Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/0UNxLFiNDnM7JAFQJgASYQsaA6g.roa
File:                     0UNxLFiNDnM7JAFQJgASYQsaA6g.roa (raw, json)
Hash identifier:          yeNDFn94twaWZPqm9gsLvpXQ7L9cVI5aXIkqJKLoX5M=
Subject key identifier:   D1:43:71:2C:58:8D:0E:73:3B:24:01:50:26:00:12:61:0B:1A:03:A8
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       0196C899E3C8FBDCDD29593FA103CACF18F6
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/0UNxLFiNDnM7JAFQJgASYQsaA6g.roa
Signing time:             Tue 13 May 2025 07:44:10 +0000
ROA not before:           Tue 13 May 2025 07:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214294
IP address blocks:        176.116.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:99:e3:c8:fb:dc:dd:29:59:3f:a1:03:ca:cf:18:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: May 13 07:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d143712c588d0e733b240150260012610b1a03a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b2:f0:8b:70:81:a3:f0:07:9b:71:6b:72:37:
                    1f:f5:36:a9:a5:8e:f9:0a:ac:85:b9:9f:b7:de:d5:
                    be:2b:25:db:05:8c:68:3f:96:2d:15:57:f2:c7:06:
                    fa:28:d9:95:1e:c1:4e:c8:c7:ee:bb:55:dd:85:ba:
                    f6:c9:dd:99:62:22:4b:48:9d:ad:d7:82:4e:a6:40:
                    0e:60:15:cb:17:ef:3d:da:f4:1e:c7:8c:65:64:17:
                    6f:a9:45:5c:f4:df:78:2b:52:a6:67:97:6a:51:59:
                    7e:be:1f:03:c3:25:ff:1c:7a:7e:6c:f6:c9:2e:5c:
                    e8:c9:3c:a4:fe:e1:26:e1:eb:82:f1:a5:55:0d:b5:
                    d7:39:91:d6:d1:14:f6:58:f2:6c:2b:0b:42:fa:55:
                    77:54:52:63:dc:6a:43:24:e1:80:78:e8:fb:3e:2f:
                    a8:52:2e:80:ed:98:50:28:4d:71:3c:45:2a:ff:b7:
                    3e:d8:66:a3:34:41:fd:b6:b7:a7:37:42:b9:d4:5e:
                    01:05:ee:26:f7:3b:46:01:e6:a0:cb:6d:18:f4:62:
                    12:f3:8a:19:36:47:8d:08:e0:4d:4d:13:f9:67:7d:
                    5c:f6:d6:8f:f1:44:9a:66:9e:1b:27:42:64:25:60:
                    d1:ce:bb:6d:de:11:04:cd:a5:bb:9f:b5:9e:60:e3:
                    98:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:43:71:2C:58:8D:0E:73:3B:24:01:50:26:00:12:61:0B:1A:03:A8
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/0UNxLFiNDnM7JAFQJgASYQsaA6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:63:51:84:1c:53:ff:b2:64:1e:f3:37:b0:18:f2:da:d3:bd:
         c3:bf:9f:91:a6:46:b0:b0:86:15:7b:e6:5c:63:d2:0d:bc:a4:
         c9:99:42:9e:e1:0a:dd:23:7d:0b:5d:64:8f:8b:9b:a0:76:6e:
         06:7d:5b:b3:c0:e0:f0:08:12:3e:46:63:81:5a:3c:a3:7c:ac:
         db:8f:17:d0:6f:0d:2f:d0:fb:bc:bf:88:23:14:e1:2a:e0:c9:
         83:99:55:76:40:44:2d:cb:15:b4:86:64:e7:5e:b0:59:42:18:
         5e:1d:c0:dc:25:d6:72:99:83:b2:de:24:90:7e:0d:dd:ed:75:
         da:cd:63:e3:82:54:94:35:62:61:70:8c:1a:d3:a3:5f:ca:f9:
         36:bd:e1:2d:52:b1:25:be:ec:cf:de:64:45:b8:12:b0:47:fe:
         38:d0:a2:c6:50:83:8e:46:a7:27:5b:86:d1:b1:4c:91:bf:ad:
         7f:21:d9:11:5e:78:f9:e0:8b:a1:43:89:b9:33:cb:92:f7:6f:
         10:36:ca:26:db:97:ca:83:47:91:03:79:b0:d3:31:bb:ba:95:
         a9:ff:8c:97:f7:68:53:7e:fc:20:f1:8b:fe:68:c7:1a:b2:6b:
         15:fc:74:4a:11:aa:56:6e:20:64:1b:9d:c2:a1:4b:a8:67:ca:
         d0:14:21:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbImePI+9zdKVk/oQPKzxj2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjUwNTEzMDc0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTQzNzEyYzU4OGQwZTczM2IyNDAxNTAyNjAwMTI2MTBiMWEwM2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrLwi3CBo/AHm3Frcjcf9TappY75
CqyFuZ+33tW+KyXbBYxoP5YtFVfyxwb6KNmVHsFOyMfuu1Xdhbr2yd2ZYiJLSJ2t
14JOpkAOYBXLF+892vQex4xlZBdvqUVc9N94K1KmZ5dqUVl+vh8DwyX/HHp+bPbJ
LlzoyTyk/uEm4euC8aVVDbXXOZHW0RT2WPJsKwtC+lV3VFJj3GpDJOGAeOj7Pi+o
Ui6A7ZhQKE1xPEUq/7c+2GajNEH9trenN0K51F4BBe4m9ztGAeagy20Y9GIS84oZ
NkeNCOBNTRP5Z31c9taP8USaZp4bJ0JkJWDRzrtt3hEEzaW7n7WeYOOY3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFDcSxYjQ5zOyQBUCYAEmELGgOoMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvMFVOeExGaU5Ebk03SkFGUUpnQVNZUXNhQTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQGMA0G
CSqGSIb3DQEBCwUAA4IBAQCuY1GEHFP/smQe8zewGPLa073Dv5+RpkawsIYVe+Zc
Y9INvKTJmUKe4QrdI30LXWSPi5ugdm4GfVuzwODwCBI+RmOBWjyjfKzbjxfQbw0v
0Pu8v4gjFOEq4MmDmVV2QEQtyxW0hmTnXrBZQhheHcDcJdZymYOy3iSQfg3d7XXa
zWPjglSUNWJhcIwa06Nfyvk2veEtUrElvuzP3mRFuBKwR/440KLGUIOORqcnW4bR
sUyRv61/IdkRXnj54IuhQ4m5M8uS928QNsom25fKg0eRA3mw0zG7upWp/4yX92hT
fvwg8Yv+aMcasmsV/HRKEapWbiBkG53CoUuoZ8rQFCE5
-----END CERTIFICATE-----