Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/v6-c4a143r5H8V66cI5fhJOQvO0.roa
File:                     v6-c4a143r5H8V66cI5fhJOQvO0.roa (raw, json)
Hash identifier:          rdP+CVmY7CthI1vsDywTxyTAtYjL5prboTH8pCjzeqk=
Subject key identifier:   BF:AF:9C:E1:AD:78:DE:BE:47:F1:5E:BA:70:8E:5F:84:93:90:BC:ED
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01960280AEC239F48898415176360F340994
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/v6-c4a143r5H8V66cI5fhJOQvO0.roa
Signing time:             Fri 04 Apr 2025 20:31:49 +0000
ROA not before:           Fri 04 Apr 2025 20:31:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196695
IP address blocks:        5.183.154.0/24 maxlen: 24
                          45.89.230.0/24 maxlen: 24
                          213.226.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:02:80:ae:c2:39:f4:88:98:41:51:76:36:0f:34:09:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Apr  4 20:31:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfaf9ce1ad78debe47f15eba708e5f849390bced
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:05:41:6e:ba:d2:03:e7:86:15:30:41:d2:a8:
                    61:9b:62:52:6d:b9:51:ed:58:24:59:fd:29:73:db:
                    8f:dd:23:09:81:99:04:7e:03:b9:38:b5:29:6b:5b:
                    3d:1c:e6:54:d2:48:2d:9d:90:c2:af:c9:13:f2:7e:
                    f4:83:41:cc:83:9f:0c:35:3c:24:a5:d8:d5:d0:36:
                    19:86:a7:a0:cc:d1:85:0a:f4:3b:2c:e3:1d:b6:9b:
                    05:13:66:dc:0f:b5:0f:9a:7e:14:3a:5e:75:c9:90:
                    88:c4:35:e7:ef:c8:09:72:08:53:0e:97:f1:0a:ed:
                    27:99:46:29:4c:d2:e6:0d:d9:21:c8:20:77:45:97:
                    72:51:ac:da:ce:9a:a9:c0:98:7e:1e:69:40:e1:70:
                    96:f6:88:f2:cb:13:f4:75:c0:70:9f:e4:37:44:f3:
                    ba:37:4a:23:f6:58:f3:0c:f4:a6:df:fa:32:9e:28:
                    4d:86:70:c0:da:b8:3f:d8:92:2b:d5:cb:7f:65:0c:
                    c2:4f:74:1b:f9:ec:50:32:11:80:21:d8:9d:74:b8:
                    33:30:c6:81:5d:fb:7b:dc:ad:53:3e:e7:21:20:eb:
                    0c:41:f9:65:ed:ab:38:84:cf:87:0c:16:df:5c:f7:
                    8c:70:0a:b4:86:05:b1:f4:f8:5f:c0:d9:bb:95:0d:
                    ea:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:AF:9C:E1:AD:78:DE:BE:47:F1:5E:BA:70:8E:5F:84:93:90:BC:ED
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/v6-c4a143r5H8V66cI5fhJOQvO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.154.0/24
                  45.89.230.0/24
                  213.226.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:a2:6b:24:e7:3b:57:6e:22:1d:7c:f7:1c:ef:37:92:df:34:
         d6:8f:4f:ea:d8:a6:24:e6:bc:7a:9d:8e:36:77:7d:be:b8:79:
         45:4b:0f:fc:6c:9e:fa:45:a8:22:d7:41:b0:39:3a:70:27:79:
         e1:a7:95:ec:f3:17:bc:96:9b:4a:f4:3f:1b:f2:2a:40:13:fe:
         82:61:c3:52:02:e7:4c:a3:1e:01:4e:5a:f4:52:0f:27:25:9a:
         8b:d5:17:c4:c4:d2:70:86:f2:a4:b2:37:32:87:c9:f5:2f:2b:
         a3:dc:46:84:d5:74:63:81:6d:28:fd:1e:74:f2:82:b3:07:10:
         7d:bf:d3:c9:f1:f8:08:97:6c:4d:71:e8:b7:06:00:f7:ec:37:
         c2:50:c8:66:e4:46:e1:43:b8:75:6c:1c:d5:5a:01:39:25:88:
         91:b1:6a:2d:26:67:8c:1a:f8:6b:d9:27:b2:12:52:b3:ff:3c:
         c8:de:99:13:24:6b:17:d4:36:47:76:e6:58:41:9e:56:29:86:
         d1:d7:fc:65:72:55:43:d1:af:0a:21:51:9d:4f:c7:cc:c0:ab:
         af:56:2b:72:b2:46:10:42:d2:9e:64:07:05:56:f7:56:ff:bf:
         9e:92:e2:ac:23:fd:e5:ec:e2:68:fd:2d:70:d4:02:f2:02:11:
         66:82:80:de
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZYCgK7COfSImEFRdjYPNAmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwNDA0MjAzMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmFmOWNlMWFkNzhkZWJlNDdmMTVlYmE3MDhlNWY4NDkzOTBiY2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQVBbrrSA+eGFTBB0qhhm2JSbblR
7VgkWf0pc9uP3SMJgZkEfgO5OLUpa1s9HOZU0kgtnZDCr8kT8n70g0HMg58MNTwk
pdjV0DYZhqegzNGFCvQ7LOMdtpsFE2bcD7UPmn4UOl51yZCIxDXn78gJcghTDpfx
Cu0nmUYpTNLmDdkhyCB3RZdyUazazpqpwJh+HmlA4XCW9ojyyxP0dcBwn+Q3RPO6
N0oj9ljzDPSm3/oynihNhnDA2rg/2JIr1ct/ZQzCT3Qb+exQMhGAIdiddLgzMMaB
Xft73K1TPuchIOsMQfll7as4hM+HDBbfXPeMcAq0hgWx9PhfwNm7lQ3qIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL+vnOGteN6+R/FeunCOX4STkLztMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvdjYtYzRhMTQzcjVIOFY2NmNJNWZoSk9Rdk8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbeaAwQA
LVnmAwQA1eJ7MA0GCSqGSIb3DQEBCwUAA4IBAQCNomsk5ztXbiIdfPcc7zeS3zTW
j0/q2KYk5rx6nY42d32+uHlFSw/8bJ76Ragi10GwOTpwJ3nhp5Xs8xe8lptK9D8b
8ipAE/6CYcNSAudMox4BTlr0Ug8nJZqL1RfExNJwhvKksjcyh8n1Lyuj3EaE1XRj
gW0o/R508oKzBxB9v9PJ8fgIl2xNcei3BgD37DfCUMhm5EbhQ7h1bBzVWgE5JYiR
sWotJmeMGvhr2SeyElKz/zzI3pkTJGsX1DZHduZYQZ5WKYbR1/xlclVD0a8KIVGd
T8fMwKuvVityskYQQtKeZAcFVvdW/7+ekuKsI/3l7OJo/S1w1ALyAhFmgoDe
-----END CERTIFICATE-----