Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/ATNyGwI42E9SEF2dbR92quEI7M0.roa
File:                     ATNyGwI42E9SEF2dbR92quEI7M0.roa (raw, json)
Hash identifier:          wJnxvozpFwp0lesM+vYcWthgm1VaeRqc7yTTfaq53F4=
Subject key identifier:   01:33:72:1B:02:38:D8:4F:52:10:5D:9D:6D:1F:76:AA:E1:08:EC:CD
Certificate issuer:       /CN=6f0b15193816fd15dcfd047db4eeca672912bb60
Certificate serial:       0193492C2518998838931625C0D99672A9BA
Authority key identifier: 6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/ATNyGwI42E9SEF2dbR92quEI7M0.roa
Signing time:             Wed 20 Nov 2024 10:44:10 +0000
ROA not before:           Wed 20 Nov 2024 10:44:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        185.167.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:49:2c:25:18:99:88:38:93:16:25:c0:d9:96:72:a9:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b15193816fd15dcfd047db4eeca672912bb60
        Validity
            Not Before: Nov 20 10:44:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0133721b0238d84f52105d9d6d1f76aae108eccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:f8:45:77:e9:42:9f:45:99:ad:ae:64:3b:3b:
                    15:f7:52:bc:e2:1a:1a:c7:ee:54:2e:32:1a:2e:a0:
                    f8:93:d7:ef:6d:4c:0d:c8:77:b6:a8:9f:d1:f6:e3:
                    f1:1a:63:20:1a:1d:da:97:05:45:a1:12:09:99:83:
                    a8:d0:1a:e1:93:bd:74:90:86:7d:49:cb:73:e0:1a:
                    15:45:85:fe:df:1d:5a:9b:d0:fc:19:c2:c8:c4:a0:
                    0c:c5:54:b9:d7:6d:38:03:8a:4c:48:3a:1d:2b:09:
                    33:37:39:bb:2a:3f:06:38:2f:3a:5c:e6:be:66:a2:
                    0c:c4:ad:40:92:16:c6:f7:be:21:d4:0f:7f:05:72:
                    78:bd:16:22:42:50:4f:b0:7a:22:62:69:75:5a:2c:
                    3d:3a:43:9e:03:0a:4d:d1:b6:01:40:43:9d:b4:b8:
                    e8:37:c4:8f:58:e0:38:63:2f:bf:50:ee:52:e6:f8:
                    bd:14:33:dc:90:9c:2a:6d:9a:10:be:a7:1d:bf:ad:
                    23:58:45:2f:2e:c0:2d:90:17:56:41:b0:bb:29:1d:
                    b8:ba:f7:34:5f:4b:01:20:40:aa:47:81:e6:24:05:
                    87:d9:8e:01:9f:56:b1:6e:93:e8:b3:69:83:f3:83:
                    34:af:b9:1a:62:87:a2:d9:d0:bf:e1:c3:bf:95:c8:
                    1a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:33:72:1B:02:38:D8:4F:52:10:5D:9D:6D:1F:76:AA:E1:08:EC:CD
            X509v3 Authority Key Identifier:
                keyid:6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/ATNyGwI42E9SEF2dbR92quEI7M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:46:ce:84:df:6b:45:1e:f1:b2:da:3e:15:3a:44:b3:81:57:
         35:f1:25:bf:45:8a:56:87:8e:08:fc:e9:bf:0b:ee:58:54:f3:
         97:32:cf:f9:7f:91:28:13:87:93:b2:e7:4a:c7:c5:62:2d:0a:
         68:c2:65:fa:11:d4:6e:92:85:d3:3c:b3:e2:bc:5d:c9:1a:2e:
         a6:a4:a9:73:ec:a4:2f:b8:65:0c:9a:f9:06:ec:86:b2:d7:8f:
         21:c9:88:03:86:b2:b6:84:0f:ef:ea:43:5c:55:97:18:e9:36:
         ec:b5:64:6e:8d:3c:57:84:6e:2a:f7:9c:db:cf:ef:c0:ad:41:
         a3:30:d0:2b:d3:e5:42:11:ce:39:57:91:b1:74:b4:b2:0f:28:
         74:ac:b7:14:08:99:5c:d7:bb:e8:ec:31:79:a4:17:3c:cc:a2:
         8b:a1:c3:5a:c0:27:ec:35:b0:12:22:ca:ed:c6:3b:7a:7b:42:
         60:65:c1:38:29:e6:ab:4f:a1:e1:ca:aa:fe:28:5e:fb:11:3d:
         40:c9:f0:12:66:83:af:49:c0:ef:8b:25:d3:a1:89:79:13:4b:
         bc:d9:c8:26:39:8e:4f:58:1c:54:60:64:0a:41:a6:5a:95:c9:
         c7:a5:8e:01:68:7a:45:d5:59:98:a1:35:50:95:a8:50:3b:aa:
         7d:c9:ad:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNJLCUYmYg4kxYlwNmWcqm6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIxNTE5MzgxNmZkMTVkY2ZkMDQ3ZGI0ZWVjYTY3Mjkx
MmJiNjAwHhcNMjQxMTIwMTA0NDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTMzNzIxYjAyMzhkODRmNTIxMDVkOWQ2ZDFmNzZhYWUxMDhlY2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vhFd+lCn0WZra5kOzsV91K84hoa
x+5ULjIaLqD4k9fvbUwNyHe2qJ/R9uPxGmMgGh3alwVFoRIJmYOo0Brhk710kIZ9
Sctz4BoVRYX+3x1am9D8GcLIxKAMxVS51204A4pMSDodKwkzNzm7Kj8GOC86XOa+
ZqIMxK1AkhbG974h1A9/BXJ4vRYiQlBPsHoiYml1Wiw9OkOeAwpN0bYBQEOdtLjo
N8SPWOA4Yy+/UO5S5vi9FDPckJwqbZoQvqcdv60jWEUvLsAtkBdWQbC7KR24uvc0
X0sBIECqR4HmJAWH2Y4Bn1axbpPos2mD84M0r7kaYoei2dC/4cO/lcgamwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAEzchsCONhPUhBdnW0fdqrhCOzNMB8GA1UdIwQY
MBaAFG8LFRk4Fv0V3P0EfbTuymcpErtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYt
OWNmODQzZjA1NjcwLzEvQVROeUd3STQyRTlTRUYyZGJSOTJxdUVJN00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYtOWNmODQzZjA1Njcw
LzEvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafqMA0G
CSqGSIb3DQEBCwUAA4IBAQCoRs6E32tFHvGy2j4VOkSzgVc18SW/RYpWh44I/Om/
C+5YVPOXMs/5f5EoE4eTsudKx8ViLQpowmX6EdRukoXTPLPivF3JGi6mpKlz7KQv
uGUMmvkG7Iay148hyYgDhrK2hA/v6kNcVZcY6TbstWRujTxXhG4q95zbz+/ArUGj
MNAr0+VCEc45V5GxdLSyDyh0rLcUCJlc17vo7DF5pBc8zKKLocNawCfsNbASIsrt
xjt6e0JgZcE4KearT6Hhyqr+KF77ET1AyfASZoOvScDviyXToYl5E0u82cgmOY5P
WBxUYGQKQaZalcnHpY4BaHpF1VmYoTVQlahQO6p9ya30
-----END CERTIFICATE-----