Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/6DQF3ZL4kAW4Ge4dDeFA8ELbRk4.roa
File:                     6DQF3ZL4kAW4Ge4dDeFA8ELbRk4.roa (raw, json)
Hash identifier:          ssXmoCnd/xU0iJf35Sp92cQWH32huXK/+tqo7H25QIs=
Subject key identifier:   E8:34:05:DD:92:F8:90:05:B8:19:EE:1D:0D:E1:40:F0:42:DB:46:4E
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067E25E1C8FA4EFCFBB654C42BF109A
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/6DQF3ZL4kAW4Ge4dDeFA8ELbRk4.roa
Signing time:             Wed 01 Jan 2025 05:47:46 +0000
ROA not before:           Wed 01 Jan 2025 05:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215891
IP address blocks:        194.6.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e2:5e:1c:8f:a4:ef:cf:bb:65:4c:42:bf:10:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e83405dd92f89005b819ee1d0de140f042db464e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:71:4a:13:d9:c3:1d:09:18:ff:88:fe:08:5b:
                    e6:80:c2:03:47:33:7f:be:7f:2b:68:61:31:fe:48:
                    09:f9:87:43:28:bd:87:db:35:e9:4f:cd:18:37:c8:
                    29:e9:d4:65:22:4f:9d:78:27:d8:fe:12:af:ab:9f:
                    68:a7:aa:cb:c6:72:63:02:51:c8:da:6f:49:9d:41:
                    de:c2:a5:ba:57:23:33:b6:0d:16:35:c6:86:a4:ac:
                    cb:ba:80:bc:ab:3f:f6:41:8d:d6:3e:2c:a8:42:5f:
                    a5:2f:8b:7a:73:b0:19:f7:8c:25:58:9b:3c:fc:07:
                    7c:c7:02:69:fd:28:05:00:92:35:4e:20:0e:0d:1f:
                    c4:b3:27:09:98:e7:13:cc:7c:d8:6f:1e:f1:1b:d2:
                    f8:11:8f:de:6b:9c:a7:ef:8b:af:aa:58:8b:de:18:
                    a1:b4:81:b9:ff:dc:2c:28:0f:a8:6a:da:2b:83:fc:
                    61:c4:c7:da:e7:65:63:36:c2:3b:fb:30:41:b0:1b:
                    40:73:df:79:b1:ec:84:40:b6:02:6d:ec:cc:84:bf:
                    17:87:16:9b:ce:19:99:fe:b4:ba:18:57:7b:62:ec:
                    9c:0e:33:e6:cd:92:dc:4b:e6:82:b2:92:93:79:6f:
                    35:04:8a:62:eb:6d:e5:aa:44:56:12:3a:fe:63:79:
                    14:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:34:05:DD:92:F8:90:05:B8:19:EE:1D:0D:E1:40:F0:42:DB:46:4E
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/6DQF3ZL4kAW4Ge4dDeFA8ELbRk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:55:b7:5a:8e:f9:44:99:ae:df:12:ab:9c:db:bd:8b:80:59:
         f0:1e:d9:ba:8b:4b:8e:c3:42:f2:f7:28:2e:c5:91:9e:ab:7e:
         d9:36:7c:70:7f:a0:d0:0a:89:83:ad:d6:07:5e:96:ca:8d:e6:
         b2:53:61:2e:25:99:91:56:85:64:b9:ba:97:b7:a9:bf:ed:3d:
         ff:74:51:3e:30:e5:49:c7:9e:c7:db:fb:a2:a9:21:8a:9c:1e:
         17:d3:45:eb:bc:64:7d:3d:c3:c3:bf:07:34:d2:7e:0e:23:06:
         5b:f8:9c:af:25:8e:92:55:03:ea:d9:79:7d:0c:82:20:6b:92:
         b1:10:a5:8e:e2:77:b5:8f:34:55:8e:c9:16:f6:52:37:dc:fd:
         a4:91:48:ad:78:24:00:1c:2d:ae:5e:5f:35:8a:63:bb:bf:c9:
         ff:13:45:61:6f:93:0d:30:dd:b3:b1:aa:94:3e:4e:7a:fe:6f:
         62:23:17:58:2d:70:31:46:c9:a5:7e:f3:4d:de:cb:47:51:2f:
         88:4d:84:6f:ad:9d:48:41:a7:b8:5b:ba:e5:e3:ae:60:2c:35:
         03:77:c8:a4:c5:fd:18:57:1b:8e:3e:62:2d:5c:ae:63:35:a1:
         0e:03:a8:2e:27:92:39:60:40:2c:73:2d:08:43:00:f4:0b:05:
         df:25:e0:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+JeHI+k78+7ZUxCvxCaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODM0MDVkZDkyZjg5MDA1YjgxOWVlMWQwZGUxNDBmMDQyZGI0NjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHFKE9nDHQkY/4j+CFvmgMIDRzN/
vn8raGEx/kgJ+YdDKL2H2zXpT80YN8gp6dRlIk+deCfY/hKvq59op6rLxnJjAlHI
2m9JnUHewqW6VyMztg0WNcaGpKzLuoC8qz/2QY3WPiyoQl+lL4t6c7AZ94wlWJs8
/Ad8xwJp/SgFAJI1TiAODR/EsycJmOcTzHzYbx7xG9L4EY/ea5yn74uvqliL3hih
tIG5/9wsKA+oatorg/xhxMfa52VjNsI7+zBBsBtAc995seyEQLYCbezMhL8Xhxab
zhmZ/rS6GFd7YuycDjPmzZLcS+aCspKTeW81BIpi623lqkRWEjr+Y3kUOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOg0Bd2S+JAFuBnuHQ3hQPBC20ZOMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvNkRRRjNaTDRrQVc0R2U0ZERlRkE4RUxiUms0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgauMA0G
CSqGSIb3DQEBCwUAA4IBAQCTVbdajvlEma7fEquc272LgFnwHtm6i0uOw0Ly9ygu
xZGeq37ZNnxwf6DQComDrdYHXpbKjeayU2EuJZmRVoVkubqXt6m/7T3/dFE+MOVJ
x57H2/uiqSGKnB4X00XrvGR9PcPDvwc00n4OIwZb+JyvJY6SVQPq2Xl9DIIga5Kx
EKWO4ne1jzRVjskW9lI33P2kkUiteCQAHC2uXl81imO7v8n/E0Vhb5MNMN2zsaqU
Pk56/m9iIxdYLXAxRsmlfvNN3stHUS+ITYRvrZ1IQae4W7rl465gLDUDd8ikxf0Y
VxuOPmItXK5jNaEOA6guJ5I5YEAscy0IQwD0CwXfJeBu
-----END CERTIFICATE-----