Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/xf5euvYwoNkCugSTZpIpZIs6gdQ.roa
File:                     xf5euvYwoNkCugSTZpIpZIs6gdQ.roa (raw, json)
Hash identifier:          TROZHBrJUwOEntOqJDRdHWhVUC4xDktW9XYJSjQLr0c=
Subject key identifier:   C5:FE:5E:BA:F6:30:A0:D9:02:BA:04:93:66:92:29:64:8B:3A:81:D4
Certificate issuer:       /CN=6894e1b8da80cac2ad1a2f3f09bf9db5a12486a4
Certificate serial:       019421B1BDE8BB472E1ACBE4B76DDCF8B464
Authority key identifier: 68:94:E1:B8:DA:80:CA:C2:AD:1A:2F:3F:09:BF:9D:B5:A1:24:86:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/xf5euvYwoNkCugSTZpIpZIs6gdQ.roa
Signing time:             Wed 01 Jan 2025 11:48:04 +0000
ROA not before:           Wed 01 Jan 2025 11:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206610
IP address blocks:        46.29.176.0/21 maxlen: 24
                          185.28.204.0/22 maxlen: 24
                          2a02:2290::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/aJThuNqAysKtGi8_Cb-dtaEkhqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/aJThuNqAysKtGi8_Cb-dtaEkhqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:bd:e8:bb:47:2e:1a:cb:e4:b7:6d:dc:f8:b4:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6894e1b8da80cac2ad1a2f3f09bf9db5a12486a4
        Validity
            Not Before: Jan  1 11:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5fe5ebaf630a0d902ba0493669229648b3a81d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:55:57:46:79:1f:6d:31:06:e2:f3:76:3b:9d:
                    2f:07:a8:3b:bf:aa:13:6a:67:af:a5:1c:b2:e8:9d:
                    61:24:f4:e8:1d:9b:00:c7:8e:5e:fe:c1:1e:a6:55:
                    01:be:6b:2e:59:00:59:7e:90:25:31:a1:46:9f:f7:
                    c7:97:fd:92:8b:e0:cb:d7:d9:92:bf:13:7a:12:67:
                    e9:33:3a:1a:f8:ce:f9:70:ac:d7:8c:a2:a6:e6:f9:
                    cc:2d:bb:c4:c0:51:03:d9:91:05:81:21:e8:8f:86:
                    3d:41:ad:0a:3a:d6:bf:d3:a1:50:24:ea:04:f2:de:
                    21:53:f5:29:71:f6:61:3a:49:b1:e2:87:7d:be:6c:
                    c2:95:a7:85:4e:c4:45:91:55:98:80:d7:54:f7:0f:
                    d4:eb:94:4a:a9:aa:63:1a:c8:5a:b9:7d:c3:bd:8b:
                    1a:f9:5c:cf:09:af:86:5d:d5:ae:92:c1:01:b3:98:
                    11:af:77:39:32:c0:cb:de:1c:11:28:06:4e:6e:2a:
                    18:aa:b0:e5:f0:d5:4e:aa:8b:84:43:19:51:75:55:
                    c5:9d:ec:50:d2:20:5c:e7:91:69:3c:93:29:b3:7e:
                    19:f7:ad:65:23:36:10:86:83:fa:ed:ae:70:31:fb:
                    5e:db:c8:32:a7:fc:4f:60:b3:84:96:b5:6f:e0:3a:
                    34:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:FE:5E:BA:F6:30:A0:D9:02:BA:04:93:66:92:29:64:8B:3A:81:D4
            X509v3 Authority Key Identifier:
                keyid:68:94:E1:B8:DA:80:CA:C2:AD:1A:2F:3F:09:BF:9D:B5:A1:24:86:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/xf5euvYwoNkCugSTZpIpZIs6gdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/aJThuNqAysKtGi8_Cb-dtaEkhqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.176.0/21
                  185.28.204.0/22
                IPv6:
                  2a02:2290::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:39:a0:67:8d:0b:fe:a9:bc:8f:77:8b:25:a1:84:49:98:78:
         12:f2:c7:5d:f7:98:8d:56:ad:62:84:5f:28:8a:d0:d6:92:b8:
         6b:18:e8:df:9e:21:6c:00:10:69:ca:3d:e2:53:33:d0:96:9a:
         04:0b:cf:da:19:60:2b:77:ab:aa:09:9d:36:2a:d3:84:b4:1b:
         1b:7a:5f:ff:65:63:02:ae:21:fb:4f:ee:b3:18:f1:37:6c:7e:
         bc:5c:3c:ae:a8:4b:f9:c7:cb:5f:7e:91:b2:41:63:2f:e1:24:
         fb:19:58:fb:05:31:07:31:d7:96:87:f7:b2:1e:05:d8:09:60:
         86:5b:71:63:12:38:db:9d:36:8e:e9:64:46:b1:4b:8d:bd:ad:
         d2:ec:c9:2f:7e:02:11:58:71:e3:0d:eb:fb:30:5a:49:d5:f6:
         15:fe:c3:1b:00:17:1c:bf:4c:50:26:73:87:e0:aa:88:15:96:
         07:b6:ed:d0:f7:0e:d1:f8:4d:1e:15:f8:c0:a5:36:5d:0e:ad:
         80:fd:16:dd:06:9a:48:e1:e4:ad:10:76:9b:9e:75:09:94:36:
         90:ab:0c:aa:7a:3d:a4:46:ad:10:c0:38:03:bb:44:6c:e4:d1:
         0e:03:33:b5:be:ad:79:d9:f4:9b:f3:78:36:f7:9d:fc:38:1d:
         98:19:7a:49
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhsb3ou0cuGsvkt23c+LRkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4OTRlMWI4ZGE4MGNhYzJhZDFhMmYzZjA5YmY5ZGI1YTEy
NDg2YTQwHhcNMjUwMTAxMTE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWZlNWViYWY2MzBhMGQ5MDJiYTA0OTM2NjkyMjk2NDhiM2E4MWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1VXRnkfbTEG4vN2O50vB6g7v6oT
amevpRyy6J1hJPToHZsAx45e/sEeplUBvmsuWQBZfpAlMaFGn/fHl/2Si+DL19mS
vxN6EmfpMzoa+M75cKzXjKKm5vnMLbvEwFED2ZEFgSHoj4Y9Qa0KOta/06FQJOoE
8t4hU/UpcfZhOkmx4od9vmzClaeFTsRFkVWYgNdU9w/U65RKqapjGshauX3DvYsa
+VzPCa+GXdWuksEBs5gRr3c5MsDL3hwRKAZObioYqrDl8NVOqouEQxlRdVXFnexQ
0iBc55FpPJMps34Z961lIzYQhoP67a5wMfte28gyp/xPYLOElrVv4Do0WQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMX+Xrr2MKDZAroEk2aSKWSLOoHUMB8GA1UdIwQY
MBaAFGiU4bjagMrCrRovPwm/nbWhJIakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUpUaHVOcUF5c0t0R2k4X0NiLWR0YUVraHFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8yY2FiMWEtZGY2Ni00MTg3LWIxODIt
NzAzY2FiNGQwNTk4LzEveGY1ZXV2WXdvTmtDdWdTVFpwSXBaSXM2Z2RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8yY2FiMWEtZGY2Ni00MTg3LWIxODItNzAzY2FiNGQwNTk4
LzEvYUpUaHVOcUF5c0t0R2k4X0NiLWR0YUVraHFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLh2wAwQC
uRzMMA0EAgACMAcDBQMqAiKQMA0GCSqGSIb3DQEBCwUAA4IBAQA+OaBnjQv+qbyP
d4sloYRJmHgS8sdd95iNVq1ihF8oitDWkrhrGOjfniFsABBpyj3iUzPQlpoEC8/a
GWArd6uqCZ02KtOEtBsbel//ZWMCriH7T+6zGPE3bH68XDyuqEv5x8tffpGyQWMv
4ST7GVj7BTEHMdeWh/eyHgXYCWCGW3FjEjjbnTaO6WRGsUuNva3S7MkvfgIRWHHj
Dev7MFpJ1fYV/sMbABccv0xQJnOH4KqIFZYHtu3Q9w7R+E0eFfjApTZdDq2A/Rbd
BppI4eStEHabnnUJlDaQqwyqej2kRq0QwDgDu0Rs5NEOAzO1vq152fSb83g29538
OB2YGXpJ
-----END CERTIFICATE-----