Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/6mTYkUzvhb-Htm6lfZWXyJFAe3g.roa
File:                     6mTYkUzvhb-Htm6lfZWXyJFAe3g.roa (raw, json)
Hash identifier:          wl2jbKj60gngwVW2ZgUBMEJL1S5Obo/uhCmKyt9SPvM=
Subject key identifier:   EA:64:D8:91:4C:EF:85:BF:87:B6:6E:A5:7D:95:97:C8:91:40:7B:78
Certificate issuer:       /CN=878f7b7240c58ad7e9eef50574f6088e9b90b02d
Certificate serial:       019426D99BFCD389A4C80CD6462F69C1FE29
Authority key identifier: 87:8F:7B:72:40:C5:8A:D7:E9:EE:F5:05:74:F6:08:8E:9B:90:B0:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h497ckDFitfp7vUFdPYIjpuQsC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/6mTYkUzvhb-Htm6lfZWXyJFAe3g.roa
Signing time:             Thu 02 Jan 2025 11:49:42 +0000
ROA not before:           Thu 02 Jan 2025 11:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29396
IP address blocks:        193.222.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/h497ckDFitfp7vUFdPYIjpuQsC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/h497ckDFitfp7vUFdPYIjpuQsC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h497ckDFitfp7vUFdPYIjpuQsC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:9b:fc:d3:89:a4:c8:0c:d6:46:2f:69:c1:fe:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=878f7b7240c58ad7e9eef50574f6088e9b90b02d
        Validity
            Not Before: Jan  2 11:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea64d8914cef85bf87b66ea57d9597c891407b78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:eb:5b:87:56:ca:bb:17:09:3e:89:1a:63:3c:
                    eb:e6:b0:13:aa:f7:59:fe:7d:2d:1d:02:7e:ea:1b:
                    06:58:d5:d9:c7:27:ca:c9:f4:de:71:a0:2e:c5:5f:
                    17:2a:91:6b:0c:60:bf:33:63:73:7c:f1:60:2e:ed:
                    60:da:f8:4b:f6:95:43:55:73:cc:a8:36:72:ab:1a:
                    14:01:2d:b8:94:84:8c:30:e3:f3:e6:d7:4a:ea:39:
                    f3:4a:4a:37:97:aa:d3:1d:4b:0b:44:ca:f6:b6:a7:
                    9e:50:d9:4b:40:ac:56:29:f7:87:1c:a9:85:3d:bf:
                    68:e7:cb:a2:ed:bc:8f:f0:1b:4d:b9:55:24:0b:e3:
                    e8:67:70:0f:fe:bf:a5:24:4d:a6:76:b3:13:6b:4b:
                    0d:1b:f3:60:8d:b3:d2:df:40:78:2c:9c:77:24:b0:
                    8e:aa:34:7a:09:73:85:61:0f:3f:cd:60:07:f1:8a:
                    0f:0e:7e:7b:e4:38:a4:6d:95:0b:2f:a3:fd:e8:4c:
                    f1:bd:5e:4b:f9:21:db:80:ab:ed:9d:89:d8:52:58:
                    c6:00:51:30:33:f7:f0:e4:83:84:e4:f6:21:00:d8:
                    fc:9f:d9:24:1c:8f:b4:3e:31:af:5d:d0:c4:9a:61:
                    14:eb:91:f6:99:03:b5:b6:eb:25:12:f7:a0:e0:ec:
                    c6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:64:D8:91:4C:EF:85:BF:87:B6:6E:A5:7D:95:97:C8:91:40:7B:78
            X509v3 Authority Key Identifier:
                keyid:87:8F:7B:72:40:C5:8A:D7:E9:EE:F5:05:74:F6:08:8E:9B:90:B0:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h497ckDFitfp7vUFdPYIjpuQsC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/6mTYkUzvhb-Htm6lfZWXyJFAe3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/fc159e-8d56-4c3a-ae42-0cbdd95a16dd/1/h497ckDFitfp7vUFdPYIjpuQsC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:a5:53:ff:be:b3:18:11:b9:45:fb:c7:34:3f:2b:fd:18:f6:
         2f:8d:08:ef:de:9c:a9:f3:33:c7:15:ba:02:14:83:ed:7a:2e:
         f1:7f:a5:fd:cb:f2:7e:9d:9d:73:d4:b5:bf:71:f9:7f:ca:d5:
         0c:ca:e8:2e:f0:36:65:9f:8a:86:9a:90:e1:dd:51:1d:a8:ca:
         5a:96:3e:7b:4b:a3:ab:11:14:ab:ba:b3:83:38:77:c0:41:6b:
         4a:3d:60:0b:51:64:16:84:85:8b:ec:c7:e9:5b:8b:8e:49:ee:
         0e:41:c0:c8:bf:47:69:a3:0c:ab:e3:b9:b5:be:34:4b:92:d9:
         6c:a5:34:da:eb:cb:fa:26:b8:dd:52:51:9a:90:0d:d4:47:ef:
         27:aa:e5:2f:62:24:71:49:04:e1:c4:e2:11:50:70:2d:55:8e:
         8e:cf:df:bc:d2:82:71:50:56:47:0e:8d:9d:07:ea:d3:be:67:
         a8:e0:23:da:24:f1:98:e3:c3:01:c9:65:f9:9c:e6:5f:cf:93:
         0f:34:4f:1d:19:7b:28:b0:c4:9d:05:29:71:72:9d:33:f7:f7:
         62:cf:7e:5a:91:4a:17:e6:c9:8a:8d:d4:14:b5:bb:01:c5:a6:
         a8:be:78:cf:c4:8e:d2:6c:61:22:c8:01:94:54:6b:e3:dd:43:
         3c:78:36:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Zv804mkyAzWRi9pwf4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OGY3YjcyNDBjNThhZDdlOWVlZjUwNTc0ZjYwODhlOWI5
MGIwMmQwHhcNMjUwMTAyMTE0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTY0ZDg5MTRjZWY4NWJmODdiNjZlYTU3ZDk1OTdjODkxNDA3Yjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtutbh1bKuxcJPokaYzzr5rATqvdZ
/n0tHQJ+6hsGWNXZxyfKyfTecaAuxV8XKpFrDGC/M2NzfPFgLu1g2vhL9pVDVXPM
qDZyqxoUAS24lISMMOPz5tdK6jnzSko3l6rTHUsLRMr2tqeeUNlLQKxWKfeHHKmF
Pb9o58ui7byP8BtNuVUkC+PoZ3AP/r+lJE2mdrMTa0sNG/NgjbPS30B4LJx3JLCO
qjR6CXOFYQ8/zWAH8YoPDn575DikbZULL6P96EzxvV5L+SHbgKvtnYnYUljGAFEw
M/fw5IOE5PYhANj8n9kkHI+0PjGvXdDEmmEU65H2mQO1tuslEveg4OzGRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpk2JFM74W/h7ZupX2Vl8iRQHt4MB8GA1UdIwQY
MBaAFIePe3JAxYrX6e71BXT2CI6bkLAtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDQ5N2NrREZpdGZwN3ZVRmRQWUlqcHVRc0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9mYzE1OWUtOGQ1Ni00YzNhLWFlNDIt
MGNiZGQ5NWExNmRkLzEvNm1UWWtVenZoYi1IdG02bGZaV1h5SkZBZTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9mYzE1OWUtOGQ1Ni00YzNhLWFlNDItMGNiZGQ5NWExNmRk
LzEvaDQ5N2NrREZpdGZwN3ZVRmRQWUlqcHVRc0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd6+MA0G
CSqGSIb3DQEBCwUAA4IBAQAspVP/vrMYEblF+8c0Pyv9GPYvjQjv3pyp8zPHFboC
FIPtei7xf6X9y/J+nZ1z1LW/cfl/ytUMyugu8DZln4qGmpDh3VEdqMpalj57S6Or
ERSrurODOHfAQWtKPWALUWQWhIWL7MfpW4uOSe4OQcDIv0dpowyr47m1vjRLktls
pTTa68v6JrjdUlGakA3UR+8nquUvYiRxSQThxOIRUHAtVY6Oz9+80oJxUFZHDo2d
B+rTvmeo4CPaJPGY48MByWX5nOZfz5MPNE8dGXsosMSdBSlxcp0z9/diz35akUoX
5smKjdQUtbsBxaaovnjPxI7SbGEiyAGUVGvj3UM8eDYe
-----END CERTIFICATE-----