Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/bNe473CuzLFbw6FtDTk6uC1aKnc.roa
File:                     bNe473CuzLFbw6FtDTk6uC1aKnc.roa (raw, json)
Hash identifier:          WyN5wx8jB+23zEbDgP2rT7x1OsrZamVJ5yqkP6xnWls=
Subject key identifier:   6C:D7:B8:EF:70:AE:CC:B1:5B:C3:A1:6D:0D:39:3A:B8:2D:5A:2A:77
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       0194236A63573958268B5EB3EC03A82D7EB3
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/bNe473CuzLFbw6FtDTk6uC1aKnc.roa
Signing time:             Wed 01 Jan 2025 19:49:22 +0000
ROA not before:           Wed 01 Jan 2025 19:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25182
IP address blocks:        145.58.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:63:57:39:58:26:8b:5e:b3:ec:03:a8:2d:7e:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  1 19:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cd7b8ef70aeccb15bc3a16d0d393ab82d5a2a77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5b:e0:aa:10:27:cd:6f:f6:60:f2:dc:0c:ae:
                    aa:a8:f6:21:72:4a:ab:da:4f:a7:d5:7c:ea:f5:17:
                    7c:74:5c:66:a6:6d:c7:9e:30:bc:03:18:b9:34:e0:
                    d0:07:e7:9b:d5:f1:c1:86:a7:59:c5:10:4a:97:53:
                    08:fe:b5:b1:ca:15:99:a4:f7:f8:37:3a:6d:a7:63:
                    fc:17:ea:db:8c:b6:8a:a6:15:05:e5:2a:59:a2:8c:
                    72:25:fb:b1:13:7b:a3:1e:0d:d2:09:25:9f:c2:10:
                    d3:f6:75:2f:2a:fe:b6:3e:ec:af:0f:05:8f:08:ec:
                    b6:1a:a2:e3:48:96:92:2f:a8:c1:c8:f9:bd:a7:1e:
                    fd:2b:bd:c7:16:63:4c:9b:cf:38:a7:c9:8d:26:99:
                    f2:0c:ba:33:3d:79:49:36:c5:06:7d:f8:f9:bb:17:
                    5b:23:2f:93:02:35:c0:fd:5e:7f:48:87:a8:99:e6:
                    25:e5:d6:f0:6a:ae:bd:9f:61:6c:4e:b7:b1:f5:b6:
                    e8:90:4c:2a:95:a7:ca:94:a5:b1:94:fd:d4:dc:6f:
                    d2:ac:9d:dc:01:7a:76:4e:27:90:82:61:d6:a0:17:
                    ff:0f:59:8a:44:5e:67:51:30:aa:f3:a2:c1:65:3c:
                    c6:eb:b3:a9:27:fe:a5:96:de:06:14:70:a4:31:91:
                    9f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:D7:B8:EF:70:AE:CC:B1:5B:C3:A1:6D:0D:39:3A:B8:2D:5A:2A:77
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/bNe473CuzLFbw6FtDTk6uC1aKnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.58.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1b:c5:1f:52:2c:17:82:a8:13:bf:ba:a9:81:65:d0:1f:06:d8:
         75:00:ad:6b:12:a6:05:71:44:d2:55:90:2b:8b:e8:3f:92:2b:
         a4:51:a9:7a:d4:3b:39:33:49:57:09:8e:8a:ac:e6:f9:90:7b:
         5c:3c:49:60:58:74:21:f5:94:7d:a5:e5:49:b8:9e:29:23:09:
         5e:a1:bb:2e:82:99:e3:44:69:7e:73:af:76:2a:d0:de:67:10:
         2c:d8:82:9d:8b:6c:4b:a9:47:11:bb:15:ef:21:9a:08:d4:54:
         59:fa:8a:52:26:8b:89:a0:b1:c9:06:46:f6:4b:33:b5:87:c4:
         2b:19:97:3d:be:ef:c3:db:84:1c:fc:67:21:4f:b0:7a:28:33:
         4d:1f:f0:65:fe:54:24:42:e8:ae:4c:61:5f:5a:7f:ea:02:22:
         c8:f2:4e:a2:78:ef:40:81:29:d6:9e:bb:9e:48:4f:36:47:98:
         1e:87:a5:f1:dc:02:5f:c2:c1:7a:c6:96:b7:2a:93:d8:02:6d:
         4c:da:e2:ae:1f:84:ec:d9:9c:25:f6:9a:4d:cc:e8:a0:52:bf:
         a8:c1:23:80:c4:76:6f:19:40:10:fb:59:63:8d:84:20:b7:31:
         9c:d1:97:35:de:01:a7:ee:67:e7:78:31:46:90:02:92:a9:b8:
         71:a2:01:ec
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjamNXOVgmi16z7AOoLX6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjUwMTAxMTk0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Q3YjhlZjcwYWVjY2IxNWJjM2ExNmQwZDM5M2FiODJkNWEyYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulvgqhAnzW/2YPLcDK6qqPYhckqr
2k+n1Xzq9Rd8dFxmpm3HnjC8Axi5NODQB+eb1fHBhqdZxRBKl1MI/rWxyhWZpPf4
Nzptp2P8F+rbjLaKphUF5SpZooxyJfuxE3ujHg3SCSWfwhDT9nUvKv62PuyvDwWP
COy2GqLjSJaSL6jByPm9px79K73HFmNMm884p8mNJpnyDLozPXlJNsUGffj5uxdb
Iy+TAjXA/V5/SIeomeYl5dbwaq69n2FsTrex9bbokEwqlafKlKWxlP3U3G/SrJ3c
AXp2TieQgmHWoBf/D1mKRF5nUTCq86LBZTzG67OpJ/6llt4GFHCkMZGfwwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGzXuO9wrsyxW8OhbQ05OrgtWip3MB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvYk5lNDczQ3V6TEZidzZGdERUazZ1QzFhS25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkTowDQYJ
KoZIhvcNAQELBQADggEBABvFH1IsF4KoE7+6qYFl0B8G2HUArWsSpgVxRNJVkCuL
6D+SK6RRqXrUOzkzSVcJjoqs5vmQe1w8SWBYdCH1lH2l5Um4nikjCV6huy6CmeNE
aX5zr3Yq0N5nECzYgp2LbEupRxG7Fe8hmgjUVFn6ilImi4mgsckGRvZLM7WHxCsZ
lz2+78PbhBz8ZyFPsHooM00f8GX+VCRC6K5MYV9af+oCIsjyTqJ470CBKdaeu55I
TzZHmB6HpfHcAl/CwXrGlrcqk9gCbUza4q4fhOzZnCX2mk3M6KBSv6jBI4DEdm8Z
QBD7WWONhCC3MZzRlzXeAafuZ+d4MUaQApKpuHGiAew=
-----END CERTIFICATE-----