Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/Bg5zZPQWctYs2GtZQlV5d6g01vQ.roa
File:                     Bg5zZPQWctYs2GtZQlV5d6g01vQ.roa (raw, json)
Hash identifier:          gKKlEKnQIOtOJB9x3CaXp4gHGww6hokk7Vgyv9xWPFQ=
Subject key identifier:   06:0E:73:64:F4:16:72:D6:2C:D8:6B:59:42:55:79:77:A8:34:D6:F4
Certificate issuer:       /CN=1ff2cf1a6230cd62cb3ca8a1bc1d4a4bb4337c1d
Certificate serial:       0190E591523F4D3E813BFAB8B4039E3E110E
Authority key identifier: 1F:F2:CF:1A:62:30:CD:62:CB:3C:A8:A1:BC:1D:4A:4B:B4:33:7C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H_LPGmIwzWLLPKihvB1KS7QzfB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/Bg5zZPQWctYs2GtZQlV5d6g01vQ.roa
Signing time:             Wed 24 Jul 2024 16:27:04 +0000
ROA not before:           Wed 24 Jul 2024 16:27:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62000
IP address blocks:        195.246.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/H_LPGmIwzWLLPKihvB1KS7QzfB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/H_LPGmIwzWLLPKihvB1KS7QzfB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H_LPGmIwzWLLPKihvB1KS7QzfB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e5:91:52:3f:4d:3e:81:3b:fa:b8:b4:03:9e:3e:11:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ff2cf1a6230cd62cb3ca8a1bc1d4a4bb4337c1d
        Validity
            Not Before: Jul 24 16:27:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=060e7364f41672d62cd86b5942557977a834d6f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:91:d4:2b:64:d1:aa:d4:73:99:1c:01:fb:d4:
                    16:f0:13:3f:45:a7:8b:30:c2:55:03:ce:b9:1d:38:
                    6e:f7:9f:cc:29:43:47:2f:32:a9:6b:c7:aa:11:99:
                    aa:1b:b6:41:bd:77:93:e5:70:12:27:3c:ec:d1:56:
                    aa:8b:e4:8f:7f:4d:47:34:a1:41:15:60:0f:cf:28:
                    3b:7b:3c:98:9a:c1:68:dd:19:ce:10:02:ee:d8:59:
                    2e:ad:0c:fb:a8:6a:8e:21:67:42:99:0f:a2:df:7d:
                    78:db:c6:a5:f7:af:3c:ff:65:72:f5:50:55:8a:60:
                    13:f4:61:cd:d4:f0:7e:a1:f5:63:60:1a:fc:f8:05:
                    12:17:79:d6:66:5d:65:42:3e:e4:b3:2f:db:c3:4f:
                    6e:b5:77:bd:5f:5d:2b:d6:76:bd:fe:65:81:17:04:
                    29:f1:6e:36:64:8e:81:d9:56:a6:6d:c2:30:0c:9b:
                    ad:38:ac:74:d3:20:cd:67:74:15:55:7b:34:f0:dd:
                    d2:c6:cb:95:a6:12:0a:00:66:1f:6b:6e:eb:e3:c2:
                    2f:22:c3:4a:5f:18:31:e9:09:9c:b1:94:28:54:30:
                    ec:92:0e:03:ad:08:ec:a0:b5:37:f1:64:64:52:63:
                    e8:60:7c:80:08:8a:b9:a3:03:b3:a6:60:38:93:24:
                    3a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:0E:73:64:F4:16:72:D6:2C:D8:6B:59:42:55:79:77:A8:34:D6:F4
            X509v3 Authority Key Identifier:
                keyid:1F:F2:CF:1A:62:30:CD:62:CB:3C:A8:A1:BC:1D:4A:4B:B4:33:7C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H_LPGmIwzWLLPKihvB1KS7QzfB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/Bg5zZPQWctYs2GtZQlV5d6g01vQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/H_LPGmIwzWLLPKihvB1KS7QzfB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:d0:b4:fb:28:de:72:d1:86:66:8a:c1:91:57:37:74:90:b0:
         12:4e:81:12:9b:a1:3b:03:f5:0f:e9:94:f5:01:a2:79:c3:15:
         86:00:d2:f9:f5:5b:ef:5f:c6:b4:c2:61:14:84:89:cf:19:72:
         00:a0:2e:91:af:57:0d:04:32:e2:a2:e0:ae:19:b5:f3:c9:f6:
         1a:c2:96:23:ff:ff:8f:e8:32:1a:0f:21:d8:fd:83:b4:40:5f:
         5a:d0:12:76:6c:28:a0:d2:fa:e9:b2:a6:ba:13:9c:a3:f3:db:
         04:29:a4:ef:10:a1:89:34:6f:c1:d6:0d:a2:bb:d1:37:09:d0:
         5b:dc:a7:b8:44:fa:8e:a5:36:a9:9d:0a:ce:fd:65:4e:2f:45:
         24:4d:e3:53:82:82:ca:35:a8:a1:0c:05:4b:ec:6e:f9:c7:e4:
         87:48:6a:a2:a6:34:ea:b1:94:0a:af:83:03:dd:6b:69:ee:bf:
         78:ee:ac:cf:63:24:f4:c2:3f:4e:2d:47:2f:11:de:6b:ba:c6:
         b6:4e:3a:37:3a:0f:7b:88:9a:5c:64:48:f5:b1:d0:37:69:13:
         b1:1c:b8:f5:48:84:32:67:5b:36:d3:5e:fb:98:3f:10:d3:11:
         29:fb:88:3d:b3:02:75:62:a1:c1:53:29:df:2b:18:12:5f:7f:
         68:a6:9b:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDlkVI/TT6BO/q4tAOePhEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZjJjZjFhNjIzMGNkNjJjYjNjYThhMWJjMWQ0YTRiYjQz
MzdjMWQwHhcNMjQwNzI0MTYyNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjBlNzM2NGY0MTY3MmQ2MmNkODZiNTk0MjU1Nzk3N2E4MzRkNmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJHUK2TRqtRzmRwB+9QW8BM/RaeL
MMJVA865HThu95/MKUNHLzKpa8eqEZmqG7ZBvXeT5XASJzzs0Vaqi+SPf01HNKFB
FWAPzyg7ezyYmsFo3RnOEALu2FkurQz7qGqOIWdCmQ+i331428al9688/2Vy9VBV
imAT9GHN1PB+ofVjYBr8+AUSF3nWZl1lQj7ksy/bw09utXe9X10r1na9/mWBFwQp
8W42ZI6B2VambcIwDJutOKx00yDNZ3QVVXs08N3SxsuVphIKAGYfa27r48IvIsNK
Xxgx6QmcsZQoVDDskg4DrQjsoLU38WRkUmPoYHyACIq5owOzpmA4kyQ6cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYOc2T0FnLWLNhrWUJVeXeoNNb0MB8GA1UdIwQY
MBaAFB/yzxpiMM1iyzyoobwdSku0M3wdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSF9MUEdtSXd6V0xMUEtpaHZCMUtTN1F6ZkIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS82YTQ4YTctMGMwMS00YWNhLWI0MzEt
NmNlZGNmMjM0OTc1LzEvQmc1elpQUVdjdFlzMkd0WlFsVjVkNmcwMXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS82YTQ4YTctMGMwMS00YWNhLWI0MzEtNmNlZGNmMjM0OTc1
LzEvSF9MUEdtSXd6V0xMUEtpaHZCMUtTN1F6ZkIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/ZwMA0G
CSqGSIb3DQEBCwUAA4IBAQCB0LT7KN5y0YZmisGRVzd0kLASToESm6E7A/UP6ZT1
AaJ5wxWGANL59VvvX8a0wmEUhInPGXIAoC6Rr1cNBDLiouCuGbXzyfYawpYj//+P
6DIaDyHY/YO0QF9a0BJ2bCig0vrpsqa6E5yj89sEKaTvEKGJNG/B1g2iu9E3CdBb
3Ke4RPqOpTapnQrO/WVOL0UkTeNTgoLKNaihDAVL7G75x+SHSGqipjTqsZQKr4MD
3Wtp7r947qzPYyT0wj9OLUcvEd5rusa2Tjo3Og97iJpcZEj1sdA3aROxHLj1SIQy
Z1s20177mD8Q0xEp+4g9swJ1YqHBUynfKxgSX39opptl
-----END CERTIFICATE-----