Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bQYTZW5U3iqNsbft6bV_DhfzLuY.roa
File:                     bQYTZW5U3iqNsbft6bV_DhfzLuY.roa (raw, json)
Hash identifier:          fln6b4E3QyBcqXd7/6gIOmXixj+xnAym0PZhNWWLM7U=
Subject key identifier:   6D:06:13:65:6E:54:DE:2A:8D:B1:B7:ED:E9:B5:7F:0E:17:F3:2E:E6
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DA5C9F78170253AD236A94EB3A4B4
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bQYTZW5U3iqNsbft6bV_DhfzLuY.roa
Signing time:             Wed 01 Jan 2025 15:48:15 +0000
ROA not before:           Wed 01 Jan 2025 15:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60250
IP address blocks:        213.74.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a5:c9:f7:81:70:25:3a:d2:36:a9:4e:b3:a4:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d0613656e54de2a8db1b7ede9b57f0e17f32ee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6e:07:22:3d:77:2d:33:b5:48:fa:37:43:7a:
                    28:50:3c:1d:af:bb:45:78:55:7c:39:16:6b:47:ac:
                    4f:a3:3a:54:a2:66:95:89:f0:f8:35:c0:4e:9d:b1:
                    64:0f:db:d4:db:52:1d:59:0e:8f:69:25:a9:29:e1:
                    7e:93:4b:c6:03:88:5c:2a:e1:5c:1e:ea:4e:65:25:
                    b1:fa:4c:a2:19:c1:f9:5c:f7:88:ce:1f:97:f9:b6:
                    35:0e:14:92:1a:13:8f:ce:26:54:12:2c:71:b7:15:
                    79:4a:23:72:6d:09:66:ac:4e:ea:54:95:4f:24:db:
                    88:60:38:4d:d5:0f:a9:16:b3:c9:f8:34:72:2b:85:
                    90:a3:9c:c9:78:a0:6d:0f:8f:2a:41:3d:d3:45:91:
                    27:82:53:d3:93:cd:b7:57:41:58:8d:94:7c:df:81:
                    12:2b:0a:38:91:7f:e5:6d:a2:1f:c0:22:6d:50:ab:
                    a1:e2:f3:d7:b0:78:99:3e:01:49:60:3d:6c:57:5c:
                    3c:dd:63:5d:02:49:af:fe:07:28:2e:e9:8b:ce:ae:
                    e4:f6:f3:5b:59:ff:ac:a4:94:2d:40:aa:da:44:8d:
                    45:02:1c:94:e7:31:8c:71:46:f3:8d:6e:d4:16:4a:
                    69:b4:d8:ce:62:46:e5:15:9b:ec:a5:3e:13:62:d6:
                    fe:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:06:13:65:6E:54:DE:2A:8D:B1:B7:ED:E9:B5:7F:0E:17:F3:2E:E6
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bQYTZW5U3iqNsbft6bV_DhfzLuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.74.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:c4:ba:41:b7:22:01:f6:8c:05:6e:87:19:1c:4d:c7:a9:e4:
         df:36:cc:10:e2:7e:dc:4b:df:05:39:11:9a:80:b8:a5:25:ee:
         05:38:d5:66:45:53:d1:eb:0e:9f:33:05:ee:f8:81:b4:24:d6:
         ae:11:21:1b:83:16:e1:de:8b:22:a4:7e:c5:4e:22:74:91:75:
         b2:b8:ee:ef:7e:f5:b2:32:da:1a:ff:dd:ba:de:6d:f8:c6:07:
         b4:04:3b:9d:a6:95:ca:cb:1f:07:69:5a:30:5c:e8:d9:71:6c:
         b5:a8:f6:c6:c9:61:74:17:87:a6:40:59:15:74:7b:56:e6:58:
         48:6f:eb:50:01:d8:3b:8c:c5:cf:f0:fe:13:73:3a:71:4d:33:
         84:62:ba:27:9e:62:cf:56:51:71:f5:7f:80:af:31:3c:15:5c:
         23:4d:ba:2a:e5:9a:6b:27:91:a5:19:f4:d6:5e:ac:f7:c2:46:
         a2:aa:3d:4b:e9:b2:27:50:2a:3c:cb:a5:ff:71:f6:3a:3c:d1:
         82:08:e8:31:6c:35:47:77:06:06:cd:c3:d4:68:94:46:35:2b:
         1c:99:de:42:26:a6:64:be:6a:d8:74:cb:8f:a4:6b:75:e0:26:
         71:90:5c:6d:e6:56:bb:bb:d4:f4:15:94:fb:2f:89:f2:ff:4e:
         e8:36:3d:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijaXJ94FwJTrSNqlOs6S0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA2MTM2NTZlNTRkZTJhOGRiMWI3ZWRlOWI1N2YwZTE3ZjMyZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5W4HIj13LTO1SPo3Q3ooUDwdr7tF
eFV8ORZrR6xPozpUomaVifD4NcBOnbFkD9vU21IdWQ6PaSWpKeF+k0vGA4hcKuFc
HupOZSWx+kyiGcH5XPeIzh+X+bY1DhSSGhOPziZUEixxtxV5SiNybQlmrE7qVJVP
JNuIYDhN1Q+pFrPJ+DRyK4WQo5zJeKBtD48qQT3TRZEnglPTk823V0FYjZR834ES
Kwo4kX/lbaIfwCJtUKuh4vPXsHiZPgFJYD1sV1w83WNdAkmv/gcoLumLzq7k9vNb
Wf+spJQtQKraRI1FAhyU5zGMcUbzjW7UFkpptNjOYkblFZvspT4TYtb+dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0GE2VuVN4qjbG37em1fw4X8y7mMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvYlFZVFpXNVUzaXFOc2JmdDZiVl9EaGZ6THVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1UooMA0G
CSqGSIb3DQEBCwUAA4IBAQAVxLpBtyIB9owFbocZHE3HqeTfNswQ4n7cS98FORGa
gLilJe4FONVmRVPR6w6fMwXu+IG0JNauESEbgxbh3osipH7FTiJ0kXWyuO7vfvWy
Mtoa/9263m34xge0BDudppXKyx8HaVowXOjZcWy1qPbGyWF0F4emQFkVdHtW5lhI
b+tQAdg7jMXP8P4TczpxTTOEYronnmLPVlFx9X+ArzE8FVwjTboq5ZprJ5GlGfTW
Xqz3wkaiqj1L6bInUCo8y6X/cfY6PNGCCOgxbDVHdwYGzcPUaJRGNSscmd5CJqZk
vmrYdMuPpGt14CZxkFxt5la7u9T0FZT7L4ny/07oNj1q
-----END CERTIFICATE-----