Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/awPXoF9eVhprz1ElrU2CnP4Kl20.roa
File:                     awPXoF9eVhprz1ElrU2CnP4Kl20.roa (raw, json)
Hash identifier:          9BwOCFvOlxzxbdOyp/7zB+PpZnHfzxwE3ZqSHiV7uCE=
Subject key identifier:   6B:03:D7:A0:5F:5E:56:1A:6B:CF:51:25:AD:4D:82:9C:FE:0A:97:6D
Certificate issuer:       /CN=2829eb664506b86bfa1f702f6b1ffb484cc2cb12
Certificate serial:       018CC2DAE4AD45D73BDA465FE4740CDF9B78
Authority key identifier: 28:29:EB:66:45:06:B8:6B:FA:1F:70:2F:6B:1F:FB:48:4C:C2:CB:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KCnrZkUGuGv6H3Avax_7SEzCyxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/awPXoF9eVhprz1ElrU2CnP4Kl20.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42065
IP address blocks:        194.110.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/KCnrZkUGuGv6H3Avax_7SEzCyxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/KCnrZkUGuGv6H3Avax_7SEzCyxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KCnrZkUGuGv6H3Avax_7SEzCyxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e4:ad:45:d7:3b:da:46:5f:e4:74:0c:df:9b:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2829eb664506b86bfa1f702f6b1ffb484cc2cb12
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b03d7a05f5e561a6bcf5125ad4d829cfe0a976d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f5:bd:8d:61:0e:7d:7b:8e:b2:8d:e3:76:b1:
                    2a:c8:db:73:ad:3f:fc:de:e4:3c:8f:06:b8:40:d5:
                    05:68:83:85:21:c5:03:ae:b6:18:c1:4d:f0:29:30:
                    b4:99:c0:3d:88:0f:b7:b1:87:09:16:9e:9a:0a:ab:
                    df:0f:2a:8e:c0:77:be:6f:e7:39:c1:6a:2a:ab:9f:
                    31:46:90:ed:1a:7d:31:6d:24:8f:f3:4d:8f:ca:fe:
                    2d:2b:c7:b5:0f:0f:75:56:17:68:3b:cf:24:22:7a:
                    bf:34:e9:b9:b0:f7:37:82:2e:17:84:27:cc:13:c5:
                    fe:74:7f:e5:5d:3f:44:65:a4:74:48:61:e6:78:b9:
                    75:80:97:49:59:2d:39:c4:16:fb:78:08:ae:ab:b5:
                    be:62:07:05:57:d8:d2:c0:15:c9:6b:3a:04:67:52:
                    40:67:a7:a2:87:b3:8f:0d:8d:6e:1c:70:d5:c2:ca:
                    31:f6:e4:59:cc:95:fb:97:98:53:25:85:0c:ff:74:
                    c0:8c:7e:c0:ed:12:86:e6:8b:3b:da:d2:37:85:cf:
                    c1:a7:8c:b0:38:d2:21:1d:34:97:04:1b:13:f8:36:
                    07:ea:67:da:1f:32:a0:72:bb:de:6e:ed:59:bc:ea:
                    10:7a:a4:93:eb:80:e1:3c:26:d3:c3:05:c9:4d:68:
                    c4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:03:D7:A0:5F:5E:56:1A:6B:CF:51:25:AD:4D:82:9C:FE:0A:97:6D
            X509v3 Authority Key Identifier:
                keyid:28:29:EB:66:45:06:B8:6B:FA:1F:70:2F:6B:1F:FB:48:4C:C2:CB:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KCnrZkUGuGv6H3Avax_7SEzCyxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/awPXoF9eVhprz1ElrU2CnP4Kl20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e09b24-8aa8-40e6-842c-2f9ec538cc1d/1/KCnrZkUGuGv6H3Avax_7SEzCyxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:37:6c:91:aa:df:9e:95:e8:74:7b:63:9c:ff:69:66:2a:54:
         36:e3:e0:55:9e:fc:fd:37:83:fa:fa:97:25:7f:d7:49:19:3e:
         c8:6d:d8:e2:23:74:a3:cf:6d:05:db:74:1d:8f:33:48:0d:21:
         67:32:20:57:b1:7d:5b:12:d9:cb:3c:56:bf:1c:93:29:fc:fc:
         38:79:50:12:a5:d8:9e:ab:ef:32:ce:32:36:62:93:83:61:ae:
         e7:6f:b4:2d:7e:45:24:ce:c9:0f:87:70:ea:21:8c:c7:e5:f4:
         cd:21:0d:3a:81:0f:a2:22:aa:8e:e9:fb:7c:48:ee:b5:3a:c2:
         30:cd:45:78:6a:9f:fb:d7:10:09:5d:52:c8:0f:d2:a2:1f:c6:
         45:a1:16:47:14:4b:65:d8:9a:3a:2a:f9:03:fb:92:5f:47:08:
         d5:56:bf:2c:ea:bf:40:8a:58:88:f1:c1:b8:67:cd:e6:35:d6:
         ba:8e:e8:16:72:b5:a1:30:17:44:f4:46:e8:3f:c2:78:5f:03:
         da:9c:25:db:79:bd:d5:8f:21:21:4c:20:5d:82:b1:03:e4:b3:
         25:25:09:2b:a7:06:9a:16:4e:13:bc:b2:d3:86:a3:30:2b:1c:
         de:8c:09:fc:f1:a6:a2:ec:d8:3c:5e:12:8f:39:de:e1:93:94:
         4f:a4:87:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uStRdc72kZf5HQM35t4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MjllYjY2NDUwNmI4NmJmYTFmNzAyZjZiMWZmYjQ4NGNj
MmNiMTIwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjAzZDdhMDVmNWU1NjFhNmJjZjUxMjVhZDRkODI5Y2ZlMGE5NzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfW9jWEOfXuOso3jdrEqyNtzrT/8
3uQ8jwa4QNUFaIOFIcUDrrYYwU3wKTC0mcA9iA+3sYcJFp6aCqvfDyqOwHe+b+c5
wWoqq58xRpDtGn0xbSSP802Pyv4tK8e1Dw91VhdoO88kInq/NOm5sPc3gi4XhCfM
E8X+dH/lXT9EZaR0SGHmeLl1gJdJWS05xBb7eAiuq7W+YgcFV9jSwBXJazoEZ1JA
Z6eih7OPDY1uHHDVwsox9uRZzJX7l5hTJYUM/3TAjH7A7RKG5os72tI3hc/Bp4yw
ONIhHTSXBBsT+DYH6mfaHzKgcrvebu1ZvOoQeqST64DhPCbTwwXJTWjE1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsD16BfXlYaa89RJa1Ngpz+CpdtMB8GA1UdIwQY
MBaAFCgp62ZFBrhr+h9wL2sf+0hMwssSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0NuclprVUd1R3Y2SDNBdmF4XzdTRXpDeXhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lMDliMjQtOGFhOC00MGU2LTg0MmMt
MmY5ZWM1MzhjYzFkLzEvYXdQWG9GOWVWaHByejFFbHJVMkNuUDRLbDIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lMDliMjQtOGFhOC00MGU2LTg0MmMtMmY5ZWM1MzhjYzFk
LzEvS0NuclprVUd1R3Y2SDNBdmF4XzdTRXpDeXhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm5CMA0G
CSqGSIb3DQEBCwUAA4IBAQCHN2yRqt+eleh0e2Oc/2lmKlQ24+BVnvz9N4P6+pcl
f9dJGT7IbdjiI3Sjz20F23QdjzNIDSFnMiBXsX1bEtnLPFa/HJMp/Pw4eVASpdie
q+8yzjI2YpODYa7nb7QtfkUkzskPh3DqIYzH5fTNIQ06gQ+iIqqO6ft8SO61OsIw
zUV4ap/71xAJXVLID9KiH8ZFoRZHFEtl2Jo6KvkD+5JfRwjVVr8s6r9AiliI8cG4
Z83mNda6jugWcrWhMBdE9EboP8J4XwPanCXbeb3VjyEhTCBdgrED5LMlJQkrpwaa
Fk4TvLLThqMwKxzejAn88aai7Ng8XhKPOd7hk5RPpIfj
-----END CERTIFICATE-----