Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/biBjPtW-PUVrW24Ppm-3sFz7SCc.roa
File:                     biBjPtW-PUVrW24Ppm-3sFz7SCc.roa (raw, json)
Hash identifier:          GSJslzeYyICSKJ8hcEyuslKmzM16d2wVDc73xMKcw1Q=
Subject key identifier:   6E:20:63:3E:D5:BE:3D:45:6B:5B:6E:0F:A6:6F:B7:B0:5C:FB:48:27
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       0191524FAF457FB90588D28743109C299C2C
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/biBjPtW-PUVrW24Ppm-3sFz7SCc.roa
Signing time:             Wed 14 Aug 2024 19:13:59 +0000
ROA not before:           Wed 14 Aug 2024 19:13:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214366
IP address blocks:        185.244.29.0/24 maxlen: 24
                          185.244.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:52:4f:af:45:7f:b9:05:88:d2:87:43:10:9c:29:9c:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Aug 14 19:13:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e20633ed5be3d456b5b6e0fa66fb7b05cfb4827
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d7:5a:94:bf:a7:7d:cd:bf:62:88:4b:ae:0b:
                    e3:dc:b3:22:e0:af:39:ef:bb:44:1f:bd:7a:39:cc:
                    ee:fb:68:7e:d9:f3:98:fc:e0:85:a3:81:8e:67:79:
                    e6:d2:f4:eb:45:df:e8:d7:d6:34:8d:40:87:55:01:
                    f8:69:02:9b:0e:54:10:63:22:c7:eb:fe:ec:0f:39:
                    fa:e4:ae:12:51:14:fd:4a:ae:a3:e9:21:b3:0f:93:
                    5d:e0:40:6d:30:f2:15:0b:48:97:cf:0f:66:a0:d4:
                    6f:0e:9b:cb:59:4d:f3:7f:0f:d8:d0:48:7c:88:73:
                    34:a4:1d:5e:07:cc:58:70:2a:64:0a:e0:d1:af:97:
                    64:03:64:54:e6:de:0d:ce:51:10:62:86:b3:3b:13:
                    fc:c6:97:64:6b:c7:d9:df:db:e3:c1:61:57:aa:c5:
                    ca:5a:e9:3a:f4:63:ad:ba:81:23:f0:84:df:84:af:
                    5d:78:22:ea:c0:94:be:b3:72:02:5f:80:ef:d2:04:
                    d4:af:31:69:6d:c6:8a:6b:20:ec:6b:6b:2e:3b:fc:
                    94:f7:30:07:b8:25:ef:49:fd:b9:f8:8f:2b:ae:29:
                    3d:4d:a4:8f:3e:27:62:70:99:79:bd:58:57:f8:d8:
                    39:71:96:97:5f:9a:29:94:80:cf:44:35:77:b1:cf:
                    42:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:20:63:3E:D5:BE:3D:45:6B:5B:6E:0F:A6:6F:B7:B0:5C:FB:48:27
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/biBjPtW-PUVrW24Ppm-3sFz7SCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.29.0/24
                  185.244.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:d2:3a:3d:28:0b:db:b9:f3:93:8a:2f:ad:c0:31:de:78:c4:
         ae:29:7a:4e:a2:9d:cf:95:2e:21:53:81:e8:c3:83:bd:e9:91:
         ee:e8:c8:58:ea:45:d4:98:18:24:0a:55:e7:cb:02:47:30:82:
         8e:c2:70:4b:00:e2:94:0a:5e:1e:8e:16:ab:55:e1:8c:7d:49:
         ec:e8:1f:74:5b:74:6f:0a:8f:ea:64:56:4a:97:75:57:cc:11:
         33:34:0f:cc:63:3a:e3:a5:ee:44:8f:d1:09:a5:31:75:85:2d:
         ae:90:9e:e3:57:fd:d5:ac:a6:c5:46:e1:d7:3e:cc:1c:00:5a:
         70:e9:ce:eb:a9:cb:f4:87:b6:3d:77:e1:1f:a8:c8:0f:f7:35:
         85:64:93:e7:6b:b9:2f:63:e8:2d:2e:90:f6:52:90:04:7e:4a:
         a2:9b:a7:11:78:69:b9:3b:57:51:80:b4:4a:47:67:33:48:73:
         14:4d:f8:53:66:2a:9d:80:7a:ad:bc:de:78:aa:1a:e7:be:c9:
         f5:09:e1:55:01:20:c5:3d:7b:f8:79:d5:3e:4a:40:5b:9b:bc:
         0d:35:01:93:93:fa:02:4f:ed:ad:92:53:a0:b3:35:04:bb:c2:
         63:ff:c4:b6:ff:60:46:aa:48:1f:3a:6a:44:a6:f2:d8:52:54:
         95:13:25:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFST69Ff7kFiNKHQxCcKZwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwODE0MTkxMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTIwNjMzZWQ1YmUzZDQ1NmI1YjZlMGZhNjZmYjdiMDVjZmI0ODI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tdalL+nfc2/YohLrgvj3LMi4K85
77tEH716Oczu+2h+2fOY/OCFo4GOZ3nm0vTrRd/o19Y0jUCHVQH4aQKbDlQQYyLH
6/7sDzn65K4SURT9Sq6j6SGzD5Nd4EBtMPIVC0iXzw9moNRvDpvLWU3zfw/Y0Eh8
iHM0pB1eB8xYcCpkCuDRr5dkA2RU5t4NzlEQYoazOxP8xpdka8fZ39vjwWFXqsXK
Wuk69GOtuoEj8ITfhK9deCLqwJS+s3ICX4Dv0gTUrzFpbcaKayDsa2suO/yU9zAH
uCXvSf25+I8rrik9TaSPPidicJl5vVhX+Ng5cZaXX5oplIDPRDV3sc9C7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG4gYz7Vvj1Fa1tuD6Zvt7Bc+0gnMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvYmlCalB0Vy1QVVZyVzI0UHBtLTNzRno3U0NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufQdAwQA
ufQfMA0GCSqGSIb3DQEBCwUAA4IBAQCH0jo9KAvbufOTii+twDHeeMSuKXpOop3P
lS4hU4How4O96ZHu6MhY6kXUmBgkClXnywJHMIKOwnBLAOKUCl4ejharVeGMfUns
6B90W3RvCo/qZFZKl3VXzBEzNA/MYzrjpe5Ej9EJpTF1hS2ukJ7jV/3VrKbFRuHX
PswcAFpw6c7rqcv0h7Y9d+EfqMgP9zWFZJPna7kvY+gtLpD2UpAEfkqim6cReGm5
O1dRgLRKR2czSHMUTfhTZiqdgHqtvN54qhrnvsn1CeFVASDFPXv4edU+SkBbm7wN
NQGTk/oCT+2tklOgszUEu8Jj/8S2/2BGqkgfOmpEpvLYUlSVEyXe
-----END CERTIFICATE-----