Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/qeYStXjTlMJ7EB6qigiQ2xFeMzQ.roa
File:                     qeYStXjTlMJ7EB6qigiQ2xFeMzQ.roa (raw, json)
Hash identifier:          q9t+veqKoajq8xP3peJ2bte/qb2ME7zTh8FdE8IfdIU=
Subject key identifier:   A9:E6:12:B5:78:D3:94:C2:7B:10:1E:AA:8A:08:90:DB:11:5E:33:34
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369D07F8D6C48A349E44A0D4DD69BD1
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/qeYStXjTlMJ7EB6qigiQ2xFeMzQ.roa
Signing time:             Wed 01 Jan 2025 19:48:44 +0000
ROA not before:           Wed 01 Jan 2025 19:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57529
IP address blocks:        213.109.100.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d0:7f:8d:6c:48:a3:49:e4:4a:0d:4d:d6:9b:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9e612b578d394c27b101eaa8a0890db115e3334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:81:96:66:6b:3e:db:a0:03:6b:e9:8a:37:9e:
                    84:b1:a2:e0:33:5c:69:04:9d:2a:9e:9a:07:8e:75:
                    61:6e:92:89:95:b2:c3:b7:7e:dc:05:5d:e0:a3:76:
                    07:6d:0d:ce:37:67:cd:1c:af:a2:0d:6e:ef:f0:02:
                    d8:84:6c:16:51:4e:0e:8f:ca:8e:4f:d2:19:35:bb:
                    07:ca:8f:cd:96:4f:4c:68:1d:0d:ff:0e:7e:a7:8a:
                    5c:b3:57:34:95:f8:5e:fa:d4:29:f0:c8:0a:c6:1d:
                    52:15:77:d0:59:82:2e:91:69:2f:5a:5c:a2:1e:c2:
                    6a:77:34:35:59:28:93:81:49:c4:a0:dc:49:a3:53:
                    1f:8c:d8:bd:0c:b7:78:d3:fc:2c:8b:0f:b8:36:19:
                    8b:76:0e:a6:1e:4b:b2:8c:0b:57:d5:62:5b:33:80:
                    95:a5:e3:61:c6:35:c6:7d:5d:76:97:cc:fb:d9:5d:
                    fd:32:31:07:a7:0e:c4:e6:ba:87:73:91:c0:f4:01:
                    dd:57:76:d1:b8:d5:2a:db:b1:e8:2f:1e:6a:8b:63:
                    ba:a0:8b:73:f9:bb:e9:c3:11:6d:c3:e0:5b:0b:67:
                    01:24:2b:07:2f:78:98:c5:b9:8c:47:78:a0:a0:d5:
                    e6:3f:2e:2a:ea:4c:af:d5:71:c2:17:d1:ce:93:4d:
                    bb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E6:12:B5:78:D3:94:C2:7B:10:1E:AA:8A:08:90:DB:11:5E:33:34
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/qeYStXjTlMJ7EB6qigiQ2xFeMzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:e6:25:8e:ac:46:42:ce:63:b1:01:22:97:7e:ff:9c:3b:1d:
         68:f7:19:f8:52:a6:fd:51:0e:3f:df:74:f8:7f:a6:9e:48:36:
         98:ae:05:4c:32:81:9e:94:d3:2b:1b:a7:63:f3:10:6c:35:d3:
         89:6b:36:9c:09:67:20:44:90:c9:96:2d:2f:af:67:fa:9c:fb:
         36:20:f7:a4:f7:05:bc:65:5c:ef:4e:99:32:cd:ed:2e:9f:ea:
         3d:1b:6a:03:3f:2d:9b:5e:4f:99:87:11:17:2a:ff:5a:4f:a6:
         35:97:b7:68:5e:b7:83:0a:68:5c:c6:ed:6c:81:2e:5f:60:00:
         37:b7:56:e4:63:f0:c1:d6:40:d4:39:6c:da:df:35:a8:bf:f3:
         4b:5a:93:00:67:f6:ae:e0:50:6b:54:1a:6a:0f:2c:4a:60:18:
         c1:76:66:a9:a3:6a:58:2f:4b:d7:43:66:18:42:64:6c:9e:64:
         3e:4f:4d:99:18:64:82:97:81:68:21:24:69:8a:66:18:18:67:
         08:f5:dd:73:81:73:82:ba:7d:c4:9c:75:bb:4b:72:66:4f:94:
         c1:95:b0:2e:25:77:fb:f3:8a:d4:00:a5:96:44:bf:a5:1a:3d:
         a4:2d:4c:b4:65:9e:84:33:30:48:c9:53:f2:03:08:77:cb:98:
         03:17:ba:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjadB/jWxIo0nkSg1N1pvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWU2MTJiNTc4ZDM5NGMyN2IxMDFlYWE4YTA4OTBkYjExNWUzMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5oGWZms+26ADa+mKN56EsaLgM1xp
BJ0qnpoHjnVhbpKJlbLDt37cBV3go3YHbQ3ON2fNHK+iDW7v8ALYhGwWUU4Oj8qO
T9IZNbsHyo/Nlk9MaB0N/w5+p4pcs1c0lfhe+tQp8MgKxh1SFXfQWYIukWkvWlyi
HsJqdzQ1WSiTgUnEoNxJo1MfjNi9DLd40/wsiw+4NhmLdg6mHkuyjAtX1WJbM4CV
peNhxjXGfV12l8z72V39MjEHpw7E5rqHc5HA9AHdV3bRuNUq27HoLx5qi2O6oItz
+bvpwxFtw+BbC2cBJCsHL3iYxbmMR3igoNXmPy4q6kyv1XHCF9HOk027JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnmErV405TCexAeqooIkNsRXjM0MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvcWVZU3RYalRsTUo3RUI2cWlnaVEyeEZlTXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1W1kMA0G
CSqGSIb3DQEBCwUAA4IBAQBN5iWOrEZCzmOxASKXfv+cOx1o9xn4Uqb9UQ4/33T4
f6aeSDaYrgVMMoGelNMrG6dj8xBsNdOJazacCWcgRJDJli0vr2f6nPs2IPek9wW8
ZVzvTpkyze0un+o9G2oDPy2bXk+ZhxEXKv9aT6Y1l7doXreDCmhcxu1sgS5fYAA3
t1bkY/DB1kDUOWza3zWov/NLWpMAZ/au4FBrVBpqDyxKYBjBdmapo2pYL0vXQ2YY
QmRsnmQ+T02ZGGSCl4FoISRpimYYGGcI9d1zgXOCun3EnHW7S3JmT5TBlbAuJXf7
84rUAKWWRL+lGj2kLUy0ZZ6EMzBIyVPyAwh3y5gDF7p2
-----END CERTIFICATE-----