Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/065f76-0382-42a4-8607-77922b785fd2/1/C6VvOJhQ6LO3CnHxJ6KuDcvQH2c.roa
File:                     C6VvOJhQ6LO3CnHxJ6KuDcvQH2c.roa (raw, json)
Hash identifier:          SLDEqSk+tN+j+2o7yXrUPF3ZHKKAK2CSYSuFTkFJRpI=
Subject key identifier:   0B:A5:6F:38:98:50:E8:B3:B7:0A:71:F1:27:A2:AE:0D:CB:D0:1F:67
Certificate issuer:       /CN=d048afb72fc98326773c5ee1fb4052fe7d9f0c68
Certificate serial:       019421B1940095D79D27966A3673C89884F5
Authority key identifier: D0:48:AF:B7:2F:C9:83:26:77:3C:5E:E1:FB:40:52:FE:7D:9F:0C:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Eivty_JgyZ3PF7h-0BS_n2fDGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/065f76-0382-42a4-8607-77922b785fd2/1/C6VvOJhQ6LO3CnHxJ6KuDcvQH2c.roa
Signing time:             Wed 01 Jan 2025 11:47:53 +0000
ROA not before:           Wed 01 Jan 2025 11:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1136
IP address blocks:        194.104.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/065f76-0382-42a4-8607-77922b785fd2/1/0Eivty_JgyZ3PF7h-0BS_n2fDGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/065f76-0382-42a4-8607-77922b785fd2/1/0Eivty_JgyZ3PF7h-0BS_n2fDGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Eivty_JgyZ3PF7h-0BS_n2fDGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:94:00:95:d7:9d:27:96:6a:36:73:c8:98:84:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d048afb72fc98326773c5ee1fb4052fe7d9f0c68
        Validity
            Not Before: Jan  1 11:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ba56f389850e8b3b70a71f127a2ae0dcbd01f67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ae:6e:9c:bc:54:ec:78:5b:cd:b9:ca:ef:81:
                    3e:23:f7:cb:87:19:db:63:73:76:27:ac:25:50:10:
                    15:00:6a:77:67:d9:83:e9:53:96:2d:be:19:bd:30:
                    bc:eb:b7:06:d0:92:1e:12:0a:51:1c:cd:0e:5c:5b:
                    4d:34:fa:66:23:3a:6e:94:6d:55:0b:b1:bf:e1:75:
                    22:f7:17:1c:31:23:94:f6:36:9a:d6:3c:0c:ad:c1:
                    5e:2e:57:1e:ac:44:a3:0c:a3:d8:98:e0:f5:9a:ac:
                    e1:d8:ea:cd:7f:d3:a6:30:0b:6b:f0:b4:2b:36:85:
                    08:c0:b4:91:d6:35:4d:05:0c:45:40:24:ce:93:f7:
                    68:d7:53:54:16:a3:ef:f0:9c:ce:8e:5f:69:02:71:
                    72:c7:d9:98:d1:ae:0f:16:cc:fb:fb:72:5f:73:93:
                    43:22:b5:fa:80:1a:5a:e6:f6:d5:e2:08:c9:0d:52:
                    cb:ec:f8:87:0e:4a:f4:22:81:8c:cf:33:47:e9:23:
                    30:30:1f:a4:7d:e3:9d:c1:78:9b:9e:d9:eb:de:c2:
                    5e:9f:10:61:bf:8b:09:d5:76:34:7b:a4:07:be:8c:
                    99:2c:af:74:c8:b2:ec:d4:59:ae:3a:1d:8c:2e:ba:
                    ef:c0:35:55:1e:5a:ba:09:56:37:48:3a:e5:24:d0:
                    fe:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:A5:6F:38:98:50:E8:B3:B7:0A:71:F1:27:A2:AE:0D:CB:D0:1F:67
            X509v3 Authority Key Identifier:
                keyid:D0:48:AF:B7:2F:C9:83:26:77:3C:5E:E1:FB:40:52:FE:7D:9F:0C:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Eivty_JgyZ3PF7h-0BS_n2fDGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/065f76-0382-42a4-8607-77922b785fd2/1/C6VvOJhQ6LO3CnHxJ6KuDcvQH2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/065f76-0382-42a4-8607-77922b785fd2/1/0Eivty_JgyZ3PF7h-0BS_n2fDGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:e1:00:b5:fc:22:25:6d:54:89:d7:20:84:45:6c:2d:69:a2:
         cc:18:2b:43:65:e6:c1:1b:41:08:24:55:fc:dd:ea:0b:20:4c:
         c4:61:d2:15:6b:1c:0c:5b:36:5f:f4:d9:eb:9f:29:5b:19:32:
         4b:19:3d:8a:21:07:7e:06:a4:1c:ee:41:a1:00:ba:7d:4d:9e:
         f7:05:28:32:d7:27:1f:72:0b:59:b9:65:59:04:1c:5b:b7:fc:
         56:a1:11:24:e4:be:50:9e:27:cb:e7:79:8d:7a:81:cc:5e:b1:
         8d:41:a0:d8:c1:93:cc:d5:1b:3c:35:53:60:e5:d6:41:a4:b1:
         17:b1:94:d6:ad:3e:5a:53:23:4a:c7:08:ec:23:99:33:3d:07:
         82:f3:f8:75:2b:a0:1c:71:63:af:1c:0d:d6:a2:52:6c:27:07:
         b0:1c:25:2f:72:35:29:d9:b9:0a:be:30:67:3d:82:ae:ef:b1:
         5f:10:d1:58:4f:b5:10:09:35:1d:3e:02:64:f9:67:41:45:e3:
         65:3d:d2:d2:f5:d8:cd:32:7f:0e:ac:65:98:86:c4:c2:be:b6:
         52:46:e8:85:f8:40:32:a1:79:2a:10:5e:c3:3a:02:e2:d8:fd:
         25:3c:3f:65:e3:0c:d9:98:36:49:b3:99:90:27:a8:75:fd:98:
         39:28:13:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsZQAldedJ5ZqNnPImIT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDhhZmI3MmZjOTgzMjY3NzNjNWVlMWZiNDA1MmZlN2Q5
ZjBjNjgwHhcNMjUwMTAxMTE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmE1NmYzODk4NTBlOGIzYjcwYTcxZjEyN2EyYWUwZGNiZDAxZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsa5unLxU7HhbzbnK74E+I/fLhxnb
Y3N2J6wlUBAVAGp3Z9mD6VOWLb4ZvTC867cG0JIeEgpRHM0OXFtNNPpmIzpulG1V
C7G/4XUi9xccMSOU9jaa1jwMrcFeLlcerESjDKPYmOD1mqzh2OrNf9OmMAtr8LQr
NoUIwLSR1jVNBQxFQCTOk/do11NUFqPv8JzOjl9pAnFyx9mY0a4PFsz7+3Jfc5ND
IrX6gBpa5vbV4gjJDVLL7PiHDkr0IoGMzzNH6SMwMB+kfeOdwXibntnr3sJenxBh
v4sJ1XY0e6QHvoyZLK90yLLs1FmuOh2MLrrvwDVVHlq6CVY3SDrlJND+sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAulbziYUOiztwpx8Seirg3L0B9nMB8GA1UdIwQY
MBaAFNBIr7cvyYMmdzxe4ftAUv59nwxoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVpdnR5X0pneVozUEY3aC0wQlNfbjJmREdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8wNjVmNzYtMDM4Mi00MmE0LTg2MDct
Nzc5MjJiNzg1ZmQyLzEvQzZWdk9KaFE2TE8zQ25IeEo2S3VEY3ZRSDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8wNjVmNzYtMDM4Mi00MmE0LTg2MDctNzc5MjJiNzg1ZmQy
LzEvMEVpdnR5X0pneVozUEY3aC0wQlNfbjJmREdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmjCMA0G
CSqGSIb3DQEBCwUAA4IBAQBs4QC1/CIlbVSJ1yCERWwtaaLMGCtDZebBG0EIJFX8
3eoLIEzEYdIVaxwMWzZf9NnrnylbGTJLGT2KIQd+BqQc7kGhALp9TZ73BSgy1ycf
cgtZuWVZBBxbt/xWoREk5L5QnifL53mNeoHMXrGNQaDYwZPM1Rs8NVNg5dZBpLEX
sZTWrT5aUyNKxwjsI5kzPQeC8/h1K6AccWOvHA3WolJsJwewHCUvcjUp2bkKvjBn
PYKu77FfENFYT7UQCTUdPgJk+WdBReNlPdLS9djNMn8OrGWYhsTCvrZSRuiF+EAy
oXkqEF7DOgLi2P0lPD9l4wzZmDZJs5mQJ6h1/Zg5KBOm
-----END CERTIFICATE-----