Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/6FHQUBmvLail0AxeSMM8FFT8dQA.roa
File:                     6FHQUBmvLail0AxeSMM8FFT8dQA.roa (raw, json)
Hash identifier:          H5uT4+VjIdOpYm4p1Ez2YYLSN2170bhAaYGMnJDWIdk=
Subject key identifier:   E8:51:D0:50:19:AF:2D:A8:A5:D0:0C:5E:48:C3:3C:14:54:FC:75:00
Certificate issuer:       /CN=123ad9e6ce2651d95ad18656ecbb93536189faaf
Certificate serial:       0194258EEE5872A979A853C361C351012578
Authority key identifier: 12:3A:D9:E6:CE:26:51:D9:5A:D1:86:56:EC:BB:93:53:61:89:FA:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/6FHQUBmvLail0AxeSMM8FFT8dQA.roa
Signing time:             Thu 02 Jan 2025 05:48:31 +0000
ROA not before:           Thu 02 Jan 2025 05:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62343
IP address blocks:        93.115.208.0/24 maxlen: 24
                          93.115.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ee:58:72:a9:79:a8:53:c3:61:c3:51:01:25:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=123ad9e6ce2651d95ad18656ecbb93536189faaf
        Validity
            Not Before: Jan  2 05:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e851d05019af2da8a5d00c5e48c33c1454fc7500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:bd:dc:fe:a7:71:22:89:c1:f5:42:ba:31:58:
                    a2:01:d7:27:5e:d3:9c:18:da:7d:9c:64:6c:5a:c2:
                    49:cc:39:3e:1a:e6:f4:4b:99:d3:66:26:46:90:2a:
                    d1:81:37:ae:df:55:3d:64:80:85:96:de:db:1a:9e:
                    a4:48:d0:78:5d:36:47:29:7f:be:46:49:9c:98:04:
                    27:b1:9a:89:2b:83:a6:1f:e4:ee:ec:55:1a:a9:b5:
                    20:07:d4:99:d0:1f:a5:25:33:ef:05:b7:99:55:33:
                    38:98:a8:a8:d4:fc:cf:60:21:68:0f:9c:93:9e:1b:
                    03:c7:0b:a0:e6:8b:80:80:bc:eb:a2:ea:7d:ed:69:
                    9f:6d:9e:37:cb:73:3d:1f:36:44:0e:76:32:2e:d5:
                    7a:5e:38:a8:03:8e:54:b0:b7:51:c5:a7:19:9e:4e:
                    19:fe:5d:e2:8e:dd:86:e2:67:16:2c:3f:33:df:8b:
                    ad:45:71:10:e9:33:18:8a:da:24:98:f3:f6:91:72:
                    5a:7c:fc:90:4a:e0:3f:7a:05:08:ac:53:71:e3:97:
                    f7:47:cd:f7:87:d9:62:31:1b:be:53:57:e6:04:79:
                    fc:b9:75:aa:c6:52:3d:a7:11:d6:b9:67:1d:fa:c2:
                    c2:78:a1:79:08:32:ec:08:14:6a:71:b9:31:c7:da:
                    92:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:51:D0:50:19:AF:2D:A8:A5:D0:0C:5E:48:C3:3C:14:54:FC:75:00
            X509v3 Authority Key Identifier:
                keyid:12:3A:D9:E6:CE:26:51:D9:5A:D1:86:56:EC:BB:93:53:61:89:FA:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/6FHQUBmvLail0AxeSMM8FFT8dQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:23:4f:6b:1c:23:ec:5d:7a:0f:24:fe:ec:45:29:78:f6:3d:
         2c:03:cf:e7:60:cd:01:3e:b9:48:ce:53:b2:4d:68:b1:28:1e:
         86:e7:c6:6a:ca:e3:53:2e:d4:93:21:04:7d:fc:7d:e8:b7:8d:
         a3:75:11:b4:9e:0d:f6:58:46:20:c9:3c:93:3d:b5:b1:9b:89:
         04:46:b2:27:c0:1a:c1:04:55:f8:94:3f:0d:10:4d:e6:7a:47:
         ce:69:96:72:26:22:90:90:44:2b:49:57:1a:47:b2:a1:d9:37:
         c1:34:45:2e:da:00:04:18:50:0d:07:83:95:f1:10:de:30:7a:
         09:1e:7b:bb:7f:05:0d:19:eb:cd:11:27:a2:79:2e:c7:68:3e:
         30:f9:60:98:55:5c:a3:12:b0:13:85:2d:78:c4:32:2f:b0:8f:
         61:86:4c:8e:f7:66:34:4c:f9:e3:e5:6c:38:2b:6d:b4:e8:fe:
         d8:cf:2f:61:de:e7:73:a8:fb:7c:d9:13:23:17:de:8d:44:9e:
         ed:a1:49:5e:17:61:dc:69:98:7f:9f:b8:99:b6:95:db:db:43:
         64:53:7d:88:a1:72:16:ef:de:68:b3:5c:cf:58:46:b8:de:b8:
         e4:03:b6:2e:f2:68:2d:11:71:ac:f3:09:f5:d1:c2:d5:e7:1c:
         b1:3d:43:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlju5Ycql5qFPDYcNRASV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyM2FkOWU2Y2UyNjUxZDk1YWQxODY1NmVjYmI5MzUzNjE4
OWZhYWYwHhcNMjUwMTAyMDU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODUxZDA1MDE5YWYyZGE4YTVkMDBjNWU0OGMzM2MxNDU0ZmM3NTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0b3c/qdxIonB9UK6MViiAdcnXtOc
GNp9nGRsWsJJzDk+Gub0S5nTZiZGkCrRgTeu31U9ZICFlt7bGp6kSNB4XTZHKX++
RkmcmAQnsZqJK4OmH+Tu7FUaqbUgB9SZ0B+lJTPvBbeZVTM4mKio1PzPYCFoD5yT
nhsDxwug5ouAgLzroup97WmfbZ43y3M9HzZEDnYyLtV6XjioA45UsLdRxacZnk4Z
/l3ijt2G4mcWLD8z34utRXEQ6TMYitokmPP2kXJafPyQSuA/egUIrFNx45f3R833
h9liMRu+U1fmBHn8uXWqxlI9pxHWuWcd+sLCeKF5CDLsCBRqcbkxx9qSawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhR0FAZry2opdAMXkjDPBRU/HUAMB8GA1UdIwQY
MBaAFBI62ebOJlHZWtGGVuy7k1NhifqvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWpyWjVzNG1VZGxhMFlaVzdMdVRVMkdKLXE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8yMDRmYWUtZjdiZC00ZjcwLTkxMWEt
MWIxOTIzNzFmNDQyLzEvNkZIUVVCbXZMYWlsMEF4ZVNNTThGRlQ4ZFFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8yMDRmYWUtZjdiZC00ZjcwLTkxMWEtMWIxOTIzNzFmNDQy
LzEvRWpyWjVzNG1VZGxhMFlaVzdMdVRVMkdKLXE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXXPQMA0G
CSqGSIb3DQEBCwUAA4IBAQB5I09rHCPsXXoPJP7sRSl49j0sA8/nYM0BPrlIzlOy
TWixKB6G58ZqyuNTLtSTIQR9/H3ot42jdRG0ng32WEYgyTyTPbWxm4kERrInwBrB
BFX4lD8NEE3mekfOaZZyJiKQkEQrSVcaR7Kh2TfBNEUu2gAEGFANB4OV8RDeMHoJ
Hnu7fwUNGevNESeieS7HaD4w+WCYVVyjErAThS14xDIvsI9hhkyO92Y0TPnj5Ww4
K2206P7Yzy9h3udzqPt82RMjF96NRJ7toUleF2HcaZh/n7iZtpXb20NkU32IoXIW
795os1zPWEa43rjkA7Yu8mgtEXGs8wn10cLV5xyxPUPn
-----END CERTIFICATE-----