Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/6g1CGOa_mnC4Uf3tzOgbb3BFaKo.roa
File:                     6g1CGOa_mnC4Uf3tzOgbb3BFaKo.roa (raw, json)
Hash identifier:          OxAe5C1Rxvuyof2ydke4NtWJxHsAz4R+pI5U9Mij9iU=
Subject key identifier:   EA:0D:42:18:E6:BF:9A:70:B8:51:FD:ED:CC:E8:1B:6F:70:45:68:AA
Certificate issuer:       /CN=a92dc7bdbc9d097336de6243b550ab173375ea39
Certificate serial:       018CC56E545C18D3ABFC072898F8813514C2
Authority key identifier: A9:2D:C7:BD:BC:9D:09:73:36:DE:62:43:B5:50:AB:17:33:75:EA:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qS3HvbydCXM23mJDtVCrFzN16jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/6g1CGOa_mnC4Uf3tzOgbb3BFaKo.roa
Signing time:             Mon 01 Jan 2024 14:29:51 +0000
ROA not before:           Mon 01 Jan 2024 14:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        212.39.33.0/24 maxlen: 24
                          212.39.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/qS3HvbydCXM23mJDtVCrFzN16jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/qS3HvbydCXM23mJDtVCrFzN16jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qS3HvbydCXM23mJDtVCrFzN16jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:54:5c:18:d3:ab:fc:07:28:98:f8:81:35:14:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a92dc7bdbc9d097336de6243b550ab173375ea39
        Validity
            Not Before: Jan  1 14:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea0d4218e6bf9a70b851fdedcce81b6f704568aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5f:2d:76:58:47:50:8e:ef:af:b1:5c:6e:ef:
                    79:cf:66:fb:0b:03:c2:0d:71:e5:77:74:8c:1a:4f:
                    19:9b:57:f0:53:5b:6f:af:f2:eb:4b:78:04:6b:55:
                    b4:3a:a6:8a:0e:db:22:df:c2:be:8c:8e:cb:23:5d:
                    bf:b8:9b:4f:de:47:ad:49:f2:b8:9c:74:bd:2b:20:
                    73:d5:ab:1f:7a:c3:2f:da:86:56:e0:3b:51:f3:94:
                    57:76:a9:b0:7d:3d:4b:83:b3:22:b4:12:d7:aa:f0:
                    a4:97:47:16:e4:03:12:ac:46:b8:b5:4a:e8:1d:a3:
                    eb:90:1e:d8:1b:ea:4c:2c:41:e7:b1:b3:85:77:ff:
                    e7:12:59:75:6e:8e:1c:f2:b5:01:39:b1:bf:1c:5d:
                    e4:de:2e:54:01:00:7f:eb:3d:da:7c:88:a2:d6:ff:
                    a5:93:e3:72:30:21:b9:e1:09:5e:83:5f:28:d2:67:
                    de:46:4d:91:07:97:43:68:15:13:50:87:cb:25:1e:
                    dc:4b:2f:d3:d5:66:95:b4:dd:67:b5:f7:95:ab:4f:
                    2b:c0:8c:81:62:2a:68:f4:0f:cc:33:5b:3c:ba:c0:
                    87:87:01:da:a5:39:9a:9b:6d:7b:32:24:9c:b9:2b:
                    83:34:88:71:2e:d6:20:47:df:23:94:5a:3c:f4:40:
                    13:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:0D:42:18:E6:BF:9A:70:B8:51:FD:ED:CC:E8:1B:6F:70:45:68:AA
            X509v3 Authority Key Identifier:
                keyid:A9:2D:C7:BD:BC:9D:09:73:36:DE:62:43:B5:50:AB:17:33:75:EA:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qS3HvbydCXM23mJDtVCrFzN16jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/6g1CGOa_mnC4Uf3tzOgbb3BFaKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/qS3HvbydCXM23mJDtVCrFzN16jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.39.33.0/24
                  212.39.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:d0:6d:0e:ed:6d:4f:2f:ad:5c:df:54:14:ac:51:68:82:74:
         cb:2b:17:95:5a:44:92:72:0f:ec:97:2e:11:c6:3a:df:be:81:
         9d:5c:72:e5:06:d2:fd:70:cf:27:0c:fa:0f:da:71:ba:aa:d5:
         8c:94:e6:fd:92:4f:d8:4d:e7:ce:1a:4e:10:d2:62:d0:f3:f4:
         70:60:ed:b3:48:1e:69:21:e4:f4:31:7d:f2:37:77:72:23:e7:
         cd:12:d3:70:a4:e2:6d:93:28:a6:ab:a4:b8:a2:9d:ed:2d:49:
         c0:59:1e:ac:33:78:c7:37:5d:7b:95:07:68:a2:b8:22:d8:29:
         fb:e4:ef:1b:f4:a8:3d:b3:5e:2a:32:a5:94:c3:9f:e2:e3:3e:
         34:87:53:23:ae:e8:4a:1b:f3:7d:0a:b1:a0:78:f7:ee:2e:39:
         31:da:bf:b0:f4:65:19:aa:50:b9:87:47:e1:b3:9e:1d:45:6f:
         29:9d:67:de:c7:5d:78:be:ca:e0:24:70:6e:79:81:c7:4d:17:
         4d:86:db:8d:7e:c2:cc:31:37:ba:26:a8:0d:a2:08:6f:b7:18:
         36:8b:96:91:69:84:63:ac:7e:80:44:7e:7b:e6:ba:40:04:e0:
         74:3b:d3:72:15:01:08:90:9d:4e:bc:ac:10:f9:a4:66:3a:07:
         67:14:a5:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFblRcGNOr/AcomPiBNRTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MmRjN2JkYmM5ZDA5NzMzNmRlNjI0M2I1NTBhYjE3MzM3
NWVhMzkwHhcNMjQwMTAxMTQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTBkNDIxOGU2YmY5YTcwYjg1MWZkZWRjY2U4MWI2ZjcwNDU2OGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj18tdlhHUI7vr7Fcbu95z2b7CwPC
DXHld3SMGk8Zm1fwU1tvr/LrS3gEa1W0OqaKDtsi38K+jI7LI12/uJtP3ketSfK4
nHS9KyBz1asfesMv2oZW4DtR85RXdqmwfT1Lg7MitBLXqvCkl0cW5AMSrEa4tUro
HaPrkB7YG+pMLEHnsbOFd//nEll1bo4c8rUBObG/HF3k3i5UAQB/6z3afIii1v+l
k+NyMCG54Qleg18o0mfeRk2RB5dDaBUTUIfLJR7cSy/T1WaVtN1ntfeVq08rwIyB
Yipo9A/MM1s8usCHhwHapTmam217MiScuSuDNIhxLtYgR98jlFo89EATswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOoNQhjmv5pwuFH97czoG29wRWiqMB8GA1UdIwQY
MBaAFKktx728nQlzNt5iQ7VQqxczdeo5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVMzSHZieWRDWE0yM21KRHRWQ3JGek4xNmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8wYjQ2MjktMzljYy00ZTZjLTllMWMt
OTkxYjdhZWU3NDZjLzEvNmcxQ0dPYV9tbkM0VWYzdHpPZ2JiM0JGYUtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8wYjQ2MjktMzljYy00ZTZjLTllMWMtOTkxYjdhZWU3NDZj
LzEvcVMzSHZieWRDWE0yM21KRHRWQ3JGek4xNmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1CchAwQA
1CcqMA0GCSqGSIb3DQEBCwUAA4IBAQA90G0O7W1PL61c31QUrFFognTLKxeVWkSS
cg/sly4RxjrfvoGdXHLlBtL9cM8nDPoP2nG6qtWMlOb9kk/YTefOGk4Q0mLQ8/Rw
YO2zSB5pIeT0MX3yN3dyI+fNEtNwpOJtkyimq6S4op3tLUnAWR6sM3jHN117lQdo
orgi2Cn75O8b9Kg9s14qMqWUw5/i4z40h1MjruhKG/N9CrGgePfuLjkx2r+w9GUZ
qlC5h0fhs54dRW8pnWfex114vsrgJHBueYHHTRdNhtuNfsLMMTe6JqgNoghvtxg2
i5aRaYRjrH6ARH575rpABOB0O9NyFQEIkJ1OvKwQ+aRmOgdnFKVt
-----END CERTIFICATE-----