Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/6BUhDDks0jK2-pc-WFaGDKDvkQU.roa
File:                     6BUhDDks0jK2-pc-WFaGDKDvkQU.roa (raw, json)
Hash identifier:          HPHlkjfcFK3yooKICTffoG18MtLdzH0g94728tpGDm4=
Subject key identifier:   E8:15:21:0C:39:2C:D2:32:B6:FA:97:3E:58:56:86:0C:A0:EF:91:05
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD5BD81A57D232A9A0FFE9AB5AED80
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/6BUhDDks0jK2-pc-WFaGDKDvkQU.roa
Signing time:             Thu 02 Jan 2025 07:49:08 +0000
ROA not before:           Thu 02 Jan 2025 07:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60040
IP address blocks:        194.226.174.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:5b:d8:1a:57:d2:32:a9:a0:ff:e9:ab:5a:ed:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e815210c392cd232b6fa973e5856860ca0ef9105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:6c:d8:82:c5:a1:01:21:3a:90:d7:dc:43:1a:
                    01:b4:64:54:d6:3c:87:c0:9e:61:2f:fe:94:13:39:
                    c4:1c:3b:54:f6:9d:6a:26:a4:f1:c3:5d:60:5a:20:
                    b3:36:1c:40:3f:4b:66:68:8f:68:6b:df:88:db:4a:
                    00:56:f7:b5:b4:8f:e9:ef:6a:d3:da:25:ca:38:8e:
                    86:83:21:e2:0b:3a:3a:0c:a6:b3:52:e0:fd:1e:51:
                    69:e3:c6:db:76:92:a7:9d:2e:18:99:06:4e:c8:33:
                    b8:9e:d0:46:b8:6e:2f:00:06:9e:bc:d8:37:79:0f:
                    5b:14:b4:0b:a3:ff:cd:97:e9:50:b4:63:9d:37:69:
                    b1:cb:83:44:87:96:81:82:b6:72:17:cf:e1:47:83:
                    f4:ed:34:4c:2a:16:73:5a:b1:4d:b8:93:74:65:4e:
                    4f:dd:e4:34:4d:19:0d:47:ba:95:a3:f7:9a:50:ff:
                    45:e2:c2:74:bf:f6:b6:23:ad:0f:cf:95:98:33:52:
                    d5:82:1d:9f:22:49:75:bd:3f:19:56:5a:f0:f5:59:
                    ab:b3:53:15:94:33:1b:77:14:f5:59:c6:11:63:ce:
                    f8:f9:47:00:1c:97:4c:04:49:11:8a:cf:d8:ca:0c:
                    86:29:e1:ec:d6:80:c7:1f:a6:f2:d4:51:b3:de:b2:
                    d0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:15:21:0C:39:2C:D2:32:B6:FA:97:3E:58:56:86:0C:A0:EF:91:05
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/6BUhDDks0jK2-pc-WFaGDKDvkQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.226.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:4f:84:91:e4:28:a2:2e:80:dd:ee:e6:2f:8e:5a:bc:c2:cf:
         d4:17:29:b4:40:1d:e7:3f:39:c8:b6:18:95:e5:fe:c6:a9:6a:
         b4:13:08:aa:c4:e3:12:ae:2b:a9:84:a3:c2:27:f0:51:8a:01:
         94:62:66:6d:10:83:b0:15:9f:e0:23:ad:2e:75:07:bc:45:c9:
         33:ee:8f:02:43:2d:32:3b:3b:d3:7c:1b:7f:d8:2e:7f:55:c4:
         57:62:16:65:d6:e0:a9:9c:b5:08:08:a5:8c:a2:f6:9e:9e:7e:
         35:31:c3:35:76:4d:58:72:0c:74:2e:c8:24:3a:43:72:8a:d1:
         18:06:e7:87:5d:79:a8:a6:3b:e6:3e:8b:81:b3:3b:cc:d4:ab:
         b4:13:11:da:c3:11:cf:de:46:9c:61:70:7b:00:b3:77:28:48:
         55:e7:4f:c3:d4:4a:94:50:79:8f:71:4b:5a:97:c0:df:8f:cb:
         dc:87:cd:de:e2:7b:c2:b2:87:67:54:3d:f1:66:03:c1:88:2d:
         c5:ad:a0:9d:45:45:dd:46:d8:11:78:18:da:81:1e:70:36:cb:
         68:a3:4e:40:fa:c1:05:21:94:07:15:fc:7d:23:13:c1:91:0a:
         22:3c:31:a3:07:7e:50:da:bc:fa:4a:57:3d:4d:7d:4e:e0:36:
         0f:95:f7:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/VvYGlfSMqmg/+mrWu2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODE1MjEwYzM5MmNkMjMyYjZmYTk3M2U1ODU2ODYwY2EwZWY5MTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWzYgsWhASE6kNfcQxoBtGRU1jyH
wJ5hL/6UEznEHDtU9p1qJqTxw11gWiCzNhxAP0tmaI9oa9+I20oAVve1tI/p72rT
2iXKOI6GgyHiCzo6DKazUuD9HlFp48bbdpKnnS4YmQZOyDO4ntBGuG4vAAaevNg3
eQ9bFLQLo//Nl+lQtGOdN2mxy4NEh5aBgrZyF8/hR4P07TRMKhZzWrFNuJN0ZU5P
3eQ0TRkNR7qVo/eaUP9F4sJ0v/a2I60Pz5WYM1LVgh2fIkl1vT8ZVlrw9Vmrs1MV
lDMbdxT1WcYRY874+UcAHJdMBEkRis/YygyGKeHs1oDHH6by1FGz3rLQmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOgVIQw5LNIytvqXPlhWhgyg75EFMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvNkJVaEREa3MwaksyLXBjLVdGYUdES0R2a1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuKuMA0G
CSqGSIb3DQEBCwUAA4IBAQBxT4SR5CiiLoDd7uYvjlq8ws/UFym0QB3nPznIthiV
5f7GqWq0EwiqxOMSriuphKPCJ/BRigGUYmZtEIOwFZ/gI60udQe8Rckz7o8CQy0y
OzvTfBt/2C5/VcRXYhZl1uCpnLUICKWMovaenn41McM1dk1Ycgx0LsgkOkNyitEY
BueHXXmopjvmPouBszvM1Ku0ExHawxHP3kacYXB7ALN3KEhV50/D1EqUUHmPcUta
l8Dfj8vch83e4nvCsodnVD3xZgPBiC3FraCdRUXdRtgReBjagR5wNstoo05A+sEF
IZQHFfx9IxPBkQoiPDGjB35Q2rz6Slc9TX1O4DYPlfef
-----END CERTIFICATE-----