Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/aTqNBiMtHyqY4sjo2vUby0yJMKk.roa
File:                     aTqNBiMtHyqY4sjo2vUby0yJMKk.roa (raw, json)
Hash identifier:          8tR80jRMgENDFDI+mB0B/a9/v+rAAXYdo53Fd7KchX0=
Subject key identifier:   69:3A:8D:06:23:2D:1F:2A:98:E2:C8:E8:DA:F5:1B:CB:4C:89:30:A9
Certificate issuer:       /CN=06097a72e4ae40b6b9929b72f81efd71c517dd98
Certificate serial:       01942C12222F6F7B28E8F86B06612F38D3FF
Authority key identifier: 06:09:7A:72:E4:AE:40:B6:B9:92:9B:72:F8:1E:FD:71:C5:17:DD:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bgl6cuSuQLa5kpty-B79ccUX3Zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/aTqNBiMtHyqY4sjo2vUby0yJMKk.roa
Signing time:             Fri 03 Jan 2025 12:09:33 +0000
ROA not before:           Fri 03 Jan 2025 12:09:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        194.110.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/Bgl6cuSuQLa5kpty-B79ccUX3Zg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/Bgl6cuSuQLa5kpty-B79ccUX3Zg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bgl6cuSuQLa5kpty-B79ccUX3Zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2c:12:22:2f:6f:7b:28:e8:f8:6b:06:61:2f:38:d3:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06097a72e4ae40b6b9929b72f81efd71c517dd98
        Validity
            Not Before: Jan  3 12:09:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=693a8d06232d1f2a98e2c8e8daf51bcb4c8930a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e1:29:8b:f0:af:0b:d5:82:49:67:30:1e:c7:
                    5a:a2:fa:eb:74:1f:fd:50:5a:72:b1:e3:03:10:90:
                    46:57:ee:6a:bd:46:24:e9:85:d3:7d:a1:49:a7:4a:
                    62:b5:44:18:c2:63:b7:93:ae:d4:64:d6:f7:f8:e8:
                    4c:48:b6:4e:a1:9d:db:83:41:dd:9f:06:fa:f2:f1:
                    7d:5d:54:00:9a:3f:3b:a7:d5:89:52:93:9b:7e:de:
                    62:85:b2:23:29:b6:a7:f9:96:61:e7:df:aa:95:f6:
                    1f:fa:68:2e:f6:19:cb:86:ad:c1:71:cb:56:a7:42:
                    ce:96:97:f5:ef:62:a3:d5:5b:fc:e4:ad:f4:ec:d9:
                    71:1a:3f:6a:b9:ac:89:a1:ed:9b:aa:b0:e6:d9:7d:
                    37:b1:76:94:40:11:2f:33:7a:4a:6a:bc:2d:d0:33:
                    bd:8a:6b:66:3b:fa:0e:79:14:f2:af:bc:2d:6a:fc:
                    a3:44:49:1f:ed:4d:c5:8d:13:db:ed:20:ed:76:59:
                    af:8c:9e:a2:c5:31:77:b2:8c:f4:77:c6:9d:81:9f:
                    2a:08:0e:26:86:3b:e9:a4:04:50:11:67:45:b2:35:
                    a6:5d:94:a9:6b:f1:46:ca:ae:ad:e4:e0:71:53:73:
                    dd:8f:2a:63:76:7a:db:b4:e8:01:c2:f8:d1:4d:96:
                    12:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:3A:8D:06:23:2D:1F:2A:98:E2:C8:E8:DA:F5:1B:CB:4C:89:30:A9
            X509v3 Authority Key Identifier:
                keyid:06:09:7A:72:E4:AE:40:B6:B9:92:9B:72:F8:1E:FD:71:C5:17:DD:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bgl6cuSuQLa5kpty-B79ccUX3Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/aTqNBiMtHyqY4sjo2vUby0yJMKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/Bgl6cuSuQLa5kpty-B79ccUX3Zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         f3:ce:10:17:55:bb:ef:6f:b4:b3:a2:58:d1:f3:92:29:d9:5f:
         dc:9b:3b:7a:ef:4b:f4:02:55:23:72:b9:3b:59:a7:bb:ff:20:
         33:9d:63:bf:d5:6d:31:b6:d2:72:3c:32:45:42:62:9e:b2:a3:
         b4:2a:e0:91:2a:07:d9:f9:3d:c5:f8:92:e9:eb:04:4e:73:44:
         57:f4:80:2e:11:7e:8b:f7:2e:a6:11:79:c5:4f:96:19:8a:bd:
         46:4c:29:52:90:1d:7d:75:d5:08:d3:43:ff:a7:ee:f3:41:14:
         8b:be:c4:c6:51:70:b1:71:cd:1c:3d:78:9b:8a:46:b1:5c:66:
         e2:af:51:60:da:35:f6:a4:a3:1e:05:1d:d8:6b:60:a0:1e:dc:
         ff:e1:3e:9d:64:93:1e:59:be:13:41:a2:16:40:ea:4b:94:98:
         ea:e5:87:38:48:25:af:1a:90:2e:cf:9f:a5:72:3d:bb:32:5e:
         52:fb:1d:2c:76:14:fa:a2:d0:ae:2b:1c:6a:ea:f4:7f:b6:17:
         55:22:cb:2b:b2:09:e9:2f:be:35:14:8a:42:97:a6:f3:c8:b7:
         7a:5e:c8:93:94:98:ca:62:f8:0f:e9:51:c3:42:7e:fe:39:22:
         04:4e:47:51:21:8d:fc:78:ca:c7:65:aa:2d:2d:b9:a7:21:ee:
         ad:9d:52:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQsEiIvb3so6PhrBmEvONP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MDk3YTcyZTRhZTQwYjZiOTkyOWI3MmY4MWVmZDcxYzUx
N2RkOTgwHhcNMjUwMTAzMTIwOTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTNhOGQwNjIzMmQxZjJhOThlMmM4ZThkYWY1MWJjYjRjODkzMGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eEpi/CvC9WCSWcwHsdaovrrdB/9
UFpyseMDEJBGV+5qvUYk6YXTfaFJp0pitUQYwmO3k67UZNb3+OhMSLZOoZ3bg0Hd
nwb68vF9XVQAmj87p9WJUpObft5ihbIjKban+ZZh59+qlfYf+mgu9hnLhq3BcctW
p0LOlpf172Kj1Vv85K307NlxGj9quayJoe2bqrDm2X03sXaUQBEvM3pKarwt0DO9
imtmO/oOeRTyr7wtavyjREkf7U3FjRPb7SDtdlmvjJ6ixTF3soz0d8adgZ8qCA4m
hjvppARQEWdFsjWmXZSpa/FGyq6t5OBxU3PdjypjdnrbtOgBwvjRTZYSWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGk6jQYjLR8qmOLI6Nr1G8tMiTCpMB8GA1UdIwQY
MBaAFAYJenLkrkC2uZKbcvge/XHFF92YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmdsNmN1U3VRTGE1a3B0eS1CNzljY1VYM1pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zYTEwOWEtOWIzMi00NWE4LTliMGMt
N2EwMjUxN2ZkOWQyLzEvYVRxTkJpTXRIeXFZNHNqbzJ2VWJ5MHlKTUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zYTEwOWEtOWIzMi00NWE4LTliMGMtN2EwMjUxN2ZkOWQy
LzEvQmdsNmN1U3VRTGE1a3B0eS1CNzljY1VYM1pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm4YMA0G
CSqGSIb3DQEBCwUAA4IBAQDzzhAXVbvvb7SzoljR85Ip2V/cmzt670v0AlUjcrk7
Wae7/yAznWO/1W0xttJyPDJFQmKesqO0KuCRKgfZ+T3F+JLp6wROc0RX9IAuEX6L
9y6mEXnFT5YZir1GTClSkB19ddUI00P/p+7zQRSLvsTGUXCxcc0cPXibikaxXGbi
r1Fg2jX2pKMeBR3Ya2CgHtz/4T6dZJMeWb4TQaIWQOpLlJjq5Yc4SCWvGpAuz5+l
cj27Ml5S+x0sdhT6otCuKxxq6vR/thdVIssrsgnpL741FIpCl6bzyLd6XsiTlJjK
YvgP6VHDQn7+OSIETkdRIY38eMrHZaotLbmnIe6tnVLC
-----END CERTIFICATE-----