Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/6f7-H05EOBKyKeN13u8Kl_HrjJI.roa
File:                     6f7-H05EOBKyKeN13u8Kl_HrjJI.roa (raw, json)
Hash identifier:          m9ViCbN8nVWlIqrvzsL/2UvzPl20r/I/JsKvxpR9NP8=
Subject key identifier:   E9:FE:FE:1F:4E:44:38:12:B2:29:E3:75:DE:EF:0A:97:F1:EB:8C:92
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018F81D4EA0B025734CD03949A66D18A3E65
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/6f7-H05EOBKyKeN13u8Kl_HrjJI.roa
Signing time:             Thu 16 May 2024 14:36:05 +0000
ROA not before:           Thu 16 May 2024 14:36:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50340
IP address blocks:        193.3.19.0/24 maxlen: 24
                          194.32.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:22:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:81:d4:ea:0b:02:57:34:cd:03:94:9a:66:d1:8a:3e:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: May 16 14:36:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9fefe1f4e443812b229e375deef0a97f1eb8c92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:07:66:d5:61:5a:da:5e:05:95:80:62:24:0c:
                    2d:27:2a:d1:46:c1:0d:7a:f9:e4:c2:9f:af:0e:e0:
                    eb:97:69:7b:90:b2:28:d6:51:8b:95:8d:24:0e:d2:
                    04:82:b0:71:9e:f7:09:ce:be:99:6c:86:d8:ed:18:
                    13:86:58:01:2b:af:e1:3f:28:b3:95:59:d4:ef:5a:
                    d9:9f:c1:78:d6:98:1e:8b:3f:7a:ef:e7:ef:f7:d7:
                    bb:7b:bb:5f:67:d1:f1:f7:72:87:5b:cf:37:7b:d3:
                    67:67:02:c2:cb:f2:b2:78:36:02:de:44:40:1f:f6:
                    82:7c:d1:68:f1:5f:b6:23:7e:d7:bd:50:18:43:21:
                    31:ea:e2:ef:4c:93:2c:a5:ca:ae:6c:17:24:1b:c2:
                    99:ab:c2:cd:1e:1a:2b:ca:90:c5:57:35:cb:a9:c7:
                    a0:23:0a:37:7a:45:c6:61:9a:e7:7f:26:a3:c7:e7:
                    bf:3c:07:fc:ee:d8:67:29:83:63:17:bb:5f:01:9b:
                    82:d9:14:95:bc:a3:47:f5:b6:6e:cb:c5:e3:75:06:
                    00:76:17:a2:e7:7e:01:46:1d:d7:04:6f:ab:0c:b1:
                    6e:63:03:62:52:a6:10:b8:e3:bd:a4:5a:b9:d2:f0:
                    db:46:62:3c:17:f3:18:d3:f6:27:b1:c0:3b:61:c9:
                    20:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:FE:FE:1F:4E:44:38:12:B2:29:E3:75:DE:EF:0A:97:F1:EB:8C:92
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/6f7-H05EOBKyKeN13u8Kl_HrjJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.19.0/24
                  194.32.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:2c:36:34:5c:15:1b:07:e8:2d:b7:c4:26:41:92:74:76:18:
         19:db:fe:a4:ce:51:20:b0:6d:ed:2a:92:b9:72:a7:8f:d8:15:
         be:1c:7d:7f:3e:b0:da:2e:f6:8e:c0:dd:8c:e4:db:ac:4a:55:
         22:10:bd:57:b5:5d:84:4b:f3:2b:01:5d:94:3d:2c:6d:3e:a2:
         de:ba:11:96:b7:96:15:57:dd:89:28:c1:56:d8:f4:04:12:6c:
         7b:7d:6f:ff:21:08:78:22:4d:c8:ac:4b:3f:73:17:22:e9:74:
         f8:1a:59:f8:55:3b:36:1b:9d:53:6e:10:97:de:19:f3:99:ea:
         2d:3c:b1:c5:6b:aa:4f:ec:a4:e5:99:e3:e9:55:ae:d8:93:4a:
         a9:31:a8:93:d8:b2:d9:b6:98:fd:7c:62:41:4a:ba:bf:b5:89:
         97:fe:81:7a:23:cf:8b:1c:8b:51:e6:a0:47:42:50:85:93:6c:
         5d:dc:33:3f:d6:de:31:40:2a:63:20:5a:4a:7c:87:16:f3:58:
         ff:06:3f:4c:69:bc:e4:cb:36:0c:d8:75:60:2f:ce:d5:2f:2c:
         fa:d7:98:b6:5c:2a:83:4a:bf:dd:f7:e1:73:c4:51:bf:97:1f:
         f8:49:df:c6:d4:48:d8:08:52:3f:0b:4d:8b:01:54:cd:07:49:
         53:5d:48:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+B1OoLAlc0zQOUmmbRij5lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwNTE2MTQzNjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWZlZmUxZjRlNDQzODEyYjIyOWUzNzVkZWVmMGE5N2YxZWI4YzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Adm1WFa2l4FlYBiJAwtJyrRRsEN
evnkwp+vDuDrl2l7kLIo1lGLlY0kDtIEgrBxnvcJzr6ZbIbY7RgThlgBK6/hPyiz
lVnU71rZn8F41pgeiz967+fv99e7e7tfZ9Hx93KHW883e9NnZwLCy/KyeDYC3kRA
H/aCfNFo8V+2I37XvVAYQyEx6uLvTJMspcqubBckG8KZq8LNHhorypDFVzXLqceg
Iwo3ekXGYZrnfyajx+e/PAf87thnKYNjF7tfAZuC2RSVvKNH9bZuy8XjdQYAdhei
534BRh3XBG+rDLFuYwNiUqYQuOO9pFq50vDbRmI8F/MY0/YnscA7YckgeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOn+/h9ORDgSsinjdd7vCpfx64ySMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvNmY3LUgwNUVPQkt5S2VOMTN1OEtsX0hyakpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwQMTAwQA
wiDyMA0GCSqGSIb3DQEBCwUAA4IBAQBFLDY0XBUbB+gtt8QmQZJ0dhgZ2/6kzlEg
sG3tKpK5cqeP2BW+HH1/PrDaLvaOwN2M5NusSlUiEL1XtV2ES/MrAV2UPSxtPqLe
uhGWt5YVV92JKMFW2PQEEmx7fW//IQh4Ik3IrEs/cxci6XT4Gln4VTs2G51TbhCX
3hnzmeotPLHFa6pP7KTlmePpVa7Yk0qpMaiT2LLZtpj9fGJBSrq/tYmX/oF6I8+L
HItR5qBHQlCFk2xd3DM/1t4xQCpjIFpKfIcW81j/Bj9MabzkyzYM2HVgL87VLyz6
15i2XCqDSr/d9+FzxFG/lx/4Sd/G1EjYCFI/C02LAVTNB0lTXUi3
-----END CERTIFICATE-----