Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/R4y6nmRwFjxvCaBL6-dKT9J0J6Q.roa
File:                     R4y6nmRwFjxvCaBL6-dKT9J0J6Q.roa (raw, json)
Hash identifier:          28wuF3mqSVql0QwjKVa6D2zxJkPAFMQWmiTuYpkc2Gk=
Subject key identifier:   47:8C:BA:9E:64:70:16:3C:6F:09:A0:4B:EB:E7:4A:4F:D2:74:27:A4
Certificate issuer:       /CN=f5cf73b3e45f772fae1b915690b317344c3f442b
Certificate serial:       01942826F76BDC7AD51ECB418E9370925E0E
Authority key identifier: F5:CF:73:B3:E4:5F:77:2F:AE:1B:91:56:90:B3:17:34:4C:3F:44:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/R4y6nmRwFjxvCaBL6-dKT9J0J6Q.roa
Signing time:             Thu 02 Jan 2025 17:53:49 +0000
ROA not before:           Thu 02 Jan 2025 17:53:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60144
IP address blocks:        185.197.160.0/22 maxlen: 24
                          193.42.108.0/22 maxlen: 24
                          2a0f:ea80::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:f7:6b:dc:7a:d5:1e:cb:41:8e:93:70:92:5e:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5cf73b3e45f772fae1b915690b317344c3f442b
        Validity
            Not Before: Jan  2 17:53:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=478cba9e6470163c6f09a04bebe74a4fd27427a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fd:c3:e6:64:11:e7:bf:8c:6b:f3:b2:08:57:
                    05:6d:a5:2a:6d:c5:25:00:05:7a:2f:80:72:9c:08:
                    c0:4d:d0:8c:d5:ca:4d:e4:6b:9c:dc:87:5c:db:ec:
                    f2:0b:c7:5b:4d:fb:d8:c1:33:1f:4f:7b:84:fb:28:
                    fd:15:e7:76:a4:ff:aa:66:63:18:e2:14:02:f1:80:
                    7b:c5:4e:32:ad:bc:af:78:a3:d6:98:0a:f7:06:f7:
                    8b:4a:39:36:4f:c8:94:24:e9:26:0b:2e:09:8a:32:
                    5a:9e:d8:a6:67:34:01:d7:ee:b9:f2:86:3e:65:e9:
                    f2:cd:b6:4c:84:06:a5:87:13:d2:11:c7:e0:62:34:
                    b3:7b:07:76:3f:8b:b0:e2:ea:41:30:ab:5a:96:b1:
                    24:fd:78:8f:58:9e:f5:88:bc:7a:2d:59:e3:4e:4b:
                    c4:5c:c5:1c:59:82:49:c4:54:b9:20:f3:16:7b:3f:
                    1f:52:7c:6d:b7:cf:60:39:a3:9c:18:8c:ce:5e:31:
                    fa:28:80:51:6b:0d:8b:f4:6c:c8:f1:23:4c:89:68:
                    a5:17:d9:ea:8b:8a:65:8f:5b:eb:f4:f0:85:49:94:
                    19:d4:91:81:02:3d:41:c3:b2:09:1a:89:ae:52:73:
                    fb:95:43:03:06:c5:fd:4f:da:ad:a6:96:9d:c2:74:
                    76:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:8C:BA:9E:64:70:16:3C:6F:09:A0:4B:EB:E7:4A:4F:D2:74:27:A4
            X509v3 Authority Key Identifier:
                keyid:F5:CF:73:B3:E4:5F:77:2F:AE:1B:91:56:90:B3:17:34:4C:3F:44:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/R4y6nmRwFjxvCaBL6-dKT9J0J6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.160.0/22
                  193.42.108.0/22
                IPv6:
                  2a0f:ea80::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:90:0b:34:8c:30:51:ac:33:eb:07:70:fa:6b:db:f8:65:e7:
         55:d1:8c:e1:73:ed:6c:eb:1b:81:99:35:3f:07:3a:6a:08:ef:
         42:f6:06:20:84:18:34:96:dd:c1:21:19:18:92:92:55:8b:2b:
         34:e4:9b:08:fc:ed:a0:16:2e:d8:92:07:a7:76:02:6c:bc:1a:
         a4:d8:ab:ee:31:d4:75:59:22:48:9b:2b:30:34:df:f4:8c:24:
         25:78:7f:78:4c:41:5d:54:a4:21:96:c4:f9:f9:15:af:9a:59:
         b7:34:22:3f:e4:37:7d:09:33:9a:dc:73:83:43:e1:c4:92:3b:
         2d:3c:fc:b2:3b:2b:7b:5f:17:af:41:ca:79:e0:c7:8e:0d:b7:
         b2:20:4d:20:36:37:26:c4:e7:42:ba:8c:88:f5:98:aa:7a:b7:
         84:4a:44:ce:8c:aa:91:57:eb:32:50:23:0d:23:79:04:17:a8:
         86:8a:3e:4c:ea:bd:0f:5f:c2:b6:eb:4b:f5:ea:c5:2d:67:14:
         35:0a:6c:69:a5:ad:5c:56:f3:80:f6:1b:31:56:e1:a3:e5:f8:
         4a:05:60:25:02:cc:ec:58:c2:3e:32:d0:c3:77:e5:04:64:45:
         52:9a:a5:29:d1:df:a3:2e:28:05:de:60:2f:e7:1f:3a:b9:dc:
         d9:14:9f:58
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQoJvdr3HrVHstBjpNwkl4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1Y2Y3M2IzZTQ1Zjc3MmZhZTFiOTE1NjkwYjMxNzM0NGMz
ZjQ0MmIwHhcNMjUwMTAyMTc1MzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzhjYmE5ZTY0NzAxNjNjNmYwOWEwNGJlYmU3NGE0ZmQyNzQyN2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApv3D5mQR57+Ma/OyCFcFbaUqbcUl
AAV6L4BynAjATdCM1cpN5Guc3Idc2+zyC8dbTfvYwTMfT3uE+yj9Fed2pP+qZmMY
4hQC8YB7xU4yrbyveKPWmAr3BveLSjk2T8iUJOkmCy4JijJantimZzQB1+658oY+
ZenyzbZMhAalhxPSEcfgYjSzewd2P4uw4upBMKtalrEk/XiPWJ71iLx6LVnjTkvE
XMUcWYJJxFS5IPMWez8fUnxtt89gOaOcGIzOXjH6KIBRaw2L9GzI8SNMiWilF9nq
i4plj1vr9PCFSZQZ1JGBAj1Bw7IJGomuUnP7lUMDBsX9T9qtppadwnR2FwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEeMup5kcBY8bwmgS+vnSk/SdCekMB8GA1UdIwQY
MBaAFPXPc7PkX3cvrhuRVpCzFzRMP0QrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWM5enMtUmZkeS11RzVGV2tMTVhORXdfUkNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zYmU4NjUtNWM3OS00N2MwLWFhNGQt
MWM2NTRlMDJkNzVkLzEvUjR5Nm5tUndGanh2Q2FCTDYtZEtUOUowSjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zYmU4NjUtNWM3OS00N2MwLWFhNGQtMWM2NTRlMDJkNzVk
LzEvOWM5enMtUmZkeS11RzVGV2tMTVhORXdfUkNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCucWgAwQC
wSpsMA0EAgACMAcDBQAqD+qAMA0GCSqGSIb3DQEBCwUAA4IBAQCbkAs0jDBRrDPr
B3D6a9v4ZedV0Yzhc+1s6xuBmTU/BzpqCO9C9gYghBg0lt3BIRkYkpJViys05JsI
/O2gFi7YkgendgJsvBqk2KvuMdR1WSJImyswNN/0jCQleH94TEFdVKQhlsT5+RWv
mlm3NCI/5Dd9CTOa3HODQ+HEkjstPPyyOyt7XxevQcp54MeODbeyIE0gNjcmxOdC
uoyI9ZiqereESkTOjKqRV+syUCMNI3kEF6iGij5M6r0PX8K260v16sUtZxQ1Cmxp
pa1cVvOA9hsxVuGj5fhKBWAlAszsWMI+MtDDd+UEZEVSmqUp0d+jLigF3mAv5x86
udzZFJ9Y
-----END CERTIFICATE-----