Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/T6FuvnVJtTiDQWsvxgr8orCk9Ec.roa
File:                     T6FuvnVJtTiDQWsvxgr8orCk9Ec.roa (raw, json)
Hash identifier:          nWxEhVbf38vpuJvcxfSEnZKoW7anxOD2vfrvVNM+o2U=
Subject key identifier:   4F:A1:6E:BE:75:49:B5:38:83:41:6B:2F:C6:0A:FC:A2:B0:A4:F4:47
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       0195F10CE8A980C2C5DD842AF4C1B1978FB2
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/T6FuvnVJtTiDQWsvxgr8orCk9Ec.roa
Signing time:             Tue 01 Apr 2025 11:11:49 +0000
ROA not before:           Tue 01 Apr 2025 11:11:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        217.147.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 12:37:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f1:0c:e8:a9:80:c2:c5:dd:84:2a:f4:c1:b1:97:8f:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Apr  1 11:11:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fa16ebe7549b53883416b2fc60afca2b0a4f447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bf:a5:7a:e4:92:9c:a4:ed:93:fe:27:66:f9:
                    c0:03:50:fb:68:79:4b:34:1d:0e:64:63:a8:5b:a0:
                    12:b2:3c:10:99:ae:1e:94:01:ef:89:ae:d8:ad:30:
                    f3:ad:5f:9f:1a:d5:f7:0d:18:e0:c6:34:89:81:e7:
                    c2:13:e5:32:ef:94:ea:ac:8b:3d:58:5e:e0:9a:cc:
                    a1:4e:68:23:26:1c:10:d9:a9:18:71:8a:df:e4:e4:
                    c7:c2:15:78:28:58:d2:f9:8b:97:8c:eb:75:fc:13:
                    3b:41:24:fe:dc:ca:80:a1:15:f4:da:06:98:b2:e5:
                    d9:b8:c7:ec:f1:ed:38:53:5c:a1:b6:2f:ce:7e:80:
                    64:f9:70:65:25:d0:63:98:a0:bf:2c:7e:95:86:ac:
                    86:f7:eb:85:cf:d4:70:af:33:7d:f5:95:11:0d:0f:
                    97:ed:41:de:f6:58:86:48:82:36:90:43:70:db:87:
                    50:1f:68:ba:84:96:b3:a9:10:b2:ad:52:15:62:6f:
                    6b:46:f5:d6:73:97:79:77:b5:30:b4:6a:ed:48:0e:
                    66:29:dc:bc:ba:00:5e:68:a9:f7:6c:d0:85:e0:f0:
                    76:ac:8d:7b:ab:7c:09:c7:3c:41:af:65:bf:94:72:
                    97:60:48:4b:f9:a3:53:f0:1c:fc:12:c5:45:ae:1f:
                    fc:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:A1:6E:BE:75:49:B5:38:83:41:6B:2F:C6:0A:FC:A2:B0:A4:F4:47
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/T6FuvnVJtTiDQWsvxgr8orCk9Ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:ac:7b:27:64:d7:2b:be:03:f2:de:94:65:44:70:b5:f4:e1:
         db:35:5d:8a:98:79:43:a0:24:14:e6:32:1d:1f:16:ea:4e:7d:
         45:64:5e:bf:9f:5b:ea:0f:20:a8:9e:18:8f:41:89:6d:8e:f9:
         d9:ca:87:9d:a6:4c:e6:72:de:42:b3:6c:fd:d0:da:87:09:8a:
         11:66:20:6b:22:b1:78:67:03:f7:bf:83:b5:da:39:3b:22:2f:
         c4:8a:27:70:1f:db:26:cc:5c:6e:5a:0f:cc:16:69:c8:fe:bd:
         de:f5:50:b6:58:30:0a:51:d6:7e:55:13:52:bd:7c:91:d6:fa:
         ed:f5:fd:fc:07:47:15:25:f4:a3:76:f7:65:a3:5b:f2:e1:89:
         7d:88:2e:41:5d:af:90:fa:61:6c:d7:60:ab:3e:7a:f6:92:f4:
         5f:a3:fc:06:33:30:79:66:b0:ab:28:11:2d:9c:a0:f8:bf:e2:
         ec:ba:b8:4c:ae:fd:7f:f6:c3:41:c6:31:f3:d8:1f:67:16:e9:
         23:b6:bd:f0:9d:cc:73:5e:0a:f7:59:1e:e2:b2:b6:a6:0f:79:
         b4:cd:dd:42:35:9b:02:c8:a3:06:23:06:dc:79:60:34:c3:84:
         66:00:42:5d:a5:c4:03:10:d3:44:5e:b5:82:e8:93:39:75:03:
         9a:6f:73:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXxDOipgMLF3YQq9MGxl4+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwNDAxMTExMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmExNmViZTc1NDliNTM4ODM0MTZiMmZjNjBhZmNhMmIwYTRmNDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr+leuSSnKTtk/4nZvnAA1D7aHlL
NB0OZGOoW6ASsjwQma4elAHvia7YrTDzrV+fGtX3DRjgxjSJgefCE+Uy75TqrIs9
WF7gmsyhTmgjJhwQ2akYcYrf5OTHwhV4KFjS+YuXjOt1/BM7QST+3MqAoRX02gaY
suXZuMfs8e04U1yhti/OfoBk+XBlJdBjmKC/LH6VhqyG9+uFz9RwrzN99ZURDQ+X
7UHe9liGSII2kENw24dQH2i6hJazqRCyrVIVYm9rRvXWc5d5d7UwtGrtSA5mKdy8
ugBeaKn3bNCF4PB2rI17q3wJxzxBr2W/lHKXYEhL+aNT8Bz8EsVFrh/85wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+hbr51SbU4g0FrL8YK/KKwpPRHMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvVDZGdXZuVkp0VGlEUVdzdnhncjhvckNrOUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZMNMA0G
CSqGSIb3DQEBCwUAA4IBAQB7rHsnZNcrvgPy3pRlRHC19OHbNV2KmHlDoCQU5jId
HxbqTn1FZF6/n1vqDyConhiPQYltjvnZyoedpkzmct5Cs2z90NqHCYoRZiBrIrF4
ZwP3v4O12jk7Ii/EiidwH9smzFxuWg/MFmnI/r3e9VC2WDAKUdZ+VRNSvXyR1vrt
9f38B0cVJfSjdvdlo1vy4Yl9iC5BXa+Q+mFs12CrPnr2kvRfo/wGMzB5ZrCrKBEt
nKD4v+LsurhMrv1/9sNBxjHz2B9nFukjtr3wncxzXgr3WR7isramD3m0zd1CNZsC
yKMGIwbceWA0w4RmAEJdpcQDENNEXrWC6JM5dQOab3NL
-----END CERTIFICATE-----