Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/aPGkJWWfqnHSYtcmHdQOMi1mheA.roa
File:                     aPGkJWWfqnHSYtcmHdQOMi1mheA.roa (raw, json)
Hash identifier:          6hq3FWs22+JzOpc7JMDFeHh8CJMVuPtspAIB0Mwo68c=
Subject key identifier:   68:F1:A4:25:65:9F:AA:71:D2:62:D7:26:1D:D4:0E:32:2D:66:85:E0
Certificate issuer:       /CN=7c722f85b31e765d8f77b692b5d2a84c111d805d
Certificate serial:       019427486BAE4AC738B96D527197F35B9262
Authority key identifier: 7C:72:2F:85:B3:1E:76:5D:8F:77:B6:92:B5:D2:A8:4C:11:1D:80:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fHIvhbMedl2Pd7aStdKoTBEdgF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/aPGkJWWfqnHSYtcmHdQOMi1mheA.roa
Signing time:             Thu 02 Jan 2025 13:50:45 +0000
ROA not before:           Thu 02 Jan 2025 13:50:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57167
IP address blocks:        84.246.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/fHIvhbMedl2Pd7aStdKoTBEdgF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/fHIvhbMedl2Pd7aStdKoTBEdgF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fHIvhbMedl2Pd7aStdKoTBEdgF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 16:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:6b:ae:4a:c7:38:b9:6d:52:71:97:f3:5b:92:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c722f85b31e765d8f77b692b5d2a84c111d805d
        Validity
            Not Before: Jan  2 13:50:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68f1a425659faa71d262d7261dd40e322d6685e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4e:b1:ea:9f:2d:ab:b9:5c:1e:c7:1b:26:c7:
                    72:c5:6c:c3:29:ed:3a:9b:f5:b7:ab:e9:38:9e:9d:
                    83:c3:03:0a:d4:68:4f:1a:f9:68:e3:ae:9d:76:20:
                    0b:dc:1d:1b:5e:ef:10:d1:cc:ae:1b:fe:e4:29:3d:
                    59:06:1e:12:f1:bc:70:02:35:7b:01:79:6e:11:36:
                    e5:c3:dc:a0:96:5a:84:9f:56:75:2d:8a:9a:ce:b7:
                    2a:75:7c:5d:d9:12:8d:36:5b:5d:0a:92:af:2a:33:
                    29:67:9b:6c:2f:be:94:f9:93:31:5c:71:72:ab:e0:
                    19:78:51:9d:ac:98:31:4d:fd:74:fb:a7:5d:51:8c:
                    41:49:73:6d:89:9d:1c:7a:30:8a:90:95:ae:37:31:
                    1c:d0:d6:5f:5f:5c:3e:ca:8a:52:57:52:93:27:80:
                    ba:96:78:ef:7a:a2:7f:b7:e3:59:92:cd:5e:43:01:
                    5c:43:07:04:78:e2:8f:8d:58:80:eb:88:b5:8b:2d:
                    72:e3:14:39:4b:25:91:f3:ca:91:41:22:e0:b8:6b:
                    8e:53:9b:77:2f:d9:95:a0:ce:62:37:29:ce:32:ba:
                    87:12:4d:60:26:01:b9:f7:2a:07:90:d7:16:0d:e3:
                    8d:16:7b:88:a1:65:01:46:bd:e6:a1:c5:66:06:63:
                    0c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:F1:A4:25:65:9F:AA:71:D2:62:D7:26:1D:D4:0E:32:2D:66:85:E0
            X509v3 Authority Key Identifier:
                keyid:7C:72:2F:85:B3:1E:76:5D:8F:77:B6:92:B5:D2:A8:4C:11:1D:80:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fHIvhbMedl2Pd7aStdKoTBEdgF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/aPGkJWWfqnHSYtcmHdQOMi1mheA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/fHIvhbMedl2Pd7aStdKoTBEdgF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.246.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:4a:b6:1a:23:a1:c2:c2:04:27:fb:47:9a:5f:80:f8:aa:ff:
         33:5d:4d:7c:27:eb:85:87:04:12:1e:b1:b9:63:a5:be:68:07:
         ec:66:d9:85:95:84:99:4d:27:7d:a5:52:88:b9:35:65:54:ec:
         96:62:1e:e0:66:88:28:c3:26:c9:27:ce:0e:09:b4:7c:32:b0:
         0d:9e:8f:22:73:37:57:09:4c:94:5f:cc:ab:e4:a6:97:62:cb:
         dc:e6:1e:7a:b7:d8:76:48:ef:26:56:ab:d4:d8:02:fe:13:91:
         05:b7:c3:17:b3:df:23:f7:1a:9c:7d:a9:be:5d:7a:4d:3c:0d:
         b5:5e:c0:fe:80:0f:19:1d:69:ac:28:61:97:78:d8:79:d2:a2:
         2f:3c:ac:c9:56:1a:cd:b1:b4:68:c9:50:71:2a:74:79:c8:47:
         a3:71:e6:8d:de:b0:19:e2:7f:8f:3a:6c:97:f9:0f:d3:ec:3c:
         89:13:b3:c2:9c:ce:45:8a:a6:32:0c:d7:b6:06:be:6a:41:7f:
         c4:54:f4:9e:23:03:44:fc:b5:92:9a:d8:5f:6f:2e:a4:c8:30:
         2c:c5:22:1a:c4:cc:d0:78:43:b6:4b:d3:fe:b6:1a:65:83:1f:
         d9:ce:3e:33:c6:02:1d:79:fe:53:95:94:04:f3:4f:69:f7:36:
         22:2c:05:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSGuuSsc4uW1ScZfzW5JiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNzIyZjg1YjMxZTc2NWQ4Zjc3YjY5MmI1ZDJhODRjMTEx
ZDgwNWQwHhcNMjUwMTAyMTM1MDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGYxYTQyNTY1OWZhYTcxZDI2MmQ3MjYxZGQ0MGUzMjJkNjY4NWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArk6x6p8tq7lcHscbJsdyxWzDKe06
m/W3q+k4np2DwwMK1GhPGvlo466ddiAL3B0bXu8Q0cyuG/7kKT1ZBh4S8bxwAjV7
AXluETblw9ygllqEn1Z1LYqazrcqdXxd2RKNNltdCpKvKjMpZ5tsL76U+ZMxXHFy
q+AZeFGdrJgxTf10+6ddUYxBSXNtiZ0cejCKkJWuNzEc0NZfX1w+yopSV1KTJ4C6
lnjveqJ/t+NZks1eQwFcQwcEeOKPjViA64i1iy1y4xQ5SyWR88qRQSLguGuOU5t3
L9mVoM5iNynOMrqHEk1gJgG59yoHkNcWDeONFnuIoWUBRr3mocVmBmMMuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjxpCVln6px0mLXJh3UDjItZoXgMB8GA1UdIwQY
MBaAFHxyL4WzHnZdj3e2krXSqEwRHYBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkhJdmhiTWVkbDJQZDdhU3RkS29UQkVkZ0YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi81NjYyNDYtY2EyYS00MTFiLWFhZjIt
YzY4MjE4NGQ3MDRkLzEvYVBHa0pXV2ZxbkhTWXRjbUhkUU9NaTFtaGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi81NjYyNDYtY2EyYS00MTFiLWFhZjItYzY4MjE4NGQ3MDRk
LzEvZkhJdmhiTWVkbDJQZDdhU3RkS29UQkVkZ0YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPZQMA0G
CSqGSIb3DQEBCwUAA4IBAQBgSrYaI6HCwgQn+0eaX4D4qv8zXU18J+uFhwQSHrG5
Y6W+aAfsZtmFlYSZTSd9pVKIuTVlVOyWYh7gZogowybJJ84OCbR8MrANno8iczdX
CUyUX8yr5KaXYsvc5h56t9h2SO8mVqvU2AL+E5EFt8MXs98j9xqcfam+XXpNPA21
XsD+gA8ZHWmsKGGXeNh50qIvPKzJVhrNsbRoyVBxKnR5yEejceaN3rAZ4n+POmyX
+Q/T7DyJE7PCnM5FiqYyDNe2Br5qQX/EVPSeIwNE/LWSmthfby6kyDAsxSIaxMzQ
eEO2S9P+thplgx/Zzj4zxgIdef5TlZQE809p9zYiLAVU
-----END CERTIFICATE-----