Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/aqkEU7IcRzQWJ5qWUwsjWNUSZp0.roa
File:                     aqkEU7IcRzQWJ5qWUwsjWNUSZp0.roa (raw, json)
Hash identifier:          TCKvlLtQhO10CgVVaiB0RcBNewVowjSgnz0arSCMXr8=
Subject key identifier:   6A:A9:04:53:B2:1C:47:34:16:27:9A:96:53:0B:23:58:D5:12:66:9D
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       01934B3391F006BA98EB15BA4176579936A7
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/aqkEU7IcRzQWJ5qWUwsjWNUSZp0.roa
Signing time:             Wed 20 Nov 2024 20:11:31 +0000
ROA not before:           Wed 20 Nov 2024 20:11:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        86.110.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4b:33:91:f0:06:ba:98:eb:15:ba:41:76:57:99:36:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Nov 20 20:11:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6aa90453b21c473416279a96530b2358d512669d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b2:b5:8c:e7:bd:7b:68:f4:e6:a7:04:b9:2f:
                    ff:55:cf:e7:f2:6e:a9:92:6b:11:b2:3f:0a:e3:e3:
                    3f:c2:fd:4b:1a:71:9d:d4:e0:29:d3:27:0d:8c:15:
                    7e:81:e5:a7:04:e5:02:3b:2e:c2:10:5a:2b:93:06:
                    ab:4f:69:8b:53:e6:b5:52:83:07:8e:91:0b:c1:cf:
                    15:3d:0c:e9:83:e0:fd:3d:84:e7:b3:0e:f9:90:7f:
                    b5:51:92:ae:c8:f9:f2:e5:99:76:58:b7:5f:b3:4f:
                    9d:14:57:4d:26:fe:c1:29:98:a4:dc:14:be:51:66:
                    9f:18:81:a8:4c:61:1e:67:54:4d:6d:fa:8c:80:8c:
                    c2:e7:f3:8d:78:19:39:97:ad:15:b8:69:87:79:97:
                    01:a1:f7:50:cb:c4:05:70:08:d8:7a:54:1b:04:e2:
                    74:47:99:05:37:9b:62:5b:23:6e:c2:9e:01:2a:af:
                    3d:27:cb:fa:80:ae:c2:14:b6:23:8d:7c:1c:18:33:
                    a4:61:8e:a4:2c:98:59:75:eb:1d:0d:e1:18:78:7d:
                    c4:2e:50:87:4d:10:f9:f8:7d:3c:29:27:f0:1b:ca:
                    59:4f:8a:bd:7f:ab:86:81:d3:5c:ad:85:31:c4:e9:
                    dc:ec:b9:3f:c7:a8:b9:a0:b4:33:f8:2f:7e:3d:89:
                    81:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A9:04:53:B2:1C:47:34:16:27:9A:96:53:0B:23:58:D5:12:66:9D
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/aqkEU7IcRzQWJ5qWUwsjWNUSZp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:08:7b:95:bd:4a:60:82:f7:a7:e3:cb:84:4b:86:d0:08:0c:
         3a:2f:6d:a6:17:84:f4:a6:66:32:3b:52:ed:0b:0f:52:74:0a:
         69:2d:6c:8f:d8:ac:53:f7:63:17:06:ed:6b:a2:b9:76:ba:c1:
         ff:a6:35:32:ff:ce:87:bb:a1:d4:12:87:e2:ff:5d:55:43:05:
         d3:a2:22:5b:35:f5:39:ef:d7:a8:6c:75:43:c8:41:21:ee:7a:
         54:6e:32:74:84:2e:bf:40:99:10:5b:c9:01:bb:cd:d0:77:2b:
         51:cc:31:93:00:ca:9c:7d:ce:be:b5:2f:25:fd:89:e8:b3:35:
         ba:8e:cb:6c:72:90:8e:a5:de:e3:11:1e:96:f2:8b:a3:d1:bd:
         ce:f0:e8:29:30:99:8a:11:64:00:24:9b:db:45:13:09:76:53:
         b5:0d:3d:93:b8:20:59:21:25:f3:d5:90:51:0b:9a:a2:55:01:
         1c:14:f7:37:6a:a7:a4:02:71:d9:2c:d1:04:d0:3a:ae:3e:5e:
         98:b1:e5:53:f1:d2:ae:a4:fc:ff:e0:24:ba:fe:72:06:9c:2a:
         22:1d:a9:7a:0c:bb:34:f6:f7:3c:e0:28:9b:7d:9f:37:1f:c8:
         c5:46:5b:86:a8:79:31:db:76:e5:fa:44:d1:4e:ce:bc:82:6a:
         30:02:a3:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNLM5HwBrqY6xW6QXZXmTanMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjQxMTIwMjAxMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWE5MDQ1M2IyMWM0NzM0MTYyNzlhOTY1MzBiMjM1OGQ1MTI2NjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LK1jOe9e2j05qcEuS//Vc/n8m6p
kmsRsj8K4+M/wv1LGnGd1OAp0ycNjBV+geWnBOUCOy7CEForkwarT2mLU+a1UoMH
jpELwc8VPQzpg+D9PYTnsw75kH+1UZKuyPny5Zl2WLdfs0+dFFdNJv7BKZik3BS+
UWafGIGoTGEeZ1RNbfqMgIzC5/ONeBk5l60VuGmHeZcBofdQy8QFcAjYelQbBOJ0
R5kFN5tiWyNuwp4BKq89J8v6gK7CFLYjjXwcGDOkYY6kLJhZdesdDeEYeH3ELlCH
TRD5+H08KSfwG8pZT4q9f6uGgdNcrYUxxOnc7Lk/x6i5oLQz+C9+PYmB8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqpBFOyHEc0FieallMLI1jVEmadMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvYXFrRVU3SWNSelFXSjVxV1V3c2pXTlVTWnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm47MA0G
CSqGSIb3DQEBCwUAA4IBAQBWCHuVvUpggven48uES4bQCAw6L22mF4T0pmYyO1Lt
Cw9SdAppLWyP2KxT92MXBu1rorl2usH/pjUy/86Hu6HUEofi/11VQwXToiJbNfU5
79eobHVDyEEh7npUbjJ0hC6/QJkQW8kBu83QdytRzDGTAMqcfc6+tS8l/YnoszW6
jstscpCOpd7jER6W8ouj0b3O8OgpMJmKEWQAJJvbRRMJdlO1DT2TuCBZISXz1ZBR
C5qiVQEcFPc3aqekAnHZLNEE0DquPl6YseVT8dKupPz/4CS6/nIGnCoiHal6DLs0
9vc84CibfZ83H8jFRluGqHkx23bl+kTRTs68gmowAqNZ
-----END CERTIFICATE-----