Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/N2y6-GMHKdnhwHw2qI2S6D9db-A.roa
File:                     N2y6-GMHKdnhwHw2qI2S6D9db-A.roa (raw, json)
Hash identifier:          3FLdtIoRp74dNi1D23oUnkHCD3n8shdafvj6sD2pzxY=
Subject key identifier:   37:6C:BA:F8:63:07:29:D9:E1:C0:7C:36:A8:8D:92:E8:3F:5D:6F:E0
Certificate issuer:       /CN=b004f5869f5675f65f9b10cff4b65f74f76bed17
Certificate serial:       019424459E18A6CBAE6CC4C9EA2583D0998D
Authority key identifier: B0:04:F5:86:9F:56:75:F6:5F:9B:10:CF:F4:B6:5F:74:F7:6B:ED:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/N2y6-GMHKdnhwHw2qI2S6D9db-A.roa
Signing time:             Wed 01 Jan 2025 23:48:49 +0000
ROA not before:           Wed 01 Jan 2025 23:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215227
IP address blocks:        193.107.245.0/24 maxlen: 24
                          2a14:2140::/29 maxlen: 29
                          2a14:2140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:9e:18:a6:cb:ae:6c:c4:c9:ea:25:83:d0:99:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b004f5869f5675f65f9b10cff4b65f74f76bed17
        Validity
            Not Before: Jan  1 23:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=376cbaf8630729d9e1c07c36a88d92e83f5d6fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f2:13:2d:54:8b:03:ed:1b:dc:0b:2c:19:db:
                    97:6e:ab:69:e0:64:25:14:82:a5:15:bb:0e:d5:be:
                    15:00:fa:6c:2c:4f:10:9e:28:7f:e5:a1:d5:28:91:
                    11:c3:78:1a:1f:62:13:9e:b0:ec:aa:b2:d5:76:8d:
                    44:ef:90:f1:f1:21:d9:e1:72:63:b0:d0:b3:ba:14:
                    b6:ad:f3:82:84:48:f7:ac:27:c6:37:60:d7:5c:5e:
                    6a:d4:8e:cb:13:61:71:e4:ce:1d:d7:4e:a9:dd:03:
                    97:6e:3b:89:0a:9d:b6:e6:74:e6:1f:a6:4e:0e:8f:
                    b6:e1:32:4c:73:24:20:be:e0:11:25:0e:2f:59:c0:
                    aa:f4:1a:b0:a0:9f:63:03:12:fe:13:c4:05:3e:0a:
                    c0:e5:03:ec:69:95:ba:a7:52:c9:34:71:7a:80:1f:
                    cc:4c:7c:cf:e9:80:c1:5b:b3:c4:e7:5e:a2:01:9a:
                    70:b3:5f:6d:17:83:52:95:ec:e8:fc:fb:1b:05:8c:
                    df:ed:9a:4f:af:0d:e8:09:51:54:5e:b1:13:23:2a:
                    13:74:10:d2:ab:f2:ae:7f:f6:30:3c:04:1c:09:a2:
                    62:c6:e8:83:6d:47:66:4c:61:c6:57:cb:c7:08:5f:
                    49:e3:13:b3:04:d8:1e:02:5f:fe:75:33:e7:36:60:
                    b6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6C:BA:F8:63:07:29:D9:E1:C0:7C:36:A8:8D:92:E8:3F:5D:6F:E0
            X509v3 Authority Key Identifier:
                keyid:B0:04:F5:86:9F:56:75:F6:5F:9B:10:CF:F4:B6:5F:74:F7:6B:ED:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/N2y6-GMHKdnhwHw2qI2S6D9db-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.245.0/24
                IPv6:
                  2a14:2140::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:0b:e0:d2:80:de:ee:45:42:b3:77:69:58:2a:8c:2a:9e:cb:
         ef:b3:e8:15:65:78:46:13:79:51:12:1e:04:a8:5d:31:92:f0:
         53:43:6a:7e:7c:f1:44:5d:dc:40:82:96:91:85:63:bf:ed:80:
         fe:1e:aa:d8:dd:bd:54:b5:36:75:19:8e:a3:ef:fa:ce:8a:82:
         de:b4:2f:2d:9c:3d:f9:31:e6:73:98:5e:7e:e5:0d:fa:99:85:
         74:81:5b:b4:72:b4:77:0f:bc:a5:bd:94:e5:3b:d1:38:3b:de:
         2b:93:40:b2:ce:0a:37:2a:e1:97:49:38:44:11:c4:f9:9d:9d:
         9f:a6:81:f8:06:60:2c:62:73:0f:14:c9:b2:74:dd:7e:45:33:
         63:ce:f8:56:c9:52:e2:57:7f:ee:76:3d:b8:3f:f7:5d:2d:76:
         84:a0:a3:b6:a1:45:4e:33:d7:85:c2:6c:15:f9:6b:ef:9c:8b:
         87:15:8d:6b:a1:32:49:d9:80:11:80:db:3d:a6:d9:8e:0d:98:
         f2:3a:7d:8b:e0:9b:8e:26:f1:ab:a7:3f:5f:6f:12:f9:fa:29:
         27:47:7e:35:f6:34:e6:ad:2b:8a:ff:2b:40:eb:2f:f0:ec:3a:
         99:bc:4c:95:7e:24:92:d4:67:5a:94:d6:57:43:89:48:3a:44:
         f6:ec:0c:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRZ4YpsuubMTJ6iWD0JmNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMDRmNTg2OWY1Njc1ZjY1ZjliMTBjZmY0YjY1Zjc0Zjc2
YmVkMTcwHhcNMjUwMTAxMjM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzZjYmFmODYzMDcyOWQ5ZTFjMDdjMzZhODhkOTJlODNmNWQ2ZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/ITLVSLA+0b3AssGduXbqtp4GQl
FIKlFbsO1b4VAPpsLE8Qnih/5aHVKJERw3gaH2ITnrDsqrLVdo1E75Dx8SHZ4XJj
sNCzuhS2rfOChEj3rCfGN2DXXF5q1I7LE2Fx5M4d106p3QOXbjuJCp225nTmH6ZO
Do+24TJMcyQgvuARJQ4vWcCq9BqwoJ9jAxL+E8QFPgrA5QPsaZW6p1LJNHF6gB/M
THzP6YDBW7PE516iAZpws19tF4NSlezo/PsbBYzf7ZpPrw3oCVFUXrETIyoTdBDS
q/Kuf/YwPAQcCaJixuiDbUdmTGHGV8vHCF9J4xOzBNgeAl/+dTPnNmC2ewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDdsuvhjBynZ4cB8NqiNkug/XW/gMB8GA1UdIwQY
MBaAFLAE9YafVnX2X5sQz/S2X3T3a+0XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0FUMWhwOVdkZlpmbXhEUDlMWmZkUGRyN1JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8zMWEyZGYtZGNkZS00OWYyLThmMWUt
MmZlY2RkODhlNTc1LzEvTjJ5Ni1HTUhLZG5od0h3MnFJMlM2RDlkYi1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8zMWEyZGYtZGNkZS00OWYyLThmMWUtMmZlY2RkODhlNTc1
LzEvc0FUMWhwOVdkZlpmbXhEUDlMWmZkUGRyN1JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwWv1MA0E
AgACMAcDBQMqFCFAMA0GCSqGSIb3DQEBCwUAA4IBAQB3C+DSgN7uRUKzd2lYKowq
nsvvs+gVZXhGE3lREh4EqF0xkvBTQ2p+fPFEXdxAgpaRhWO/7YD+HqrY3b1UtTZ1
GY6j7/rOioLetC8tnD35MeZzmF5+5Q36mYV0gVu0crR3D7ylvZTlO9E4O94rk0Cy
zgo3KuGXSThEEcT5nZ2fpoH4BmAsYnMPFMmydN1+RTNjzvhWyVLiV3/udj24P/dd
LXaEoKO2oUVOM9eFwmwV+WvvnIuHFY1roTJJ2YARgNs9ptmODZjyOn2L4JuOJvGr
pz9fbxL5+iknR3419jTmrSuK/ytA6y/w7DqZvEyVfiSS1GdalNZXQ4lIOkT27Ay1
-----END CERTIFICATE-----