Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/vuTW0ftXsfvIWtL6nGLUGKWxAa0.roa
File:                     vuTW0ftXsfvIWtL6nGLUGKWxAa0.roa (raw, json)
Hash identifier:          vusAgJM4Fe2/TEz+SbhV7Z/ibEen3tJQhfA8nIe5Or8=
Subject key identifier:   BE:E4:D6:D1:FB:57:B1:FB:C8:5A:D2:FA:9C:62:D4:18:A5:B1:01:AD
Certificate issuer:       /CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
Certificate serial:       0194228E0424C73636E0C9AB31E1353C4DAA
Authority key identifier: 3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/vuTW0ftXsfvIWtL6nGLUGKWxAa0.roa
Signing time:             Wed 01 Jan 2025 15:48:39 +0000
ROA not before:           Wed 01 Jan 2025 15:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3301
IP address blocks:        194.246.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 18:31:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:04:24:c7:36:36:e0:c9:ab:31:e1:35:3c:4d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
        Validity
            Not Before: Jan  1 15:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bee4d6d1fb57b1fbc85ad2fa9c62d418a5b101ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:ad:84:b6:3d:d5:c6:e4:b6:d7:ed:39:19:9c:
                    f3:22:7b:f4:8d:3b:9b:fb:01:09:2e:e2:a1:dd:27:
                    7f:c4:44:06:6d:ae:c3:67:ac:08:2e:20:b4:1a:46:
                    19:22:4b:4d:01:91:2d:a8:0e:12:6f:6c:ae:23:d1:
                    6e:0c:14:cb:cb:4f:3a:c7:ca:1f:53:77:3e:15:1f:
                    77:e7:bb:56:c6:c8:e8:56:2e:d4:74:45:f2:4d:e9:
                    11:69:a5:52:7c:31:a5:4b:22:d0:e5:8f:ce:20:81:
                    c0:fd:5e:61:94:8c:2e:23:bf:4a:1b:a1:6f:67:3b:
                    df:c1:e1:b5:2e:8d:ac:fb:69:a5:fc:a1:15:ee:34:
                    b0:f0:d3:44:84:6f:6d:98:f6:d4:47:10:e6:5a:74:
                    ae:74:b7:e3:f1:70:f2:02:a3:ba:d0:6d:0e:6b:69:
                    7f:20:ff:ca:df:43:b1:00:04:bf:7d:47:38:17:78:
                    be:83:01:82:ac:c5:b6:40:83:41:db:a4:50:2b:82:
                    5d:0f:25:3a:98:ad:a6:5b:c6:7f:14:21:15:e3:dc:
                    18:b0:47:d7:6b:b6:c3:e1:bf:6d:9d:1c:cb:fd:ac:
                    3d:e8:31:de:65:99:e4:a8:3b:bd:8e:ae:21:c7:aa:
                    3f:53:81:15:70:13:68:b7:44:6c:b5:15:02:ea:c3:
                    f4:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:E4:D6:D1:FB:57:B1:FB:C8:5A:D2:FA:9C:62:D4:18:A5:B1:01:AD
            X509v3 Authority Key Identifier:
                keyid:3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/vuTW0ftXsfvIWtL6nGLUGKWxAa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:81:a9:72:ad:d7:a5:1d:ec:3c:e8:a2:fb:13:2a:93:b6:ab:
         d5:22:78:45:7f:43:ca:c3:dc:ab:e7:14:24:65:ab:1f:35:13:
         94:94:6b:aa:36:bf:1c:a6:72:87:30:13:f6:d9:bd:3e:9d:b0:
         3c:7a:84:cc:96:e5:3d:3e:30:b1:fd:02:28:d0:7e:22:c6:b8:
         80:82:1c:98:4f:44:47:ef:3b:67:34:ab:22:64:56:53:e4:58:
         15:55:73:fa:1f:76:a2:2b:87:8a:89:b6:d1:44:55:42:7d:2f:
         53:ac:d1:02:21:d0:8e:ea:99:14:bb:c0:a6:36:f5:14:d8:ef:
         2a:e7:3f:81:9e:9d:cf:0e:0b:13:0a:6c:94:b1:c4:f5:ff:68:
         35:aa:03:57:29:8b:0a:e1:c3:82:44:34:8a:1b:cd:43:99:f0:
         fd:68:73:5f:3e:c9:93:b6:60:eb:55:78:f5:95:9d:1a:06:dc:
         09:63:62:88:8c:93:ad:2d:f3:8d:8c:cf:09:1e:19:97:59:a8:
         13:6e:60:7b:cc:68:7f:96:22:9b:17:c7:15:b2:b9:35:63:38:
         99:0a:2d:2d:2c:05:92:e5:48:55:6c:43:4f:a1:49:c1:cf:1b:
         bb:ff:11:24:eb:84:58:c0:ec:c1:5c:ee:61:07:79:1a:81:45:
         74:b9:ca:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgQkxzY24MmrMeE1PE2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTZjZWNmZmQ5YjhiYmExOGQ0NzRlN2IzOTkzZTBhMWQx
NGRiYjMwHhcNMjUwMTAxMTU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWU0ZDZkMWZiNTdiMWZiYzg1YWQyZmE5YzYyZDQxOGE1YjEwMWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9K2Etj3VxuS21+05GZzzInv0jTub
+wEJLuKh3Sd/xEQGba7DZ6wILiC0GkYZIktNAZEtqA4Sb2yuI9FuDBTLy086x8of
U3c+FR9357tWxsjoVi7UdEXyTekRaaVSfDGlSyLQ5Y/OIIHA/V5hlIwuI79KG6Fv
ZzvfweG1Lo2s+2ml/KEV7jSw8NNEhG9tmPbURxDmWnSudLfj8XDyAqO60G0Oa2l/
IP/K30OxAAS/fUc4F3i+gwGCrMW2QINB26RQK4JdDyU6mK2mW8Z/FCEV49wYsEfX
a7bD4b9tnRzL/aw96DHeZZnkqDu9jq4hx6o/U4EVcBNot0RstRUC6sP04QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7k1tH7V7H7yFrS+pxi1BilsQGtMB8GA1UdIwQY
MBaAFD7mzs/9m4u6GNR057OZPgodFNuzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEt
NzMyNDkxMzk3NWQ1LzEvdnVUVzBmdFhzZnZJV3RMNm5HTFVHS1d4QWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEtNzMyNDkxMzk3NWQ1
LzEvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvYGMA0G
CSqGSIb3DQEBCwUAA4IBAQCagalyrdelHew86KL7EyqTtqvVInhFf0PKw9yr5xQk
ZasfNROUlGuqNr8cpnKHMBP22b0+nbA8eoTMluU9PjCx/QIo0H4ixriAghyYT0RH
7ztnNKsiZFZT5FgVVXP6H3aiK4eKibbRRFVCfS9TrNECIdCO6pkUu8CmNvUU2O8q
5z+Bnp3PDgsTCmyUscT1/2g1qgNXKYsK4cOCRDSKG81DmfD9aHNfPsmTtmDrVXj1
lZ0aBtwJY2KIjJOtLfONjM8JHhmXWagTbmB7zGh/liKbF8cVsrk1YziZCi0tLAWS
5UhVbENPoUnBzxu7/xEk64RYwOzBXO5hB3kagUV0ucqx
-----END CERTIFICATE-----