Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/T6dxkJY1KWzsYE02Q-hj13x3gNA.roa
File:                     T6dxkJY1KWzsYE02Q-hj13x3gNA.roa (raw, json)
Hash identifier:          yMKPIYMLW/JbBo9Y8Wx6DbhdHHbRvls0Pe1jODuuZD8=
Subject key identifier:   4F:A7:71:90:96:35:29:6C:EC:60:4D:36:43:E8:63:D7:7C:77:80:D0
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       01922B52A2E1C9E2E0589769FD9B2ED1EC1D
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/T6dxkJY1KWzsYE02Q-hj13x3gNA.roa
Signing time:             Wed 25 Sep 2024 22:34:48 +0000
ROA not before:           Wed 25 Sep 2024 22:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62048
IP address blocks:        109.122.240.0/24 maxlen: 24
                          109.122.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2b:52:a2:e1:c9:e2:e0:58:97:69:fd:9b:2e:d1:ec:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Sep 25 22:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fa771909635296cec604d3643e863d77c7780d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bf:9e:7a:d6:a4:ce:72:d9:74:92:75:cd:35:
                    e6:7d:a1:19:2e:93:6a:ed:cb:8d:3d:be:3a:d6:22:
                    a9:0c:4c:32:fe:e3:2b:28:ce:dc:ca:1b:f4:fc:70:
                    b3:83:e8:84:3a:cd:be:4d:5c:a5:06:5f:8d:6e:a3:
                    9a:96:71:7a:5c:72:19:a5:58:8d:69:6f:14:26:03:
                    c4:5e:6e:1f:15:c2:8e:50:78:38:74:ca:bb:b9:55:
                    07:a2:f3:a9:bf:8c:e0:f6:6c:17:45:c3:99:d7:e2:
                    ec:ac:da:3e:e2:83:bc:7c:6e:0b:27:89:dc:7f:06:
                    83:0e:b1:0e:88:c8:0d:e2:f4:84:63:60:8a:db:86:
                    e0:09:cb:3b:63:fc:2a:f3:50:bd:fa:22:22:dc:28:
                    ba:38:1e:b7:25:54:35:53:7e:b2:c4:7e:87:8c:cf:
                    50:3a:34:0e:72:90:28:bf:a0:43:d0:4c:10:ee:62:
                    bf:00:c2:73:97:1f:08:14:c8:7e:99:9e:ca:6c:c3:
                    19:aa:be:95:64:0d:c1:cd:ea:80:c5:5d:45:5b:a3:
                    a2:68:3c:5e:52:1c:3c:51:97:50:d3:ba:c8:3b:4f:
                    e8:35:04:72:ff:7e:ec:8e:12:b0:48:80:d8:a8:ac:
                    e7:40:ba:30:df:ba:0f:e1:21:5e:41:17:dd:e3:98:
                    7c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:A7:71:90:96:35:29:6C:EC:60:4D:36:43:E8:63:D7:7C:77:80:D0
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/T6dxkJY1KWzsYE02Q-hj13x3gNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.240.0/24
                  109.122.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:31:3a:93:7f:77:41:31:6c:8e:bf:30:85:d0:08:bf:6d:f5:
         79:8d:c7:f9:df:3d:67:9a:b2:1c:44:63:03:6c:f0:d3:1d:c7:
         6b:88:c3:93:2b:7b:c0:b8:09:d5:38:d4:40:aa:d8:be:93:6c:
         ba:fa:b0:00:61:e2:fc:79:eb:c9:d1:43:09:53:11:76:69:b7:
         21:f1:4e:a3:2c:2d:ae:4f:ed:de:5a:c5:f8:0b:ca:67:d3:2c:
         c6:75:cc:80:15:62:eb:39:f5:9f:34:7c:f4:5b:64:2f:9b:e0:
         44:86:8d:1e:62:4f:14:7f:f4:a0:90:10:14:68:84:db:e4:cc:
         64:ca:5e:5e:c3:63:d9:1e:c3:ef:e4:c9:ad:8c:38:52:de:94:
         b2:f1:4c:86:91:64:fa:dd:65:84:71:bf:dd:bb:73:38:56:cd:
         56:0d:96:7c:04:d7:0b:ec:f0:f3:43:6c:17:4a:ba:56:7c:ab:
         33:95:c3:d8:eb:98:47:c5:03:80:0e:87:39:03:b4:39:8d:6c:
         a4:f0:13:6c:be:c0:58:45:a4:8c:c4:8c:e4:0b:b9:87:44:19:
         b4:5f:30:be:69:c1:a5:15:dd:74:38:44:15:c6:19:51:41:19:
         32:f2:5e:03:ba:36:49:e1:39:78:5d:4b:68:8d:f2:33:62:a8:
         10:bd:6f:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIrUqLhyeLgWJdp/Zsu0ewdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQwOTI1MjIzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmE3NzE5MDk2MzUyOTZjZWM2MDRkMzY0M2U4NjNkNzdjNzc4MGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtb+eetakznLZdJJ1zTXmfaEZLpNq
7cuNPb461iKpDEwy/uMrKM7cyhv0/HCzg+iEOs2+TVylBl+NbqOalnF6XHIZpViN
aW8UJgPEXm4fFcKOUHg4dMq7uVUHovOpv4zg9mwXRcOZ1+LsrNo+4oO8fG4LJ4nc
fwaDDrEOiMgN4vSEY2CK24bgCcs7Y/wq81C9+iIi3Ci6OB63JVQ1U36yxH6HjM9Q
OjQOcpAov6BD0EwQ7mK/AMJzlx8IFMh+mZ7KbMMZqr6VZA3BzeqAxV1FW6OiaDxe
Uhw8UZdQ07rIO0/oNQRy/37sjhKwSIDYqKznQLow37oP4SFeQRfd45h8MwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE+ncZCWNSls7GBNNkPoY9d8d4DQMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvVDZkeGtKWTFLV3pzWUUwMlEtaGoxM3gzZ05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrwAwQA
bXryMA0GCSqGSIb3DQEBCwUAA4IBAQCLMTqTf3dBMWyOvzCF0Ai/bfV5jcf53z1n
mrIcRGMDbPDTHcdriMOTK3vAuAnVONRAqti+k2y6+rAAYeL8eevJ0UMJUxF2abch
8U6jLC2uT+3eWsX4C8pn0yzGdcyAFWLrOfWfNHz0W2Qvm+BEho0eYk8Uf/SgkBAU
aITb5Mxkyl5ew2PZHsPv5MmtjDhS3pSy8UyGkWT63WWEcb/du3M4Vs1WDZZ8BNcL
7PDzQ2wXSrpWfKszlcPY65hHxQOADoc5A7Q5jWyk8BNsvsBYRaSMxIzkC7mHRBm0
XzC+acGlFd10OEQVxhlRQRky8l4DujZJ4Tl4XUtojfIzYqgQvW9u
-----END CERTIFICATE-----