Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d572c3-350f-479b-a7b3-153e9182af41/1/6k2hBM4XUhd6DA-vs8SUHNOo6k4.roa
File:                     6k2hBM4XUhd6DA-vs8SUHNOo6k4.roa (raw, json)
Hash identifier:          j24u1fw+wKi+GN73WExbNJpjYxAE0mjUB2p9siHDzsY=
Subject key identifier:   EA:4D:A1:04:CE:17:52:17:7A:0C:0F:AF:B3:C4:94:1C:D3:A8:EA:4E
Certificate issuer:       /CN=553ca7b2e6c1e17f5f3edbe375e19ece39533910
Certificate serial:       0194274883C4FC3F0E2E152B872E3D8AD9EA
Authority key identifier: 55:3C:A7:B2:E6:C1:E1:7F:5F:3E:DB:E3:75:E1:9E:CE:39:53:39:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VTynsubB4X9fPtvjdeGezjlTORA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d572c3-350f-479b-a7b3-153e9182af41/1/6k2hBM4XUhd6DA-vs8SUHNOo6k4.roa
Signing time:             Thu 02 Jan 2025 13:50:51 +0000
ROA not before:           Thu 02 Jan 2025 13:50:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        194.110.130.0/24 maxlen: 24
                          194.110.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d572c3-350f-479b-a7b3-153e9182af41/1/VTynsubB4X9fPtvjdeGezjlTORA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d572c3-350f-479b-a7b3-153e9182af41/1/VTynsubB4X9fPtvjdeGezjlTORA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VTynsubB4X9fPtvjdeGezjlTORA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:83:c4:fc:3f:0e:2e:15:2b:87:2e:3d:8a:d9:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=553ca7b2e6c1e17f5f3edbe375e19ece39533910
        Validity
            Not Before: Jan  2 13:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea4da104ce1752177a0c0fafb3c4941cd3a8ea4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7c:32:61:4a:23:f8:d8:1d:9d:9a:e0:d7:4a:
                    a9:91:95:c6:ab:c5:ac:a5:13:ae:81:3e:20:eb:1a:
                    64:11:9d:e3:bd:0b:de:3a:7b:8c:3a:3f:74:5b:d1:
                    af:6c:64:84:00:07:33:0a:5f:d1:c6:c7:72:f2:92:
                    e8:c7:ab:bf:a8:26:1c:3c:b0:b3:34:b7:4c:c7:1e:
                    e6:c0:ea:0d:66:8a:38:ad:2b:b0:eb:f6:8d:26:80:
                    ea:57:7d:c3:fb:c0:da:91:f6:d4:59:39:75:bf:b1:
                    46:bd:91:04:e8:f8:7a:5a:1b:55:87:7f:b9:45:ba:
                    7b:93:19:2f:cd:3c:18:58:e1:8b:15:fb:07:ba:c7:
                    50:0b:de:57:43:87:ac:02:2e:4c:62:5d:de:36:01:
                    9f:12:fe:d6:30:70:f7:64:9f:f6:51:ba:a9:47:8c:
                    0d:10:d2:34:c6:94:2f:cf:2a:b0:d2:67:97:dd:61:
                    3d:90:0c:8f:9c:8e:44:ee:86:5d:d2:00:82:43:b0:
                    77:cc:bc:87:dc:c5:f0:69:a4:88:cb:d6:89:76:ac:
                    ca:32:e6:a3:cb:41:1a:9d:e1:95:91:19:24:d2:f0:
                    7c:fa:e1:32:dd:57:f8:2d:46:49:ef:4e:80:7d:09:
                    ef:c6:6e:15:64:e8:da:6c:43:ed:d4:81:31:5a:53:
                    fd:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:4D:A1:04:CE:17:52:17:7A:0C:0F:AF:B3:C4:94:1C:D3:A8:EA:4E
            X509v3 Authority Key Identifier:
                keyid:55:3C:A7:B2:E6:C1:E1:7F:5F:3E:DB:E3:75:E1:9E:CE:39:53:39:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VTynsubB4X9fPtvjdeGezjlTORA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d572c3-350f-479b-a7b3-153e9182af41/1/6k2hBM4XUhd6DA-vs8SUHNOo6k4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d572c3-350f-479b-a7b3-153e9182af41/1/VTynsubB4X9fPtvjdeGezjlTORA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:60:3b:ec:32:88:33:6a:5e:e2:1a:c1:f6:c1:ba:0f:b7:24:
         b8:f3:45:ad:16:46:18:25:ba:dd:a4:a8:63:a4:98:bc:47:d5:
         84:8e:c1:b0:51:a0:1f:eb:7e:16:36:d8:12:8a:08:22:d9:cf:
         24:12:11:23:b0:cc:6f:ff:eb:8a:88:d4:a5:98:13:1d:d0:2e:
         21:09:2c:19:f0:09:31:29:87:3d:18:7d:61:bb:bc:5d:1f:48:
         83:a8:11:70:80:af:10:fb:cf:59:1c:93:02:d9:20:d1:dc:55:
         78:60:f7:e7:52:9e:15:16:75:c1:c0:0e:05:a6:4a:a7:9e:af:
         58:38:54:2f:2d:c0:12:7a:6a:3a:e9:0b:94:90:aa:e7:c8:35:
         13:88:78:02:d8:59:73:71:a0:0a:37:0b:cf:20:4c:8c:05:8f:
         fd:a3:fc:68:18:85:b6:54:66:be:06:7b:58:d0:64:71:f7:47:
         d8:38:7c:6c:6d:73:99:3c:b7:92:1a:12:67:8e:51:2c:24:3a:
         a7:b6:8a:22:df:88:fa:7f:4e:ef:3c:a4:04:18:74:82:cd:ec:
         4c:9e:5c:1b:a1:26:bc:28:44:e2:54:a8:18:07:80:47:8a:32:
         be:b3:a9:17:a5:3b:99:40:96:93:4b:2b:72:fc:7a:6b:5d:a2:
         0e:16:4c:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSIPE/D8OLhUrhy49itnqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1M2NhN2IyZTZjMWUxN2Y1ZjNlZGJlMzc1ZTE5ZWNlMzk1
MzM5MTAwHhcNMjUwMTAyMTM1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTRkYTEwNGNlMTc1MjE3N2EwYzBmYWZiM2M0OTQxY2QzYThlYTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHwyYUoj+NgdnZrg10qpkZXGq8Ws
pROugT4g6xpkEZ3jvQveOnuMOj90W9GvbGSEAAczCl/Rxsdy8pLox6u/qCYcPLCz
NLdMxx7mwOoNZoo4rSuw6/aNJoDqV33D+8DakfbUWTl1v7FGvZEE6Ph6WhtVh3+5
Rbp7kxkvzTwYWOGLFfsHusdQC95XQ4esAi5MYl3eNgGfEv7WMHD3ZJ/2UbqpR4wN
ENI0xpQvzyqw0meX3WE9kAyPnI5E7oZd0gCCQ7B3zLyH3MXwaaSIy9aJdqzKMuaj
y0EaneGVkRkk0vB8+uEy3Vf4LUZJ706AfQnvxm4VZOjabEPt1IExWlP9nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpNoQTOF1IXegwPr7PElBzTqOpOMB8GA1UdIwQY
MBaAFFU8p7LmweF/Xz7b43Xhns45UzkQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlR5bnN1YkI0WDlmUHR2amRlR2V6amxUT1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kNTcyYzMtMzUwZi00NzliLWE3YjMt
MTUzZTkxODJhZjQxLzEvNmsyaEJNNFhVaGQ2REEtdnM4U1VITk9vNms0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kNTcyYzMtMzUwZi00NzliLWE3YjMtMTUzZTkxODJhZjQx
LzEvVlR5bnN1YkI0WDlmUHR2amRlR2V6amxUT1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwm6CMA0G
CSqGSIb3DQEBCwUAA4IBAQAYYDvsMogzal7iGsH2wboPtyS480WtFkYYJbrdpKhj
pJi8R9WEjsGwUaAf634WNtgSiggi2c8kEhEjsMxv/+uKiNSlmBMd0C4hCSwZ8Akx
KYc9GH1hu7xdH0iDqBFwgK8Q+89ZHJMC2SDR3FV4YPfnUp4VFnXBwA4Fpkqnnq9Y
OFQvLcASemo66QuUkKrnyDUTiHgC2FlzcaAKNwvPIEyMBY/9o/xoGIW2VGa+BntY
0GRx90fYOHxsbXOZPLeSGhJnjlEsJDqntooi34j6f07vPKQEGHSCzexMnlwboSa8
KETiVKgYB4BHijK+s6kXpTuZQJaTSyty/HprXaIOFkxM
-----END CERTIFICATE-----