Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/6QGkFK1SSLb8KrZSIt0KD4m_HTc.roa
File:                     6QGkFK1SSLb8KrZSIt0KD4m_HTc.roa (raw, json)
Hash identifier:          ICsAscU9gZxGHPDGe9P6Wa+cu9m9mX5jZ9qQYiJqk50=
Subject key identifier:   E9:01:A4:14:AD:52:48:B6:FC:2A:B6:52:22:DD:0A:0F:89:BF:1D:37
Certificate issuer:       /CN=9891c4488699e6d024e39cc4d61eeeabd38010fa
Certificate serial:       01941FFAA722B008F52558A224B4C7DBB685
Authority key identifier: 98:91:C4:48:86:99:E6:D0:24:E3:9C:C4:D6:1E:EE:AB:D3:80:10:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/6QGkFK1SSLb8KrZSIt0KD4m_HTc.roa
Signing time:             Wed 01 Jan 2025 03:48:27 +0000
ROA not before:           Wed 01 Jan 2025 03:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206764
IP address blocks:        93.95.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 00:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a7:22:b0:08:f5:25:58:a2:24:b4:c7:db:b6:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9891c4488699e6d024e39cc4d61eeeabd38010fa
        Validity
            Not Before: Jan  1 03:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e901a414ad5248b6fc2ab65222dd0a0f89bf1d37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3d:27:98:5a:08:9d:d0:5c:6f:ec:48:49:e1:
                    32:6a:59:62:1e:ed:71:b2:bd:32:58:87:39:24:64:
                    39:2a:d1:13:1e:7b:18:e3:d0:65:88:dd:31:21:76:
                    57:b2:5d:a7:d7:8f:5e:fc:d8:65:96:42:3f:25:6a:
                    76:d8:d6:8e:ca:8a:a7:a7:4a:1f:2f:86:c1:de:0a:
                    32:76:de:b2:64:25:9e:66:e7:ee:39:59:eb:d8:46:
                    dd:1b:13:21:dd:c0:a6:62:16:78:6f:cc:54:72:46:
                    1e:59:f1:c2:da:02:70:3a:18:38:00:ad:81:7f:ac:
                    d9:40:2b:e0:18:6f:9f:09:12:fc:92:f9:a8:08:8f:
                    9a:d7:64:27:11:ad:d8:25:c4:e0:32:f9:d2:6d:27:
                    99:dd:2d:2a:d8:7e:a7:06:40:b4:89:ea:ca:41:c4:
                    08:82:2d:03:7f:c0:54:fa:1d:e7:03:73:06:99:3f:
                    1a:28:f2:75:71:97:29:d7:55:10:eb:62:34:8b:19:
                    77:15:3d:58:9e:95:29:d9:0f:a3:69:db:91:fb:fd:
                    7d:2a:53:0d:ee:30:ba:08:5e:2d:14:a3:23:21:48:
                    92:86:73:3d:15:be:03:e5:50:58:c5:7e:79:d4:59:
                    20:cf:d8:18:70:f4:98:ae:ab:47:b3:87:69:f2:63:
                    46:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:01:A4:14:AD:52:48:B6:FC:2A:B6:52:22:DD:0A:0F:89:BF:1D:37
            X509v3 Authority Key Identifier:
                keyid:98:91:C4:48:86:99:E6:D0:24:E3:9C:C4:D6:1E:EE:AB:D3:80:10:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/6QGkFK1SSLb8KrZSIt0KD4m_HTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:a7:90:5c:9b:95:4a:4c:f0:1c:bb:b7:d8:9f:cb:09:02:41:
         20:e1:cc:6a:c6:1b:ad:d1:8a:12:85:dc:84:69:89:2f:17:28:
         8c:34:e6:fa:cf:69:90:ae:0c:ce:32:76:c9:59:bb:bd:9d:7a:
         8a:82:9f:5b:8f:3a:eb:77:73:82:d3:79:5e:0c:18:4b:bd:27:
         08:90:73:b0:8f:d8:4d:99:2a:4e:2a:db:8a:2f:41:63:01:62:
         9a:41:f4:33:02:c2:90:ea:23:1e:70:af:03:b3:03:cf:a5:78:
         e5:5c:08:c2:4c:72:22:a8:f7:87:84:f3:87:53:19:83:b0:ed:
         8a:e9:51:d7:43:44:5a:a6:6a:3b:37:24:27:a9:88:f6:c5:ff:
         72:4d:32:ab:9f:34:5e:92:2c:46:c9:4b:d9:76:a7:bd:ef:7b:
         c4:e8:00:61:0f:00:c0:2e:8b:5c:45:01:6f:01:bc:24:09:2b:
         09:f1:02:68:2a:eb:12:27:d1:fe:8c:80:1c:2b:11:d0:aa:65:
         2c:8e:07:f1:82:1b:31:80:7f:90:ef:2a:52:b7:1c:86:30:09:
         bf:b7:64:93:61:fe:e5:d0:6a:cf:06:e6:b8:ef:55:ff:eb:ef:
         b3:6a:42:e4:3c:7f:71:8b:9c:f7:66:20:d9:fb:f1:a6:23:34:
         d9:39:b8:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qcisAj1JViiJLTH27aFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTFjNDQ4ODY5OWU2ZDAyNGUzOWNjNGQ2MWVlZWFiZDM4
MDEwZmEwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTAxYTQxNGFkNTI0OGI2ZmMyYWI2NTIyMmRkMGEwZjg5YmYxZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApD0nmFoIndBcb+xISeEyalliHu1x
sr0yWIc5JGQ5KtETHnsY49BliN0xIXZXsl2n149e/NhllkI/JWp22NaOyoqnp0of
L4bB3goydt6yZCWeZufuOVnr2EbdGxMh3cCmYhZ4b8xUckYeWfHC2gJwOhg4AK2B
f6zZQCvgGG+fCRL8kvmoCI+a12QnEa3YJcTgMvnSbSeZ3S0q2H6nBkC0ierKQcQI
gi0Df8BU+h3nA3MGmT8aKPJ1cZcp11UQ62I0ixl3FT1YnpUp2Q+jaduR+/19KlMN
7jC6CF4tFKMjIUiShnM9Fb4D5VBYxX551Fkgz9gYcPSYrqtHs4dp8mNGgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkBpBStUki2/Cq2UiLdCg+Jvx03MB8GA1UdIwQY
MBaAFJiRxEiGmebQJOOcxNYe7qvTgBD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpIRVNJYVo1dEFrNDV6RTFoN3VxOU9BRVBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80N2RmMDAtODQ2OC00YzM5LWJlOTUt
ZTEwYTYwNTk2YzI2LzEvNlFHa0ZLMVNTTGI4S3JaU0l0MEtENG1fSFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80N2RmMDAtODQ2OC00YzM5LWJlOTUtZTEwYTYwNTk2YzI2
LzEvbUpIRVNJYVo1dEFrNDV6RTFoN3VxOU9BRVBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV9gMA0G
CSqGSIb3DQEBCwUAA4IBAQAMp5Bcm5VKTPAcu7fYn8sJAkEg4cxqxhut0YoShdyE
aYkvFyiMNOb6z2mQrgzOMnbJWbu9nXqKgp9bjzrrd3OC03leDBhLvScIkHOwj9hN
mSpOKtuKL0FjAWKaQfQzAsKQ6iMecK8DswPPpXjlXAjCTHIiqPeHhPOHUxmDsO2K
6VHXQ0Rapmo7NyQnqYj2xf9yTTKrnzRekixGyUvZdqe973vE6ABhDwDALotcRQFv
AbwkCSsJ8QJoKusSJ9H+jIAcKxHQqmUsjgfxghsxgH+Q7ypStxyGMAm/t2STYf7l
0GrPBua471X/6++zakLkPH9xi5z3ZiDZ+/GmIzTZObgs
-----END CERTIFICATE-----