Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/oez9MpvLP4aUEOYLWU34hwCDw94.roa
File:                     oez9MpvLP4aUEOYLWU34hwCDw94.roa (raw, json)
Hash identifier:          Vq3RJAy6RPV/lP/DCa8IN03DFfdbImVQSp2X7oz2Vp8=
Subject key identifier:   A1:EC:FD:32:9B:CB:3F:86:94:10:E6:0B:59:4D:F8:87:00:83:C3:DE
Certificate issuer:       /CN=064983d3a4a1c26aa295034869c584f757380b2b
Certificate serial:       0194258F62D44E0A92852B8DFFF46FDCF23B
Authority key identifier: 06:49:83:D3:A4:A1:C2:6A:A2:95:03:48:69:C5:84:F7:57:38:0B:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BkmD06ShwmqilQNIacWE91c4Cys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/oez9MpvLP4aUEOYLWU34hwCDw94.roa
Signing time:             Thu 02 Jan 2025 05:49:01 +0000
ROA not before:           Thu 02 Jan 2025 05:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57246
IP address blocks:        185.26.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/BkmD06ShwmqilQNIacWE91c4Cys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/BkmD06ShwmqilQNIacWE91c4Cys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BkmD06ShwmqilQNIacWE91c4Cys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:62:d4:4e:0a:92:85:2b:8d:ff:f4:6f:dc:f2:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=064983d3a4a1c26aa295034869c584f757380b2b
        Validity
            Not Before: Jan  2 05:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1ecfd329bcb3f869410e60b594df8870083c3de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9d:2f:ee:e6:1d:08:ba:5c:7e:65:28:3c:15:
                    88:31:76:e1:9d:dc:9c:66:bf:38:31:d8:6e:b6:80:
                    60:9d:f3:7b:a8:97:c1:d6:14:ed:ec:80:8f:94:2d:
                    84:ff:30:81:a5:00:4a:48:10:68:8c:8d:07:e0:36:
                    45:47:46:7d:ee:20:3f:06:17:ca:b5:9d:0e:92:b0:
                    d4:16:31:6e:03:d6:b9:62:78:a2:04:a0:bb:76:b7:
                    01:15:6c:be:62:2e:f5:f6:1e:25:4a:2e:32:9d:77:
                    57:6e:ec:df:e3:12:df:fc:81:77:2f:b2:95:e0:1f:
                    db:47:52:b9:6c:b7:03:24:06:98:4f:24:cf:a0:67:
                    6b:b0:4c:6a:fa:4d:90:99:ca:4f:10:69:c4:6d:4a:
                    91:1f:88:19:09:75:30:3a:16:8c:50:ef:4a:df:74:
                    e2:e6:8a:52:f7:dd:d1:71:2f:ba:3c:59:2f:6a:7d:
                    61:fe:ba:72:ee:d7:75:93:cc:74:1a:37:89:21:30:
                    7c:32:53:bf:a3:f2:3b:4b:0d:75:55:08:1f:9b:e9:
                    22:15:4f:52:e6:71:23:b9:4b:8f:0a:11:69:e3:75:
                    16:20:3d:38:2d:90:93:35:85:e2:16:42:ee:4c:71:
                    ef:b8:a0:76:46:8c:76:99:62:5c:4e:d5:77:5f:8b:
                    f3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:EC:FD:32:9B:CB:3F:86:94:10:E6:0B:59:4D:F8:87:00:83:C3:DE
            X509v3 Authority Key Identifier:
                keyid:06:49:83:D3:A4:A1:C2:6A:A2:95:03:48:69:C5:84:F7:57:38:0B:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BkmD06ShwmqilQNIacWE91c4Cys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/oez9MpvLP4aUEOYLWU34hwCDw94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/BkmD06ShwmqilQNIacWE91c4Cys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:2e:75:7b:39:7b:19:b2:fb:3b:9e:81:12:f8:9b:ee:8e:70:
         4d:f2:e6:91:26:ba:34:57:2c:7b:3e:3c:6b:44:ae:50:f7:b1:
         38:55:a3:5c:76:f8:a5:c0:43:f6:c5:6f:4d:5f:60:ae:f7:01:
         06:b4:6a:c4:ce:1e:08:d4:dd:1c:57:46:55:9c:19:eb:db:c0:
         0a:68:c5:72:db:e0:50:45:3f:e3:67:be:20:61:8c:37:b8:6c:
         ad:5a:41:41:c0:e1:8f:2c:1b:12:ad:84:45:95:fb:d1:fc:d7:
         0c:c2:1f:0a:d6:24:ac:f9:6d:9e:46:f2:50:c5:32:76:8d:ed:
         3b:f5:54:06:8d:be:26:4c:5e:d3:64:10:2d:c0:37:79:3b:34:
         3d:b9:ae:f5:3d:45:ac:0c:c2:fe:5a:80:31:be:d9:9b:f2:33:
         32:a0:8a:6d:4e:02:f2:a2:ec:50:69:da:7a:3d:c8:bb:12:6f:
         08:1a:f9:ee:a7:00:a8:76:1a:26:44:21:e2:09:dc:72:44:36:
         69:65:0e:77:17:5c:6f:16:1f:99:da:4e:c5:94:21:96:c3:4d:
         da:46:84:38:fd:ae:51:be:df:b5:25:bd:98:23:a6:71:7f:fa:
         b9:6f:0c:50:b0:1b:ad:03:e7:b2:99:b1:57:41:b0:7b:c6:2b:
         1c:65:44:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj2LUTgqShSuN//Rv3PI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NDk4M2QzYTRhMWMyNmFhMjk1MDM0ODY5YzU4NGY3NTcz
ODBiMmIwHhcNMjUwMTAyMDU0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWVjZmQzMjliY2IzZjg2OTQxMGU2MGI1OTRkZjg4NzAwODNjM2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZ0v7uYdCLpcfmUoPBWIMXbhndyc
Zr84MdhutoBgnfN7qJfB1hTt7ICPlC2E/zCBpQBKSBBojI0H4DZFR0Z97iA/BhfK
tZ0OkrDUFjFuA9a5YniiBKC7drcBFWy+Yi719h4lSi4ynXdXbuzf4xLf/IF3L7KV
4B/bR1K5bLcDJAaYTyTPoGdrsExq+k2QmcpPEGnEbUqRH4gZCXUwOhaMUO9K33Ti
5opS993RcS+6PFkvan1h/rpy7td1k8x0GjeJITB8MlO/o/I7Sw11VQgfm+kiFU9S
5nEjuUuPChFp43UWID04LZCTNYXiFkLuTHHvuKB2Rox2mWJcTtV3X4vzSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHs/TKbyz+GlBDmC1lN+IcAg8PeMB8GA1UdIwQY
MBaAFAZJg9OkocJqopUDSGnFhPdXOAsrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmttRDA2U2h3bXFpbFFOSWFjV0U5MWM0Q3lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9kMzc5MTUtNmEzOS00NGQxLThlMjEt
NGJhM2ZjMzQ4NGNlLzEvb2V6OU1wdkxQNGFVRU9ZTFdVMzRod0NEdzk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9kMzc5MTUtNmEzOS00NGQxLThlMjEtNGJhM2ZjMzQ4NGNl
LzEvQmttRDA2U2h3bXFpbFFOSWFjV0U5MWM0Q3lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRpJMA0G
CSqGSIb3DQEBCwUAA4IBAQADLnV7OXsZsvs7noES+JvujnBN8uaRJro0Vyx7Pjxr
RK5Q97E4VaNcdvilwEP2xW9NX2Cu9wEGtGrEzh4I1N0cV0ZVnBnr28AKaMVy2+BQ
RT/jZ74gYYw3uGytWkFBwOGPLBsSrYRFlfvR/NcMwh8K1iSs+W2eRvJQxTJ2je07
9VQGjb4mTF7TZBAtwDd5OzQ9ua71PUWsDML+WoAxvtmb8jMyoIptTgLyouxQadp6
Pci7Em8IGvnupwCodhomRCHiCdxyRDZpZQ53F1xvFh+Z2k7FlCGWw03aRoQ4/a5R
vt+1Jb2YI6Zxf/q5bwxQsButA+eymbFXQbB7xiscZUQG
-----END CERTIFICATE-----