Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/g6X2NgFcvPxR4_5HDlC8-HGDHhg.roa
File:                     g6X2NgFcvPxR4_5HDlC8-HGDHhg.roa (raw, json)
Hash identifier:          t7hFkBvmBRgCMZft7PXHyk19rRO21h3vKAt5xfkl2YU=
Subject key identifier:   83:A5:F6:36:01:5C:BC:FC:51:E3:FE:47:0E:50:BC:F8:71:83:1E:18
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01917782710E0FA018E8A0D2431E94B78301
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/g6X2NgFcvPxR4_5HDlC8-HGDHhg.roa
Signing time:             Thu 22 Aug 2024 00:35:22 +0000
ROA not before:           Thu 22 Aug 2024 00:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        109.111.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:77:82:71:0e:0f:a0:18:e8:a0:d2:43:1e:94:b7:83:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Aug 22 00:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83a5f636015cbcfc51e3fe470e50bcf871831e18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b0:ec:31:44:14:7f:5e:9a:50:7d:e5:4e:a2:
                    f2:48:ad:9d:49:c8:9a:b2:d8:fd:fb:66:19:bf:b8:
                    4b:40:5e:43:01:27:f1:aa:ea:6b:1f:2d:be:85:2f:
                    c6:13:a3:5c:2b:f5:44:c9:1b:7e:aa:55:f9:f3:a6:
                    eb:da:2f:ec:1f:95:67:bd:66:97:99:82:5f:90:34:
                    12:c0:6f:bf:8e:b9:56:93:48:a1:25:bc:f0:82:0a:
                    42:3b:e8:6d:52:18:9f:65:0c:09:6c:eb:d6:26:34:
                    ca:1f:fb:50:3b:70:9a:43:9f:ab:bc:65:81:c2:1e:
                    84:4e:b2:60:37:5c:46:e7:98:fc:7d:14:9a:78:a9:
                    e0:8e:83:46:7a:57:06:f3:96:8f:98:49:20:fd:c2:
                    42:61:60:3c:23:57:80:4e:f0:ff:5d:35:f3:08:a7:
                    4b:0d:30:e2:95:3f:3f:9c:35:9e:82:df:15:1a:0c:
                    4c:ca:a5:bb:3d:e5:2a:d0:8f:d3:e2:d0:7e:55:46:
                    3c:2a:ec:e1:57:94:2c:54:ce:47:1f:9f:7a:5a:51:
                    99:2f:f9:91:96:86:af:0e:3e:70:92:df:5f:7e:b0:
                    a0:be:46:e3:f2:eb:04:62:cf:0d:32:63:01:14:ee:
                    de:79:3d:bf:69:6f:1b:e6:6b:e5:a4:46:f9:1c:a2:
                    14:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:A5:F6:36:01:5C:BC:FC:51:E3:FE:47:0E:50:BC:F8:71:83:1E:18
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/g6X2NgFcvPxR4_5HDlC8-HGDHhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:01:b1:fd:27:9f:e3:f5:fc:2f:24:c7:20:d3:13:e2:b8:4a:
         f5:60:28:53:e8:5e:22:48:38:21:5a:a5:79:f2:de:35:fe:db:
         e3:2e:ab:ee:0f:2f:2d:0f:8d:6d:46:12:12:d5:2a:3a:54:90:
         0e:63:3a:84:f6:06:53:bd:1d:fc:4a:aa:24:a2:d8:0a:f5:6f:
         be:14:e4:80:15:73:0a:b1:04:2a:12:7a:89:75:b4:b7:08:24:
         4c:f3:51:38:de:d7:8d:e9:19:a6:4f:98:a9:07:34:3a:a2:d9:
         ba:32:2a:ee:28:90:3a:c3:d8:8f:55:64:11:5d:66:c1:02:9d:
         c5:b7:64:4d:c5:0f:71:a1:50:e6:eb:37:51:dd:dc:91:88:67:
         04:ed:13:63:3a:82:52:54:e4:73:f1:58:e7:c4:8a:b1:9a:cc:
         a4:1f:44:0c:4d:c6:83:e0:10:ff:fc:38:4d:fe:1b:69:55:cf:
         a9:c3:5e:02:d6:81:ff:24:38:d8:e7:f8:80:00:6e:d2:1e:73:
         e9:c6:77:34:a8:cf:d7:a8:58:cd:2f:a5:ce:f5:e7:d1:3b:0a:
         19:e1:c2:f4:fa:e0:b7:75:5d:f2:35:25:30:ba:de:30:ca:fb:
         02:1e:50:23:2c:03:39:79:1c:73:3e:53:1a:f1:2a:f9:c4:18:
         72:ac:26:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF3gnEOD6AY6KDSQx6Ut4MBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwODIyMDAzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2E1ZjYzNjAxNWNiY2ZjNTFlM2ZlNDcwZTUwYmNmODcxODMxZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurDsMUQUf16aUH3lTqLySK2dScia
stj9+2YZv7hLQF5DASfxquprHy2+hS/GE6NcK/VEyRt+qlX586br2i/sH5VnvWaX
mYJfkDQSwG+/jrlWk0ihJbzwggpCO+htUhifZQwJbOvWJjTKH/tQO3CaQ5+rvGWB
wh6ETrJgN1xG55j8fRSaeKngjoNGelcG85aPmEkg/cJCYWA8I1eATvD/XTXzCKdL
DTDilT8/nDWegt8VGgxMyqW7PeUq0I/T4tB+VUY8KuzhV5QsVM5HH596WlGZL/mR
loavDj5wkt9ffrCgvkbj8usEYs8NMmMBFO7eeT2/aW8b5mvlpEb5HKIUPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIOl9jYBXLz8UeP+Rw5QvPhxgx4YMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZzZYMk5nRmN2UHhSNF81SERsQzgtSEdESGhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbW84MA0G
CSqGSIb3DQEBCwUAA4IBAQCdAbH9J5/j9fwvJMcg0xPiuEr1YChT6F4iSDghWqV5
8t41/tvjLqvuDy8tD41tRhIS1So6VJAOYzqE9gZTvR38SqokotgK9W++FOSAFXMK
sQQqEnqJdbS3CCRM81E43teN6RmmT5ipBzQ6otm6MiruKJA6w9iPVWQRXWbBAp3F
t2RNxQ9xoVDm6zdR3dyRiGcE7RNjOoJSVORz8VjnxIqxmsykH0QMTcaD4BD//DhN
/htpVc+pw14C1oH/JDjY5/iAAG7SHnPpxnc0qM/XqFjNL6XO9efROwoZ4cL0+uC3
dV3yNSUwut4wyvsCHlAjLAM5eRxzPlMa8Sr5xBhyrCbm
-----END CERTIFICATE-----