Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/Z6HFahWFFQZoRakyttCStfHboiI.roa
File:                     Z6HFahWFFQZoRakyttCStfHboiI.roa (raw, json)
Hash identifier:          Zw2JYkod1FG2LmToml/rEnl9fqbRcjF21ljWrCU4l0U=
Subject key identifier:   67:A1:C5:6A:15:85:15:06:68:45:A9:32:B6:D0:92:B5:F1:DB:A2:22
Certificate issuer:       /CN=b9032bdb128c86e00b21c77959a8011c40d0650c
Certificate serial:       01941F8C6FF64B4A959A6EDFCB2C4A7AA11A
Authority key identifier: B9:03:2B:DB:12:8C:86:E0:0B:21:C7:79:59:A8:01:1C:40:D0:65:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uQMr2xKMhuALIcd5WagBHEDQZQw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/Z6HFahWFFQZoRakyttCStfHboiI.roa
Signing time:             Wed 01 Jan 2025 01:48:04 +0000
ROA not before:           Wed 01 Jan 2025 01:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        45.152.91.0/24 maxlen: 24
                          2a0f:5100:a01::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/uQMr2xKMhuALIcd5WagBHEDQZQw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/uQMr2xKMhuALIcd5WagBHEDQZQw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uQMr2xKMhuALIcd5WagBHEDQZQw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:6f:f6:4b:4a:95:9a:6e:df:cb:2c:4a:7a:a1:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9032bdb128c86e00b21c77959a8011c40d0650c
        Validity
            Not Before: Jan  1 01:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67a1c56a158515066845a932b6d092b5f1dba222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:81:ac:14:fd:7f:49:f9:53:e3:b3:7e:59:13:
                    fe:00:23:45:e8:85:aa:a3:0c:1d:ab:5b:42:bf:f3:
                    dd:b6:f4:f4:12:bd:a2:b5:c0:d7:27:44:f2:12:ad:
                    1c:75:a1:72:5c:d3:e7:53:ac:b5:62:fe:02:3b:5c:
                    95:eb:64:a7:6b:e1:b1:5e:42:11:a6:98:41:f5:2d:
                    cd:57:e4:5d:93:58:12:23:fe:b0:2e:35:08:73:64:
                    99:e4:a4:2d:18:79:95:10:8b:1e:c2:bb:2c:35:3b:
                    f4:b5:0c:84:b7:f5:9c:7c:4c:cf:79:a7:30:72:2d:
                    5d:34:63:85:7b:98:1d:4e:b3:1d:76:01:9d:3c:68:
                    72:e0:f3:6b:d9:56:a4:2f:70:f7:c8:ae:24:12:14:
                    e9:06:8e:88:c5:2c:11:75:1d:f6:9c:65:de:41:89:
                    5b:0b:13:90:70:eb:67:ae:5a:c9:86:e5:df:4f:80:
                    f6:5d:45:62:f9:d5:a2:c4:6e:1d:05:65:21:d8:34:
                    bf:dd:b9:9d:c2:5d:06:54:60:68:8c:d7:36:15:0e:
                    41:7c:82:35:5d:c2:3b:34:23:62:9a:50:f9:41:c2:
                    e8:4a:b1:62:c0:d3:ef:e0:11:af:53:50:eb:b1:14:
                    ba:c1:ed:a9:40:77:50:04:e4:b6:36:e0:e1:03:5f:
                    01:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A1:C5:6A:15:85:15:06:68:45:A9:32:B6:D0:92:B5:F1:DB:A2:22
            X509v3 Authority Key Identifier:
                keyid:B9:03:2B:DB:12:8C:86:E0:0B:21:C7:79:59:A8:01:1C:40:D0:65:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uQMr2xKMhuALIcd5WagBHEDQZQw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/Z6HFahWFFQZoRakyttCStfHboiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/bcb03d-1c11-4516-a88f-fe846f75d170/1/uQMr2xKMhuALIcd5WagBHEDQZQw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.91.0/24
                IPv6:
                  2a0f:5100:a01::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:81:86:82:98:07:d9:40:42:1f:e1:0d:68:f7:81:da:92:67:
         64:be:b4:46:ef:6f:3b:5a:b2:4c:2d:0f:43:a1:72:44:62:ba:
         c3:01:f6:35:7b:32:2c:49:2a:54:cb:0c:de:02:43:70:96:4c:
         83:13:e2:e3:e9:97:d1:f0:ca:c5:e1:3d:f4:8b:2b:14:4a:ca:
         cd:03:74:2a:72:2c:d1:32:c4:0f:9d:61:2a:c9:30:ce:fc:2c:
         fa:c8:6b:27:19:2b:c5:0d:d1:f7:ed:bd:13:7a:6e:2c:c1:8d:
         4c:40:d8:6b:62:6b:0c:76:64:3d:96:5a:6c:57:0d:80:ec:1f:
         e9:9f:72:63:0e:e1:49:c8:07:90:b0:c0:c1:3c:89:f6:c3:d5:
         78:fa:3c:46:46:d0:f4:27:bc:df:ec:fe:2d:c4:56:e4:33:fd:
         eb:8f:ce:b1:3f:5d:d0:d3:56:7f:cf:49:e9:ab:0f:81:c3:0b:
         35:b1:64:6a:aa:63:a8:a6:20:17:d2:a0:06:8c:6f:d6:37:8f:
         51:0a:1d:18:9f:95:01:ee:89:c0:5c:63:4d:d6:52:14:7b:62:
         ee:7a:0c:c6:69:75:13:cb:75:20:84:0e:a2:5a:fb:ce:47:3c:
         1f:eb:0f:9a:e0:7b:6b:72:1c:de:4b:3a:8f:45:0b:1d:2a:62:
         33:d8:73:99
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQfjG/2S0qVmm7fyyxKeqEaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MDMyYmRiMTI4Yzg2ZTAwYjIxYzc3OTU5YTgwMTFjNDBk
MDY1MGMwHhcNMjUwMTAxMDE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2ExYzU2YTE1ODUxNTA2Njg0NWE5MzJiNmQwOTJiNWYxZGJhMjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YGsFP1/SflT47N+WRP+ACNF6IWq
owwdq1tCv/PdtvT0Er2itcDXJ0TyEq0cdaFyXNPnU6y1Yv4CO1yV62Sna+GxXkIR
pphB9S3NV+Rdk1gSI/6wLjUIc2SZ5KQtGHmVEIsewrssNTv0tQyEt/WcfEzPeacw
ci1dNGOFe5gdTrMddgGdPGhy4PNr2VakL3D3yK4kEhTpBo6IxSwRdR32nGXeQYlb
CxOQcOtnrlrJhuXfT4D2XUVi+dWixG4dBWUh2DS/3bmdwl0GVGBojNc2FQ5BfII1
XcI7NCNimlD5QcLoSrFiwNPv4BGvU1DrsRS6we2pQHdQBOS2NuDhA18BwQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGehxWoVhRUGaEWpMrbQkrXx26IiMB8GA1UdIwQY
MBaAFLkDK9sSjIbgCyHHeVmoARxA0GUMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVFNcjJ4S01odUFMSWNkNVdhZ0JIRURRWlF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9iY2IwM2QtMWMxMS00NTE2LWE4OGYt
ZmU4NDZmNzVkMTcwLzEvWjZIRmFoV0ZGUVpvUmFreXR0Q1N0Zkhib2lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9iY2IwM2QtMWMxMS00NTE2LWE4OGYtZmU4NDZmNzVkMTcw
LzEvdVFNcjJ4S01odUFMSWNkNVdhZ0JIRURRWlF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZhbMA8E
AgACMAkDBwAqD1EACgEwDQYJKoZIhvcNAQELBQADggEBAHqBhoKYB9lAQh/hDWj3
gdqSZ2S+tEbvbztaskwtD0OhckRiusMB9jV7MixJKlTLDN4CQ3CWTIMT4uPpl9Hw
ysXhPfSLKxRKys0DdCpyLNEyxA+dYSrJMM78LPrIaycZK8UN0fftvRN6bizBjUxA
2Gtiawx2ZD2WWmxXDYDsH+mfcmMO4UnIB5CwwME8ifbD1Xj6PEZG0PQnvN/s/i3E
VuQz/euPzrE/XdDTVn/PSemrD4HDCzWxZGqqY6imIBfSoAaMb9Y3j1EKHRiflQHu
icBcY03WUhR7Yu56DMZpdRPLdSCEDqJa+85HPB/rD5rge2tyHN5LOo9FCx0qYjPY
c5k=
-----END CERTIFICATE-----