Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/6bHyeOEehy6z9J4cC74z4dwZNZM.roa
File:                     6bHyeOEehy6z9J4cC74z4dwZNZM.roa (raw, json)
Hash identifier:          7kMISVfjOHaOb0aCdvVe/tfRxRtprtZa+5IWqp1XpCc=
Subject key identifier:   E9:B1:F2:78:E1:1E:87:2E:B3:F4:9E:1C:0B:BE:33:E1:DC:19:35:93
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       01958F2917EC7FEF37EFA8878CD5296711C7
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/6bHyeOEehy6z9J4cC74z4dwZNZM.roa
Signing time:             Thu 13 Mar 2025 10:59:49 +0000
ROA not before:           Thu 13 Mar 2025 10:59:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8412
IP address blocks:        152.53.234.0/24 maxlen: 24
                          152.53.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8f:29:17:ec:7f:ef:37:ef:a8:87:8c:d5:29:67:11:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Mar 13 10:59:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9b1f278e11e872eb3f49e1c0bbe33e1dc193593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:53:f0:bb:4d:6e:aa:f5:eb:a4:7b:36:ce:91:
                    41:26:ab:23:ec:a6:c7:0f:74:ac:27:f2:39:fd:8e:
                    d6:ee:a4:cc:08:8e:60:a6:9b:f2:41:a0:63:69:04:
                    e7:ae:d9:45:a7:97:b9:39:a5:46:97:33:a7:87:b3:
                    ab:18:0c:4a:b6:84:01:6d:dc:8a:99:d9:aa:03:85:
                    16:f5:04:ae:1f:5e:c5:a9:d0:16:2e:62:60:4c:15:
                    bb:47:5b:79:fa:d4:8c:e0:12:ff:1a:30:52:fe:11:
                    e9:e8:56:be:9a:fc:fd:b0:be:d7:2f:37:ce:0d:11:
                    81:38:01:98:c8:4d:c2:44:da:17:b5:e8:39:90:6e:
                    9d:8c:a2:c1:a3:b9:12:a2:e6:a6:7e:99:99:db:81:
                    b6:c0:00:2b:61:a0:0c:ce:c1:67:b4:20:4c:bd:6a:
                    71:50:a4:bd:91:1a:54:84:f7:3d:2e:5b:8e:14:71:
                    ab:63:26:99:8e:ac:89:b0:ca:9d:33:e9:36:de:f2:
                    22:f4:0c:ed:4f:44:23:6f:7e:cb:e1:1b:93:4b:72:
                    96:00:c0:c6:5c:d7:3a:be:04:ca:f4:60:15:17:b2:
                    22:65:f6:84:a5:20:db:6b:02:1d:16:81:e0:f2:ac:
                    1a:cf:85:e7:17:75:d6:b6:a8:10:bf:9a:08:2b:3c:
                    74:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:B1:F2:78:E1:1E:87:2E:B3:F4:9E:1C:0B:BE:33:E1:DC:19:35:93
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/6bHyeOEehy6z9J4cC74z4dwZNZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:12:82:0c:b8:c8:be:86:d9:cd:72:0b:52:87:d9:05:6d:f0:
         b9:48:67:fc:42:46:90:98:bb:3a:e7:f0:7d:24:34:fa:88:d3:
         f6:d0:94:fe:56:92:fc:bc:74:06:66:1f:0c:1c:94:50:5e:ec:
         ba:56:51:2f:47:57:b4:6a:01:7c:40:e8:92:9a:fc:dc:3a:07:
         a7:91:4b:de:0b:79:e0:c7:40:82:4e:a3:32:2d:3f:47:49:f7:
         56:30:b1:20:09:5e:3b:8d:af:72:ff:b0:b5:92:bc:2f:d2:aa:
         69:9f:46:a5:c7:ca:7a:4e:ff:b4:99:97:be:4a:7e:7d:8c:3f:
         d7:60:69:16:5a:9c:89:3f:30:34:ef:98:5e:40:a7:a2:4f:2f:
         d7:a9:69:98:ce:8f:26:b2:17:48:5a:3e:ab:e8:50:9b:fc:b2:
         79:a0:29:c5:50:fb:38:6c:29:47:26:43:30:2d:a7:c2:87:e4:
         d1:88:9a:a5:3d:21:ce:3b:94:4c:02:57:22:19:1f:18:53:90:
         88:5f:66:50:cc:13:23:38:1a:7e:03:d6:a8:bd:c5:5a:14:3c:
         20:91:cd:52:cf:7c:9d:72:ab:4b:1f:fa:75:14:53:ea:37:8d:
         9b:1f:a1:73:23:c4:d4:ab:7d:79:cd:53:33:a4:5e:3f:79:cd:
         ab:89:ef:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWPKRfsf+8376iHjNUpZxHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjUwMzEzMTA1OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWIxZjI3OGUxMWU4NzJlYjNmNDllMWMwYmJlMzNlMWRjMTkzNTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFPwu01uqvXrpHs2zpFBJqsj7KbH
D3SsJ/I5/Y7W7qTMCI5gppvyQaBjaQTnrtlFp5e5OaVGlzOnh7OrGAxKtoQBbdyK
mdmqA4UW9QSuH17FqdAWLmJgTBW7R1t5+tSM4BL/GjBS/hHp6Fa+mvz9sL7XLzfO
DRGBOAGYyE3CRNoXteg5kG6djKLBo7kSouamfpmZ24G2wAArYaAMzsFntCBMvWpx
UKS9kRpUhPc9LluOFHGrYyaZjqyJsMqdM+k23vIi9AztT0Qjb37L4RuTS3KWAMDG
XNc6vgTK9GAVF7IiZfaEpSDbawIdFoHg8qwaz4XnF3XWtqgQv5oIKzx0xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOmx8njhHocus/SeHAu+M+HcGTWTMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvNmJIeWVPRWVoeTZ6OUo0Y0M3NHo0ZHdaTlpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmDXqMA0G
CSqGSIb3DQEBCwUAA4IBAQApEoIMuMi+htnNcgtSh9kFbfC5SGf8QkaQmLs65/B9
JDT6iNP20JT+VpL8vHQGZh8MHJRQXuy6VlEvR1e0agF8QOiSmvzcOgenkUveC3ng
x0CCTqMyLT9HSfdWMLEgCV47ja9y/7C1krwv0qppn0alx8p6Tv+0mZe+Sn59jD/X
YGkWWpyJPzA075heQKeiTy/XqWmYzo8mshdIWj6r6FCb/LJ5oCnFUPs4bClHJkMw
LafCh+TRiJqlPSHOO5RMAlciGR8YU5CIX2ZQzBMjOBp+A9aovcVaFDwgkc1Sz3yd
cqtLH/p1FFPqN42bH6FzI8TUq315zVMzpF4/ec2rie+8
-----END CERTIFICATE-----