Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/6x14Tr1KvbGHug5B88Kt5ILNIuQ.roa
File:                     6x14Tr1KvbGHug5B88Kt5ILNIuQ.roa (raw, json)
Hash identifier:          TGutJ2mIJk6NG98vs/RUqYq5wAmvywBgw3u1JfM1+58=
Subject key identifier:   EB:1D:78:4E:BD:4A:BD:B1:87:BA:0E:41:F3:C2:AD:E4:82:CD:22:E4
Certificate issuer:       /CN=b710cd4471a3f8cdcd844d3f366148940952b4e7
Certificate serial:       0194214403FB77085652ABA8C54A11C2601F
Authority key identifier: B7:10:CD:44:71:A3:F8:CD:CD:84:4D:3F:36:61:48:94:09:52:B4:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/txDNRHGj-M3NhE0_NmFIlAlStOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/6x14Tr1KvbGHug5B88Kt5ILNIuQ.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25540
IP address blocks:        185.130.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/txDNRHGj-M3NhE0_NmFIlAlStOc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/txDNRHGj-M3NhE0_NmFIlAlStOc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/txDNRHGj-M3NhE0_NmFIlAlStOc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:03:fb:77:08:56:52:ab:a8:c5:4a:11:c2:60:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b710cd4471a3f8cdcd844d3f366148940952b4e7
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb1d784ebd4abdb187ba0e41f3c2ade482cd22e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c3:e1:ba:e8:bd:34:c5:11:35:96:f2:ac:ae:
                    9b:bd:56:74:b4:cb:81:8d:42:fe:43:84:a1:6c:bb:
                    1b:96:b1:a0:a2:07:27:07:55:7f:a8:ea:3f:62:23:
                    61:32:11:f4:17:6b:6d:c8:c6:e9:db:d5:8e:6e:4d:
                    8f:13:b4:40:68:e7:0c:4d:dc:43:02:78:94:19:bf:
                    11:db:ce:e3:dd:b4:bc:0a:eb:5d:dc:3e:4e:22:de:
                    d2:9d:73:e1:ab:0b:47:c8:14:90:d3:1c:62:c5:ea:
                    fd:38:17:ce:72:e5:0c:29:59:ac:63:d5:eb:c4:b7:
                    89:ff:2c:1b:6e:5b:8c:fa:86:6d:ee:7f:4a:1d:e3:
                    d2:0b:67:ba:83:30:c4:38:8d:28:c1:4f:44:59:ed:
                    b5:2c:e0:c2:7d:69:57:be:6f:56:fa:e1:7c:8c:f4:
                    59:3e:e5:a9:bc:28:75:15:30:45:1f:00:8e:f9:7d:
                    67:63:2f:be:cf:d3:93:6e:35:19:19:bb:ca:df:29:
                    45:e8:11:67:52:c0:7e:a3:58:09:d5:c9:c4:7c:e6:
                    9d:3c:c4:8b:db:6d:9e:8b:8c:32:0f:b5:87:6b:28:
                    2b:df:d9:fb:b9:54:4d:79:94:04:4f:76:49:6d:75:
                    2f:e5:04:c0:c4:10:40:11:35:51:b8:12:4f:32:51:
                    5b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:1D:78:4E:BD:4A:BD:B1:87:BA:0E:41:F3:C2:AD:E4:82:CD:22:E4
            X509v3 Authority Key Identifier:
                keyid:B7:10:CD:44:71:A3:F8:CD:CD:84:4D:3F:36:61:48:94:09:52:B4:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txDNRHGj-M3NhE0_NmFIlAlStOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/6x14Tr1KvbGHug5B88Kt5ILNIuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/txDNRHGj-M3NhE0_NmFIlAlStOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:82:ca:79:d7:b7:79:72:23:ee:bb:4b:da:8a:59:fc:fd:73:
         4a:8f:ec:cd:c5:ff:1a:5e:bc:a6:e1:09:dc:e6:07:f0:28:d3:
         ca:0e:7d:77:da:69:d8:5e:c0:6b:b7:d8:ed:fc:f2:e2:09:20:
         58:6d:03:c3:e9:ea:fe:5c:0e:81:4f:73:4a:09:06:26:ea:cc:
         5a:95:2a:d1:61:8f:11:d5:02:e9:2e:be:9f:11:79:0c:c1:eb:
         56:d7:5a:3b:46:d9:20:dd:86:a3:d4:f8:64:df:6e:f7:86:85:
         a9:20:de:2c:5c:2a:26:19:c9:c4:5c:40:b0:67:f9:44:43:ab:
         95:9a:c0:da:b8:3e:05:3f:b8:19:8a:18:55:c8:1d:89:83:b3:
         18:1c:23:5c:e6:22:4e:5d:a0:b5:5c:0a:cf:60:e9:59:7a:ae:
         19:8a:5c:03:ec:dd:3a:7d:26:9c:95:42:ef:4e:64:dc:b7:9f:
         1e:a6:9e:d9:01:58:6f:6f:27:e6:4d:78:86:99:85:97:b0:3f:
         2e:7e:ff:ae:34:d9:cb:6b:fd:cc:43:4c:08:78:01:66:07:f9:
         a4:d2:95:e8:0a:44:89:dd:42:cb:e2:16:e7:a1:4e:db:80:39:
         89:95:24:b1:e4:32:31:cf:e7:6d:ca:70:da:7b:3b:40:75:4d:
         9d:32:92:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAP7dwhWUquoxUoRwmAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTBjZDQ0NzFhM2Y4Y2RjZDg0NGQzZjM2NjE0ODk0MDk1
MmI0ZTcwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjFkNzg0ZWJkNGFiZGIxODdiYTBlNDFmM2MyYWRlNDgyY2QyMmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMPhuui9NMURNZbyrK6bvVZ0tMuB
jUL+Q4ShbLsblrGgogcnB1V/qOo/YiNhMhH0F2ttyMbp29WObk2PE7RAaOcMTdxD
AniUGb8R287j3bS8Cutd3D5OIt7SnXPhqwtHyBSQ0xxixer9OBfOcuUMKVmsY9Xr
xLeJ/ywbbluM+oZt7n9KHePSC2e6gzDEOI0owU9EWe21LODCfWlXvm9W+uF8jPRZ
PuWpvCh1FTBFHwCO+X1nYy++z9OTbjUZGbvK3ylF6BFnUsB+o1gJ1cnEfOadPMSL
222ei4wyD7WHaygr39n7uVRNeZQET3ZJbXUv5QTAxBBAETVRuBJPMlFbHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsdeE69Sr2xh7oOQfPCreSCzSLkMB8GA1UdIwQY
MBaAFLcQzURxo/jNzYRNPzZhSJQJUrTnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhETlJIR2otTTNOaEUwX05tRklsQWxTdE9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81MjY4ZGQtNTZlZS00YjlhLTgwNTAt
MjMyZmJkYWY1YzFhLzEvNngxNFRyMUt2YkdIdWc1Qjg4S3Q1SUxOSXVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81MjY4ZGQtNTZlZS00YjlhLTgwNTAtMjMyZmJkYWY1YzFh
LzEvdHhETlJIR2otTTNOaEUwX05tRklsQWxTdE9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYJ0MA0G
CSqGSIb3DQEBCwUAA4IBAQBsgsp517d5ciPuu0vailn8/XNKj+zNxf8aXrym4Qnc
5gfwKNPKDn132mnYXsBrt9jt/PLiCSBYbQPD6er+XA6BT3NKCQYm6sxalSrRYY8R
1QLpLr6fEXkMwetW11o7Rtkg3Yaj1Phk3273hoWpIN4sXComGcnEXECwZ/lEQ6uV
msDauD4FP7gZihhVyB2Jg7MYHCNc5iJOXaC1XArPYOlZeq4ZilwD7N06fSaclULv
TmTct58epp7ZAVhvbyfmTXiGmYWXsD8ufv+uNNnLa/3MQ0wIeAFmB/mk0pXoCkSJ
3ULL4hbnoU7bgDmJlSSx5DIxz+dtynDaeztAdU2dMpJO
-----END CERTIFICATE-----