjM3ZWRhNzM0M2QyM2Yx
Y2FmYTQwHhcNMjUwMTAyMDU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjJhZjAyNGU2NWNhOTdjMGZhMmQ2NjQ5MWZiNDMzNDliZTM1NTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsE638td247F6QzA92E57veDOXjji
4hR2M9HyPsBd4sRu69wms0YE/BzRaPYr3TwBVk1PERVS2JhlfW8LVChyfaKaUklI
OCFRuEfVFvaDGOxpqUvXw5CKE2R/p2bkhRdWgG2pUMZqIEaNTCe17xdZq3UfesXz
S2kkYpJNh+kew9l4Ug9ZuF1gt/waQbSj1rLK+NOaNp06jv0UGJAGibWtnMmgk7je
Pi/upDPlYP8S0FLYolsZWG2+b8mFXQRUS4otMIpUCS7iJq+50KIvtHjfXex00Xh8
BwkyTvgwqOVlnrmaRyabE2yt+YIC4wMWHtkh+6fliUZWLRuAr1xBAyWQgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsq8CTmXKl8D6LWZJH7QzSb41ViMB8GA1UdIwQY
MBaAFKOJ5wNbCOGBo0HzftpzQ9I/HK+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWIt
MGU3MjQxNmI0ZGM3LzEvYXlyd0pPWmNxWHdQb3Raa2tmdEROSnZqVldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWItMGU3MjQxNmI0ZGM3
LzEvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHlfMA0G
CSqGSIb3DQEBCwUAA4IBAQABM4QKRveV5wksrUPjSq//4GRxLxxehz+XUTyf6rO+
nlZpcM7HnQLrt1Jk3aIrnqhgrxfmHZ3ygaPW04ctizu8GOY6veNUzZK4fUiX0u17
d2gj8ejV3sUPtUb6kqxZVKeeuR1z3+lbmQj8au4ig3zwlBove7vsW1BfBY8ck83/
iCLTUZGeAlRJTldO7az8iY/lAhKslAvLZ5rDtJvAox6T3lhpUA6ByRcyg1f/irIN
dO+BxQhOYeWE42KgDKDawl/xgm+auVrOML12YtyNhqIdlIlY/6ccjZIUtXXkxevU
PiQXU7ujLGIdvvvuPfWMVVF3aQHwD22QbI/DflXWgXMd
-----END CERTIFICATE-----