Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/6UpEJlRsXOn9vaGmBJWrZdfalwA.roa
File:                     6UpEJlRsXOn9vaGmBJWrZdfalwA.roa (raw, json)
Hash identifier:          HSwxSSz5lFpaFRsJuAqgaQ8EsTFkTI/T+FmwfdtjYaA=
Subject key identifier:   E9:4A:44:26:54:6C:5C:E9:FD:BD:A1:A6:04:95:AB:65:D7:DA:97:00
Certificate issuer:       /CN=91f5fcedbdb84dd52fc6770d7ccfd3fc6684fa41
Certificate serial:       019425221970D187D2BE533CF232C093ACE3
Authority key identifier: 91:F5:FC:ED:BD:B8:4D:D5:2F:C6:77:0D:7C:CF:D3:FC:66:84:FA:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/6UpEJlRsXOn9vaGmBJWrZdfalwA.roa
Signing time:             Thu 02 Jan 2025 03:49:39 +0000
ROA not before:           Thu 02 Jan 2025 03:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211908
IP address blocks:        45.82.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:19:70:d1:87:d2:be:53:3c:f2:32:c0:93:ac:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91f5fcedbdb84dd52fc6770d7ccfd3fc6684fa41
        Validity
            Not Before: Jan  2 03:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e94a4426546c5ce9fdbda1a60495ab65d7da9700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:bc:b4:01:cc:d7:ca:bf:4f:42:9a:69:67:17:
                    93:90:d9:fd:45:29:0d:10:e0:21:e4:ba:67:1b:8a:
                    87:52:1a:76:c0:c7:39:73:b3:eb:c8:82:bb:76:0d:
                    4c:1d:cd:c8:39:06:a2:4e:f2:0d:61:75:c7:15:02:
                    79:1b:d2:97:e1:b2:36:98:c4:d1:59:aa:df:68:00:
                    f9:fd:e2:43:4f:c9:a5:fc:bb:96:cb:9c:7a:73:77:
                    49:9f:cb:59:e0:f3:7c:71:d4:53:3e:c6:75:95:b2:
                    57:0b:0f:9f:b8:5b:26:27:b8:68:76:44:dd:10:b0:
                    a9:0a:00:52:a6:5e:3b:35:05:1f:36:21:65:42:cb:
                    ab:a5:69:7f:6b:27:38:e9:8a:72:08:9c:05:99:74:
                    27:c6:3f:a7:12:29:22:0c:76:d4:19:a4:f7:0e:cd:
                    b8:d0:8d:ef:df:9c:6d:fc:73:39:31:61:9a:de:95:
                    66:06:23:b3:2d:0d:33:fa:82:b8:40:be:20:23:52:
                    9b:0c:d4:c9:86:f9:d5:62:fa:28:8f:92:e9:5c:32:
                    02:bc:68:b7:1e:a8:d0:d9:9e:d7:7c:64:50:ea:c0:
                    95:a7:69:66:de:6a:04:bd:16:55:aa:b8:8c:ea:07:
                    38:d3:d2:2e:10:86:ac:c1:9f:51:b4:0d:bb:2a:9d:
                    80:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:4A:44:26:54:6C:5C:E9:FD:BD:A1:A6:04:95:AB:65:D7:DA:97:00
            X509v3 Authority Key Identifier:
                keyid:91:F5:FC:ED:BD:B8:4D:D5:2F:C6:77:0D:7C:CF:D3:FC:66:84:FA:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/6UpEJlRsXOn9vaGmBJWrZdfalwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:8d:59:e6:ad:ae:1c:3a:83:59:b3:ec:fc:00:84:98:a1:48:
         0d:ac:b0:a2:05:9e:d1:7e:64:8c:75:28:b1:61:7d:2d:ad:3d:
         11:08:ba:d3:cb:43:ae:0c:f0:b8:60:7c:fc:af:bb:f7:11:b1:
         4f:ba:ca:19:cf:10:f9:b9:d6:f2:99:79:81:f7:d8:01:ea:e8:
         01:79:2b:4b:f4:13:ad:83:40:4b:e3:5a:a5:9d:99:f7:bd:e5:
         4d:86:05:97:92:6b:af:dc:1a:5d:d8:16:d7:9f:42:e7:8d:9f:
         e2:33:d8:01:01:6b:bf:80:e5:b3:ab:1e:c9:bd:eb:8c:b6:ec:
         f0:61:7e:f0:20:82:cb:74:5c:74:99:4b:e3:f9:59:77:3c:67:
         41:d5:7e:d6:d6:74:c3:7b:ab:78:ab:ab:02:70:7a:8e:1c:96:
         7d:0e:31:4b:42:38:25:83:75:71:5c:70:1a:f0:6a:ea:ce:8f:
         99:ce:c9:c1:bc:d8:a4:fa:64:3f:9b:b0:0c:f2:ca:6c:4a:5e:
         b4:fa:5d:1c:62:e7:9a:2c:d4:5e:2b:05:a7:46:e7:95:73:d5:
         77:35:cc:a1:d8:06:49:63:ba:ea:6a:f5:fb:a9:04:9d:b7:d9:
         9c:05:4c:8a:e4:0a:8a:20:e4:44:bc:e1:d2:0e:9b:6d:13:51:
         28:8c:ec:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIhlw0YfSvlM88jLAk6zjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZjVmY2VkYmRiODRkZDUyZmM2NzcwZDdjY2ZkM2ZjNjY4
NGZhNDEwHhcNMjUwMTAyMDM0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTRhNDQyNjU0NmM1Y2U5ZmRiZGExYTYwNDk1YWI2NWQ3ZGE5NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ry0AczXyr9PQpppZxeTkNn9RSkN
EOAh5LpnG4qHUhp2wMc5c7PryIK7dg1MHc3IOQaiTvINYXXHFQJ5G9KX4bI2mMTR
WarfaAD5/eJDT8ml/LuWy5x6c3dJn8tZ4PN8cdRTPsZ1lbJXCw+fuFsmJ7hodkTd
ELCpCgBSpl47NQUfNiFlQsurpWl/ayc46YpyCJwFmXQnxj+nEikiDHbUGaT3Ds24
0I3v35xt/HM5MWGa3pVmBiOzLQ0z+oK4QL4gI1KbDNTJhvnVYvooj5LpXDICvGi3
HqjQ2Z7XfGRQ6sCVp2lm3moEvRZVqriM6gc409IuEIaswZ9RtA27Kp2A6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOlKRCZUbFzp/b2hpgSVq2XX2pcAMB8GA1UdIwQY
MBaAFJH1/O29uE3VL8Z3DXzP0/xmhPpBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2ZYODdiMjRUZFV2eG5jTmZNX1RfR2FFLWtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YTA5ODEtMGFkOC00OGE1LWJmZWMt
OGNjOTgzMzYxMWU2LzEvNlVwRUpsUnNYT245dmFHbUJKV3JaZGZhbHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YTA5ODEtMGFkOC00OGE1LWJmZWMtOGNjOTgzMzYxMWU2
LzEva2ZYODdiMjRUZFV2eG5jTmZNX1RfR2FFLWtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVI8MA0G
CSqGSIb3DQEBCwUAA4IBAQAWjVnmra4cOoNZs+z8AISYoUgNrLCiBZ7RfmSMdSix
YX0trT0RCLrTy0OuDPC4YHz8r7v3EbFPusoZzxD5udbymXmB99gB6ugBeStL9BOt
g0BL41qlnZn3veVNhgWXkmuv3Bpd2BbXn0LnjZ/iM9gBAWu/gOWzqx7JveuMtuzw
YX7wIILLdFx0mUvj+Vl3PGdB1X7W1nTDe6t4q6sCcHqOHJZ9DjFLQjglg3VxXHAa
8Grqzo+ZzsnBvNik+mQ/m7AM8spsSl60+l0cYueaLNReKwWnRueVc9V3Ncyh2AZJ
Y7rqavX7qQSdt9mcBUyK5AqKIOREvOHSDpttE1EojOxV
-----END CERTIFICATE-----