Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/6pyjHs7EvIHX8MZKanr-8d6zbx4.roa
File:                     6pyjHs7EvIHX8MZKanr-8d6zbx4.roa (raw, json)
Hash identifier:          qjys1doZEot33HeG9YQXtUaKQBG8dH6CFPDOXy4kCVY=
Subject key identifier:   EA:9C:A3:1E:CE:C4:BC:81:D7:F0:C6:4A:6A:7A:FE:F1:DE:B3:6F:1E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01957FD01C047D8CFFD03F1184D345C78F84
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/6pyjHs7EvIHX8MZKanr-8d6zbx4.roa
Signing time:             Mon 10 Mar 2025 11:28:19 +0000
ROA not before:           Mon 10 Mar 2025 11:28:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211593
IP address blocks:        45.87.251.0/24 maxlen: 24
                          185.126.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7f:d0:1c:04:7d:8c:ff:d0:3f:11:84:d3:45:c7:8f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 10 11:28:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea9ca31ecec4bc81d7f0c64a6a7afef1deb36f1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d3:ad:16:82:9e:8d:03:56:12:2a:a3:39:3d:
                    16:88:da:63:6c:fa:79:c1:4f:a1:09:12:5d:ed:73:
                    1c:ee:c7:57:aa:fa:57:b5:ba:e4:2d:0c:19:66:bc:
                    9d:f6:fb:09:4d:e6:7f:8b:58:3e:12:78:d5:1a:81:
                    51:ad:6c:45:16:8a:d2:b9:7a:94:1d:47:19:78:db:
                    0f:53:5c:7f:e0:50:6d:d1:d5:e1:8e:e3:6a:c3:ec:
                    97:e7:9b:6f:9f:12:96:2b:7a:fc:0c:5f:7c:48:ba:
                    e1:16:95:bb:e0:bc:c5:80:60:0c:97:15:84:5d:56:
                    f0:60:2b:cb:91:00:76:d8:42:f0:60:54:92:c4:70:
                    f6:d6:79:7e:b2:98:e6:5b:e5:96:17:7b:34:9b:c3:
                    96:a1:4a:22:d3:4d:1e:f5:22:a5:9e:68:d3:ef:09:
                    a1:7b:d8:8a:6f:02:ed:0c:e1:a7:54:04:33:10:75:
                    e7:51:97:b7:64:3b:7f:8e:ab:fb:2e:3a:3b:3f:83:
                    86:b7:b9:c9:75:d8:f8:f6:cb:e1:ed:fb:0e:3d:4d:
                    e6:f8:17:74:c0:11:b3:ed:77:81:b5:eb:37:e9:d0:
                    42:2a:f9:bc:12:ba:11:57:c7:c5:0a:bd:a2:08:bd:
                    67:b5:b4:94:6e:0b:2a:5c:31:69:64:64:11:46:cd:
                    0d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:9C:A3:1E:CE:C4:BC:81:D7:F0:C6:4A:6A:7A:FE:F1:DE:B3:6F:1E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/6pyjHs7EvIHX8MZKanr-8d6zbx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.251.0/24
                  185.126.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:6e:8f:8d:75:15:c9:7c:f7:39:b3:10:c7:a8:55:52:ee:36:
         eb:55:70:77:30:08:55:a5:05:85:f6:d4:c7:ea:88:cb:b0:32:
         46:d6:51:fc:15:9a:f3:4e:d6:1e:d9:76:c2:ef:4b:9d:a1:b9:
         d4:d7:37:1b:02:6b:f6:ea:61:63:d0:92:76:4d:7e:e2:35:98:
         a3:d3:ce:f3:ea:2b:9b:ea:3e:43:5a:12:c5:03:54:a4:30:c0:
         b9:7b:78:4a:43:d3:35:c6:f3:98:3b:a3:44:19:99:94:b7:c8:
         59:89:27:f6:46:6a:2d:6c:31:08:68:0f:d6:f4:62:05:18:58:
         f7:e2:4f:fb:46:77:6d:b1:bc:45:66:b2:ee:2f:d0:86:dd:fd:
         38:9b:1e:7b:74:29:9b:43:c0:60:ab:5e:6b:4f:9c:cf:bc:1e:
         35:41:49:dc:fc:11:99:98:58:89:a1:3e:30:4c:e0:10:fc:f0:
         7f:4a:d4:e3:02:e7:89:8a:7c:ac:ff:e8:24:9f:9f:3e:cf:22:
         57:5d:be:80:a1:c8:98:03:3b:b9:3a:c6:13:d0:0d:c0:9a:19:
         44:3b:ac:ec:af:53:50:43:cb:4e:6e:5d:c1:79:42:b7:7f:1d:
         e6:db:cb:1b:53:fb:a4:f3:c4:c8:d1:3e:db:1d:0c:1a:78:92:
         ca:e4:27:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZV/0BwEfYz/0D8RhNNFx4+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMzEwMTEyODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTljYTMxZWNlYzRiYzgxZDdmMGM2NGE2YTdhZmVmMWRlYjM2ZjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9OtFoKejQNWEiqjOT0WiNpjbPp5
wU+hCRJd7XMc7sdXqvpXtbrkLQwZZryd9vsJTeZ/i1g+EnjVGoFRrWxFForSuXqU
HUcZeNsPU1x/4FBt0dXhjuNqw+yX55tvnxKWK3r8DF98SLrhFpW74LzFgGAMlxWE
XVbwYCvLkQB22ELwYFSSxHD21nl+spjmW+WWF3s0m8OWoUoi000e9SKlnmjT7wmh
e9iKbwLtDOGnVAQzEHXnUZe3ZDt/jqv7Ljo7P4OGt7nJddj49svh7fsOPU3m+Bd0
wBGz7XeBtes36dBCKvm8EroRV8fFCr2iCL1ntbSUbgsqXDFpZGQRRs0NywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOqcox7OxLyB1/DGSmp6/vHes28eMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvNnB5akhzN0V2SUhYOE1aS2Fuci04ZDZ6Yng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVf7AwQA
uX5BMA0GCSqGSIb3DQEBCwUAA4IBAQAlbo+NdRXJfPc5sxDHqFVS7jbrVXB3MAhV
pQWF9tTH6ojLsDJG1lH8FZrzTtYe2XbC70udobnU1zcbAmv26mFj0JJ2TX7iNZij
087z6iub6j5DWhLFA1SkMMC5e3hKQ9M1xvOYO6NEGZmUt8hZiSf2RmotbDEIaA/W
9GIFGFj34k/7RndtsbxFZrLuL9CG3f04mx57dCmbQ8Bgq15rT5zPvB41QUnc/BGZ
mFiJoT4wTOAQ/PB/StTjAueJinys/+gkn58+zyJXXb6AociYAzu5OsYT0A3AmhlE
O6zsr1NQQ8tObl3BeUK3fx3m28sbU/uk88TI0T7bHQwaeJLK5CcX
-----END CERTIFICATE-----