Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/54ZmeVEdiSRDGRRG_DI6wWiUd7g.roa
File:                     54ZmeVEdiSRDGRRG_DI6wWiUd7g.roa (raw, json)
Hash identifier:          JFZc+GyxBOryjMHw3/n1I31IV2py6fuY1AjRNQU0bIg=
Subject key identifier:   E7:86:66:79:51:1D:89:24:43:19:14:46:FC:32:3A:C1:68:94:77:B8
Certificate issuer:       /CN=c6e1c8c65c86e8d26ddbeb68658a39a7a8e27866
Certificate serial:       0195651575A497D47CF841A570633A6D6BD0
Authority key identifier: C6:E1:C8:C6:5C:86:E8:D2:6D:DB:EB:68:65:8A:39:A7:A8:E2:78:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/54ZmeVEdiSRDGRRG_DI6wWiUd7g.roa
Signing time:             Wed 05 Mar 2025 06:54:19 +0000
ROA not before:           Wed 05 Mar 2025 06:54:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214922
IP address blocks:        89.47.197.0/24 maxlen: 24
                          89.47.198.0/24 maxlen: 24
                          89.47.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/xuHIxlyG6NJt2-toZYo5p6jieGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/xuHIxlyG6NJt2-toZYo5p6jieGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:65:15:75:a4:97:d4:7c:f8:41:a5:70:63:3a:6d:6b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6e1c8c65c86e8d26ddbeb68658a39a7a8e27866
        Validity
            Not Before: Mar  5 06:54:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7866679511d892443191446fc323ac1689477b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e0:88:b2:3f:d2:14:d2:45:37:cd:bc:1c:c3:
                    1a:cf:d4:1e:3c:b3:6c:62:38:fb:51:1e:7c:b2:8f:
                    ec:23:f4:23:01:24:25:a9:3f:53:0b:29:7d:fa:94:
                    e4:b9:04:06:ab:a5:14:8e:53:af:bd:f0:20:86:f0:
                    59:2e:9d:69:6e:e6:65:48:87:26:b2:b7:5b:a3:af:
                    a0:4d:34:20:15:db:b5:84:97:d5:e2:ad:ef:92:4d:
                    ca:bf:f3:36:69:e6:63:be:e8:cb:a7:8e:92:e7:2b:
                    13:80:bf:aa:3c:a2:cc:ee:4c:74:3a:bb:d5:0d:ca:
                    a8:e9:94:b2:4b:28:f2:fe:da:84:86:3c:3e:ab:25:
                    72:60:d6:d1:a1:6e:fd:02:d3:a3:10:bf:21:bd:f8:
                    3d:74:91:76:23:eb:3e:dc:3e:e5:e4:9f:2d:d8:fc:
                    2c:c0:b9:0d:02:75:ff:8a:86:f5:d3:a4:f4:95:ff:
                    49:51:78:c0:34:11:09:00:a4:56:f5:ab:f1:fa:19:
                    6d:f1:0a:ab:09:a0:9b:2c:e4:49:3d:e6:b1:c8:0b:
                    24:47:b1:1a:3e:5b:fd:d1:c6:bb:13:5b:3a:57:2d:
                    fa:39:7d:fe:7b:62:59:db:16:fd:81:9a:c1:12:bc:
                    45:9b:fe:fc:e7:53:97:36:2f:b1:4a:a5:08:c1:b3:
                    8d:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:86:66:79:51:1D:89:24:43:19:14:46:FC:32:3A:C1:68:94:77:B8
            X509v3 Authority Key Identifier:
                keyid:C6:E1:C8:C6:5C:86:E8:D2:6D:DB:EB:68:65:8A:39:A7:A8:E2:78:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/54ZmeVEdiSRDGRRG_DI6wWiUd7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/xuHIxlyG6NJt2-toZYo5p6jieGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.197.0-89.47.198.255
                  89.47.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:c8:0d:43:cb:05:40:84:a3:cf:f3:f5:db:ea:88:0f:86:53:
         0b:0a:d2:e8:84:bf:e9:3b:0a:2f:37:9f:eb:7b:10:c9:16:5f:
         a5:39:1f:e6:83:36:cf:71:57:b9:45:e7:cd:2a:c7:3b:64:a3:
         17:62:ad:31:28:1f:5c:72:63:6e:d7:95:74:d8:cc:7d:bd:a1:
         16:9f:47:2b:65:b8:04:c3:fa:b7:44:3b:37:1e:17:0a:52:76:
         47:2a:68:f8:66:65:a6:a8:4e:42:55:f3:25:1a:3c:e0:b7:1d:
         97:f0:1f:db:23:2f:76:29:48:ba:af:d9:66:98:23:c4:d2:25:
         cb:ea:cf:fb:51:40:24:50:34:42:6b:03:ba:78:8e:b4:b1:05:
         72:34:bd:d4:ed:28:0b:da:84:84:24:09:33:b4:7b:23:c1:97:
         e7:07:2a:7b:f3:ab:53:e9:e0:25:c6:4c:d3:a8:90:1e:df:98:
         7b:26:1f:ec:83:89:06:ed:79:d9:2b:50:65:03:fa:40:79:b1:
         8b:a2:dc:ca:c7:64:f4:2f:ff:9d:af:d2:cc:82:99:c1:0c:c9:
         96:fc:4b:7b:00:1c:b8:ad:21:92:a6:68:86:c3:93:c1:ad:e6:
         6f:48:9a:c1:bc:6e:df:41:46:50:b9:af:7c:40:12:7c:94:2e:
         e1:5d:5f:e5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZVlFXWkl9R8+EGlcGM6bWvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZTFjOGM2NWM4NmU4ZDI2ZGRiZWI2ODY1OGEzOWE3YThl
Mjc4NjYwHhcNMjUwMzA1MDY1NDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzg2NjY3OTUxMWQ4OTI0NDMxOTE0NDZmYzMyM2FjMTY4OTQ3N2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOCIsj/SFNJFN828HMMaz9QePLNs
Yjj7UR58so/sI/QjASQlqT9TCyl9+pTkuQQGq6UUjlOvvfAghvBZLp1pbuZlSIcm
srdbo6+gTTQgFdu1hJfV4q3vkk3Kv/M2aeZjvujLp46S5ysTgL+qPKLM7kx0OrvV
Dcqo6ZSySyjy/tqEhjw+qyVyYNbRoW79AtOjEL8hvfg9dJF2I+s+3D7l5J8t2Pws
wLkNAnX/iob106T0lf9JUXjANBEJAKRW9avx+hlt8QqrCaCbLORJPeaxyAskR7Ea
Plv90ca7E1s6Vy36OX3+e2JZ2xb9gZrBErxFm/7851OXNi+xSqUIwbON9QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOeGZnlRHYkkQxkURvwyOsFolHe4MB8GA1UdIwQY
MBaAFMbhyMZchujSbdvraGWKOaeo4nhmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHVISXhseUc2Tkp0Mi10b1pZbzVwNmppZUdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hNDUzZmUtYTY2NC00N2EyLThiOGEt
Y2U1ZTAxZTcxYzkxLzEvNTRabWVWRWRpU1JER1JSR19ESTZ3V2lVZDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hNDUzZmUtYTY2NC00N2EyLThiOGEtY2U1ZTAxZTcxYzkx
LzEveHVISXhseUc2Tkp0Mi10b1pZbzVwNmppZUdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABZL8UD
BABZL8YDBABZL8gwDQYJKoZIhvcNAQELBQADggEBAF3IDUPLBUCEo8/z9dvqiA+G
UwsK0uiEv+k7Ci83n+t7EMkWX6U5H+aDNs9xV7lF580qxztkoxdirTEoH1xyY27X
lXTYzH29oRafRytluATD+rdEOzceFwpSdkcqaPhmZaaoTkJV8yUaPOC3HZfwH9sj
L3YpSLqv2WaYI8TSJcvqz/tRQCRQNEJrA7p4jrSxBXI0vdTtKAvahIQkCTO0eyPB
l+cHKnvzq1Pp4CXGTNOokB7fmHsmH+yDiQbtedkrUGUD+kB5sYui3MrHZPQv/52v
0syCmcEMyZb8S3sAHLitIZKmaIbDk8Gt5m9ImsG8bt9BRlC5r3xAEnyULuFdX+U=
-----END CERTIFICATE-----