Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/Y7eKY9L9f9B1QlpP7Px14Uk4KN0.roa
File:                     Y7eKY9L9f9B1QlpP7Px14Uk4KN0.roa (raw, json)
Hash identifier:          Ti8fjG26nfzvszXNq8D1c3nuNhyRNxvinzWzoAh4fqQ=
Subject key identifier:   63:B7:8A:63:D2:FD:7F:D0:75:42:5A:4F:EC:FC:75:E1:49:38:28:DD
Certificate issuer:       /CN=8fb6133d5c2109d8a6f9bbcaa496dbeae347975c
Certificate serial:       019420686247A20AEAFDCA2E4919981702D7
Authority key identifier: 8F:B6:13:3D:5C:21:09:D8:A6:F9:BB:CA:A4:96:DB:EA:E3:47:97:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j7YTPVwhCdim-bvKpJbb6uNHl1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/Y7eKY9L9f9B1QlpP7Px14Uk4KN0.roa
Signing time:             Wed 01 Jan 2025 05:48:19 +0000
ROA not before:           Wed 01 Jan 2025 05:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137
IP address blocks:        160.97.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/j7YTPVwhCdim-bvKpJbb6uNHl1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/j7YTPVwhCdim-bvKpJbb6uNHl1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j7YTPVwhCdim-bvKpJbb6uNHl1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:62:47:a2:0a:ea:fd:ca:2e:49:19:98:17:02:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fb6133d5c2109d8a6f9bbcaa496dbeae347975c
        Validity
            Not Before: Jan  1 05:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63b78a63d2fd7fd075425a4fecfc75e1493828dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b0:ab:30:ed:9f:4d:bd:3a:17:2d:4b:73:67:
                    28:63:f0:9b:b5:59:8b:de:0f:d1:7c:3f:5a:b3:d0:
                    be:85:01:04:4c:cc:fd:32:81:78:b6:b9:77:bc:eb:
                    7d:2c:a3:a4:9c:23:39:9a:2e:a5:f9:06:97:e0:b8:
                    aa:b9:9d:85:fd:20:0b:e9:b8:8c:3b:53:e4:7f:76:
                    22:45:b3:11:bc:e8:dc:89:5a:5d:fa:e3:d4:14:02:
                    30:be:3d:6c:c7:47:08:9c:83:8c:e7:64:17:77:cd:
                    8e:97:b0:cb:a1:af:6b:c4:bc:ea:41:a6:2b:07:ed:
                    0c:b5:92:c7:48:4f:3b:0a:50:f1:8f:9e:03:a9:03:
                    80:81:27:66:f8:c0:d8:fe:e4:ac:98:17:5a:e8:7e:
                    6d:f0:86:e2:1a:6d:fb:c7:5c:a8:7a:fb:e9:ba:4a:
                    be:7b:ea:7a:4a:ce:fc:55:0f:15:fe:17:b1:3b:d6:
                    34:6d:99:b6:95:1b:05:c3:e2:25:9f:f0:97:10:00:
                    ca:5a:be:81:8f:34:d2:0f:b8:89:3e:5b:6c:c8:26:
                    ef:47:44:9c:db:74:f6:d6:95:a1:00:f6:51:5a:95:
                    45:61:08:61:45:bd:c4:66:5a:e3:26:e8:44:eb:43:
                    47:4d:70:f2:64:90:a6:d7:99:00:59:4a:48:1d:e5:
                    1c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B7:8A:63:D2:FD:7F:D0:75:42:5A:4F:EC:FC:75:E1:49:38:28:DD
            X509v3 Authority Key Identifier:
                keyid:8F:B6:13:3D:5C:21:09:D8:A6:F9:BB:CA:A4:96:DB:EA:E3:47:97:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j7YTPVwhCdim-bvKpJbb6uNHl1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/Y7eKY9L9f9B1QlpP7Px14Uk4KN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/j7YTPVwhCdim-bvKpJbb6uNHl1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.97.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         94:04:e9:38:1e:f4:f9:8a:4d:d9:f7:f8:e3:6a:f7:2b:1f:40:
         e0:f6:8e:90:ed:1b:68:53:54:fb:46:75:fe:22:d7:cd:ca:75:
         8d:7c:ea:0c:9a:78:dd:bd:93:da:e6:04:c3:71:7c:00:9b:f7:
         75:12:13:c9:42:7c:3b:29:6d:c1:dd:8d:9e:a7:fb:07:a2:d8:
         07:49:3d:ff:77:7d:4a:f0:0a:b6:2e:97:7a:a2:e8:12:a2:e3:
         11:cd:da:ab:59:db:16:f1:98:16:54:18:9c:f2:a8:85:86:3d:
         de:a8:d7:46:ea:df:12:c2:9d:06:c0:8a:69:dd:ec:f0:a9:4c:
         66:d5:2d:b1:b0:65:04:c4:db:33:c9:b0:d3:97:f2:69:fb:eb:
         3a:ca:c6:5a:f7:cf:fd:35:15:18:5f:78:91:aa:e8:70:b5:6d:
         ff:b7:ab:ff:d7:27:8e:f7:de:17:d0:ea:89:44:1d:16:b2:16:
         d4:ff:5c:27:88:01:9f:53:43:c7:1c:c6:fc:ad:2a:3f:56:97:
         30:fd:23:3f:b5:0a:14:0f:06:99:9d:5b:ed:8e:2a:d3:ca:35:
         87:83:c1:0f:c6:00:6e:25:f9:6e:0c:f8:8b:25:a5:83:7e:31:
         d2:cf:cb:4e:89:b4:87:9e:93:1f:36:60:52:78:2c:31:44:d2:
         c9:2f:1c:a1
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQgaGJHogrq/couSRmYFwLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYjYxMzNkNWMyMTA5ZDhhNmY5YmJjYWE0OTZkYmVhZTM0
Nzk3NWMwHhcNMjUwMTAxMDU0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2I3OGE2M2QyZmQ3ZmQwNzU0MjVhNGZlY2ZjNzVlMTQ5MzgyOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLCrMO2fTb06Fy1Lc2coY/CbtVmL
3g/RfD9as9C+hQEETMz9MoF4trl3vOt9LKOknCM5mi6l+QaX4LiquZ2F/SAL6biM
O1Pkf3YiRbMRvOjciVpd+uPUFAIwvj1sx0cInIOM52QXd82Ol7DLoa9rxLzqQaYr
B+0MtZLHSE87ClDxj54DqQOAgSdm+MDY/uSsmBda6H5t8IbiGm37x1yoevvpukq+
e+p6Ss78VQ8V/hexO9Y0bZm2lRsFw+Iln/CXEADKWr6BjzTSD7iJPltsyCbvR0Sc
23T21pWhAPZRWpVFYQhhRb3EZlrjJuhE60NHTXDyZJCm15kAWUpIHeUcnwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGO3imPS/X/QdUJaT+z8deFJOCjdMB8GA1UdIwQY
MBaAFI+2Ez1cIQnYpvm7yqSW2+rjR5dcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajdZVFBWd2hDZGltLWJ2S3BKYmI2dU5IbDF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hZGU0MTAtNGU4Yy00MTJlLTk3NTQt
NDUxYTlhZTRjZTUxLzEvWTdlS1k5TDlmOUIxUWxwUDdQeDE0VWs0S04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hZGU0MTAtNGU4Yy00MTJlLTk3NTQtNDUxYTlhZTRjZTUx
LzEvajdZVFBWd2hDZGltLWJ2S3BKYmI2dU5IbDF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoGEwDQYJ
KoZIhvcNAQELBQADggEBAJQE6Tge9PmKTdn3+ONq9ysfQOD2jpDtG2hTVPtGdf4i
183KdY186gyaeN29k9rmBMNxfACb93USE8lCfDspbcHdjZ6n+wei2AdJPf93fUrw
CrYul3qi6BKi4xHN2qtZ2xbxmBZUGJzyqIWGPd6o10bq3xLCnQbAimnd7PCpTGbV
LbGwZQTE2zPJsNOX8mn76zrKxlr3z/01FRhfeJGq6HC1bf+3q//XJ4733hfQ6olE
HRayFtT/XCeIAZ9TQ8ccxvytKj9WlzD9Iz+1ChQPBpmdW+2OKtPKNYeDwQ/GAG4l
+W4M+IslpYN+MdLPy06JtIeekx82YFJ4LDFE0skvHKE=
-----END CERTIFICATE-----