Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/sN4n7uyW1OPUDW8DTnnco5zSidk.roa
File:                     sN4n7uyW1OPUDW8DTnnco5zSidk.roa (raw, json)
Hash identifier:          SIQELvAGj5dEksFLx2KzhgsRAzdJAtGB44GfoznqryI=
Subject key identifier:   B0:DE:27:EE:EC:96:D4:E3:D4:0D:6F:03:4E:79:DC:A3:9C:D2:89:D9
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       0194CABB18CE0BB22477F463109BF9C02ED6
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/sN4n7uyW1OPUDW8DTnnco5zSidk.roa
Signing time:             Mon 03 Feb 2025 07:34:06 +0000
ROA not before:           Mon 03 Feb 2025 07:34:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60591
IP address blocks:        45.87.219.0/24 maxlen: 24
                          45.135.234.0/24 maxlen: 24
                          194.62.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ca:bb:18:ce:0b:b2:24:77:f4:63:10:9b:f9:c0:2e:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Feb  3 07:34:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0de27eeec96d4e3d40d6f034e79dca39cd289d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:16:16:f3:8b:0d:06:8e:41:42:7c:79:36:1d:
                    9b:f5:8d:cc:8c:f5:dd:72:8b:54:6d:ef:da:47:25:
                    b5:7f:d0:fc:fa:ac:ea:a9:53:e4:20:d5:9b:23:54:
                    ba:b0:79:65:66:de:ff:1b:3a:f1:89:6f:a7:6c:86:
                    ad:01:b4:64:f9:2d:f7:1d:6d:7d:1b:bd:92:4a:0e:
                    fb:bf:b4:35:6c:96:bf:69:38:ad:b0:3b:82:e2:8a:
                    87:fc:8e:41:d8:98:c5:ee:15:ce:80:38:23:01:56:
                    82:64:64:3a:a2:fe:e1:a2:1b:c3:83:a1:b2:eb:4a:
                    31:3c:a7:37:82:63:f3:e7:9d:4a:e1:e6:ab:f3:d3:
                    63:c0:80:77:cc:17:d0:5f:f7:20:29:8d:4f:29:a9:
                    57:8f:57:ae:1e:d6:ed:1f:b9:62:dc:b1:bf:c2:87:
                    8b:c2:e2:60:6d:e0:8e:39:6d:ea:d4:dd:f7:ac:2e:
                    85:e8:d6:a3:87:37:f3:f7:7b:30:27:4a:d9:44:e3:
                    e3:47:5a:51:ba:0d:e0:90:3c:15:36:7a:e1:e9:95:
                    22:8f:ed:91:20:ef:23:40:0b:19:25:5b:d6:69:22:
                    47:d5:cd:97:fb:9a:99:74:cd:2b:d9:4a:93:e7:1a:
                    c2:ff:e4:ca:19:26:a9:45:7c:18:8c:8e:78:f8:33:
                    19:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:DE:27:EE:EC:96:D4:E3:D4:0D:6F:03:4E:79:DC:A3:9C:D2:89:D9
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/sN4n7uyW1OPUDW8DTnnco5zSidk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.219.0/24
                  45.135.234.0/24
                  194.62.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:b3:c3:0b:00:2e:eb:3b:8b:99:4e:28:38:e0:be:34:14:0a:
         4c:39:39:08:25:21:81:26:49:b4:1d:a5:c5:ec:dd:de:03:a7:
         07:ff:b5:c2:ca:b5:77:72:d7:68:c7:16:98:e2:6d:c3:88:78:
         bd:f7:50:b4:c0:e5:53:db:b9:45:de:f8:1d:a5:94:59:0b:d7:
         8c:0e:f5:8b:c6:9c:fd:7c:97:1a:26:de:8f:58:ce:3d:99:7c:
         c5:bd:e6:fa:b0:b4:04:c1:5a:34:78:be:f0:27:65:81:9c:1c:
         65:79:80:20:49:61:f3:fe:0a:c2:b9:13:b7:93:f6:6b:da:0d:
         a9:d9:e4:96:55:e3:e9:ba:e9:43:da:ee:84:98:51:b6:7a:31:
         a3:4a:99:f5:bf:a6:25:1e:ac:ee:b1:c8:54:66:b3:36:7c:44:
         ce:3d:90:fd:cd:29:3e:6a:9e:05:5d:8c:01:e1:33:42:17:ed:
         9e:83:e9:67:00:6d:a9:12:49:f1:70:98:07:15:a2:27:52:f7:
         c5:de:88:16:54:58:99:6e:62:16:25:7e:1f:e1:79:c4:62:68:
         37:db:08:01:39:05:99:68:9e:e4:59:35:de:d3:9a:d1:02:5d:
         60:58:03:c3:a2:4a:5e:6a:bc:a8:bd:da:a6:55:9c:1f:e7:34:
         7e:9a:46:a7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZTKuxjOC7Ikd/RjEJv5wC7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMjAzMDczNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGRlMjdlZWVjOTZkNGUzZDQwZDZmMDM0ZTc5ZGNhMzljZDI4OWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhYW84sNBo5BQnx5Nh2b9Y3MjPXd
cotUbe/aRyW1f9D8+qzqqVPkINWbI1S6sHllZt7/GzrxiW+nbIatAbRk+S33HW19
G72SSg77v7Q1bJa/aTitsDuC4oqH/I5B2JjF7hXOgDgjAVaCZGQ6ov7hohvDg6Gy
60oxPKc3gmPz551K4ear89NjwIB3zBfQX/cgKY1PKalXj1euHtbtH7li3LG/woeL
wuJgbeCOOW3q1N33rC6F6Najhzfz93swJ0rZROPjR1pRug3gkDwVNnrh6ZUij+2R
IO8jQAsZJVvWaSJH1c2X+5qZdM0r2UqT5xrC/+TKGSapRXwYjI54+DMZhQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLDeJ+7sltTj1A1vA0553KOc0onZMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvc040bjd1eVcxT1BVRFc4RFRubmNvNXpTaWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVfbAwQA
LYfqAwQAwj4TMA0GCSqGSIb3DQEBCwUAA4IBAQBGs8MLAC7rO4uZTig44L40FApM
OTkIJSGBJkm0HaXF7N3eA6cH/7XCyrV3ctdoxxaY4m3DiHi991C0wOVT27lF3vgd
pZRZC9eMDvWLxpz9fJcaJt6PWM49mXzFveb6sLQEwVo0eL7wJ2WBnBxleYAgSWHz
/grCuRO3k/Zr2g2p2eSWVePpuulD2u6EmFG2ejGjSpn1v6YlHqzuschUZrM2fETO
PZD9zSk+ap4FXYwB4TNCF+2eg+lnAG2pEknxcJgHFaInUvfF3ogWVFiZbmIWJX4f
4XnEYmg32wgBOQWZaJ7kWTXe05rRAl1gWAPDokpearyovdqmVZwf5zR+mkan
-----END CERTIFICATE-----