Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/xxxDznzJtVNmvWNqL_CzvtyCBbg.roa
File:                     xxxDznzJtVNmvWNqL_CzvtyCBbg.roa (raw, json)
Hash identifier:          1DGM/GIkRejCIAWsgkrDFmKDmIhXlyhpKNNz+a3YbaU=
Subject key identifier:   C7:1C:43:CE:7C:C9:B5:53:66:BD:63:6A:2F:F0:B3:BE:DC:82:05:B8
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01961BD6EBBC0A80649E3D21B6193492F91C
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/xxxDznzJtVNmvWNqL_CzvtyCBbg.roa
Signing time:             Wed 09 Apr 2025 18:36:32 +0000
ROA not before:           Wed 09 Apr 2025 18:36:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35682
IP address blocks:        45.130.148.0/24 maxlen: 24
                          185.191.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1b:d6:eb:bc:0a:80:64:9e:3d:21:b6:19:34:92:f9:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Apr  9 18:36:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c71c43ce7cc9b55366bd636a2ff0b3bedc8205b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:95:fc:cb:1c:92:40:58:86:f3:68:d1:55:88:
                    d0:7f:ad:29:ba:b7:ad:9d:17:d0:82:69:6b:9d:2f:
                    1d:9b:3e:23:e9:f5:f1:15:57:bf:f2:21:4b:c2:cb:
                    89:60:6a:44:61:c6:ad:8a:a6:43:26:2e:03:b4:d6:
                    40:14:db:10:1d:73:1b:64:a6:5c:e8:91:07:90:80:
                    a2:6a:55:b9:59:43:5d:00:d2:9e:2d:1e:8f:f7:7f:
                    99:23:37:1c:3f:ee:da:1c:8a:80:f3:2b:e2:5b:a0:
                    3e:ff:b0:05:20:74:d6:15:91:21:12:a4:b7:1f:0f:
                    28:95:f5:8f:9b:ee:33:bc:c9:c7:d2:11:98:89:5c:
                    a2:27:46:39:52:bf:5e:0b:dc:e0:dc:b7:89:84:ed:
                    92:34:df:0e:49:d0:3f:5b:64:ba:e5:a1:ed:3f:0e:
                    04:ef:79:15:ba:c3:92:90:ad:7e:4b:0b:83:7d:f6:
                    92:56:50:7d:6b:03:f6:18:19:f1:b9:d4:43:69:ad:
                    fe:bd:af:3b:f4:8e:5d:35:79:02:3e:b1:1c:97:24:
                    41:a3:03:ec:3d:f7:27:ab:92:3f:99:d0:64:9a:bd:
                    a8:ba:dc:f6:c6:fe:a5:b3:b5:94:8b:d2:27:62:f9:
                    77:24:76:c2:29:3a:f9:98:da:76:85:a1:8a:4d:2d:
                    11:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:1C:43:CE:7C:C9:B5:53:66:BD:63:6A:2F:F0:B3:BE:DC:82:05:B8
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/xxxDznzJtVNmvWNqL_CzvtyCBbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.148.0/24
                  185.191.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:49:a2:e6:66:95:9e:7b:20:f5:30:53:5d:48:9e:39:4c:9a:
         92:80:34:3f:13:5f:67:d9:24:69:cd:ae:db:e2:64:62:28:dd:
         2b:9e:f0:c4:64:93:95:6b:1b:e7:d5:15:2b:db:ca:b4:aa:83:
         16:cf:69:31:44:e8:86:fc:70:6e:15:90:bc:70:f5:bf:e2:99:
         10:bc:e3:4f:bf:6b:84:56:bb:8c:74:96:77:3e:d3:d2:dd:91:
         dc:c6:58:4d:22:6c:75:2e:4c:4a:ba:85:27:87:33:49:b7:89:
         e3:8c:59:7b:25:5b:87:90:1a:6a:0c:6b:cd:70:24:6c:4d:fc:
         5a:2f:64:a8:10:58:a7:ad:e8:47:98:90:4c:33:19:c5:71:11:
         d7:f2:b6:2c:ef:c0:01:3b:67:60:67:64:05:39:4d:f1:ab:80:
         04:43:ea:39:70:cc:67:67:3b:b8:57:3f:90:8b:f6:72:59:d2:
         05:63:fb:b5:76:e4:7d:da:75:65:b5:88:18:b7:b4:ff:55:a4:
         de:e8:64:01:49:fc:fd:89:5e:48:1d:00:97:9b:3b:ff:5a:82:
         60:47:43:4a:2e:9d:3f:3f:69:3d:e3:13:95:c9:fa:7d:07:cd:
         ec:4e:ae:6b:10:b4:21:38:c2:e2:0e:14:e9:62:01:3a:2b:51:
         b8:fd:7c:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYb1uu8CoBknj0hthk0kvkcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwNDA5MTgzNjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzFjNDNjZTdjYzliNTUzNjZiZDYzNmEyZmYwYjNiZWRjODIwNWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpX8yxySQFiG82jRVYjQf60puret
nRfQgmlrnS8dmz4j6fXxFVe/8iFLwsuJYGpEYcatiqZDJi4DtNZAFNsQHXMbZKZc
6JEHkICialW5WUNdANKeLR6P93+ZIzccP+7aHIqA8yviW6A+/7AFIHTWFZEhEqS3
Hw8olfWPm+4zvMnH0hGYiVyiJ0Y5Ur9eC9zg3LeJhO2SNN8OSdA/W2S65aHtPw4E
73kVusOSkK1+SwuDffaSVlB9awP2GBnxudRDaa3+va879I5dNXkCPrEclyRBowPs
Pfcnq5I/mdBkmr2outz2xv6ls7WUi9InYvl3JHbCKTr5mNp2haGKTS0RCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMccQ858ybVTZr1jai/ws77cggW4MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEveHh4RHpuekp0Vk5tdldOcUxfQ3p2dHlDQmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYKUAwQA
ub+NMA0GCSqGSIb3DQEBCwUAA4IBAQBHSaLmZpWeeyD1MFNdSJ45TJqSgDQ/E19n
2SRpza7b4mRiKN0rnvDEZJOVaxvn1RUr28q0qoMWz2kxROiG/HBuFZC8cPW/4pkQ
vONPv2uEVruMdJZ3PtPS3ZHcxlhNImx1LkxKuoUnhzNJt4njjFl7JVuHkBpqDGvN
cCRsTfxaL2SoEFinrehHmJBMMxnFcRHX8rYs78ABO2dgZ2QFOU3xq4AEQ+o5cMxn
Zzu4Vz+Qi/ZyWdIFY/u1duR92nVltYgYt7T/VaTe6GQBSfz9iV5IHQCXmzv/WoJg
R0NKLp0/P2k94xOVyfp9B83sTq5rELQhOMLiDhTpYgE6K1G4/XxW
-----END CERTIFICATE-----