Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/frLrA0keoZHqLNQ6H6mr7HttS6s.roa
File:                     frLrA0keoZHqLNQ6H6mr7HttS6s.roa (raw, json)
Hash identifier:          Mfy5d8aC18pzCzwCyFVqYxGvs9LiQ6tdwOia7qFz85A=
Subject key identifier:   7E:B2:EB:03:49:1E:A1:91:EA:2C:D4:3A:1F:A9:AB:EC:7B:6D:4B:AB
Certificate issuer:       /CN=c1eb076d16702c7dbea972e2972ef576a1f2c873
Certificate serial:       019425FC1FDEA80C01764CBF58461A9F1D8F
Authority key identifier: C1:EB:07:6D:16:70:2C:7D:BE:A9:72:E2:97:2E:F5:76:A1:F2:C8:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/frLrA0keoZHqLNQ6H6mr7HttS6s.roa
Signing time:             Thu 02 Jan 2025 07:47:47 +0000
ROA not before:           Thu 02 Jan 2025 07:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43573
IP address blocks:        185.32.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:1f:de:a8:0c:01:76:4c:bf:58:46:1a:9f:1d:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1eb076d16702c7dbea972e2972ef576a1f2c873
        Validity
            Not Before: Jan  2 07:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7eb2eb03491ea191ea2cd43a1fa9abec7b6d4bab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1e:33:34:1d:39:9f:ba:b2:9b:b5:3b:fc:6d:
                    23:a1:f5:84:6f:38:89:b5:25:82:c3:aa:b5:b7:c6:
                    cf:98:6c:32:6f:75:8e:71:33:32:4c:dc:21:1f:80:
                    a2:51:e4:44:c5:f2:e8:7c:77:d0:a2:56:6b:00:9c:
                    2d:9d:ff:8b:e2:6c:a5:0a:f2:5e:68:61:f4:f7:ac:
                    03:ee:01:f0:37:78:94:04:9e:a7:c9:f4:8b:5d:c0:
                    69:b9:3b:72:96:b1:e3:51:76:a4:31:b3:e9:c7:d9:
                    02:3d:45:a4:f4:a1:f4:af:81:8a:ef:1b:fe:d2:79:
                    0e:99:0c:a8:bb:90:b8:40:d0:47:8d:7e:ff:a9:81:
                    23:14:04:47:7f:45:de:31:a9:4b:6f:de:0e:f6:e9:
                    44:ea:e4:ab:55:84:b0:d4:31:b1:8a:07:be:c4:de:
                    05:e1:ca:52:92:81:54:97:4f:69:a2:42:c4:b6:88:
                    d8:34:57:9e:53:4a:a3:15:e3:ca:88:d5:d9:b1:bd:
                    f1:08:64:ce:52:f6:41:de:1f:88:4f:b8:b4:b3:0e:
                    eb:f6:38:4e:7e:26:78:fc:e3:b5:bf:b8:ae:2a:7d:
                    6b:19:00:bf:a6:91:0d:4d:8f:24:0e:74:96:13:2e:
                    82:b1:b0:0e:2c:a3:f9:c0:23:e7:27:75:6e:58:ae:
                    22:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:B2:EB:03:49:1E:A1:91:EA:2C:D4:3A:1F:A9:AB:EC:7B:6D:4B:AB
            X509v3 Authority Key Identifier:
                keyid:C1:EB:07:6D:16:70:2C:7D:BE:A9:72:E2:97:2E:F5:76:A1:F2:C8:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/frLrA0keoZHqLNQ6H6mr7HttS6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:7a:c3:85:36:3f:50:e8:0a:9c:b4:4f:6e:90:19:52:07:d9:
         ae:30:8f:99:b6:b9:24:7d:98:cd:30:54:80:de:07:aa:16:31:
         ba:f0:fb:03:6a:90:31:ee:64:ca:c7:d4:a5:17:37:e2:7e:70:
         2f:ca:62:21:65:d2:f4:f1:bc:26:1e:1f:81:ac:1d:39:40:9c:
         54:fa:53:e4:7d:4c:ac:a4:1b:32:0c:e4:8f:0f:6e:c5:97:39:
         bc:f6:29:5f:9d:32:d0:ec:bd:79:a3:f4:ab:8b:25:64:34:e8:
         4d:7f:77:32:8d:e9:4e:e9:62:42:ec:38:bb:50:52:30:f7:45:
         e7:f0:bc:ac:e9:9e:6a:7a:61:97:b4:5d:63:75:15:8d:97:e8:
         cf:e6:10:30:6b:ca:d6:c1:12:2b:fb:43:6f:4e:63:1f:6f:1c:
         e4:5d:04:67:a9:5c:e2:fe:f8:6f:9a:d2:f3:0b:d1:f8:30:8d:
         66:5f:bc:9f:ed:52:5b:41:c3:d8:e3:9e:2d:0b:1b:64:d6:29:
         bb:4d:94:19:0b:2a:2e:07:3b:db:d5:d8:0b:22:93:33:cd:15:
         0a:8b:90:f2:31:b7:20:25:ca:9f:80:0d:a1:bf:3a:86:7a:47:
         7c:eb:ee:70:e9:d0:6e:be:14:bb:d4:27:2f:05:97:92:e3:17:
         5e:38:90:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/B/eqAwBdky/WEYanx2PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZWIwNzZkMTY3MDJjN2RiZWE5NzJlMjk3MmVmNTc2YTFm
MmM4NzMwHhcNMjUwMTAyMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWIyZWIwMzQ5MWVhMTkxZWEyY2Q0M2ExZmE5YWJlYzdiNmQ0YmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxR4zNB05n7qym7U7/G0jofWEbziJ
tSWCw6q1t8bPmGwyb3WOcTMyTNwhH4CiUeRExfLofHfQolZrAJwtnf+L4mylCvJe
aGH096wD7gHwN3iUBJ6nyfSLXcBpuTtylrHjUXakMbPpx9kCPUWk9KH0r4GK7xv+
0nkOmQyou5C4QNBHjX7/qYEjFARHf0XeMalLb94O9ulE6uSrVYSw1DGxige+xN4F
4cpSkoFUl09pokLEtojYNFeeU0qjFePKiNXZsb3xCGTOUvZB3h+IT7i0sw7r9jhO
fiZ4/OO1v7iuKn1rGQC/ppENTY8kDnSWEy6CsbAOLKP5wCPnJ3VuWK4iUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6y6wNJHqGR6izUOh+pq+x7bUurMB8GA1UdIwQY
MBaAFMHrB20WcCx9vqly4pcu9Xah8shzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2VzSGJSWndMSDItcVhMaWx5NzFkcUh5eUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNDNjNmUtMzQ5Yy00OTE0LThkYTMt
NmMzMmE2YWIxZWYyLzEvZnJMckEwa2VvWkhxTE5RNkg2bXI3SHR0UzZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNDNjNmUtMzQ5Yy00OTE0LThkYTMtNmMzMmE2YWIxZWYy
LzEvd2VzSGJSWndMSDItcVhMaWx5NzFkcUh5eUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSBnMA0G
CSqGSIb3DQEBCwUAA4IBAQAKesOFNj9Q6AqctE9ukBlSB9muMI+ZtrkkfZjNMFSA
3geqFjG68PsDapAx7mTKx9SlFzfifnAvymIhZdL08bwmHh+BrB05QJxU+lPkfUys
pBsyDOSPD27Flzm89ilfnTLQ7L15o/SriyVkNOhNf3cyjelO6WJC7Di7UFIw90Xn
8Lys6Z5qemGXtF1jdRWNl+jP5hAwa8rWwRIr+0NvTmMfbxzkXQRnqVzi/vhvmtLz
C9H4MI1mX7yf7VJbQcPY454tCxtk1im7TZQZCyouBzvb1dgLIpMzzRUKi5DyMbcg
JcqfgA2hvzqGekd86+5w6dBuvhS71CcvBZeS4xdeOJAX
-----END CERTIFICATE-----