Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d3de43-aa3c-4692-a924-d98f5d076298/1/6IiGbtawfoiQxqo4qA78f9bxvRI.roa
File:                     6IiGbtawfoiQxqo4qA78f9bxvRI.roa (raw, json)
Hash identifier:          DrAR4o5sI8QUSjE7+o4KN2antHg+KFLwwl7uXYw30VE=
Subject key identifier:   E8:88:86:6E:D6:B0:7E:88:90:C6:AA:38:A8:0E:FC:7F:D6:F1:BD:12
Certificate issuer:       /CN=eae0c2c0dee6f9ed65e051eaa9097d02cf5bf5f2
Certificate serial:       0195FFC1C9D44C9479E412BFE2E1DDF82D51
Authority key identifier: EA:E0:C2:C0:DE:E6:F9:ED:65:E0:51:EA:A9:09:7D:02:CF:5B:F5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6uDCwN7m-e1l4FHqqQl9As9b9fI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d3de43-aa3c-4692-a924-d98f5d076298/1/6IiGbtawfoiQxqo4qA78f9bxvRI.roa
Signing time:             Fri 04 Apr 2025 07:44:05 +0000
ROA not before:           Fri 04 Apr 2025 07:44:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210784
IP address blocks:        119.235.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d3de43-aa3c-4692-a924-d98f5d076298/1/6uDCwN7m-e1l4FHqqQl9As9b9fI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d3de43-aa3c-4692-a924-d98f5d076298/1/6uDCwN7m-e1l4FHqqQl9As9b9fI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6uDCwN7m-e1l4FHqqQl9As9b9fI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 07:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ff:c1:c9:d4:4c:94:79:e4:12:bf:e2:e1:dd:f8:2d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eae0c2c0dee6f9ed65e051eaa9097d02cf5bf5f2
        Validity
            Not Before: Apr  4 07:44:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e888866ed6b07e8890c6aa38a80efc7fd6f1bd12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:44:c9:ee:46:ba:d9:40:ce:3c:b7:13:34:12:
                    5a:5e:20:63:74:ec:50:b5:93:5d:e9:db:0f:49:5d:
                    79:f3:18:7c:c6:58:bb:5d:39:76:f7:05:64:14:2e:
                    ee:69:4a:a4:fa:4d:15:1b:74:da:e9:20:98:bd:29:
                    26:a6:d8:01:8b:fe:6e:f3:1e:88:6f:5e:e4:4e:9b:
                    37:58:81:c4:96:53:4e:09:02:c0:c0:e9:b5:1f:ee:
                    86:3d:dd:9c:5f:11:a0:11:de:2d:cf:ed:fa:3c:e3:
                    67:f5:62:b7:84:80:5d:d5:3b:6e:f6:4a:9c:6a:fd:
                    7c:18:28:fc:1d:21:97:a7:50:85:fd:95:04:84:5c:
                    b0:50:11:01:46:7c:b4:91:cb:3e:5d:60:ec:36:47:
                    a6:6e:12:75:22:32:2f:d7:26:e7:92:5d:92:d7:31:
                    07:ef:8b:86:f4:c7:7b:4d:a5:9a:03:1d:a5:a3:a5:
                    0f:22:a7:a1:bd:e6:6d:7c:bd:cc:79:b4:90:65:59:
                    82:44:31:fc:e8:72:d4:3c:83:18:b3:d7:b1:80:ca:
                    49:b4:f7:7e:39:6f:30:2b:60:e8:24:c1:94:9c:14:
                    11:21:c4:8e:b0:74:f5:7b:9b:68:48:ec:17:fa:4b:
                    1f:b0:3f:a4:50:fe:2c:86:3a:86:6a:4b:47:a6:9a:
                    ff:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:88:86:6E:D6:B0:7E:88:90:C6:AA:38:A8:0E:FC:7F:D6:F1:BD:12
            X509v3 Authority Key Identifier:
                keyid:EA:E0:C2:C0:DE:E6:F9:ED:65:E0:51:EA:A9:09:7D:02:CF:5B:F5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6uDCwN7m-e1l4FHqqQl9As9b9fI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d3de43-aa3c-4692-a924-d98f5d076298/1/6IiGbtawfoiQxqo4qA78f9bxvRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d3de43-aa3c-4692-a924-d98f5d076298/1/6uDCwN7m-e1l4FHqqQl9As9b9fI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.235.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:af:37:a1:e0:0c:34:ea:71:7e:d3:3a:ca:e2:ff:e3:8d:c8:
         6f:c5:67:41:01:67:85:a3:1a:b2:13:3e:6b:ef:a4:83:cb:ae:
         17:81:5a:5d:d6:2a:85:69:aa:9a:d4:ea:69:9e:5d:07:4d:ce:
         51:a3:c6:30:0d:1c:e8:5f:51:5a:64:01:a5:7e:13:93:ad:0c:
         cd:03:34:1a:63:b0:37:4b:ac:b5:d6:61:93:6a:44:bb:61:fc:
         f7:c9:54:8c:04:52:03:a2:6d:d3:1e:4b:b1:f6:a1:20:fd:48:
         12:1d:86:53:32:27:39:61:0a:77:11:a1:bb:6d:ba:49:4e:23:
         53:03:2d:e3:ad:50:c7:39:dd:1a:0b:79:5f:e6:d6:cb:ef:1e:
         97:8a:75:b2:12:60:22:9f:77:dd:68:07:e8:e7:f3:b6:1a:d4:
         af:29:ff:33:c5:e9:2f:55:60:60:cb:4f:04:90:73:2f:65:d7:
         b4:16:87:33:ae:c8:db:b9:b0:44:27:9f:f7:c5:2b:db:ac:6c:
         7f:26:28:0e:7a:62:e2:d3:ba:14:ab:21:94:52:d1:1b:dc:7a:
         3f:0d:a8:a6:19:ca:b9:5f:1b:0b:81:f2:b5:db:25:2e:04:f9:
         6f:e7:47:e6:4f:63:85:90:d8:57:93:0b:50:d4:38:e3:62:c7:
         b8:bf:59:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX/wcnUTJR55BK/4uHd+C1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZTBjMmMwZGVlNmY5ZWQ2NWUwNTFlYWE5MDk3ZDAyY2Y1
YmY1ZjIwHhcNMjUwNDA0MDc0NDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODg4ODY2ZWQ2YjA3ZTg4OTBjNmFhMzhhODBlZmM3ZmQ2ZjFiZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUTJ7ka62UDOPLcTNBJaXiBjdOxQ
tZNd6dsPSV158xh8xli7XTl29wVkFC7uaUqk+k0VG3Ta6SCYvSkmptgBi/5u8x6I
b17kTps3WIHEllNOCQLAwOm1H+6GPd2cXxGgEd4tz+36PONn9WK3hIBd1Ttu9kqc
av18GCj8HSGXp1CF/ZUEhFywUBEBRny0kcs+XWDsNkembhJ1IjIv1ybnkl2S1zEH
74uG9Md7TaWaAx2lo6UPIqehveZtfL3MebSQZVmCRDH86HLUPIMYs9exgMpJtPd+
OW8wK2DoJMGUnBQRIcSOsHT1e5toSOwX+ksfsD+kUP4shjqGaktHppr/IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiIhm7WsH6IkMaqOKgO/H/W8b0SMB8GA1UdIwQY
MBaAFOrgwsDe5vntZeBR6qkJfQLPW/XyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnVEQ3dON20tZTFsNEZIcXFRbDlBczliOWZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kM2RlNDMtYWEzYy00NjkyLWE5MjQt
ZDk4ZjVkMDc2Mjk4LzEvNklpR2J0YXdmb2lReHFvNHFBNzhmOWJ4dlJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kM2RlNDMtYWEzYy00NjkyLWE5MjQtZDk4ZjVkMDc2Mjk4
LzEvNnVEQ3dON20tZTFsNEZIcXFRbDlBczliOWZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAd+sNMA0G
CSqGSIb3DQEBCwUAA4IBAQBorzeh4Aw06nF+0zrK4v/jjchvxWdBAWeFoxqyEz5r
76SDy64XgVpd1iqFaaqa1Oppnl0HTc5Ro8YwDRzoX1FaZAGlfhOTrQzNAzQaY7A3
S6y11mGTakS7Yfz3yVSMBFIDom3THkux9qEg/UgSHYZTMic5YQp3EaG7bbpJTiNT
Ay3jrVDHOd0aC3lf5tbL7x6XinWyEmAin3fdaAfo5/O2GtSvKf8zxekvVWBgy08E
kHMvZde0FoczrsjbubBEJ5/3xSvbrGx/JigOemLi07oUqyGUUtEb3Ho/DaimGcq5
XxsLgfK12yUuBPlv50fmT2OFkNhXkwtQ1DjjYse4v1n/
-----END CERTIFICATE-----