Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/nTwrfMUGXgd3pAEgSKS621mM1WU.roa
File:                     nTwrfMUGXgd3pAEgSKS621mM1WU.roa (raw, json)
Hash identifier:          TnjrNU4OxPxNE3YYZjSpm5mzCdw7+/tmbg7fmjLH/mE=
Subject key identifier:   9D:3C:2B:7C:C5:06:5E:07:77:A4:01:20:48:A4:BA:DB:59:8C:D5:65
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369D19C2E5DDEFAC2F273AA45835939
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/nTwrfMUGXgd3pAEgSKS621mM1WU.roa
Signing time:             Wed 01 Jan 2025 19:48:45 +0000
ROA not before:           Wed 01 Jan 2025 19:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58172
IP address blocks:        185.210.139.0/24 maxlen: 24
                          193.148.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d1:9c:2e:5d:de:fa:c2:f2:73:aa:45:83:59:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d3c2b7cc5065e0777a4012048a4badb598cd565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b9:b0:6b:df:1b:6e:4a:cf:76:d7:85:77:b4:
                    05:e5:b2:4c:94:68:8b:1e:51:94:fa:24:1b:34:34:
                    d7:c8:e5:b2:8f:97:61:8f:89:d1:03:76:2f:54:36:
                    9c:3a:e2:85:1a:9e:d9:18:a4:6b:dc:24:85:db:21:
                    75:c7:c1:39:df:d5:1a:61:3b:15:30:8d:ac:3e:6a:
                    38:cb:98:2a:d8:51:ca:8e:ee:99:7d:98:33:63:c8:
                    2e:59:de:bf:f5:3f:c6:d7:71:6b:05:97:a5:76:71:
                    52:9b:7b:88:a4:ae:39:e3:e1:fd:5d:30:a3:1f:6b:
                    f6:a2:a0:5e:db:69:de:ba:df:f7:8b:04:c6:e6:23:
                    67:0f:03:37:bd:59:93:60:16:ff:df:ec:1e:54:df:
                    f4:b7:54:5f:89:5e:bb:21:54:b4:8d:08:fa:3e:39:
                    de:f9:8f:07:96:4b:9c:69:2d:50:02:da:98:08:2b:
                    5b:e3:e1:69:1f:07:b4:88:5d:28:b1:54:18:38:09:
                    9f:87:29:ee:c5:b1:fb:cc:a4:08:c8:b1:8a:8c:91:
                    8f:20:0b:1d:1c:1b:e4:fc:e9:d6:a1:ba:6f:50:12:
                    3a:a5:b6:6d:6e:a4:00:c3:20:7e:89:f7:ec:d7:47:
                    78:10:49:fc:c4:18:54:3c:7e:65:3d:29:5c:75:b0:
                    f6:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3C:2B:7C:C5:06:5E:07:77:A4:01:20:48:A4:BA:DB:59:8C:D5:65
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/nTwrfMUGXgd3pAEgSKS621mM1WU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.139.0/24
                  193.148.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:6f:98:ce:8f:58:ca:9a:87:5c:a9:5a:2f:43:67:d4:3c:10:
         6f:72:21:7f:69:02:96:24:6a:3e:d4:7b:28:7a:5e:da:17:da:
         4a:58:4d:89:19:96:93:d0:4f:78:22:25:03:bb:52:93:e0:cf:
         03:f2:e0:00:c4:9c:7e:53:26:8a:b2:a5:86:03:cd:5c:bb:3c:
         80:d6:9c:67:6f:42:3a:1a:b5:1b:68:2f:71:44:fe:29:b6:d5:
         16:df:7a:8d:19:f7:ab:6a:3f:86:fd:26:d2:76:36:96:0f:61:
         59:06:4a:a1:ac:b4:d0:00:b0:24:6e:38:b3:7d:a5:56:d5:11:
         3d:77:f4:eb:b0:5b:f3:e8:91:fa:80:f4:59:a1:3d:e4:27:a5:
         e6:e8:d6:1b:17:8e:8b:a6:61:35:f6:0b:83:f3:3d:41:e2:8e:
         9a:4c:79:84:95:dc:f4:ef:fa:86:cd:3b:e5:80:73:43:1d:cc:
         47:68:6d:1d:26:bc:73:77:f6:5b:b1:21:67:d6:27:a5:c7:76:
         40:43:da:42:94:41:7c:76:d7:b3:f7:84:4f:84:f7:5c:50:ae:
         bf:eb:64:45:b7:27:17:2b:93:68:32:34:39:da:04:bb:86:fc:
         72:a4:a3:4c:f4:81:01:53:55:bf:97:b5:34:ed:78:16:38:09:
         35:c5:a9:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjadGcLl3e+sLyc6pFg1k5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDNjMmI3Y2M1MDY1ZTA3NzdhNDAxMjA0OGE0YmFkYjU5OGNkNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbmwa98bbkrPdteFd7QF5bJMlGiL
HlGU+iQbNDTXyOWyj5dhj4nRA3YvVDacOuKFGp7ZGKRr3CSF2yF1x8E539UaYTsV
MI2sPmo4y5gq2FHKju6ZfZgzY8guWd6/9T/G13FrBZeldnFSm3uIpK454+H9XTCj
H2v2oqBe22neut/3iwTG5iNnDwM3vVmTYBb/3+weVN/0t1RfiV67IVS0jQj6Pjne
+Y8HlkucaS1QAtqYCCtb4+FpHwe0iF0osVQYOAmfhynuxbH7zKQIyLGKjJGPIAsd
HBvk/OnWobpvUBI6pbZtbqQAwyB+iffs10d4EEn8xBhUPH5lPSlcdbD21QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ08K3zFBl4Hd6QBIEikuttZjNVlMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvblR3cmZNVUdYZ2QzcEFFZ1NLUzYyMW1NMVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudKLAwQA
wZQ8MA0GCSqGSIb3DQEBCwUAA4IBAQBwb5jOj1jKmodcqVovQ2fUPBBvciF/aQKW
JGo+1Hsoel7aF9pKWE2JGZaT0E94IiUDu1KT4M8D8uAAxJx+UyaKsqWGA81cuzyA
1pxnb0I6GrUbaC9xRP4pttUW33qNGferaj+G/SbSdjaWD2FZBkqhrLTQALAkbjiz
faVW1RE9d/TrsFvz6JH6gPRZoT3kJ6Xm6NYbF46LpmE19guD8z1B4o6aTHmEldz0
7/qGzTvlgHNDHcxHaG0dJrxzd/ZbsSFn1ielx3ZAQ9pClEF8dtez94RPhPdcUK6/
62RFtycXK5NoMjQ52gS7hvxypKNM9IEBU1W/l7U07XgWOAk1xalH
-----END CERTIFICATE-----