Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/c68e30-3aa1-4435-a89b-c4214c79c8b8/1/L6Xbhw10dCC_xp2CRjOfRz8trDc.roa
File:                     L6Xbhw10dCC_xp2CRjOfRz8trDc.roa (raw, json)
Hash identifier:          LzFA6Fdwh3OCS+LJH3gCiJqzmNuMCQfNnfG1eXmA3+k=
Subject key identifier:   2F:A5:DB:87:0D:74:74:20:BF:C6:9D:82:46:33:9F:47:3F:2D:AC:37
Certificate issuer:       /CN=19bb32a2662f905c0d8bf247ece0dbc679a16b84
Certificate serial:       01924270C27460A85FA60EBF0EE25680B223
Authority key identifier: 19:BB:32:A2:66:2F:90:5C:0D:8B:F2:47:EC:E0:DB:C6:79:A1:6B:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GbsyomYvkFwNi_JH7ODbxnmha4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/c68e30-3aa1-4435-a89b-c4214c79c8b8/1/L6Xbhw10dCC_xp2CRjOfRz8trDc.roa
Signing time:             Mon 30 Sep 2024 10:18:59 +0000
ROA not before:           Mon 30 Sep 2024 10:18:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        194.147.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/c68e30-3aa1-4435-a89b-c4214c79c8b8/1/GbsyomYvkFwNi_JH7ODbxnmha4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/c68e30-3aa1-4435-a89b-c4214c79c8b8/1/GbsyomYvkFwNi_JH7ODbxnmha4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GbsyomYvkFwNi_JH7ODbxnmha4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:70:c2:74:60:a8:5f:a6:0e:bf:0e:e2:56:80:b2:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19bb32a2662f905c0d8bf247ece0dbc679a16b84
        Validity
            Not Before: Sep 30 10:18:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fa5db870d747420bfc69d8246339f473f2dac37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8e:83:6d:1e:28:6e:87:e7:83:af:2d:2c:87:
                    38:57:c8:15:aa:7e:3f:0f:87:63:24:b4:4d:f4:44:
                    5d:fc:90:c2:48:b6:04:f0:f2:9a:68:4b:35:ff:82:
                    b7:f5:32:ab:28:10:88:83:66:ec:d1:98:89:53:2c:
                    71:24:ea:38:5e:3d:89:95:57:bc:fd:27:85:97:8a:
                    00:e7:ba:af:51:92:86:14:a8:c2:0b:a5:00:5b:08:
                    ed:64:3d:a7:2c:c8:7a:f1:65:18:71:5c:61:06:97:
                    f5:b6:14:5c:95:fb:cc:db:a8:45:48:08:bf:bd:72:
                    74:ff:ee:10:7e:cc:20:2a:bd:df:c4:66:ca:00:5f:
                    fc:aa:25:df:30:54:5b:4d:00:98:bf:b4:1a:ae:37:
                    ef:bd:ab:a7:62:b8:25:bc:37:9d:7a:76:06:65:ac:
                    93:88:85:32:b0:e2:ed:d6:50:53:fa:6e:b8:2e:5c:
                    dc:92:3b:7d:01:3d:bd:8b:c1:f3:b5:49:59:a3:2f:
                    9a:3f:2b:a8:7c:94:9a:70:50:be:94:69:13:eb:43:
                    e6:b9:26:80:8a:b7:97:f8:05:29:f9:b7:d9:e6:17:
                    af:62:3f:9f:58:91:93:88:66:04:ea:d3:c0:f8:cf:
                    32:b0:37:7b:45:fa:ff:c9:6e:3c:fa:cf:4f:b0:ef:
                    24:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:A5:DB:87:0D:74:74:20:BF:C6:9D:82:46:33:9F:47:3F:2D:AC:37
            X509v3 Authority Key Identifier:
                keyid:19:BB:32:A2:66:2F:90:5C:0D:8B:F2:47:EC:E0:DB:C6:79:A1:6B:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GbsyomYvkFwNi_JH7ODbxnmha4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c68e30-3aa1-4435-a89b-c4214c79c8b8/1/L6Xbhw10dCC_xp2CRjOfRz8trDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c68e30-3aa1-4435-a89b-c4214c79c8b8/1/GbsyomYvkFwNi_JH7ODbxnmha4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:8c:e3:9d:b4:4a:2b:7b:7c:59:18:2f:25:98:8f:84:fb:cc:
         d0:11:49:b0:64:27:4e:1e:7a:ea:21:f6:a5:a8:ce:88:cd:0a:
         5c:9c:fd:ca:ce:b8:89:3d:96:67:dc:93:5f:45:66:69:78:42:
         18:fc:e6:12:6d:f6:7f:43:ec:4c:af:9f:27:44:e9:2d:f3:15:
         d9:6e:a2:af:39:ca:c5:e6:96:ae:0a:4f:4f:29:0c:d8:33:bf:
         1e:6d:01:c8:1b:96:35:eb:19:d4:b1:34:bc:f6:24:96:4c:c3:
         26:94:bf:1f:4a:20:74:b7:54:ab:59:67:95:6f:74:6a:d8:d4:
         4f:b4:a0:dc:73:64:c7:56:70:71:07:7a:2b:3a:be:8c:83:ef:
         df:a3:88:d6:4c:60:6a:a8:57:7b:c4:60:f6:81:19:74:5b:19:
         ef:a3:51:86:a5:19:e8:eb:e8:30:7c:e3:7c:86:6e:24:8d:78:
         69:00:7f:97:d3:ba:a4:21:47:78:1d:79:1e:70:79:50:92:1f:
         26:7d:0d:04:3d:3f:83:06:56:d6:9c:82:26:16:42:7c:9a:9a:
         94:9d:e9:03:f4:3c:10:f8:15:8a:47:16:c0:b0:62:48:27:3f:
         48:c2:60:00:27:e7:d8:f9:c0:76:8c:e9:1a:f3:6c:ae:5d:72:
         ab:38:2e:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJCcMJ0YKhfpg6/DuJWgLIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YmIzMmEyNjYyZjkwNWMwZDhiZjI0N2VjZTBkYmM2Nzlh
MTZiODQwHhcNMjQwOTMwMTAxODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmE1ZGI4NzBkNzQ3NDIwYmZjNjlkODI0NjMzOWY0NzNmMmRhYzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlI6DbR4obofng68tLIc4V8gVqn4/
D4djJLRN9ERd/JDCSLYE8PKaaEs1/4K39TKrKBCIg2bs0ZiJUyxxJOo4Xj2JlVe8
/SeFl4oA57qvUZKGFKjCC6UAWwjtZD2nLMh68WUYcVxhBpf1thRclfvM26hFSAi/
vXJ0/+4QfswgKr3fxGbKAF/8qiXfMFRbTQCYv7QarjfvvaunYrglvDedenYGZayT
iIUysOLt1lBT+m64Llzckjt9AT29i8HztUlZoy+aPyuofJSacFC+lGkT60PmuSaA
ireX+AUp+bfZ5hevYj+fWJGTiGYE6tPA+M8ysDd7Rfr/yW48+s9PsO8k6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+l24cNdHQgv8adgkYzn0c/Law3MB8GA1UdIwQY
MBaAFBm7MqJmL5BcDYvyR+zg28Z5oWuEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2JzeW9tWXZrRndOaV9KSDdPRGJ4bm1oYTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jNjhlMzAtM2FhMS00NDM1LWE4OWIt
YzQyMTRjNzljOGI4LzEvTDZYYmh3MTBkQ0NfeHAyQ1JqT2ZSejh0ckRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jNjhlMzAtM2FhMS00NDM1LWE4OWItYzQyMTRjNzljOGI4
LzEvR2JzeW9tWXZrRndOaV9KSDdPRGJ4bm1oYTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpNoMA0G
CSqGSIb3DQEBCwUAA4IBAQAejOOdtEore3xZGC8lmI+E+8zQEUmwZCdOHnrqIfal
qM6IzQpcnP3KzriJPZZn3JNfRWZpeEIY/OYSbfZ/Q+xMr58nROkt8xXZbqKvOcrF
5pauCk9PKQzYM78ebQHIG5Y16xnUsTS89iSWTMMmlL8fSiB0t1SrWWeVb3Rq2NRP
tKDcc2THVnBxB3orOr6Mg+/fo4jWTGBqqFd7xGD2gRl0Wxnvo1GGpRno6+gwfON8
hm4kjXhpAH+X07qkIUd4HXkecHlQkh8mfQ0EPT+DBlbWnIImFkJ8mpqUnekD9DwQ
+BWKRxbAsGJIJz9IwmAAJ+fY+cB2jOka82yuXXKrOC7E
-----END CERTIFICATE-----