Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/HySdM6ZyKPYdx0x-4F_xXl7MZMY.roa
File:                     HySdM6ZyKPYdx0x-4F_xXl7MZMY.roa (raw, json)
Hash identifier:          KufyZYyK1B4Fe7y8CX1RC7NV0b9+hdGAWxyVi8NryVU=
Subject key identifier:   1F:24:9D:33:A6:72:28:F6:1D:C7:4C:7E:E0:5F:F1:5E:5E:CC:64:C6
Certificate issuer:       /CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
Certificate serial:       0190DB8536798F26372C7288069AB2CA2A87
Authority key identifier: B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/HySdM6ZyKPYdx0x-4F_xXl7MZMY.roa
Signing time:             Mon 22 Jul 2024 17:37:38 +0000
ROA not before:           Mon 22 Jul 2024 17:37:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        2a0a:f585::/32 maxlen: 32
                          2a11:fb43::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:db:85:36:79:8f:26:37:2c:72:88:06:9a:b2:ca:2a:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
        Validity
            Not Before: Jul 22 17:37:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f249d33a67228f61dc74c7ee05ff15e5ecc64c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f7:a8:a1:67:91:c3:9d:fc:22:ef:d9:82:75:
                    6f:fd:5d:3b:0f:3e:dc:e8:c0:f6:d0:68:af:d5:59:
                    a8:f1:75:f9:44:26:37:1c:58:d1:9c:c8:d3:1e:6b:
                    2e:22:8f:04:d7:0d:83:da:0d:42:b5:17:ea:cf:12:
                    66:53:10:6b:73:77:7b:83:06:e1:05:ac:a5:ae:51:
                    37:a8:d5:90:e0:5b:3a:72:76:74:10:1f:d7:c9:96:
                    72:50:85:1c:cc:25:d4:48:ca:74:da:26:b3:a0:a8:
                    de:d2:63:2e:0b:26:eb:c0:1a:f3:03:5d:bb:68:81:
                    d1:a9:50:53:bf:8e:bc:69:7f:7c:59:8a:d0:b4:50:
                    8c:7c:98:24:36:d7:f0:16:8d:19:6c:fb:d3:60:3a:
                    b0:c5:ed:44:15:d0:bb:87:1a:4f:48:92:95:34:4e:
                    22:b1:33:dd:9e:ec:eb:a4:50:7f:9e:5d:67:c6:08:
                    09:66:ae:56:d4:fa:79:41:5c:55:32:bc:59:9f:7e:
                    e5:f1:fe:aa:59:0a:c1:3a:a4:be:67:30:48:b2:95:
                    12:03:ee:d8:d8:c9:6d:1d:85:18:80:24:18:56:74:
                    5a:d0:ac:66:22:a9:2b:de:42:4f:39:43:93:dc:f7:
                    1c:80:4d:69:91:9c:ad:c9:53:33:36:54:0e:28:8f:
                    f5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:24:9D:33:A6:72:28:F6:1D:C7:4C:7E:E0:5F:F1:5E:5E:CC:64:C6
            X509v3 Authority Key Identifier:
                keyid:B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/HySdM6ZyKPYdx0x-4F_xXl7MZMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:f585::/32
                  2a11:fb43::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:d3:8d:59:52:1b:82:1d:ab:5a:66:a6:6a:f9:44:ee:1c:c3:
         48:c2:da:66:7c:9c:f3:b6:26:01:07:0d:bf:9e:96:48:84:f0:
         e3:4b:57:9d:21:7c:80:2a:84:bf:b7:47:6c:10:ae:bf:d3:c0:
         ec:20:57:49:46:68:75:e0:bf:0a:43:56:a6:98:d0:28:3c:e0:
         9e:04:06:a8:27:f5:b6:93:29:89:1d:48:65:40:65:40:d5:73:
         20:8c:06:57:6b:df:d5:0e:33:06:5b:ed:90:66:65:17:de:48:
         73:8a:5d:04:b5:c3:21:5f:66:2c:18:40:3d:54:25:7c:66:0c:
         f0:65:fd:e2:4f:f9:19:b7:69:ea:b1:70:46:bf:4b:35:0e:aa:
         fc:19:8b:1e:3c:85:c9:31:6d:ed:57:74:93:13:66:3c:09:63:
         95:a6:29:58:75:d6:13:49:4d:49:8c:a9:4d:41:a8:d8:e4:ca:
         a0:cc:67:0a:20:e0:bd:f1:f1:b0:51:1f:e1:e3:0c:12:1d:ac:
         58:45:f6:a3:c5:92:4c:8b:8b:04:9b:81:f3:ad:d2:10:0e:ed:
         8f:15:ed:5b:8b:a5:bd:28:7c:48:ce:3c:c0:89:16:3d:88:fb:
         16:3d:c9:07:14:78:a3:14:d0:97:c6:e7:0e:8c:cb:b1:8c:6c:
         51:84:5b:12
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZDbhTZ5jyY3LHKIBpqyyiqHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZjYxOWVmMjAwODQwZGZhOGZkNDM1NjdjN2E5NzhjMTUz
MTJkN2YwHhcNMjQwNzIyMTczNzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjI0OWQzM2E2NzIyOGY2MWRjNzRjN2VlMDVmZjE1ZTVlY2M2NGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1feooWeRw538Iu/ZgnVv/V07Dz7c
6MD20Giv1Vmo8XX5RCY3HFjRnMjTHmsuIo8E1w2D2g1CtRfqzxJmUxBrc3d7gwbh
BaylrlE3qNWQ4Fs6cnZ0EB/XyZZyUIUczCXUSMp02iazoKje0mMuCybrwBrzA127
aIHRqVBTv468aX98WYrQtFCMfJgkNtfwFo0ZbPvTYDqwxe1EFdC7hxpPSJKVNE4i
sTPdnuzrpFB/nl1nxggJZq5W1Pp5QVxVMrxZn37l8f6qWQrBOqS+ZzBIspUSA+7Y
2MltHYUYgCQYVnRa0KxmIqkr3kJPOUOT3PccgE1pkZytyVMzNlQOKI/1gwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFB8knTOmcij2HcdMfuBf8V5ezGTGMB8GA1UdIwQY
MBaAFLD2Ge8gCEDfqP1DVnx6l4wVMS1/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYt
MDY5NjYxNjc1MTA2LzEvSHlTZE02WnlLUFlkeDB4LTRGX3hYbDdNWk1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYtMDY5NjYxNjc1MTA2
LzEvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgr1hQMF
ACoR+0MwDQYJKoZIhvcNAQELBQADggEBAETTjVlSG4Idq1pmpmr5RO4cw0jC2mZ8
nPO2JgEHDb+elkiE8ONLV50hfIAqhL+3R2wQrr/TwOwgV0lGaHXgvwpDVqaY0Cg8
4J4EBqgn9baTKYkdSGVAZUDVcyCMBldr39UOMwZb7ZBmZRfeSHOKXQS1wyFfZiwY
QD1UJXxmDPBl/eJP+Rm3aeqxcEa/SzUOqvwZix48hckxbe1XdJMTZjwJY5WmKVh1
1hNJTUmMqU1BqNjkyqDMZwog4L3x8bBRH+HjDBIdrFhF9qPFkkyLiwSbgfOt0hAO
7Y8V7VuLpb0ofEjOPMCJFj2I+xY9yQcUeKMU0JfG5w6My7GMbFGEWxI=
-----END CERTIFICATE-----