Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/6nsqKOpq5i7jyqObkwahl2KnBOE.roa
File:                     6nsqKOpq5i7jyqObkwahl2KnBOE.roa (raw, json)
Hash identifier:          nmfKFa4ZtcKyaT+5uc3ZueRsJc4oH7PPPfEcOlbfYZ4=
Subject key identifier:   EA:7B:2A:28:EA:6A:E6:2E:E3:CA:A3:9B:93:06:A1:97:62:A7:04:E1
Certificate issuer:       /CN=17bbd60374bc23ed07d01c24e7cfd9178b8fed21
Certificate serial:       0194266B35A8A87C706C26CBCB43123BE943
Authority key identifier: 17:BB:D6:03:74:BC:23:ED:07:D0:1C:24:E7:CF:D9:17:8B:8F:ED:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/6nsqKOpq5i7jyqObkwahl2KnBOE.roa
Signing time:             Thu 02 Jan 2025 09:49:07 +0000
ROA not before:           Thu 02 Jan 2025 09:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201207
IP address blocks:        185.66.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:35:a8:a8:7c:70:6c:26:cb:cb:43:12:3b:e9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17bbd60374bc23ed07d01c24e7cfd9178b8fed21
        Validity
            Not Before: Jan  2 09:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea7b2a28ea6ae62ee3caa39b9306a19762a704e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:47:59:bc:a1:19:42:c8:1c:70:1b:55:12:0e:
                    a6:eb:ae:35:1d:cd:40:ba:de:18:8b:e5:c0:6a:53:
                    26:db:0d:d7:46:1c:62:a6:11:77:70:dc:4c:00:ec:
                    a1:5c:6e:08:d5:01:17:46:fd:99:b2:5f:f7:9e:73:
                    84:88:98:90:72:40:d0:88:2b:78:35:f6:7f:39:b9:
                    1c:f2:6b:39:55:be:8e:7e:16:e0:92:2a:f0:b8:65:
                    7e:48:92:27:c2:ca:37:81:02:60:e2:75:32:55:f2:
                    d5:db:df:fb:21:1c:73:42:25:58:4c:ae:22:e0:f3:
                    64:24:cb:0d:50:e9:7e:45:53:50:ce:6c:c8:fb:19:
                    97:39:2b:76:b9:20:c1:ac:9f:34:65:22:ea:4d:73:
                    d9:bb:bb:54:2c:57:97:77:dc:04:be:df:1c:24:5a:
                    1c:77:0a:b3:f6:37:cc:39:06:1f:25:d8:cf:d2:b9:
                    19:97:68:f0:16:33:f8:3c:ea:d6:92:c0:92:7a:c6:
                    0a:9b:ef:03:ed:95:22:fd:42:bc:ef:36:7b:d8:bd:
                    d9:71:b8:ec:25:89:83:00:75:c8:5e:f2:46:de:44:
                    e2:64:a4:dc:41:af:e5:d4:07:c4:e4:1c:1e:c5:fc:
                    c4:55:d5:1b:e4:15:c4:46:4a:f6:2a:74:47:42:76:
                    14:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:7B:2A:28:EA:6A:E6:2E:E3:CA:A3:9B:93:06:A1:97:62:A7:04:E1
            X509v3 Authority Key Identifier:
                keyid:17:BB:D6:03:74:BC:23:ED:07:D0:1C:24:E7:CF:D9:17:8B:8F:ED:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/6nsqKOpq5i7jyqObkwahl2KnBOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5b73d7-f1f5-4e8f-a4b6-cdf89683540e/1/F7vWA3S8I-0H0Bwk58_ZF4uP7SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:da:74:ba:90:6c:e6:82:0b:59:cf:8e:e2:4e:b2:e7:fb:73:
         65:ab:c8:93:98:a4:d1:bf:9d:d6:72:f1:79:6a:6e:04:4b:7e:
         9e:be:ff:7d:99:37:78:34:6a:db:58:b8:b3:fa:62:c5:ee:fc:
         6c:fc:bb:29:11:ae:de:2c:91:12:34:31:2b:a3:d5:03:ad:59:
         87:8e:b0:ba:d3:49:e8:56:58:c6:6a:24:47:f8:4a:c9:39:b2:
         5b:82:cb:cb:43:20:02:1c:c6:e6:81:0b:f4:d4:e9:da:c9:ad:
         cf:94:6a:00:b5:e0:db:4e:3f:3f:15:83:47:c6:a7:2f:76:c9:
         8e:98:35:a2:7c:50:ec:24:45:ad:49:ab:e5:c3:13:fe:03:62:
         8e:5d:ed:93:78:7c:f8:58:b9:48:e0:3d:57:c0:3a:8a:93:c9:
         10:03:fd:1a:41:c5:fa:70:1f:49:bd:dc:d4:e0:0d:f1:ed:08:
         86:33:5e:50:d1:c8:55:e1:a1:6e:73:eb:d5:5e:a2:a5:71:e7:
         a0:77:07:9e:86:83:86:b1:0f:a4:7b:98:c2:19:f6:5f:be:b6:
         f7:9d:60:71:af:e2:7b:9e:bf:6f:85:f3:49:4c:5b:33:8e:dd:
         ef:9a:23:60:05:a2:2e:06:79:9a:fe:90:4e:f1:13:3c:10:07:
         84:16:4d:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmazWoqHxwbCbLy0MSO+lDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YmJkNjAzNzRiYzIzZWQwN2QwMWMyNGU3Y2ZkOTE3OGI4
ZmVkMjEwHhcNMjUwMTAyMDk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTdiMmEyOGVhNmFlNjJlZTNjYWEzOWI5MzA2YTE5NzYyYTcwNGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50dZvKEZQsgccBtVEg6m6641Hc1A
ut4Yi+XAalMm2w3XRhxiphF3cNxMAOyhXG4I1QEXRv2Zsl/3nnOEiJiQckDQiCt4
NfZ/Obkc8ms5Vb6OfhbgkirwuGV+SJInwso3gQJg4nUyVfLV29/7IRxzQiVYTK4i
4PNkJMsNUOl+RVNQzmzI+xmXOSt2uSDBrJ80ZSLqTXPZu7tULFeXd9wEvt8cJFoc
dwqz9jfMOQYfJdjP0rkZl2jwFjP4POrWksCSesYKm+8D7ZUi/UK87zZ72L3Zcbjs
JYmDAHXIXvJG3kTiZKTcQa/l1AfE5BwexfzEVdUb5BXERkr2KnRHQnYU9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOp7KijqauYu48qjm5MGoZdipwThMB8GA1UdIwQY
MBaAFBe71gN0vCPtB9AcJOfP2ReLj+0hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjd2V0EzUzhJLTBIMEJ3azU4X1pGNHVQN1NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy81YjczZDctZjFmNS00ZThmLWE0YjYt
Y2RmODk2ODM1NDBlLzEvNm5zcUtPcHE1aTdqeXFPYmt3YWhsMktuQk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy81YjczZDctZjFmNS00ZThmLWE0YjYtY2RmODk2ODM1NDBl
LzEvRjd2V0EzUzhJLTBIMEJ3azU4X1pGNHVQN1NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuULUMA0G
CSqGSIb3DQEBCwUAA4IBAQBx2nS6kGzmggtZz47iTrLn+3Nlq8iTmKTRv53WcvF5
am4ES36evv99mTd4NGrbWLiz+mLF7vxs/LspEa7eLJESNDEro9UDrVmHjrC600no
VljGaiRH+ErJObJbgsvLQyACHMbmgQv01Onaya3PlGoAteDbTj8/FYNHxqcvdsmO
mDWifFDsJEWtSavlwxP+A2KOXe2TeHz4WLlI4D1XwDqKk8kQA/0aQcX6cB9JvdzU
4A3x7QiGM15Q0chV4aFuc+vVXqKlceegdweehoOGsQ+ke5jCGfZfvrb3nWBxr+J7
nr9vhfNJTFszjt3vmiNgBaIuBnma/pBO8RM8EAeEFk1a
-----END CERTIFICATE-----