Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/B1Iex8uRRf8aok8aKmx-BCttbhY.roa
File:                     B1Iex8uRRf8aok8aKmx-BCttbhY.roa (raw, json)
Hash identifier:          CY4dRMbgt1Iq8US/eF21ip9+rYukOasx0o91wxBlE/A=
Subject key identifier:   07:52:1E:C7:CB:91:45:FF:1A:A2:4F:1A:2A:6C:7E:04:2B:6D:6E:16
Certificate issuer:       /CN=06da1c6b1a65f7a3d97f9bd75e7cac3135246fa5
Certificate serial:       019425FC53439D6F7DF591AB82598A21ED0F
Authority key identifier: 06:DA:1C:6B:1A:65:F7:A3:D9:7F:9B:D7:5E:7C:AC:31:35:24:6F:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Btocaxpl96PZf5vXXnysMTUkb6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/B1Iex8uRRf8aok8aKmx-BCttbhY.roa
Signing time:             Thu 02 Jan 2025 07:48:00 +0000
ROA not before:           Thu 02 Jan 2025 07:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60545
IP address blocks:        176.10.105.0/24 maxlen: 24
                          185.195.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/Btocaxpl96PZf5vXXnysMTUkb6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/Btocaxpl96PZf5vXXnysMTUkb6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Btocaxpl96PZf5vXXnysMTUkb6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:53:43:9d:6f:7d:f5:91:ab:82:59:8a:21:ed:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06da1c6b1a65f7a3d97f9bd75e7cac3135246fa5
        Validity
            Not Before: Jan  2 07:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07521ec7cb9145ff1aa24f1a2a6c7e042b6d6e16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7c:cc:e3:ab:e1:83:6c:63:ed:8a:9d:a0:a2:
                    0b:a5:0d:66:c1:b2:38:dd:bc:8e:c3:dd:be:fa:35:
                    4b:b3:77:50:bd:c0:b6:bc:3a:1e:41:ab:fa:de:b6:
                    8f:08:e2:67:29:4b:9e:83:07:23:a7:a4:33:1c:94:
                    a1:04:75:c3:9a:12:f7:96:85:e6:94:c9:db:66:6e:
                    cf:b5:81:ac:da:46:82:14:4c:ea:03:86:6f:1b:a6:
                    1c:ee:83:38:ff:cb:73:6f:d9:da:8c:e7:55:90:9f:
                    4f:ad:be:cc:b1:92:5e:dc:d7:1e:d1:02:c8:48:a0:
                    99:69:f2:7d:5e:a9:6e:d9:27:4a:fe:e6:39:05:e5:
                    b9:20:94:60:90:1b:79:20:c9:0f:c2:86:ea:bb:02:
                    06:a6:9e:2c:3f:bb:28:ec:ed:6b:87:48:d5:77:28:
                    5a:c6:9e:6c:c9:a0:40:17:3d:47:83:66:2b:51:c2:
                    ec:68:fa:1b:9b:c7:b1:c8:6a:ae:1b:68:6a:69:c5:
                    4d:5a:41:10:11:ca:67:ac:2f:41:9e:2a:a0:11:41:
                    41:c7:ba:34:31:c1:d1:84:a1:ec:d1:97:33:1d:70:
                    23:62:f1:af:e3:3d:e7:b2:ac:5a:4c:18:d9:d0:bc:
                    36:f4:06:d7:f7:70:e9:89:8e:8d:00:8f:7f:7f:40:
                    67:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:52:1E:C7:CB:91:45:FF:1A:A2:4F:1A:2A:6C:7E:04:2B:6D:6E:16
            X509v3 Authority Key Identifier:
                keyid:06:DA:1C:6B:1A:65:F7:A3:D9:7F:9B:D7:5E:7C:AC:31:35:24:6F:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Btocaxpl96PZf5vXXnysMTUkb6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/B1Iex8uRRf8aok8aKmx-BCttbhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/Btocaxpl96PZf5vXXnysMTUkb6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.10.105.0/24
                  185.195.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:82:f5:55:d0:a9:42:79:87:19:9b:74:cf:f3:96:4e:ec:72:
         e2:90:65:2e:cc:c3:be:ac:a8:5c:6e:5a:95:c7:b9:fe:75:d7:
         f8:91:55:35:a2:04:2b:57:4d:bb:80:3e:72:f1:ef:e0:c1:b3:
         4d:10:7f:b1:f6:c6:17:9e:20:f4:87:e5:d9:78:6b:e2:b0:b2:
         ba:65:e0:a9:cd:44:ed:f2:ac:01:96:7e:d3:1a:e3:33:35:5c:
         8a:0f:a9:c0:60:35:4e:61:1d:9e:3f:ee:fe:11:0a:a8:22:ed:
         a2:ef:bb:27:47:82:17:b9:68:55:90:c1:40:fe:79:21:30:6b:
         66:36:e5:2d:48:fb:ab:24:14:7a:f6:d9:16:85:13:40:ff:0c:
         7d:13:af:2c:43:93:bf:67:4c:84:69:41:f6:d6:37:b5:1b:3c:
         97:37:46:d0:72:66:a2:24:f4:c4:f1:26:10:f4:91:33:da:1e:
         e8:64:07:eb:9a:28:29:95:72:aa:ec:f9:cb:39:f1:65:ca:e2:
         f1:3d:c3:d5:2e:8b:66:59:e5:d1:a5:fa:aa:a4:2b:8b:8a:87:
         f8:03:8f:3b:23:11:09:87:8c:fb:6a:0e:68:fc:ac:8c:51:08:
         23:a1:d0:26:03:cb:69:3f:2f:bf:d1:f2:65:f6:26:c3:08:24:
         95:2f:2f:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/FNDnW999ZGrglmKIe0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ZGExYzZiMWE2NWY3YTNkOTdmOWJkNzVlN2NhYzMxMzUy
NDZmYTUwHhcNMjUwMTAyMDc0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzUyMWVjN2NiOTE0NWZmMWFhMjRmMWEyYTZjN2UwNDJiNmQ2ZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnzM46vhg2xj7YqdoKILpQ1mwbI4
3byOw92++jVLs3dQvcC2vDoeQav63raPCOJnKUuegwcjp6QzHJShBHXDmhL3loXm
lMnbZm7PtYGs2kaCFEzqA4ZvG6Yc7oM4/8tzb9najOdVkJ9Prb7MsZJe3Nce0QLI
SKCZafJ9Xqlu2SdK/uY5BeW5IJRgkBt5IMkPwobquwIGpp4sP7so7O1rh0jVdyha
xp5syaBAFz1Hg2YrUcLsaPobm8exyGquG2hqacVNWkEQEcpnrC9BniqgEUFBx7o0
McHRhKHs0ZczHXAjYvGv4z3nsqxaTBjZ0Lw29AbX93DpiY6NAI9/f0Bn6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAdSHsfLkUX/GqJPGipsfgQrbW4WMB8GA1UdIwQY
MBaAFAbaHGsaZfej2X+b1158rDE1JG+lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnRvY2F4cGw5NlBaZjV2WFhueXNNVFVrYjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS82MmEzYjEtMTE3ZC00YjE3LTk2NjIt
NDVlYjczOGNiOWM4LzEvQjFJZXg4dVJSZjhhb2s4YUtteC1CQ3R0YmhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS82MmEzYjEtMTE3ZC00YjE3LTk2NjItNDVlYjczOGNiOWM4
LzEvQnRvY2F4cGw5NlBaZjV2WFhueXNNVFVrYjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsAppAwQA
ucNGMA0GCSqGSIb3DQEBCwUAA4IBAQCYgvVV0KlCeYcZm3TP85ZO7HLikGUuzMO+
rKhcblqVx7n+ddf4kVU1ogQrV027gD5y8e/gwbNNEH+x9sYXniD0h+XZeGvisLK6
ZeCpzUTt8qwBln7TGuMzNVyKD6nAYDVOYR2eP+7+EQqoIu2i77snR4IXuWhVkMFA
/nkhMGtmNuUtSPurJBR69tkWhRNA/wx9E68sQ5O/Z0yEaUH21je1GzyXN0bQcmai
JPTE8SYQ9JEz2h7oZAfrmigplXKq7PnLOfFlyuLxPcPVLotmWeXRpfqqpCuLiof4
A487IxEJh4z7ag5o/KyMUQgjodAmA8tpPy+/0fJl9ibDCCSVLy+d
-----END CERTIFICATE-----