Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/yWx6-5ROTfngpbWofjIrovB2Q6E.roa
File:                     yWx6-5ROTfngpbWofjIrovB2Q6E.roa (raw, json)
Hash identifier:          v3rtNkszsHfCVuw51qTsQgDiQ2kYX2tvZDcMhV4gxJA=
Subject key identifier:   C9:6C:7A:FB:94:4E:4D:F9:E0:A5:B5:A8:7E:32:2B:A2:F0:76:43:A1
Certificate issuer:       /CN=7e5ac81bbccf852f22ac8ed52d2e92db31d8d606
Certificate serial:       0194221FCAC18170BF7D8228A2E863228637
Authority key identifier: 7E:5A:C8:1B:BC:CF:85:2F:22:AC:8E:D5:2D:2E:92:DB:31:D8:D6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flrIG7zPhS8irI7VLS6S2zHY1gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/yWx6-5ROTfngpbWofjIrovB2Q6E.roa
Signing time:             Wed 01 Jan 2025 13:48:16 +0000
ROA not before:           Wed 01 Jan 2025 13:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6848
IP address blocks:        193.149.240.0/22 maxlen: 22
                          193.149.244.0/23 maxlen: 23
                          193.149.246.0/24 maxlen: 24
                          193.149.247.0/24 maxlen: 24
                          193.149.248.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/flrIG7zPhS8irI7VLS6S2zHY1gY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/flrIG7zPhS8irI7VLS6S2zHY1gY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flrIG7zPhS8irI7VLS6S2zHY1gY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 00:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ca:c1:81:70:bf:7d:82:28:a2:e8:63:22:86:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e5ac81bbccf852f22ac8ed52d2e92db31d8d606
        Validity
            Not Before: Jan  1 13:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c96c7afb944e4df9e0a5b5a87e322ba2f07643a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a6:02:52:dc:e7:33:5a:e1:ec:56:45:0c:9d:
                    85:1a:90:dd:a9:7d:8d:7a:e1:e2:f9:09:42:a4:85:
                    63:0b:9b:18:89:89:11:52:10:38:6a:3d:0b:6f:fd:
                    23:e3:aa:cf:4b:37:0c:49:a5:40:d6:da:3b:f7:00:
                    60:de:37:11:a6:30:84:4a:9d:58:3d:a6:db:84:7d:
                    bb:e3:3b:c7:1d:44:2f:ab:d8:bb:15:0a:d2:c5:38:
                    7d:69:b5:f1:b9:af:dd:89:b9:78:df:d2:c9:66:96:
                    0c:1c:ef:8e:55:f3:89:11:8a:b8:c6:fe:5c:c8:d9:
                    c6:1b:66:75:ed:de:6e:1d:70:69:e7:86:8e:71:cc:
                    0b:f6:13:ac:89:be:d8:d0:e6:24:be:94:8a:97:71:
                    d7:68:a4:ec:00:8b:be:5a:82:ea:e8:7f:fd:6f:43:
                    e2:31:a9:30:64:d9:93:01:52:fe:69:de:d3:69:68:
                    cd:f7:3b:d6:b6:5f:53:85:ed:63:b2:26:53:b6:f9:
                    e3:41:c6:69:c1:ee:8b:c6:46:a0:0c:2e:2b:53:b1:
                    55:1b:be:f7:f0:32:93:fb:50:ad:0e:0c:c7:4e:2b:
                    70:8e:72:1e:da:47:0f:b2:8d:2a:39:c0:30:fe:86:
                    d4:ef:56:88:a8:ae:e6:34:e8:c2:d5:80:38:d5:fa:
                    49:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:6C:7A:FB:94:4E:4D:F9:E0:A5:B5:A8:7E:32:2B:A2:F0:76:43:A1
            X509v3 Authority Key Identifier:
                keyid:7E:5A:C8:1B:BC:CF:85:2F:22:AC:8E:D5:2D:2E:92:DB:31:D8:D6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flrIG7zPhS8irI7VLS6S2zHY1gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/yWx6-5ROTfngpbWofjIrovB2Q6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d13f84-16ce-4d51-a618-c2a5d9d70313/1/flrIG7zPhS8irI7VLS6S2zHY1gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.149.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         33:00:e5:af:63:c9:5a:7c:fa:87:73:1c:29:2f:57:e0:b7:fb:
         7e:8b:4c:a5:52:65:34:c2:0f:52:9f:16:da:4d:ab:9e:89:49:
         ee:10:15:7f:7c:62:99:79:06:8d:4d:2f:9f:e8:d6:06:ca:d0:
         6a:3b:b9:ce:d6:8d:89:73:3f:0f:48:5f:db:fd:5c:8f:3a:3a:
         d7:50:ea:fe:35:95:68:d4:af:d9:a0:e1:77:87:d0:a7:1c:ac:
         8a:3c:e3:cc:32:a7:df:4e:28:b2:a9:3f:0f:18:be:b0:c6:2b:
         e4:3c:b0:35:5f:4f:cd:49:e6:f4:7b:1a:d8:32:b0:9c:0b:9c:
         30:6f:ad:2e:09:27:ff:c6:58:d2:b9:86:ee:25:13:83:8f:6d:
         54:b5:72:23:1f:db:45:d8:dd:d9:9b:da:d4:94:3d:06:6e:c2:
         97:2c:29:66:db:51:4c:23:a7:1b:26:72:4a:f5:32:50:50:30:
         4c:e2:1b:03:22:8b:7b:6d:3a:65:76:fd:c0:24:58:c2:ec:ed:
         0d:3d:26:8b:9d:45:13:49:fc:4a:8f:79:f6:3f:c6:05:92:3e:
         59:67:93:c9:2d:09:60:0a:a3:70:89:48:dd:82:15:6d:0f:32:
         62:8b:2e:e0:27:78:34:76:e3:9e:59:3e:c1:5d:70:68:e2:81:
         a1:3d:84:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8rBgXC/fYIoouhjIoY3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNWFjODFiYmNjZjg1MmYyMmFjOGVkNTJkMmU5MmRiMzFk
OGQ2MDYwHhcNMjUwMTAxMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTZjN2FmYjk0NGU0ZGY5ZTBhNWI1YTg3ZTMyMmJhMmYwNzY0M2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qYCUtznM1rh7FZFDJ2FGpDdqX2N
euHi+QlCpIVjC5sYiYkRUhA4aj0Lb/0j46rPSzcMSaVA1to79wBg3jcRpjCESp1Y
PabbhH274zvHHUQvq9i7FQrSxTh9abXxua/dibl439LJZpYMHO+OVfOJEYq4xv5c
yNnGG2Z17d5uHXBp54aOccwL9hOsib7Y0OYkvpSKl3HXaKTsAIu+WoLq6H/9b0Pi
MakwZNmTAVL+ad7TaWjN9zvWtl9The1jsiZTtvnjQcZpwe6LxkagDC4rU7FVG773
8DKT+1CtDgzHTitwjnIe2kcPso0qOcAw/obU71aIqK7mNOjC1YA41fpJwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlsevuUTk354KW1qH4yK6LwdkOhMB8GA1UdIwQY
MBaAFH5ayBu8z4UvIqyO1S0uktsx2NYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmxySUc3elBoUzhpckk3VkxTNlMyekhZMWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9kMTNmODQtMTZjZS00ZDUxLWE2MTgt
YzJhNWQ5ZDcwMzEzLzEveVd4Ni01Uk9UZm5ncGJXb2ZqSXJvdkIyUTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9kMTNmODQtMTZjZS00ZDUxLWE2MTgtYzJhNWQ5ZDcwMzEz
LzEvZmxySUc3elBoUzhpckk3VkxTNlMyekhZMWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwZXwMA0G
CSqGSIb3DQEBCwUAA4IBAQAzAOWvY8lafPqHcxwpL1fgt/t+i0ylUmU0wg9Snxba
TaueiUnuEBV/fGKZeQaNTS+f6NYGytBqO7nO1o2Jcz8PSF/b/VyPOjrXUOr+NZVo
1K/ZoOF3h9CnHKyKPOPMMqffTiiyqT8PGL6wxivkPLA1X0/NSeb0exrYMrCcC5ww
b60uCSf/xljSuYbuJRODj21UtXIjH9tF2N3Zm9rUlD0GbsKXLClm21FMI6cbJnJK
9TJQUDBM4hsDIot7bTpldv3AJFjC7O0NPSaLnUUTSfxKj3n2P8YFkj5ZZ5PJLQlg
CqNwiUjdghVtDzJiiy7gJ3g0duOeWT7BXXBo4oGhPYQQ
-----END CERTIFICATE-----