Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/fdr6JGL9aDsAMAVqq7owWMfDFak.roa
File:                     fdr6JGL9aDsAMAVqq7owWMfDFak.roa (raw, json)
Hash identifier:          wll1ih7H+GHk4J4WZ4Giu/GdS7PhLq3pl6U7jtSGTDw=
Subject key identifier:   7D:DA:FA:24:62:FD:68:3B:00:30:05:6A:AB:BA:30:58:C7:C3:15:A9
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019421B2496D91A4E5CAA37B9D3E7724745D
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/fdr6JGL9aDsAMAVqq7owWMfDFak.roa
Signing time:             Wed 01 Jan 2025 11:48:39 +0000
ROA not before:           Wed 01 Jan 2025 11:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31655
IP address blocks:        83.245.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:49:6d:91:a4:e5:ca:a3:7b:9d:3e:77:24:74:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan  1 11:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ddafa2462fd683b0030056aabba3058c7c315a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:94:03:70:29:02:9c:cb:6c:7c:05:13:3c:a6:
                    7f:6c:e8:83:cd:41:fa:e8:51:80:51:7a:54:ec:18:
                    d9:4b:b8:e9:69:84:90:ec:dd:7c:4a:7e:63:3d:57:
                    cd:b4:89:df:ad:6d:c1:f4:43:d4:59:3e:ab:2c:34:
                    ed:2c:e3:37:02:f5:1d:72:3d:34:27:76:da:73:86:
                    c5:87:8c:b7:79:b6:32:12:ad:8c:ab:d4:3a:ef:62:
                    08:ef:db:ee:70:bd:6e:18:01:69:db:bc:ba:4d:d0:
                    12:91:65:10:30:67:c6:cf:78:38:d9:cf:13:91:63:
                    c2:07:28:43:5b:89:9c:43:6b:b4:d0:7a:13:72:e4:
                    38:d7:d5:07:a2:3f:40:bb:88:94:15:df:5d:26:d8:
                    e6:5c:be:b8:06:1a:46:f7:b0:e2:d0:48:65:4e:1d:
                    e3:2b:a4:d1:03:dc:ab:e3:70:a8:1d:97:be:ea:52:
                    f3:64:26:a0:5e:33:c9:76:0b:7b:53:78:32:ea:66:
                    bf:cf:d3:a3:64:80:cc:a5:8e:7c:d3:13:56:fc:e7:
                    90:51:83:89:f1:19:b0:15:e8:04:58:09:a6:26:e9:
                    7c:d1:ed:c3:72:08:76:70:aa:c6:73:d4:80:2c:05:
                    4a:e3:25:8a:62:69:c0:3e:6a:90:af:95:b6:5d:83:
                    cf:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DA:FA:24:62:FD:68:3B:00:30:05:6A:AB:BA:30:58:C7:C3:15:A9
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/fdr6JGL9aDsAMAVqq7owWMfDFak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.245.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:5d:0b:02:66:f2:0d:87:fe:64:72:64:e0:0f:bd:74:30:83:
         6a:ff:93:b1:f2:75:e0:7b:58:1e:d6:7d:f4:f4:7d:e6:22:4c:
         d7:b5:66:a7:d6:85:dd:4d:12:12:d4:47:12:aa:8d:3b:3f:4b:
         26:d5:80:2d:65:09:23:96:dd:a6:0a:1c:d2:f5:81:9d:dd:ed:
         fd:44:95:ff:5b:e7:4a:9e:9c:f3:66:6f:60:95:9f:33:c0:86:
         d1:8c:ca:eb:56:e7:13:c9:36:ec:48:70:37:70:ed:8a:1b:b9:
         29:d4:41:a9:79:f1:b1:67:ae:54:2b:90:8d:bb:4c:d1:f9:e4:
         23:ba:4a:19:87:1f:b9:03:62:19:2a:d7:40:dc:8b:f5:ca:e8:
         00:58:40:99:9e:c1:bd:7e:a6:c0:cf:00:a7:a4:4a:d6:41:e4:
         e1:45:e2:bf:c8:c6:95:76:d6:17:32:62:0c:46:92:33:d2:e6:
         26:a4:97:e2:15:64:90:a3:8a:05:b1:8c:e6:79:c3:4b:d6:3f:
         a3:94:23:2c:70:fd:01:0a:75:7b:d8:c2:5d:f0:2b:ae:e2:1d:
         b7:cd:20:bb:36:0e:5b:4f:ee:bc:c1:39:40:c1:7a:f2:55:56:
         d1:26:f1:31:8f:a8:ee:57:85:11:fe:de:4f:90:05:bc:60:8a:
         0d:57:93:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskltkaTlyqN7nT53JHRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjUwMTAxMTE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGRhZmEyNDYyZmQ2ODNiMDAzMDA1NmFhYmJhMzA1OGM3YzMxNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5QDcCkCnMtsfAUTPKZ/bOiDzUH6
6FGAUXpU7BjZS7jpaYSQ7N18Sn5jPVfNtInfrW3B9EPUWT6rLDTtLOM3AvUdcj00
J3bac4bFh4y3ebYyEq2Mq9Q672II79vucL1uGAFp27y6TdASkWUQMGfGz3g42c8T
kWPCByhDW4mcQ2u00HoTcuQ419UHoj9Au4iUFd9dJtjmXL64BhpG97Di0EhlTh3j
K6TRA9yr43CoHZe+6lLzZCagXjPJdgt7U3gy6ma/z9OjZIDMpY580xNW/OeQUYOJ
8RmwFegEWAmmJul80e3Dcgh2cKrGc9SALAVK4yWKYmnAPmqQr5W2XYPPvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3a+iRi/Wg7ADAFaqu6MFjHwxWpMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvZmRyNkpHTDlhRHNBTUFWcXE3b3dXTWZERmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU/UGMA0G
CSqGSIb3DQEBCwUAA4IBAQBZXQsCZvINh/5kcmTgD710MINq/5Ox8nXge1ge1n30
9H3mIkzXtWan1oXdTRIS1EcSqo07P0sm1YAtZQkjlt2mChzS9YGd3e39RJX/W+dK
npzzZm9glZ8zwIbRjMrrVucTyTbsSHA3cO2KG7kp1EGpefGxZ65UK5CNu0zR+eQj
ukoZhx+5A2IZKtdA3Iv1yugAWECZnsG9fqbAzwCnpErWQeThReK/yMaVdtYXMmIM
RpIz0uYmpJfiFWSQo4oFsYzmecNL1j+jlCMscP0BCnV72MJd8Cuu4h23zSC7Ng5b
T+68wTlAwXryVVbRJvExj6juV4UR/t5PkAW8YIoNV5OO
-----END CERTIFICATE-----