Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/6fkOqYDe9YJZHpQV720YpwRiEYg.roa
File:                     6fkOqYDe9YJZHpQV720YpwRiEYg.roa (raw, json)
Hash identifier:          qkDngvuYMlHOsVKZ6/gBG57fscR1+D+gbVuwrjYl8r4=
Subject key identifier:   E9:F9:0E:A9:80:DE:F5:82:59:1E:94:15:EF:6D:18:A7:04:62:11:88
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018FB5D9D3422426F27FFB8192690EFF56DD
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/6fkOqYDe9YJZHpQV720YpwRiEYg.roa
Signing time:             Sun 26 May 2024 17:01:42 +0000
ROA not before:           Sun 26 May 2024 17:01:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58678
IP address blocks:        185.24.149.0/24 maxlen: 24
                          212.16.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b5:d9:d3:42:24:26:f2:7f:fb:81:92:69:0e:ff:56:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: May 26 17:01:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9f90ea980def582591e9415ef6d18a704621188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:89:64:c9:dd:3d:47:75:d8:5d:ff:59:e8:b2:
                    d3:2e:c5:28:c7:de:fb:13:f7:9b:b7:00:06:b2:66:
                    a4:04:a2:04:91:a6:3c:b7:1d:c7:f4:b6:73:6f:ec:
                    b8:8f:1f:1f:06:10:76:13:84:1f:d3:10:a7:41:d3:
                    1e:35:9c:55:59:bf:69:9c:c2:87:28:d6:15:01:a5:
                    5b:a0:70:36:e5:49:2a:28:30:44:c4:6b:c1:d5:8e:
                    aa:13:65:50:91:45:06:44:9d:e5:a9:8e:d8:59:13:
                    66:85:24:8a:27:a9:5f:9c:da:78:9f:74:9c:29:52:
                    44:46:a2:e0:3d:40:a3:6c:79:fa:58:4b:d2:8a:43:
                    b2:11:54:dd:01:28:d2:15:64:9a:3b:69:8c:6e:a1:
                    80:d3:0f:3c:65:03:b6:65:52:13:96:65:a7:ca:cc:
                    d8:d9:08:fb:0d:33:df:97:85:ab:21:fb:90:45:87:
                    9a:1e:f8:23:bd:6e:ef:85:e1:f0:9e:45:f7:14:d9:
                    78:69:1c:22:3d:9f:03:56:5c:33:90:16:15:88:fe:
                    58:79:6d:2c:32:53:93:ac:8a:88:43:c9:94:4e:4e:
                    7a:63:f4:9b:d5:d7:74:93:bd:47:73:33:f2:7f:cc:
                    d8:b9:f7:d0:e5:64:a8:a3:5e:7f:c1:bc:66:2c:11:
                    16:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F9:0E:A9:80:DE:F5:82:59:1E:94:15:EF:6D:18:A7:04:62:11:88
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/6fkOqYDe9YJZHpQV720YpwRiEYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.149.0/24
                  212.16.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c9:d4:27:52:ec:c8:27:a5:d7:24:04:4c:44:2c:d3:75:50:
         00:14:77:e7:4f:03:96:ef:18:4b:cd:e5:f8:87:08:98:6c:63:
         5b:c7:e0:d6:a5:53:16:a3:a7:3b:47:49:9d:39:42:ba:b6:74:
         fd:2b:20:92:c6:a7:d3:59:ad:1c:73:ba:f7:bd:35:3d:9d:89:
         b0:86:0b:d6:a2:92:5a:1d:08:a2:49:ae:73:06:48:67:28:93:
         38:c0:a8:32:95:e3:3d:28:21:c9:37:9b:0d:f2:c6:8a:e8:da:
         38:f0:3f:32:94:3f:3f:ba:13:bb:38:6e:81:a0:1e:cd:ed:9e:
         49:f5:92:0d:4e:97:bf:ce:a1:01:d8:61:00:0e:28:f9:c3:14:
         d3:97:b0:10:62:8b:f7:86:48:d2:d2:c2:9c:48:2d:fe:4f:7e:
         83:93:65:b0:02:db:bb:d0:ba:9e:fe:99:7d:50:86:ba:3d:11:
         e6:93:dc:1f:dc:0e:d3:30:8e:d1:46:c2:6e:54:61:fa:e2:7d:
         50:7b:bd:3c:c3:d4:93:b2:e8:dd:26:fd:b3:a5:09:04:dd:e8:
         95:68:72:45:eb:69:26:4a:7b:15:0c:a9:34:54:35:f4:8a:2a:
         a6:18:04:e3:c2:58:df:7f:8d:4e:22:39:31:85:00:a8:04:9a:
         10:05:10:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+12dNCJCbyf/uBkmkO/1bdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwNTI2MTcwMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWY5MGVhOTgwZGVmNTgyNTkxZTk0MTVlZjZkMThhNzA0NjIxMTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Ylkyd09R3XYXf9Z6LLTLsUox977
E/ebtwAGsmakBKIEkaY8tx3H9LZzb+y4jx8fBhB2E4Qf0xCnQdMeNZxVWb9pnMKH
KNYVAaVboHA25UkqKDBExGvB1Y6qE2VQkUUGRJ3lqY7YWRNmhSSKJ6lfnNp4n3Sc
KVJERqLgPUCjbHn6WEvSikOyEVTdASjSFWSaO2mMbqGA0w88ZQO2ZVITlmWnyszY
2Qj7DTPfl4WrIfuQRYeaHvgjvW7vheHwnkX3FNl4aRwiPZ8DVlwzkBYViP5YeW0s
MlOTrIqIQ8mUTk56Y/Sb1dd0k71HczPyf8zYuffQ5WSoo15/wbxmLBEWQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOn5DqmA3vWCWR6UFe9tGKcEYhGIMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvNmZrT3FZRGU5WUpaSHBRVjcyMFlwd1JpRVlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRiVAwQA
1BBdMA0GCSqGSIb3DQEBCwUAA4IBAQBAydQnUuzIJ6XXJARMRCzTdVAAFHfnTwOW
7xhLzeX4hwiYbGNbx+DWpVMWo6c7R0mdOUK6tnT9KyCSxqfTWa0cc7r3vTU9nYmw
hgvWopJaHQiiSa5zBkhnKJM4wKgyleM9KCHJN5sN8saK6No48D8ylD8/uhO7OG6B
oB7N7Z5J9ZINTpe/zqEB2GEADij5wxTTl7AQYov3hkjS0sKcSC3+T36Dk2WwAtu7
0Lqe/pl9UIa6PRHmk9wf3A7TMI7RRsJuVGH64n1Qe708w9STsujdJv2zpQkE3eiV
aHJF62kmSnsVDKk0VDX0iiqmGATjwljff41OIjkxhQCoBJoQBRBG
-----END CERTIFICATE-----