Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/fG6If6WZh4pXAVRu1gEQ7wbPbEs.roa
File:                     fG6If6WZh4pXAVRu1gEQ7wbPbEs.roa (raw, json)
Hash identifier:          OIBSpF8oXZotrR8RVX6KacBPnJZCoNiFLIZ7aWyayQU=
Subject key identifier:   7C:6E:88:7F:A5:99:87:8A:57:01:54:6E:D6:01:10:EF:06:CF:6C:4B
Certificate issuer:       /CN=f0ff2c6229af763a99f5349a32510df4a4526143
Certificate serial:       0194252166E5CCCD1D744DC3DDD7168DC3B4
Authority key identifier: F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/fG6If6WZh4pXAVRu1gEQ7wbPbEs.roa
Signing time:             Thu 02 Jan 2025 03:48:53 +0000
ROA not before:           Thu 02 Jan 2025 03:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15617
IP address blocks:        188.73.192.0/18 maxlen: 24
                          212.152.64.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:66:e5:cc:cd:1d:74:4d:c3:dd:d7:16:8d:c3:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0ff2c6229af763a99f5349a32510df4a4526143
        Validity
            Not Before: Jan  2 03:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c6e887fa599878a5701546ed60110ef06cf6c4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e8:26:fc:ed:22:9c:11:d6:67:a0:d4:ac:f0:
                    11:6e:a5:c3:25:6e:18:2b:e6:d2:87:61:b7:d2:c8:
                    f7:06:24:63:ba:e8:55:5d:fd:a5:82:58:b1:55:4c:
                    3d:0a:da:3c:57:74:b9:74:84:88:02:12:08:df:b4:
                    25:d8:a2:14:a9:91:32:da:6e:73:24:9c:19:06:ef:
                    b6:aa:45:83:1f:bd:4c:72:9f:49:5a:a7:9c:87:f1:
                    61:e0:6d:d0:7f:78:5c:43:05:0e:8a:61:e8:e2:3d:
                    9f:62:45:80:ec:2a:47:12:7e:0c:7f:42:24:ce:99:
                    4c:72:77:ec:69:ce:1d:1d:d7:41:f9:3c:e5:fd:4c:
                    a7:60:93:fd:20:26:86:aa:04:13:fb:96:79:1b:fb:
                    76:83:49:40:82:85:09:e4:40:e9:ab:bf:6b:a0:84:
                    d7:3c:ce:d9:8e:bf:cd:a4:c0:e0:12:9d:a1:24:1c:
                    dc:48:3c:34:91:9d:a5:d9:c1:37:08:c5:f9:f8:85:
                    6d:aa:44:0e:35:d9:49:08:5c:8a:78:d2:b3:90:6d:
                    65:ac:03:20:e2:81:8e:a8:67:81:0a:9c:f6:39:c0:
                    6a:7f:15:fa:6c:40:9f:58:08:77:ed:9e:44:34:3d:
                    93:6f:d5:55:ea:79:dd:06:f2:b8:71:4e:70:24:08:
                    bd:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:6E:88:7F:A5:99:87:8A:57:01:54:6E:D6:01:10:EF:06:CF:6C:4B
            X509v3 Authority Key Identifier:
                keyid:F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/fG6If6WZh4pXAVRu1gEQ7wbPbEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.73.192.0/18
                  212.152.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         7b:12:f1:09:da:03:36:1d:b2:d5:1a:54:45:eb:0c:82:b6:8a:
         47:1b:10:78:bd:fb:e1:62:2c:e6:27:cf:24:e4:8d:f7:9d:0d:
         7f:81:17:ff:65:2f:45:a1:d2:2c:4b:85:f2:cc:82:18:aa:3b:
         66:ab:0d:01:fe:52:d1:ab:75:e9:46:00:52:8d:40:9e:0c:46:
         67:b8:4a:5b:58:f6:af:05:7a:e8:3c:c6:77:5f:2a:ad:98:63:
         eb:e4:ec:93:8d:70:7d:8a:56:3c:c3:58:79:c5:9b:55:b9:02:
         59:41:7a:ee:bb:bd:cb:bc:53:dd:f6:3b:ab:d7:b3:3d:5e:71:
         df:ff:10:06:ef:32:a2:d1:87:4f:cb:27:16:08:a1:fc:f4:7b:
         a4:77:65:6d:be:d7:02:6b:f2:fe:f9:98:c0:a5:9f:f2:c9:6c:
         7f:08:b9:6e:e2:91:74:f2:ff:6b:3f:87:0e:b1:92:7e:76:82:
         76:f4:4f:3f:a5:a7:d3:06:55:31:6c:96:48:58:ea:cc:1d:db:
         d5:7d:21:04:a7:fd:7c:42:3d:5e:7f:c1:1d:7e:f5:9e:35:88:
         c1:57:48:f4:40:3d:c7:8e:62:ca:ae:3c:17:6d:16:38:9d:77:
         41:fc:e8:41:8c:fc:ac:f9:f5:66:f0:49:41:5d:b7:d3:be:e0:
         14:10:b9:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIWblzM0ddE3D3dcWjcO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZmYyYzYyMjlhZjc2M2E5OWY1MzQ5YTMyNTEwZGY0YTQ1
MjYxNDMwHhcNMjUwMTAyMDM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzZlODg3ZmE1OTk4NzhhNTcwMTU0NmVkNjAxMTBlZjA2Y2Y2YzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsugm/O0inBHWZ6DUrPARbqXDJW4Y
K+bSh2G30sj3BiRjuuhVXf2lglixVUw9Cto8V3S5dISIAhII37Ql2KIUqZEy2m5z
JJwZBu+2qkWDH71Mcp9JWqech/Fh4G3Qf3hcQwUOimHo4j2fYkWA7CpHEn4Mf0Ik
zplMcnfsac4dHddB+Tzl/UynYJP9ICaGqgQT+5Z5G/t2g0lAgoUJ5EDpq79roITX
PM7Zjr/NpMDgEp2hJBzcSDw0kZ2l2cE3CMX5+IVtqkQONdlJCFyKeNKzkG1lrAMg
4oGOqGeBCpz2OcBqfxX6bECfWAh37Z5END2Tb9VV6nndBvK4cU5wJAi9BwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHxuiH+lmYeKVwFUbtYBEO8Gz2xLMB8GA1UdIwQY
MBaAFPD/LGIpr3Y6mfU0mjJRDfSkUmFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYt
ZTY5ZjdhNWQyZDkwLzEvZkc2SWY2V1poNHBYQVZSdTFnRVE3d2JQYkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYtZTY5ZjdhNWQyZDkw
LzEvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGvEnAAwQG
1JhAMA0GCSqGSIb3DQEBCwUAA4IBAQB7EvEJ2gM2HbLVGlRF6wyCtopHGxB4vfvh
YizmJ88k5I33nQ1/gRf/ZS9FodIsS4XyzIIYqjtmqw0B/lLRq3XpRgBSjUCeDEZn
uEpbWPavBXroPMZ3XyqtmGPr5OyTjXB9ilY8w1h5xZtVuQJZQXruu73LvFPd9jur
17M9XnHf/xAG7zKi0YdPyycWCKH89Hukd2VtvtcCa/L++ZjApZ/yyWx/CLlu4pF0
8v9rP4cOsZJ+doJ29E8/pafTBlUxbJZIWOrMHdvVfSEEp/18Qj1ef8EdfvWeNYjB
V0j0QD3HjmLKrjwXbRY4nXdB/OhBjPys+fVm8ElBXbfTvuAUELmg
-----END CERTIFICATE-----