Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/e6h_e1l_GBB-YTi9wxz8vLZyCdg.roa
File:                     e6h_e1l_GBB-YTi9wxz8vLZyCdg.roa (raw, json)
Hash identifier:          wioIGHuZ359Ftozmd9jj5SGM0AdzlgpJU2wqq65dW5I=
Subject key identifier:   7B:A8:7F:7B:59:7F:18:10:7E:61:38:BD:C3:1C:FC:BC:B6:72:09:D8
Certificate issuer:       /CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
Certificate serial:       0194258FA4D8F7AA6582AF9373D053FE4A69
Authority key identifier: 5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/e6h_e1l_GBB-YTi9wxz8vLZyCdg.roa
Signing time:             Thu 02 Jan 2025 05:49:18 +0000
ROA not before:           Thu 02 Jan 2025 05:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203558
IP address blocks:        188.75.71.0/24 maxlen: 24
                          188.75.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:a4:d8:f7:aa:65:82:af:93:73:d0:53:fe:4a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
        Validity
            Not Before: Jan  2 05:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ba87f7b597f18107e6138bdc31cfcbcb67209d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6f:f8:63:46:28:c8:2f:55:1c:db:a0:02:87:
                    22:11:19:48:d9:27:79:31:ac:13:b2:48:76:44:b4:
                    19:53:db:c8:f9:f8:31:2d:3f:00:1d:2e:33:84:e2:
                    1b:d3:73:db:e9:f8:ab:2d:23:64:77:40:79:fc:2a:
                    fe:8c:66:b2:02:47:de:aa:5d:b5:ed:93:81:14:5a:
                    7a:e4:a1:1d:1f:a7:66:7e:1c:95:9d:35:19:ca:01:
                    37:19:de:35:a0:8f:e1:bd:3d:09:3f:fa:ad:c7:0b:
                    86:81:26:8a:2c:a0:1f:41:e9:c9:68:aa:26:7e:79:
                    96:da:9b:54:20:41:36:1c:b9:9b:06:9a:08:bc:61:
                    11:1b:97:1c:38:aa:52:0c:a8:62:47:ed:c1:da:ed:
                    25:90:87:b7:e4:35:a9:ff:37:78:16:d5:ad:b0:b4:
                    a9:36:5a:ac:61:3d:c8:93:d5:a3:c9:53:f5:66:33:
                    86:2e:fc:9c:47:68:fb:2b:99:f1:4b:af:9f:5e:29:
                    cc:45:2c:ba:60:50:9a:36:64:02:4b:f3:4e:ee:f3:
                    d0:50:bb:6e:25:43:ad:7c:24:e9:22:2f:20:ba:c9:
                    60:b2:58:d2:26:c7:16:ac:53:6d:e3:6a:c4:24:6d:
                    9c:d7:6a:24:71:ca:a7:2f:89:9e:19:e6:83:00:e4:
                    78:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A8:7F:7B:59:7F:18:10:7E:61:38:BD:C3:1C:FC:BC:B6:72:09:D8
            X509v3 Authority Key Identifier:
                keyid:5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/e6h_e1l_GBB-YTi9wxz8vLZyCdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.75.71.0/24
                  188.75.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:bc:f3:01:57:b2:56:92:26:73:64:a0:83:9b:65:04:1d:59:
         e6:30:00:77:21:6d:e0:8d:cd:cd:4a:eb:49:13:f6:bb:6a:5c:
         f0:6e:8e:46:d5:80:23:aa:a4:b0:44:aa:20:e4:3a:3e:de:fd:
         85:96:7c:54:44:95:2d:4c:4f:21:b6:84:bb:03:d9:b6:52:31:
         4e:eb:67:02:53:da:ed:be:27:d4:de:55:87:db:b1:45:84:ae:
         5d:62:03:db:68:59:1e:5d:c4:30:22:54:e4:3f:57:1c:75:7f:
         0d:07:a1:5e:07:3e:75:4f:92:0b:7a:58:f9:ff:d3:aa:78:40:
         4b:28:86:09:39:62:74:d5:cc:9a:f4:24:29:10:e6:0e:7e:d4:
         71:75:88:28:42:b3:1d:83:5d:5c:b9:55:70:87:98:d4:9a:e7:
         6e:0f:bf:83:c2:c7:6c:04:40:ef:c9:ba:1c:f5:a6:b3:e3:3d:
         72:3d:d9:e6:91:f9:46:62:9d:ee:9d:12:1f:0f:3c:b5:27:d5:
         ba:09:73:d5:86:62:02:5a:a9:bc:44:e7:c1:1a:dc:87:ba:46:
         9e:23:2e:15:5c:9e:68:c9:9d:d5:bb:9d:b3:07:95:eb:3a:e8:
         5e:ae:0a:75:ef:84:e4:09:78:9a:a3:b7:d2:12:72:bd:f7:d5:
         f1:4a:ca:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj6TY96plgq+Tc9BT/kppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNjk4YzRiNjEyYWZlZTJjYmIxY2RkNTA5ZTRmMDI0NmZi
YjgwZTEwHhcNMjUwMTAyMDU0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmE4N2Y3YjU5N2YxODEwN2U2MTM4YmRjMzFjZmNiY2I2NzIwOWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqW/4Y0YoyC9VHNugAociERlI2Sd5
MawTskh2RLQZU9vI+fgxLT8AHS4zhOIb03Pb6firLSNkd0B5/Cr+jGayAkfeql21
7ZOBFFp65KEdH6dmfhyVnTUZygE3Gd41oI/hvT0JP/qtxwuGgSaKLKAfQenJaKom
fnmW2ptUIEE2HLmbBpoIvGERG5ccOKpSDKhiR+3B2u0lkIe35DWp/zd4FtWtsLSp
NlqsYT3Ik9WjyVP1ZjOGLvycR2j7K5nxS6+fXinMRSy6YFCaNmQCS/NO7vPQULtu
JUOtfCTpIi8guslgsljSJscWrFNt42rEJG2c12okccqnL4meGeaDAOR4kQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHuof3tZfxgQfmE4vcMc/Ly2cgnYMB8GA1UdIwQY
MBaAFFtpjEthKv7iy7HN1Qnk8CRvu4DhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMt
Y2MyZmFmZTNhOGI0LzEvZTZoX2UxbF9HQkItWVRpOXd4ejh2TFp5Q2RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMtY2MyZmFmZTNhOGI0
LzEvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvEtHAwQA
vEttMA0GCSqGSIb3DQEBCwUAA4IBAQAPvPMBV7JWkiZzZKCDm2UEHVnmMAB3IW3g
jc3NSutJE/a7alzwbo5G1YAjqqSwRKog5Do+3v2FlnxURJUtTE8htoS7A9m2UjFO
62cCU9rtvifU3lWH27FFhK5dYgPbaFkeXcQwIlTkP1ccdX8NB6FeBz51T5ILelj5
/9OqeEBLKIYJOWJ01cya9CQpEOYOftRxdYgoQrMdg11cuVVwh5jUmuduD7+Dwsds
BEDvyboc9aaz4z1yPdnmkflGYp3unRIfDzy1J9W6CXPVhmICWqm8ROfBGtyHukae
Iy4VXJ5oyZ3Vu52zB5XrOuhergp174TkCXiao7fSEnK999XxSsqf
-----END CERTIFICATE-----