Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/RqGHUWF00fhVZeF-dl8ZKiYmlxQ.roa
File:                     RqGHUWF00fhVZeF-dl8ZKiYmlxQ.roa (raw, json)
Hash identifier:          xtXihm79MoGY4uAJpdxZbQ/glvVQjH9b99Zaga793M8=
Subject key identifier:   46:A1:87:51:61:74:D1:F8:55:65:E1:7E:76:5F:19:2A:26:26:97:14
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       019427B5642BE209C442E8FEC66806C604EA
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/RqGHUWF00fhVZeF-dl8ZKiYmlxQ.roa
Signing time:             Thu 02 Jan 2025 15:49:46 +0000
ROA not before:           Thu 02 Jan 2025 15:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207459
IP address blocks:        212.64.193.0/24 maxlen: 24
                          212.64.223.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:64:2b:e2:09:c4:42:e8:fe:c6:68:06:c6:04:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Jan  2 15:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46a187516174d1f85565e17e765f192a26269714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3f:b9:88:38:bb:92:c1:33:5d:1d:e1:cc:93:
                    04:d4:8e:30:39:91:dc:6d:4d:3f:16:c1:5f:a6:71:
                    65:c3:a8:61:54:01:f0:08:bf:f3:68:fd:52:0b:70:
                    8f:57:48:17:60:38:fb:29:41:37:62:bb:ac:25:4d:
                    10:f2:38:2d:f2:c8:37:6a:a2:52:8a:a2:f7:d6:ef:
                    9f:81:aa:2c:be:19:22:2f:69:17:a1:3e:c2:dc:41:
                    e0:68:47:9d:5c:b1:82:a4:8b:f8:47:d9:a1:c5:75:
                    b6:30:ba:8e:27:01:05:ad:a4:5a:60:a3:24:b3:e7:
                    37:cc:fa:f2:e5:fb:6b:5e:9c:2d:02:21:10:0a:50:
                    e3:d7:b7:3a:4b:62:0d:48:6f:58:46:40:4e:34:9c:
                    63:3a:bb:a6:d4:86:f2:fe:40:34:45:06:e1:8f:f2:
                    a2:e7:0d:cf:dd:6f:17:3b:57:53:3d:cb:d7:d2:64:
                    52:a3:ff:1f:94:46:d5:5b:71:0f:e7:89:db:a7:0a:
                    02:17:08:5c:c6:50:92:d1:d3:cf:81:3d:4f:7e:db:
                    af:c5:ed:df:43:bb:70:14:c4:58:85:31:e0:ae:bb:
                    2f:5a:78:89:da:95:16:9a:35:e6:55:49:07:b6:ce:
                    e9:88:f9:58:52:b4:14:0e:94:f6:b9:7d:f5:5b:d7:
                    ab:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A1:87:51:61:74:D1:F8:55:65:E1:7E:76:5F:19:2A:26:26:97:14
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/RqGHUWF00fhVZeF-dl8ZKiYmlxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.193.0/24
                  212.64.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:51:86:32:81:78:8d:e0:13:6e:e4:07:4b:c3:3b:ae:4a:db:
         13:26:2e:58:8d:94:6a:2d:81:fb:2e:29:16:5a:78:5e:29:8e:
         b0:3f:4f:d3:80:11:80:82:4b:4d:3d:9a:30:7d:52:7e:2b:57:
         69:32:47:a3:10:bb:d9:6a:66:89:d5:92:dd:71:cc:02:6f:66:
         5e:b6:62:96:f7:4f:c3:14:94:7b:e0:b6:00:03:2d:7f:d0:64:
         da:91:0a:4c:bc:3e:43:5a:89:66:fa:a5:f4:47:36:64:cd:4e:
         53:a7:70:fd:a4:e0:1a:80:44:3a:b4:ed:08:31:62:3b:a7:13:
         8a:61:65:78:8d:e2:77:17:41:d6:05:47:26:4a:2d:23:b5:9a:
         57:88:f4:a6:a0:59:f0:ce:7b:c8:99:a6:1d:a5:9d:71:4e:61:
         dd:40:02:0b:6c:26:21:d3:64:5c:72:81:96:b8:0a:95:06:f9:
         60:47:a3:8e:c6:0c:9f:80:83:07:c0:b4:0f:f3:b5:20:64:da:
         d7:7e:65:5a:22:5d:fe:8a:af:20:bb:51:16:87:0d:3a:5b:ee:
         f9:54:d0:ca:ed:bb:79:83:a0:80:b6:e4:18:82:dd:19:d1:99:
         3e:7b:47:de:4a:a1:e6:00:96:7f:f7:c0:47:93:63:5a:a8:ce:
         fe:53:35:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntWQr4gnEQuj+xmgGxgTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjUwMTAyMTU0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmExODc1MTYxNzRkMWY4NTU2NWUxN2U3NjVmMTkyYTI2MjY5NzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlz+5iDi7ksEzXR3hzJME1I4wOZHc
bU0/FsFfpnFlw6hhVAHwCL/zaP1SC3CPV0gXYDj7KUE3YrusJU0Q8jgt8sg3aqJS
iqL31u+fgaosvhkiL2kXoT7C3EHgaEedXLGCpIv4R9mhxXW2MLqOJwEFraRaYKMk
s+c3zPry5ftrXpwtAiEQClDj17c6S2INSG9YRkBONJxjOrum1Iby/kA0RQbhj/Ki
5w3P3W8XO1dTPcvX0mRSo/8flEbVW3EP54nbpwoCFwhcxlCS0dPPgT1Pftuvxe3f
Q7twFMRYhTHgrrsvWniJ2pUWmjXmVUkHts7piPlYUrQUDpT2uX31W9erKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEahh1FhdNH4VWXhfnZfGSomJpcUMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvUnFHSFVXRjAwZmhWWmVGLWRsOFpLaVltbHhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1EDBAwQA
1EDfMA0GCSqGSIb3DQEBCwUAA4IBAQBEUYYygXiN4BNu5AdLwzuuStsTJi5YjZRq
LYH7LikWWnheKY6wP0/TgBGAgktNPZowfVJ+K1dpMkejELvZamaJ1ZLdccwCb2Ze
tmKW90/DFJR74LYAAy1/0GTakQpMvD5DWolm+qX0RzZkzU5Tp3D9pOAagEQ6tO0I
MWI7pxOKYWV4jeJ3F0HWBUcmSi0jtZpXiPSmoFnwznvImaYdpZ1xTmHdQAILbCYh
02RccoGWuAqVBvlgR6OOxgyfgIMHwLQP87UgZNrXfmVaIl3+iq8gu1EWhw06W+75
VNDK7bt5g6CAtuQYgt0Z0Zk+e0feSqHmAJZ/98BHk2NaqM7+UzVF
-----END CERTIFICATE-----