Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/aTbkEVghJmSR4I3aYVYs94x4iSw.roa
File:                     aTbkEVghJmSR4I3aYVYs94x4iSw.roa (raw, json)
Hash identifier:          YkMin1PtjatknJVmKY17nm0yKN59D9gI12CPVo4Y//M=
Subject key identifier:   69:36:E4:11:58:21:26:64:91:E0:8D:DA:61:56:2C:F7:8C:78:89:2C
Certificate issuer:       /CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
Certificate serial:       018CC56EAA9D4C48F01A0FE279ACF7B85BC3
Authority key identifier: 6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/aTbkEVghJmSR4I3aYVYs94x4iSw.roa
Signing time:             Mon 01 Jan 2024 14:30:13 +0000
ROA not before:           Mon 01 Jan 2024 14:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399641
IP address blocks:        62.204.51.0/24 maxlen: 24
                          188.93.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:aa:9d:4c:48:f0:1a:0f:e2:79:ac:f7:b8:5b:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
        Validity
            Not Before: Jan  1 14:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6936e4115821266491e08dda61562cf78c78892c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:b8:4f:97:f1:9e:bb:5f:28:59:13:3d:c2:37:
                    95:89:9c:3c:1a:c8:9c:0f:dc:b2:98:db:48:fc:a8:
                    5e:d7:89:53:c6:d4:85:1d:8d:24:a2:49:fd:56:a9:
                    c1:4b:3b:cd:a5:cc:24:70:23:dc:dd:1c:61:e1:2c:
                    58:76:5e:c2:10:21:03:4a:9f:d7:5d:54:00:c8:d8:
                    13:3b:1e:7f:a9:52:b6:94:8b:07:86:af:93:85:7f:
                    56:b1:85:be:fe:0d:b7:ea:0a:83:b7:0f:c0:eb:4d:
                    9a:b9:c1:bb:aa:ce:69:02:67:9c:60:c7:02:e3:a4:
                    82:25:ed:ea:42:56:a3:e5:d5:7c:ce:91:25:f9:33:
                    1c:53:cf:b3:a6:71:48:78:a0:67:34:ab:8d:b3:e3:
                    06:72:3e:7d:60:91:65:29:35:c3:43:e9:f1:28:5a:
                    6d:e2:b9:9c:3e:f6:65:ff:22:37:bf:7c:c0:17:a4:
                    cc:8a:4b:d1:ed:70:82:a3:18:6b:a2:72:e7:bc:c8:
                    4b:71:00:1d:d2:f3:6d:d6:da:97:fa:e0:1a:81:a8:
                    a9:37:25:7a:31:5d:92:6d:79:68:e6:d2:64:b6:1c:
                    19:d3:e7:27:d6:e6:f0:a2:cc:2b:e3:74:20:a0:2a:
                    73:de:da:6e:3b:e1:38:19:f4:97:fd:cb:f7:dc:e6:
                    c6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:36:E4:11:58:21:26:64:91:E0:8D:DA:61:56:2C:F7:8C:78:89:2C
            X509v3 Authority Key Identifier:
                keyid:6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/aTbkEVghJmSR4I3aYVYs94x4iSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.51.0/24
                  188.93.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:cb:34:9f:61:8a:4a:1a:fb:ee:79:b5:92:06:2b:a9:ec:ab:
         6b:88:9a:0c:65:36:48:c1:4e:e3:21:df:66:f5:6b:7e:ce:46:
         76:8b:8d:40:e6:0f:86:e6:e7:88:1a:0c:04:93:44:49:d9:28:
         af:23:a5:b3:2c:16:5d:9b:82:ee:3e:11:01:fe:d8:86:cc:c5:
         1d:63:40:8b:fa:d9:32:ba:86:e5:43:8c:43:84:5f:4d:09:ca:
         a8:bc:d8:6d:c1:f9:5c:e9:da:1d:36:0f:40:af:0d:ad:74:ee:
         b4:d1:6d:1e:02:ee:23:a6:d7:8e:59:e4:53:31:35:c0:15:f7:
         6d:54:ca:82:89:86:2a:9f:5f:da:a1:99:d7:4b:1c:d9:c4:66:
         b1:d6:38:55:a8:54:8c:07:cd:fe:40:aa:db:5b:c5:ff:c4:3c:
         0d:24:48:94:c2:e1:2c:4c:fc:c9:e3:9a:4f:f8:a2:a3:29:79:
         7e:1e:4d:1e:b4:79:39:1d:62:bd:3b:46:19:d7:a9:80:cc:26:
         27:d9:4a:8c:3e:3f:91:d2:4d:ac:cb:e5:77:28:b8:97:99:0c:
         4a:8d:1c:12:fa:c8:53:3d:2c:4a:5f:fb:c9:6c:9f:45:20:65:
         c4:57:3c:b6:04:54:89:5b:7e:f5:1a:d5:39:cc:24:cf:9e:5f:
         c6:af:89:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbqqdTEjwGg/ieaz3uFvDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYWEwNWM2ZjhmOWJmZDcwZTNkNDFmZTA1YmFmYzUwZDEy
NTNiZjUwHhcNMjQwMTAxMTQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTM2ZTQxMTU4MjEyNjY0OTFlMDhkZGE2MTU2MmNmNzhjNzg4OTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirhPl/Geu18oWRM9wjeViZw8Gsic
D9yymNtI/Khe14lTxtSFHY0kokn9VqnBSzvNpcwkcCPc3Rxh4SxYdl7CECEDSp/X
XVQAyNgTOx5/qVK2lIsHhq+ThX9WsYW+/g236gqDtw/A602aucG7qs5pAmecYMcC
46SCJe3qQlaj5dV8zpEl+TMcU8+zpnFIeKBnNKuNs+MGcj59YJFlKTXDQ+nxKFpt
4rmcPvZl/yI3v3zAF6TMikvR7XCCoxhronLnvMhLcQAd0vNt1tqX+uAagaipNyV6
MV2SbXlo5tJkthwZ0+cn1ubwoswr43QgoCpz3tpuO+E4GfSX/cv33ObGnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGk25BFYISZkkeCN2mFWLPeMeIksMB8GA1UdIwQY
MBaAFGuqBcb4+b/XDj1B/gW6/FDRJTv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYt
ZjMyMTFkOTE1MjBkLzEvYVRia0VWZ2hKbVNSNEkzYVlWWXM5NHg0aVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYtZjMyMTFkOTE1MjBk
LzEvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPswzAwQA
vF13MA0GCSqGSIb3DQEBCwUAA4IBAQAWyzSfYYpKGvvuebWSBiup7KtriJoMZTZI
wU7jId9m9Wt+zkZ2i41A5g+G5ueIGgwEk0RJ2SivI6WzLBZdm4LuPhEB/tiGzMUd
Y0CL+tkyuoblQ4xDhF9NCcqovNhtwflc6dodNg9Arw2tdO600W0eAu4jpteOWeRT
MTXAFfdtVMqCiYYqn1/aoZnXSxzZxGax1jhVqFSMB83+QKrbW8X/xDwNJEiUwuEs
TPzJ45pP+KKjKXl+Hk0etHk5HWK9O0YZ16mAzCYn2UqMPj+R0k2sy+V3KLiXmQxK
jRwS+shTPSxKX/vJbJ9FIGXEVzy2BFSJW371GtU5zCTPnl/Gr4k2
-----END CERTIFICATE-----