Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/23322a-a356-469b-87a6-546e2f5d7d26/1/6IQHtBCS1JE9_VEW3BeNg7TDXiE.roa
File:                     6IQHtBCS1JE9_VEW3BeNg7TDXiE.roa (raw, json)
Hash identifier:          6uQ/4oFYw1xhoqw3/qkx1eHe1uT4WuqtHU7wwwKQl2Q=
Subject key identifier:   E8:84:07:B4:10:92:D4:91:3D:FD:51:16:DC:17:8D:83:B4:C3:5E:21
Certificate issuer:       /CN=ea60327c9e2a4e3e37d547b536143500d0a5dcb9
Certificate serial:       019425214E5B27D512473B23971832B7E98B
Authority key identifier: EA:60:32:7C:9E:2A:4E:3E:37:D5:47:B5:36:14:35:00:D0:A5:DC:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6mAyfJ4qTj431Ue1NhQ1ANCl3Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/23322a-a356-469b-87a6-546e2f5d7d26/1/6IQHtBCS1JE9_VEW3BeNg7TDXiE.roa
Signing time:             Thu 02 Jan 2025 03:48:47 +0000
ROA not before:           Thu 02 Jan 2025 03:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62166
IP address blocks:        185.65.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/23322a-a356-469b-87a6-546e2f5d7d26/1/6mAyfJ4qTj431Ue1NhQ1ANCl3Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/23322a-a356-469b-87a6-546e2f5d7d26/1/6mAyfJ4qTj431Ue1NhQ1ANCl3Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6mAyfJ4qTj431Ue1NhQ1ANCl3Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:4e:5b:27:d5:12:47:3b:23:97:18:32:b7:e9:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea60327c9e2a4e3e37d547b536143500d0a5dcb9
        Validity
            Not Before: Jan  2 03:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e88407b41092d4913dfd5116dc178d83b4c35e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:7b:37:0d:24:15:93:e1:82:5d:3e:f4:44:13:
                    e7:5e:31:47:6b:b8:10:8d:f1:18:40:10:92:9f:eb:
                    1e:b0:25:18:c5:30:b8:13:f9:c0:e7:67:d9:a8:ae:
                    c2:60:e3:4e:50:dc:be:2c:4a:11:7d:e9:0d:e2:36:
                    c5:f8:06:27:09:79:79:18:1f:7c:aa:85:10:06:8d:
                    70:61:67:eb:c5:cc:ee:55:40:28:c0:f9:13:90:78:
                    65:e9:31:64:26:2e:d0:99:9e:13:d5:0b:6f:85:96:
                    8b:4f:3f:90:bc:36:5a:b1:a0:0e:eb:de:b3:2a:37:
                    63:cb:be:24:70:d1:8a:71:35:2b:0b:a6:e1:7e:8d:
                    de:d2:d9:9f:06:15:e2:b2:5a:e6:07:9a:29:98:d7:
                    ae:e5:0e:61:9d:c9:94:5d:ad:fb:66:f1:95:56:84:
                    ff:47:72:ea:08:63:7d:76:bc:81:d8:9f:64:75:4c:
                    dc:23:bb:38:00:ba:55:f9:42:86:78:3f:41:ce:42:
                    13:ad:45:13:eb:fe:79:e3:25:d7:d0:34:a7:4d:6f:
                    0b:aa:db:c5:89:97:b6:79:57:61:2b:f4:46:84:7b:
                    04:a1:9a:08:78:d1:14:02:5a:c1:88:0c:42:1c:33:
                    b0:30:eb:0c:ea:ab:ee:90:dd:a3:c8:5e:33:0a:f5:
                    6a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:84:07:B4:10:92:D4:91:3D:FD:51:16:DC:17:8D:83:B4:C3:5E:21
            X509v3 Authority Key Identifier:
                keyid:EA:60:32:7C:9E:2A:4E:3E:37:D5:47:B5:36:14:35:00:D0:A5:DC:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6mAyfJ4qTj431Ue1NhQ1ANCl3Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/23322a-a356-469b-87a6-546e2f5d7d26/1/6IQHtBCS1JE9_VEW3BeNg7TDXiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/23322a-a356-469b-87a6-546e2f5d7d26/1/6mAyfJ4qTj431Ue1NhQ1ANCl3Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:84:05:64:25:ae:7c:90:91:96:97:4c:59:36:fc:c7:4c:97:
         20:5d:fb:0f:c3:b4:ea:e0:82:6b:3e:13:75:5f:83:f1:a6:31:
         34:dd:b0:26:ec:91:71:50:94:20:40:91:ac:76:4c:1a:ee:93:
         ec:2f:6e:b8:a9:f2:f2:20:06:ae:c7:7f:84:c5:f5:f1:23:cf:
         bb:d2:ea:b4:32:83:6e:4b:a1:ba:3c:b5:19:1f:16:a0:ce:c3:
         2c:92:4c:0f:fb:7d:95:bc:4d:50:1e:e2:05:38:6b:7e:17:54:
         59:14:4b:72:28:88:07:4d:aa:24:51:ce:a1:8b:b3:8e:bf:41:
         3b:18:34:80:df:d9:c5:f7:90:bf:e0:55:9b:ea:92:c7:6e:c2:
         ef:72:df:66:b6:fe:a8:27:5b:42:56:16:85:7d:06:b8:e3:57:
         4f:a7:2c:a0:36:91:42:ce:da:62:1b:b9:00:43:4d:16:27:41:
         5a:e1:c0:8c:f8:49:d9:dc:a5:55:99:5e:40:ca:40:22:97:09:
         b5:65:8d:9e:93:13:6f:b1:9f:59:98:e6:8f:4c:ad:e9:10:eb:
         00:d9:f4:6e:03:ba:59:03:31:2e:52:c7:1c:c7:e3:58:5f:81:
         d6:a0:51:ae:39:4c:51:79:97:d0:95:fe:fa:72:be:7d:f9:ec:
         73:b2:dd:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIU5bJ9USRzsjlxgyt+mLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNjAzMjdjOWUyYTRlM2UzN2Q1NDdiNTM2MTQzNTAwZDBh
NWRjYjkwHhcNMjUwMTAyMDM0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODg0MDdiNDEwOTJkNDkxM2RmZDUxMTZkYzE3OGQ4M2I0YzM1ZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Hs3DSQVk+GCXT70RBPnXjFHa7gQ
jfEYQBCSn+sesCUYxTC4E/nA52fZqK7CYONOUNy+LEoRfekN4jbF+AYnCXl5GB98
qoUQBo1wYWfrxczuVUAowPkTkHhl6TFkJi7QmZ4T1QtvhZaLTz+QvDZasaAO696z
Kjdjy74kcNGKcTUrC6bhfo3e0tmfBhXislrmB5opmNeu5Q5hncmUXa37ZvGVVoT/
R3LqCGN9dryB2J9kdUzcI7s4ALpV+UKGeD9BzkITrUUT6/554yXX0DSnTW8LqtvF
iZe2eVdhK/RGhHsEoZoIeNEUAlrBiAxCHDOwMOsM6qvukN2jyF4zCvVqWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiEB7QQktSRPf1RFtwXjYO0w14hMB8GA1UdIwQY
MBaAFOpgMnyeKk4+N9VHtTYUNQDQpdy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNm1BeWZKNHFUajQzMVVlMU5oUTFBTkNsM0xrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMzMyMmEtYTM1Ni00NjliLTg3YTYt
NTQ2ZTJmNWQ3ZDI2LzEvNklRSHRCQ1MxSkU5X1ZFVzNCZU5nN1REWGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMzMyMmEtYTM1Ni00NjliLTg3YTYtNTQ2ZTJmNWQ3ZDI2
LzEvNm1BeWZKNHFUajQzMVVlMU5oUTFBTkNsM0xrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUFqMA0G
CSqGSIb3DQEBCwUAA4IBAQB/hAVkJa58kJGWl0xZNvzHTJcgXfsPw7Tq4IJrPhN1
X4PxpjE03bAm7JFxUJQgQJGsdkwa7pPsL264qfLyIAaux3+ExfXxI8+70uq0MoNu
S6G6PLUZHxagzsMskkwP+32VvE1QHuIFOGt+F1RZFEtyKIgHTaokUc6hi7OOv0E7
GDSA39nF95C/4FWb6pLHbsLvct9mtv6oJ1tCVhaFfQa441dPpyygNpFCztpiG7kA
Q00WJ0Fa4cCM+EnZ3KVVmV5AykAilwm1ZY2ekxNvsZ9ZmOaPTK3pEOsA2fRuA7pZ
AzEuUsccx+NYX4HWoFGuOUxReZfQlf76cr59+exzst1G
-----END CERTIFICATE-----