Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/6BWOCT_HYW77Nmoi-XBFrRHUPdc.roa
File:                     6BWOCT_HYW77Nmoi-XBFrRHUPdc.roa (raw, json)
Hash identifier:          Ve+peZSoyfXpU2PwAnfaFv71IpkMGtnzXSslo22mzCM=
Subject key identifier:   E8:15:8E:09:3F:C7:61:6E:FB:36:6A:22:F9:70:45:AD:11:D4:3D:D7
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0194B43C6D8D56548BF907F8BD13678108FD
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/6BWOCT_HYW77Nmoi-XBFrRHUPdc.roa
Signing time:             Wed 29 Jan 2025 22:44:06 +0000
ROA not before:           Wed 29 Jan 2025 22:44:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     328867
IP address blocks:        82.115.1.0/24 maxlen: 24
                          82.115.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b4:3c:6d:8d:56:54:8b:f9:07:f8:bd:13:67:81:08:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan 29 22:44:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8158e093fc7616efb366a22f97045ad11d43dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7d:cb:e8:fb:68:36:6d:61:23:53:f1:c8:d2:
                    cd:33:55:e9:15:63:23:55:8b:0b:d4:92:5b:e7:d1:
                    c6:ad:0b:59:b8:ed:44:8f:91:f2:3f:09:93:d1:a7:
                    13:03:93:12:52:6b:a5:6b:14:7e:04:9c:06:ea:be:
                    40:b5:91:1a:20:eb:3b:b0:1b:32:d0:39:a4:e1:28:
                    5f:dd:83:69:0b:4d:4e:8d:e3:fa:1a:e4:4f:59:3f:
                    1f:e7:89:c5:5b:49:76:17:78:dd:c0:17:39:48:8c:
                    9d:20:bc:62:3e:af:ae:f5:15:3c:0e:d1:72:95:b2:
                    e3:cc:d4:cc:e9:f6:e2:d9:10:25:43:e4:0c:1f:72:
                    51:ca:e9:58:ca:5a:16:0c:c5:a2:b3:33:1f:9e:c4:
                    64:e6:70:49:7b:af:06:34:cb:dd:9d:52:f0:d6:7e:
                    30:04:9a:af:fd:68:f8:79:fa:4d:4b:83:df:8e:1d:
                    e4:70:89:01:bd:af:76:2e:76:34:92:59:ea:50:b7:
                    b3:5f:55:f8:4b:49:c9:82:6f:c0:8b:78:f7:3c:0a:
                    76:d2:05:49:76:ff:82:be:98:bd:96:a0:2a:4a:f7:
                    b8:e0:78:77:0f:0d:df:52:37:af:32:b8:42:04:4d:
                    9b:6d:85:f7:54:24:f7:28:41:8f:b6:ee:ca:e3:de:
                    6f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:15:8E:09:3F:C7:61:6E:FB:36:6A:22:F9:70:45:AD:11:D4:3D:D7
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/6BWOCT_HYW77Nmoi-XBFrRHUPdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.1.0/24
                  82.115.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:ad:f3:bf:92:f5:dd:85:89:7c:5f:50:fd:6e:bc:ec:4a:39:
         b4:8c:3e:7d:d2:47:1d:e8:9d:21:e3:cd:49:ff:0c:23:71:c2:
         b1:95:c5:db:e4:e8:c8:37:e0:9f:e5:1d:07:5b:97:b0:0a:13:
         17:53:34:0e:3e:2c:7a:79:0d:2a:90:b9:41:ef:6a:36:1d:32:
         65:b5:e5:76:88:32:ec:58:39:da:86:90:29:68:5e:f6:75:ae:
         65:fe:f8:53:86:fe:54:a2:dc:a7:1b:52:0d:bd:1d:3b:9b:08:
         46:73:92:5d:74:4f:e7:1f:12:84:76:48:b9:2d:6d:e4:41:cc:
         e4:2b:ed:c9:2c:80:9e:5d:d9:23:2c:67:91:23:6d:1c:f6:dd:
         38:c0:bc:a6:9d:1f:10:d6:fb:d7:2e:8e:30:ab:29:82:2c:36:
         6f:d1:49:4a:90:98:26:91:b1:41:93:f4:3f:cd:a7:48:e1:b0:
         ca:be:92:36:fc:15:7b:d3:69:f4:1f:4a:07:e3:c7:41:3d:ea:
         2b:80:d5:9c:1f:45:2a:6d:bc:bf:92:e0:3f:75:97:33:eb:5d:
         89:2e:e9:af:48:57:4b:d1:b5:48:c4:d6:c4:e9:54:af:28:4a:
         88:bb:8b:f5:39:07:dd:0b:57:bf:60:70:82:42:b2:23:0d:c1:
         7c:e6:0f:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZS0PG2NVlSL+Qf4vRNngQj9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTI5MjI0NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODE1OGUwOTNmYzc2MTZlZmIzNjZhMjJmOTcwNDVhZDExZDQzZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv33L6PtoNm1hI1PxyNLNM1XpFWMj
VYsL1JJb59HGrQtZuO1Ej5HyPwmT0acTA5MSUmulaxR+BJwG6r5AtZEaIOs7sBsy
0Dmk4Shf3YNpC01OjeP6GuRPWT8f54nFW0l2F3jdwBc5SIydILxiPq+u9RU8DtFy
lbLjzNTM6fbi2RAlQ+QMH3JRyulYyloWDMWiszMfnsRk5nBJe68GNMvdnVLw1n4w
BJqv/Wj4efpNS4Pfjh3kcIkBva92LnY0klnqULezX1X4S0nJgm/Ai3j3PAp20gVJ
dv+Cvpi9lqAqSve44Hh3Dw3fUjevMrhCBE2bbYX3VCT3KEGPtu7K495vkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOgVjgk/x2Fu+zZqIvlwRa0R1D3XMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvNkJXT0NUX0hZVzc3Tm1vaS1YQkZyUkhVUGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUnMBAwQA
UnMMMA0GCSqGSIb3DQEBCwUAA4IBAQDErfO/kvXdhYl8X1D9brzsSjm0jD590kcd
6J0h481J/wwjccKxlcXb5OjIN+Cf5R0HW5ewChMXUzQOPix6eQ0qkLlB72o2HTJl
teV2iDLsWDnahpApaF72da5l/vhThv5UotynG1INvR07mwhGc5JddE/nHxKEdki5
LW3kQczkK+3JLICeXdkjLGeRI20c9t04wLymnR8Q1vvXLo4wqymCLDZv0UlKkJgm
kbFBk/Q/zadI4bDKvpI2/BV702n0H0oH48dBPeorgNWcH0Uqbby/kuA/dZcz612J
LumvSFdL0bVIxNbE6VSvKEqIu4v1OQfdC1e/YHCCQrIjDcF85g8N
-----END CERTIFICATE-----