Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/6kPkXmlWSAQjjCwMVOC6F-rjNv0.roa
File:                     6kPkXmlWSAQjjCwMVOC6F-rjNv0.roa (raw, json)
Hash identifier:          sTc836fo7TkkLRKHAoIO0+HiUzTAeRmVazBYlJks2f4=
Subject key identifier:   EA:43:E4:5E:69:56:48:04:23:8C:2C:0C:54:E0:BA:17:EA:E3:36:FD
Certificate issuer:       /CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
Certificate serial:       01941F8C8107D96226279AB25FF9D6E773B3
Authority key identifier: 64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/6kPkXmlWSAQjjCwMVOC6F-rjNv0.roa
Signing time:             Wed 01 Jan 2025 01:48:09 +0000
ROA not before:           Wed 01 Jan 2025 01:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50440
IP address blocks:        37.122.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:81:07:d9:62:26:27:9a:b2:5f:f9:d6:e7:73:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
        Validity
            Not Before: Jan  1 01:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea43e45e69564804238c2c0c54e0ba17eae336fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:32:e1:14:73:5a:ba:59:9b:c6:3c:27:8d:fb:
                    34:b6:07:be:2b:58:a9:7c:f2:01:f9:2c:6e:5d:cf:
                    38:58:6d:5f:7b:e6:c7:0e:7d:ae:60:4c:38:9c:7c:
                    cd:4d:1d:69:ac:8b:9e:c1:7c:72:69:55:5d:09:2b:
                    6a:08:f3:ba:dc:b4:d5:26:3f:31:85:21:fe:85:73:
                    ea:bb:f2:e9:85:05:3e:ab:e7:44:6f:8a:db:15:e6:
                    19:bc:24:ea:70:dc:8a:88:8e:2b:64:21:18:df:eb:
                    7e:c7:ea:5d:4e:3b:e8:53:93:6d:01:24:d1:5e:64:
                    52:4a:52:4c:4f:7f:7b:cf:ef:39:73:83:d6:f9:eb:
                    4d:74:b6:b9:20:a5:38:f6:d1:52:67:29:6d:9e:c8:
                    50:c5:a1:14:6c:8b:45:6d:cd:c4:92:49:58:89:b0:
                    36:14:d3:c7:db:28:22:1d:0b:8c:4c:0e:77:ca:17:
                    bf:52:e4:a8:64:cc:a5:b6:54:c3:f6:62:a9:96:3d:
                    d5:8e:40:91:cc:17:17:f8:f2:5d:4d:ed:6c:5e:33:
                    d3:3a:80:27:72:be:f1:e8:a7:6f:6a:76:83:3e:e2:
                    94:74:71:69:2e:d0:93:08:d5:b4:82:72:ca:d9:99:
                    85:f4:4f:ed:6d:9f:44:43:8c:a5:37:40:7d:6e:5b:
                    e1:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:43:E4:5E:69:56:48:04:23:8C:2C:0C:54:E0:BA:17:EA:E3:36:FD
            X509v3 Authority Key Identifier:
                keyid:64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/6kPkXmlWSAQjjCwMVOC6F-rjNv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.122.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:d4:b9:04:19:db:e3:52:d7:be:9f:78:7e:54:f9:8b:49:19:
         15:00:78:16:2e:12:bf:63:c2:ac:75:65:fb:a3:b2:f6:2d:7b:
         7b:dc:5b:64:a4:0f:e8:88:34:f7:b1:95:3d:fe:54:2b:12:4b:
         4d:47:1b:ef:8b:8f:42:78:e7:d2:64:7c:68:61:97:f0:63:17:
         ba:17:5c:42:6f:af:0d:0f:f6:06:88:c4:fc:09:bd:fa:84:12:
         62:d7:8f:e6:4d:0f:84:ce:4f:6c:8c:52:9b:79:10:08:fd:38:
         fb:24:2c:2b:0c:cb:d1:a7:24:b6:71:ff:c5:2d:d8:4e:99:b4:
         1d:32:b6:e8:04:95:45:92:c1:13:8a:b9:24:e2:da:9c:0f:2c:
         b6:cd:70:80:1a:6a:33:c5:91:e6:d3:0a:bb:db:cf:4d:93:9e:
         c2:c8:73:c3:a9:ec:98:fa:28:78:93:74:4b:e1:d5:c5:e6:64:
         48:38:3a:8d:73:0d:0a:71:f5:0a:41:18:b1:5c:43:76:56:1f:
         f2:28:43:19:61:11:1e:47:c0:a9:ca:59:1f:a0:95:16:96:70:
         ed:60:53:14:b3:93:54:ea:06:5a:65:65:6b:42:70:15:af:8c:
         e1:04:4b:5f:09:60:e0:ac:6c:58:7a:3f:e4:ed:19:2d:46:80:
         ad:f2:19:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjIEH2WImJ5qyX/nW53OzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDE3MWY5M2NjMWNhNzE2ZmM4MDZlMzZhNTU4NTJjZGY0
ZjFjMWMwHhcNMjUwMTAxMDE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQzZTQ1ZTY5NTY0ODA0MjM4YzJjMGM1NGUwYmExN2VhZTMzNmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjLhFHNaulmbxjwnjfs0tge+K1ip
fPIB+SxuXc84WG1fe+bHDn2uYEw4nHzNTR1prIuewXxyaVVdCStqCPO63LTVJj8x
hSH+hXPqu/LphQU+q+dEb4rbFeYZvCTqcNyKiI4rZCEY3+t+x+pdTjvoU5NtASTR
XmRSSlJMT397z+85c4PW+etNdLa5IKU49tFSZyltnshQxaEUbItFbc3EkklYibA2
FNPH2ygiHQuMTA53yhe/UuSoZMyltlTD9mKplj3VjkCRzBcX+PJdTe1sXjPTOoAn
cr7x6KdvanaDPuKUdHFpLtCTCNW0gnLK2ZmF9E/tbZ9EQ4ylN0B9blvh4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpD5F5pVkgEI4wsDFTguhfq4zb9MB8GA1UdIwQY
MBaAFGTRcfk8wcpxb8gG42pVhSzfTxwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAt
YTQ2MzVkZjQ3ZDcwLzEvNmtQa1htbFdTQVFqakN3TVZPQzZGLXJqTnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAtYTQ2MzVkZjQ3ZDcw
LzEvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXqaMA0G
CSqGSIb3DQEBCwUAA4IBAQA31LkEGdvjUte+n3h+VPmLSRkVAHgWLhK/Y8KsdWX7
o7L2LXt73FtkpA/oiDT3sZU9/lQrEktNRxvvi49CeOfSZHxoYZfwYxe6F1xCb68N
D/YGiMT8Cb36hBJi14/mTQ+Ezk9sjFKbeRAI/Tj7JCwrDMvRpyS2cf/FLdhOmbQd
MrboBJVFksETirkk4tqcDyy2zXCAGmozxZHm0wq7289Nk57CyHPDqeyY+ih4k3RL
4dXF5mRIODqNcw0KcfUKQRixXEN2Vh/yKEMZYREeR8CpylkfoJUWlnDtYFMUs5NU
6gZaZWVrQnAVr4zhBEtfCWDgrGxYej/k7RktRoCt8hm+
-----END CERTIFICATE-----