Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/6zhmWGIe4Q-ZROn6ekXb0Zv33_A.roa
File:                     6zhmWGIe4Q-ZROn6ekXb0Zv33_A.roa (raw, json)
Hash identifier:          F27SVg7KmPKSSSpLfMg9+298fdBlmLMbNRr359aPHLc=
Subject key identifier:   EB:38:66:58:62:1E:E1:0F:99:44:E9:FA:7A:45:DB:D1:9B:F7:DF:F0
Certificate issuer:       /CN=3802c7987004ae78190e691e370de509ff59127b
Certificate serial:       019420D5B479025442C40C3F9B172EF6C63E
Authority key identifier: 38:02:C7:98:70:04:AE:78:19:0E:69:1E:37:0D:E5:09:FF:59:12:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OALHmHAErngZDmkeNw3lCf9ZEns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/6zhmWGIe4Q-ZROn6ekXb0Zv33_A.roa
Signing time:             Wed 01 Jan 2025 07:47:43 +0000
ROA not before:           Wed 01 Jan 2025 07:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31477
IP address blocks:        194.13.8.0/22 maxlen: 24
                          194.13.12.0/23 maxlen: 24
                          194.13.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/OALHmHAErngZDmkeNw3lCf9ZEns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/OALHmHAErngZDmkeNw3lCf9ZEns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OALHmHAErngZDmkeNw3lCf9ZEns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b4:79:02:54:42:c4:0c:3f:9b:17:2e:f6:c6:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3802c7987004ae78190e691e370de509ff59127b
        Validity
            Not Before: Jan  1 07:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb386658621ee10f9944e9fa7a45dbd19bf7dff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:24:98:33:92:8c:21:a3:26:7c:b3:02:fb:c1:
                    da:c7:f0:8b:b8:76:7e:f5:70:3f:58:52:f0:8d:df:
                    8b:3a:2f:7f:de:aa:27:d2:aa:de:3e:37:96:74:8e:
                    15:00:25:31:0f:87:71:e5:dd:38:09:a2:4e:b5:42:
                    48:61:9b:df:94:1d:ea:59:12:68:02:5f:bb:d6:62:
                    0d:b7:8a:56:b6:89:42:08:d5:30:c5:bf:ad:08:63:
                    d8:9e:07:bc:7b:ca:ac:c6:c5:9f:37:f0:7c:99:1c:
                    89:e3:a4:7c:25:cd:3a:c4:08:0b:2e:12:34:af:f2:
                    7c:36:f2:25:5f:14:5f:29:9d:6b:22:fa:1c:5b:88:
                    ef:97:e1:4f:ff:86:63:66:4a:91:03:58:63:64:fc:
                    88:a3:d5:fa:37:2c:5f:b3:43:31:4d:a4:23:e3:50:
                    70:c2:a4:35:d4:39:d1:b3:8d:fe:a7:65:8f:fa:fe:
                    6a:5d:7c:c2:15:25:f0:78:04:bf:26:c5:66:86:4f:
                    0b:37:ba:81:5f:12:68:6f:5e:53:02:e3:37:77:b5:
                    4d:cc:c6:78:e3:60:b4:94:19:66:e8:ad:61:2b:23:
                    a0:4f:fb:be:ac:29:e7:ad:d8:ed:5d:8a:b6:5c:3e:
                    6b:a3:2e:50:cd:dc:72:e9:e6:f4:bf:f0:93:ff:c4:
                    79:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:38:66:58:62:1E:E1:0F:99:44:E9:FA:7A:45:DB:D1:9B:F7:DF:F0
            X509v3 Authority Key Identifier:
                keyid:38:02:C7:98:70:04:AE:78:19:0E:69:1E:37:0D:E5:09:FF:59:12:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OALHmHAErngZDmkeNw3lCf9ZEns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/6zhmWGIe4Q-ZROn6ekXb0Zv33_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/OALHmHAErngZDmkeNw3lCf9ZEns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.8.0-194.13.14.255

    Signature Algorithm: sha256WithRSAEncryption
         76:9f:75:b6:c8:19:1b:1b:1b:5d:10:3f:32:90:55:02:3c:76:
         80:20:cb:8b:5b:3d:d0:3a:61:97:27:b1:7f:ab:8c:4a:9e:e7:
         8b:59:55:a1:15:92:67:c5:76:a7:4b:6b:2e:fb:47:6c:54:43:
         0e:47:dc:f7:fb:d2:73:50:9e:63:33:58:9d:cb:e8:79:2b:5e:
         34:f5:8b:50:db:69:e5:32:b9:e5:6c:c3:20:f9:ab:8c:c4:a9:
         d9:70:0e:9b:77:c0:cf:a2:ab:b9:59:35:99:73:7a:7d:c2:65:
         91:44:2d:92:25:71:91:ae:fb:81:af:98:f4:cd:ae:f2:d1:ff:
         f4:22:ba:c6:09:ac:cd:bb:b7:27:1d:62:df:47:7a:f1:bf:f1:
         9b:79:5e:47:43:03:3d:36:66:e1:0e:fd:8a:6d:8e:d4:e2:9b:
         db:0b:fb:21:2e:0c:de:53:e2:09:bf:9a:f0:cd:20:b0:32:00:
         6e:b8:0a:7f:99:a7:b0:af:52:da:c5:b3:30:40:87:24:c9:73:
         b3:4e:1c:66:37:2a:53:4c:5f:09:43:ab:25:81:85:e3:f4:a1:
         96:48:be:91:28:14:57:26:c5:43:88:bc:32:69:28:fe:83:ee:
         bb:5a:6d:9f:5d:ff:1e:2b:e1:27:3e:b0:be:0e:b3:80:ed:97:
         44:97:7a:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQg1bR5AlRCxAw/mxcu9sY+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MDJjNzk4NzAwNGFlNzgxOTBlNjkxZTM3MGRlNTA5ZmY1
OTEyN2IwHhcNMjUwMTAxMDc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjM4NjY1ODYyMWVlMTBmOTk0NGU5ZmE3YTQ1ZGJkMTliZjdkZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiSYM5KMIaMmfLMC+8Hax/CLuHZ+
9XA/WFLwjd+LOi9/3qon0qrePjeWdI4VACUxD4dx5d04CaJOtUJIYZvflB3qWRJo
Al+71mINt4pWtolCCNUwxb+tCGPYnge8e8qsxsWfN/B8mRyJ46R8Jc06xAgLLhI0
r/J8NvIlXxRfKZ1rIvocW4jvl+FP/4ZjZkqRA1hjZPyIo9X6Nyxfs0MxTaQj41Bw
wqQ11DnRs43+p2WP+v5qXXzCFSXweAS/JsVmhk8LN7qBXxJob15TAuM3d7VNzMZ4
42C0lBlm6K1hKyOgT/u+rCnnrdjtXYq2XD5roy5Qzdxy6eb0v/CT/8R55QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOs4ZlhiHuEPmUTp+npF29Gb99/wMB8GA1UdIwQY
MBaAFDgCx5hwBK54GQ5pHjcN5Qn/WRJ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0FMSG1IQUVybmdaRG1rZU53M2xDZjlaRW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9mZTVhYzEtMjhmZS00M2VjLTg3MDAt
YmYyNWNlMGY4MzkzLzEvNnpobVdHSWU0US1aUk9uNmVrWGIwWnYzM19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9mZTVhYzEtMjhmZS00M2VjLTg3MDAtYmYyNWNlMGY4Mzkz
LzEvT0FMSG1IQUVybmdaRG1rZU53M2xDZjlaRW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPCDQgD
BADCDQ4wDQYJKoZIhvcNAQELBQADggEBAHafdbbIGRsbG10QPzKQVQI8doAgy4tb
PdA6YZcnsX+rjEqe54tZVaEVkmfFdqdLay77R2xUQw5H3Pf70nNQnmMzWJ3L6Hkr
XjT1i1DbaeUyueVswyD5q4zEqdlwDpt3wM+iq7lZNZlzen3CZZFELZIlcZGu+4Gv
mPTNrvLR//QiusYJrM27tycdYt9HevG/8Zt5XkdDAz02ZuEO/YptjtTim9sL+yEu
DN5T4gm/mvDNILAyAG64Cn+Zp7CvUtrFszBAhyTJc7NOHGY3KlNMXwlDqyWBheP0
oZZIvpEoFFcmxUOIvDJpKP6D7rtabZ9d/x4r4Sc+sL4Os4Dtl0SXeo8=
-----END CERTIFICATE-----