Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/6y1fUuUD8qUGYjAEz1eFaXKhOQU.roa
File:                     6y1fUuUD8qUGYjAEz1eFaXKhOQU.roa (raw, json)
Hash identifier:          k0HLKZQvuysSS9QC5rHoiO/zSTIxOZBp1dxMMgIJx6Y=
Subject key identifier:   EB:2D:5F:52:E5:03:F2:A5:06:62:30:04:CF:57:85:69:72:A1:39:05
Certificate issuer:       /CN=49bd4d28c52c2f12e46a1efbe113241be00ca58f
Certificate serial:       01956094CE750038401BBBA0C7DD68810D4C
Authority key identifier: 49:BD:4D:28:C5:2C:2F:12:E4:6A:1E:FB:E1:13:24:1B:E0:0C:A5:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sb1NKMUsLxLkah774RMkG-AMpY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/6y1fUuUD8qUGYjAEz1eFaXKhOQU.roa
Signing time:             Tue 04 Mar 2025 09:55:19 +0000
ROA not before:           Tue 04 Mar 2025 09:55:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20676
IP address blocks:        193.56.174.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/Sb1NKMUsLxLkah774RMkG-AMpY8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/Sb1NKMUsLxLkah774RMkG-AMpY8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sb1NKMUsLxLkah774RMkG-AMpY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:60:94:ce:75:00:38:40:1b:bb:a0:c7:dd:68:81:0d:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd4d28c52c2f12e46a1efbe113241be00ca58f
        Validity
            Not Before: Mar  4 09:55:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb2d5f52e503f2a506623004cf57856972a13905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ba:eb:8e:dd:44:f7:76:48:ba:d0:2b:c3:1a:
                    98:6e:24:73:5e:24:cb:b1:e8:41:ba:32:c8:1c:de:
                    d6:77:8c:26:e7:08:f4:c6:68:e4:d6:d6:6b:2c:e7:
                    53:d7:69:86:8f:08:b9:e4:31:94:6c:5d:4e:d9:f6:
                    31:64:01:b5:8c:9c:7b:7f:95:d7:39:e1:f2:8e:12:
                    e2:06:0b:13:e4:23:ab:e2:ca:0c:95:4a:87:ee:97:
                    12:ef:71:69:f9:2b:23:31:58:cb:7e:52:4e:1d:13:
                    50:48:a7:01:65:40:13:cb:07:d7:ce:ab:d7:12:6a:
                    78:40:82:07:9e:5b:b2:25:e6:4d:66:f5:51:a0:04:
                    e9:19:19:b4:de:27:78:86:33:ec:56:e7:e4:65:bc:
                    0a:aa:52:b8:c3:9a:ab:b0:c8:23:97:ff:98:9f:a7:
                    f2:92:04:31:05:0c:d5:b9:6d:93:16:b8:34:22:3f:
                    74:c5:6b:df:8d:fb:4f:74:f3:5d:d1:52:f6:7b:ab:
                    7b:92:38:ed:88:b9:86:e3:73:ed:d2:cb:9a:59:f1:
                    55:45:d4:c6:ef:83:67:aa:59:a2:eb:57:9e:8d:57:
                    0e:cf:fb:3d:56:0e:2b:d7:b7:34:0f:9f:96:8a:32:
                    ab:e0:0b:25:82:7f:26:26:01:54:c0:88:cc:25:6f:
                    b8:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:2D:5F:52:E5:03:F2:A5:06:62:30:04:CF:57:85:69:72:A1:39:05
            X509v3 Authority Key Identifier:
                keyid:49:BD:4D:28:C5:2C:2F:12:E4:6A:1E:FB:E1:13:24:1B:E0:0C:A5:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sb1NKMUsLxLkah774RMkG-AMpY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/6y1fUuUD8qUGYjAEz1eFaXKhOQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/Sb1NKMUsLxLkah774RMkG-AMpY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:65:d2:90:f9:78:08:bc:18:2d:3c:5e:85:a3:94:0a:cc:f6:
         7a:af:f8:40:d7:9f:82:c7:43:4b:42:76:b5:cc:52:8b:73:9d:
         40:e7:a7:1c:44:b7:8f:6f:83:6f:51:51:d5:6d:5d:0e:f6:f7:
         9d:9c:1a:c2:85:0b:64:01:f3:94:a2:54:81:e0:94:bf:fa:b9:
         37:b8:35:75:b6:a1:ca:d5:49:9c:5d:50:ff:28:8e:7d:58:0f:
         d8:ef:59:2a:ba:aa:36:5b:11:65:92:63:a0:c2:ec:83:2d:df:
         3a:4e:3f:e3:31:44:b5:5d:20:09:25:5a:c0:21:f2:6b:af:d1:
         d4:92:31:5b:5f:50:b4:67:7a:bf:78:df:50:cb:5d:31:83:db:
         5c:1a:71:5a:28:8e:cd:37:22:29:4e:d8:13:be:c3:b9:b4:58:
         65:5f:55:e4:b3:07:fa:61:c5:5f:f1:5e:e6:19:1b:84:cf:65:
         c3:a7:2b:8f:f2:ca:b8:ea:ff:1c:ad:cd:0a:6f:44:76:aa:0f:
         02:5c:d6:99:59:33:1a:65:48:68:7c:45:b2:13:c2:08:e9:0b:
         49:f5:d6:f3:d2:8c:95:56:75:b4:ba:8f:09:38:9d:79:9a:23:
         6b:79:7e:c2:94:8d:7b:33:86:65:e2:37:45:7d:39:87:37:17:
         51:86:e1:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVglM51ADhAG7ugx91ogQ1MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YmQ0ZDI4YzUyYzJmMTJlNDZhMWVmYmUxMTMyNDFiZTAw
Y2E1OGYwHhcNMjUwMzA0MDk1NTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjJkNWY1MmU1MDNmMmE1MDY2MjMwMDRjZjU3ODU2OTcyYTEzOTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrrrjt1E93ZIutArwxqYbiRzXiTL
sehBujLIHN7Wd4wm5wj0xmjk1tZrLOdT12mGjwi55DGUbF1O2fYxZAG1jJx7f5XX
OeHyjhLiBgsT5COr4soMlUqH7pcS73Fp+SsjMVjLflJOHRNQSKcBZUATywfXzqvX
Emp4QIIHnluyJeZNZvVRoATpGRm03id4hjPsVufkZbwKqlK4w5qrsMgjl/+Yn6fy
kgQxBQzVuW2TFrg0Ij90xWvfjftPdPNd0VL2e6t7kjjtiLmG43Pt0suaWfFVRdTG
74Nnqlmi61eejVcOz/s9Vg4r17c0D5+WijKr4Aslgn8mJgFUwIjMJW+42wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOstX1LlA/KlBmIwBM9XhWlyoTkFMB8GA1UdIwQY
MBaAFEm9TSjFLC8S5Goe++ETJBvgDKWPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2IxTktNVXNMeExrYWg3NzRSTWtHLUFNcFk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9iNWFmNDctOTQ1Mi00YzU1LWJjMmYt
NTc0NjAwN2NiMmEzLzEvNnkxZlV1VUQ4cVVHWWpBRXoxZUZhWEtoT1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9iNWFmNDctOTQ1Mi00YzU1LWJjMmYtNTc0NjAwN2NiMmEz
LzEvU2IxTktNVXNMeExrYWg3NzRSTWtHLUFNcFk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTiuMA0G
CSqGSIb3DQEBCwUAA4IBAQCUZdKQ+XgIvBgtPF6Fo5QKzPZ6r/hA15+Cx0NLQna1
zFKLc51A56ccRLePb4NvUVHVbV0O9vednBrChQtkAfOUolSB4JS/+rk3uDV1tqHK
1UmcXVD/KI59WA/Y71kquqo2WxFlkmOgwuyDLd86Tj/jMUS1XSAJJVrAIfJrr9HU
kjFbX1C0Z3q/eN9Qy10xg9tcGnFaKI7NNyIpTtgTvsO5tFhlX1Xkswf6YcVf8V7m
GRuEz2XDpyuP8sq46v8crc0Kb0R2qg8CXNaZWTMaZUhofEWyE8II6QtJ9dbz0oyV
VnW0uo8JOJ15miNreX7ClI17M4Zl4jdFfTmHNxdRhuFC
-----END CERTIFICATE-----