Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/G6xf-2_9WqQfQEDF7v7pcNM6cBg.roa
File:                     G6xf-2_9WqQfQEDF7v7pcNM6cBg.roa (raw, json)
Hash identifier:          hCbc2HcFchj9v9WZR4JcZ3aDEye7Ter5KkTxwI9k97k=
Subject key identifier:   1B:AC:5F:FB:6F:FD:5A:A4:1F:40:40:C5:EE:FE:E9:70:D3:3A:70:18
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       0194E01DF2A8ADD27FD66F016691D14E6E7C
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/G6xf-2_9WqQfQEDF7v7pcNM6cBg.roa
Signing time:             Fri 07 Feb 2025 11:14:06 +0000
ROA not before:           Fri 07 Feb 2025 11:14:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203615
IP address blocks:        152.53.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:e0:1d:f2:a8:ad:d2:7f:d6:6f:01:66:91:d1:4e:6e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Feb  7 11:14:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bac5ffb6ffd5aa41f4040c5eefee970d33a7018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:73:27:c9:75:67:8f:78:06:de:f4:43:9e:cd:
                    e7:d4:25:91:ec:9b:d4:cc:43:4b:f7:72:6d:d0:f5:
                    2b:5f:73:65:84:57:6e:b9:29:b2:8d:26:3f:dd:6e:
                    d6:cc:2f:ab:d1:69:35:e6:e8:d3:da:12:53:54:f7:
                    e4:d2:c0:c0:b7:d0:d0:3e:cc:61:9f:ce:e8:56:b6:
                    35:de:51:b1:a9:43:7a:31:0f:6c:a2:dd:b4:05:02:
                    a3:f6:52:99:e6:28:2c:8b:98:91:53:b4:e0:f7:64:
                    8c:02:b0:91:ea:0b:b6:c2:80:9a:d4:bf:43:03:64:
                    be:3c:ff:46:bf:81:d1:e5:6b:fc:c1:6d:e4:2d:d3:
                    35:6d:d7:66:a5:0f:e3:0c:55:12:9a:52:f7:54:f8:
                    a4:7c:1b:7d:5e:86:7c:05:24:8b:25:4f:a9:51:c8:
                    21:c0:ac:37:3d:d5:fc:f7:51:ce:af:07:3f:96:06:
                    5e:f5:46:f0:bc:55:3a:6c:f8:e0:f1:d9:4c:0f:ac:
                    d8:15:b0:20:f0:a7:40:be:dd:06:04:70:e2:a4:98:
                    84:dc:3b:fd:33:23:ec:1d:02:5b:1b:d7:a9:fe:84:
                    14:c6:ed:9e:ed:db:30:ad:13:31:8b:fb:fa:f3:0a:
                    7e:c9:06:c7:a5:dd:4a:c3:f3:7b:85:d9:36:5f:75:
                    1f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:AC:5F:FB:6F:FD:5A:A4:1F:40:40:C5:EE:FE:E9:70:D3:3A:70:18
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/G6xf-2_9WqQfQEDF7v7pcNM6cBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:db:f6:54:d8:40:b6:61:85:4b:82:55:4d:67:9d:10:4d:06:
         1b:d4:7e:37:1d:66:12:b7:43:f2:1e:86:c0:9c:65:49:c9:b2:
         94:ed:d4:0e:95:ec:eb:9a:14:8b:dd:6a:86:b1:ec:ed:fa:30:
         11:e2:d7:85:43:4d:c8:21:82:01:6a:b3:e6:55:3c:7d:fd:d3:
         d6:49:15:2a:46:ba:37:ec:66:e4:74:3c:ee:b0:77:e9:48:04:
         1b:a7:48:f2:bd:ef:b5:31:9c:e1:37:2b:32:6e:ae:08:4d:6d:
         13:be:88:ef:f7:bc:a6:ba:42:44:7f:e8:03:88:10:10:c5:b0:
         43:5f:01:49:44:79:1b:4c:bb:7d:72:24:7b:e2:53:62:96:95:
         43:1f:5b:0a:81:de:a8:60:7e:bf:14:89:6e:38:9d:c4:3f:11:
         7c:69:07:b3:19:69:bd:08:e6:b2:3d:21:39:d2:30:01:68:a2:
         09:18:6e:c8:47:c0:18:1a:78:a2:dd:92:db:80:b4:41:a7:6f:
         55:dd:d2:ca:d6:38:00:83:da:c6:ac:c3:d3:c1:ce:84:2a:4e:
         42:9b:3e:82:fb:17:45:38:4e:d1:dc:40:04:fb:bb:bb:bc:da:
         44:1e:a0:f7:a4:ab:42:5f:28:c9:31:69:fa:a2:21:a7:23:5a:
         4a:29:37:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTgHfKordJ/1m8BZpHRTm58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjUwMjA3MTExNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmFjNWZmYjZmZmQ1YWE0MWY0MDQwYzVlZWZlZTk3MGQzM2E3MDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHMnyXVnj3gG3vRDns3n1CWR7JvU
zENL93Jt0PUrX3NlhFduuSmyjSY/3W7WzC+r0Wk15ujT2hJTVPfk0sDAt9DQPsxh
n87oVrY13lGxqUN6MQ9sot20BQKj9lKZ5igsi5iRU7Tg92SMArCR6gu2woCa1L9D
A2S+PP9Gv4HR5Wv8wW3kLdM1bddmpQ/jDFUSmlL3VPikfBt9XoZ8BSSLJU+pUcgh
wKw3PdX891HOrwc/lgZe9UbwvFU6bPjg8dlMD6zYFbAg8KdAvt0GBHDipJiE3Dv9
MyPsHQJbG9ep/oQUxu2e7dswrRMxi/v68wp+yQbHpd1Kw/N7hdk2X3UfCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBusX/tv/VqkH0BAxe7+6XDTOnAYMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvRzZ4Zi0yXzlXcVFmUUVERjd2N3BjTk02Y0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmDXoMA0G
CSqGSIb3DQEBCwUAA4IBAQCT2/ZU2EC2YYVLglVNZ50QTQYb1H43HWYSt0PyHobA
nGVJybKU7dQOlezrmhSL3WqGsezt+jAR4teFQ03IIYIBarPmVTx9/dPWSRUqRro3
7GbkdDzusHfpSAQbp0jyve+1MZzhNysybq4ITW0Tvojv97ymukJEf+gDiBAQxbBD
XwFJRHkbTLt9ciR74lNilpVDH1sKgd6oYH6/FIluOJ3EPxF8aQezGWm9COayPSE5
0jABaKIJGG7IR8AYGnii3ZLbgLRBp29V3dLK1jgAg9rGrMPTwc6EKk5Cmz6C+xdF
OE7R3EAE+7u7vNpEHqD3pKtCXyjJMWn6oiGnI1pKKTc2
-----END CERTIFICATE-----