Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/fkVk0gOXUfc85ygegnFHJ0V-jJA.roa
File:                     fkVk0gOXUfc85ygegnFHJ0V-jJA.roa (raw, json)
Hash identifier:          9jZ99KuOddJoUebAxnDtbMJsjnLuc4i/PXs+sJuifqo=
Subject key identifier:   7E:45:64:D2:03:97:51:F7:3C:E7:28:1E:82:71:47:27:45:7E:8C:90
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       01906023365E45C326BD40745FC0C7860AFD
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/fkVk0gOXUfc85ygegnFHJ0V-jJA.roa
Signing time:             Fri 28 Jun 2024 18:37:18 +0000
ROA not before:           Fri 28 Jun 2024 18:37:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        185.24.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:60:23:36:5e:45:c3:26:bd:40:74:5f:c0:c7:86:0a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jun 28 18:37:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e4564d2039751f73ce7281e82714727457e8c90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d7:d1:b5:10:4a:e6:3d:4f:de:95:fa:7b:0b:
                    3c:41:ef:66:d9:79:04:4d:95:29:e2:e3:02:c0:b2:
                    91:51:3b:4f:b4:2b:11:74:dd:c6:c9:6f:ad:73:cc:
                    36:93:04:47:7e:95:cd:7d:61:97:b7:fd:90:ae:a0:
                    b5:cc:f4:ba:70:31:0d:d9:4d:fe:a5:f1:ba:b2:88:
                    ff:e7:91:1c:45:6a:a8:e2:2f:bb:a8:c3:86:a1:22:
                    7b:e0:45:3e:6e:5d:e8:15:47:63:13:93:35:98:91:
                    b9:a0:4d:f2:26:cb:aa:38:ca:a1:9e:e0:47:0c:fd:
                    b5:a1:49:b0:2b:7a:d4:d8:3f:5b:6f:1f:e4:e3:7b:
                    1a:27:9d:e0:3f:93:14:4a:9c:a3:14:14:37:c9:d2:
                    0a:42:63:a4:35:8b:f5:83:a7:1f:95:f5:dc:78:fe:
                    c1:95:80:95:57:a0:3c:83:f8:45:26:92:da:64:88:
                    1e:a8:e2:d5:37:d0:75:eb:17:93:5d:fd:ef:8f:3d:
                    d0:e2:27:7d:e9:0e:77:d3:17:e1:15:e1:73:61:3e:
                    da:cb:4f:40:3b:56:3a:b8:98:e3:ed:b9:c0:fe:14:
                    01:0d:4f:e4:35:7e:5e:77:6d:6a:33:25:25:54:58:
                    96:4e:e1:58:01:75:f9:11:d9:61:4c:0a:e0:31:64:
                    92:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:45:64:D2:03:97:51:F7:3C:E7:28:1E:82:71:47:27:45:7E:8C:90
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/fkVk0gOXUfc85ygegnFHJ0V-jJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:78:40:f1:d2:22:25:d0:f1:55:16:98:8a:30:75:92:a7:d7:
         36:a1:5a:4d:29:86:88:2e:e5:6f:09:28:55:1f:ae:c9:65:9e:
         f6:0c:1f:c7:72:12:61:60:cc:cc:15:e4:2f:8a:2d:43:66:62:
         82:98:a6:18:ca:f3:f3:3b:ad:e8:06:7e:92:cf:23:34:6e:e8:
         0b:9d:b0:47:eb:e1:08:69:74:74:ef:e0:ea:84:d8:cd:e5:7f:
         16:d0:63:fb:45:e2:6d:33:16:4c:2a:58:58:a2:fa:71:59:67:
         66:f9:b2:f9:f0:51:9f:fa:7e:67:51:d3:cc:94:fb:ae:ca:44:
         2e:c1:99:46:ba:31:0f:c9:a8:3a:2f:fa:14:93:12:33:08:d8:
         fb:ae:a7:bc:28:73:11:92:04:1a:cb:ea:ea:33:b0:81:16:64:
         6f:31:5e:50:9f:1e:a3:cd:8a:05:df:0f:cb:5f:8e:a6:31:3e:
         ca:51:01:72:80:39:42:0d:de:b0:5b:68:0e:88:2a:fe:97:53:
         c3:e8:a5:81:10:cb:fc:83:91:e1:da:b4:fa:fa:4f:93:f5:65:
         e6:01:ff:a5:c4:22:d5:dc:dc:b4:15:84:9e:c9:82:4c:da:64:
         0a:31:47:48:78:e6:04:e3:ba:6b:26:d8:33:60:78:f9:7c:bf:
         af:4d:d2:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBgIzZeRcMmvUB0X8DHhgr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwNjI4MTgzNzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQ1NjRkMjAzOTc1MWY3M2NlNzI4MWU4MjcxNDcyNzQ1N2U4YzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNfRtRBK5j1P3pX6ews8Qe9m2XkE
TZUp4uMCwLKRUTtPtCsRdN3GyW+tc8w2kwRHfpXNfWGXt/2QrqC1zPS6cDEN2U3+
pfG6soj/55EcRWqo4i+7qMOGoSJ74EU+bl3oFUdjE5M1mJG5oE3yJsuqOMqhnuBH
DP21oUmwK3rU2D9bbx/k43saJ53gP5MUSpyjFBQ3ydIKQmOkNYv1g6cflfXceP7B
lYCVV6A8g/hFJpLaZIgeqOLVN9B16xeTXf3vjz3Q4id96Q530xfhFeFzYT7ay09A
O1Y6uJjj7bnA/hQBDU/kNX5ed21qMyUlVFiWTuFYAXX5EdlhTArgMWSSWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5FZNIDl1H3POcoHoJxRydFfoyQMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvZmtWazBnT1hVZmM4NXlnZWduRkhKMFYtakpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRiXMA0G
CSqGSIb3DQEBCwUAA4IBAQAUeEDx0iIl0PFVFpiKMHWSp9c2oVpNKYaILuVvCShV
H67JZZ72DB/HchJhYMzMFeQvii1DZmKCmKYYyvPzO63oBn6SzyM0bugLnbBH6+EI
aXR07+DqhNjN5X8W0GP7ReJtMxZMKlhYovpxWWdm+bL58FGf+n5nUdPMlPuuykQu
wZlGujEPyag6L/oUkxIzCNj7rqe8KHMRkgQay+rqM7CBFmRvMV5Qnx6jzYoF3w/L
X46mMT7KUQFygDlCDd6wW2gOiCr+l1PD6KWBEMv8g5Hh2rT6+k+T9WXmAf+lxCLV
3Ny0FYSeyYJM2mQKMUdIeOYE47prJtgzYHj5fL+vTdJo
-----END CERTIFICATE-----