Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/tXaw6GIcRDtIIdCZl5xqxFxC_Uo.roa
File:                     tXaw6GIcRDtIIdCZl5xqxFxC_Uo.roa (raw, json)
Hash identifier:          2Kqej5SIZJp5FASjdTZnLqiuhAqRO6rdIph5VLFmoWI=
Subject key identifier:   B5:76:B0:E8:62:1C:44:3B:48:21:D0:99:97:9C:6A:C4:5C:42:FD:4A
Certificate issuer:       /CN=bd2a6a2232c439f04620c82b4d7e14e9df721143
Certificate serial:       01925519D4ADB17A4CC3DB1F4B8FC304282E
Authority key identifier: BD:2A:6A:22:32:C4:39:F0:46:20:C8:2B:4D:7E:14:E9:DF:72:11:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vSpqIjLEOfBGIMgrTX4U6d9yEUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/tXaw6GIcRDtIIdCZl5xqxFxC_Uo.roa
Signing time:             Fri 04 Oct 2024 01:16:48 +0000
ROA not before:           Fri 04 Oct 2024 01:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        195.206.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/vSpqIjLEOfBGIMgrTX4U6d9yEUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/vSpqIjLEOfBGIMgrTX4U6d9yEUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vSpqIjLEOfBGIMgrTX4U6d9yEUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:55:19:d4:ad:b1:7a:4c:c3:db:1f:4b:8f:c3:04:28:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd2a6a2232c439f04620c82b4d7e14e9df721143
        Validity
            Not Before: Oct  4 01:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b576b0e8621c443b4821d099979c6ac45c42fd4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1a:e1:81:ad:ea:5e:01:b6:1d:d5:e9:06:cf:
                    75:8a:1b:ee:6f:44:ce:44:9b:c3:70:c1:bc:36:a5:
                    90:01:7a:80:dd:4b:06:55:7d:cd:ec:ad:c7:82:86:
                    4a:82:f5:a7:a7:19:43:81:8a:78:77:2f:2b:0b:b6:
                    dd:10:fd:11:91:c5:85:85:38:a8:32:b7:f6:d8:35:
                    c5:84:18:21:90:44:b4:cb:94:7d:54:e9:5c:94:0e:
                    18:b1:a2:ac:d8:6f:6d:a0:8e:ce:50:98:e5:9c:37:
                    a5:87:cd:d3:f7:ab:c5:44:90:1c:cc:f0:be:14:26:
                    a5:83:06:94:e9:ec:80:47:f8:4b:d1:1c:9a:50:de:
                    f1:30:30:f3:d4:7d:f2:d5:ec:d5:50:33:14:40:7a:
                    9e:18:d0:3e:9e:25:de:29:12:ff:75:0d:d5:cd:7c:
                    f1:6a:c0:54:60:46:ea:a1:b0:c4:75:25:d1:f4:76:
                    43:8b:54:f6:18:2c:cd:90:a0:f8:12:42:ca:cd:5d:
                    ea:99:b7:e4:63:ff:39:01:64:fa:e5:28:40:8f:63:
                    a9:21:46:aa:55:b2:2e:10:62:93:32:3c:c7:f6:8f:
                    24:b6:e9:16:36:cc:86:c8:3f:b5:a9:59:30:97:84:
                    4a:3c:6b:3c:73:12:8f:65:8f:15:86:68:11:9c:db:
                    69:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:76:B0:E8:62:1C:44:3B:48:21:D0:99:97:9C:6A:C4:5C:42:FD:4A
            X509v3 Authority Key Identifier:
                keyid:BD:2A:6A:22:32:C4:39:F0:46:20:C8:2B:4D:7E:14:E9:DF:72:11:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vSpqIjLEOfBGIMgrTX4U6d9yEUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/tXaw6GIcRDtIIdCZl5xqxFxC_Uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/vSpqIjLEOfBGIMgrTX4U6d9yEUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:31:92:4a:d6:e9:83:58:9d:fd:c9:4d:a1:86:c7:d4:5c:97:
         b0:9d:27:50:92:95:4c:d0:51:d9:73:d4:79:4f:bf:48:26:b0:
         95:92:cf:e4:f8:6d:9a:48:da:20:89:b3:6a:41:27:78:5b:41:
         53:98:54:ba:33:20:f6:99:09:35:1a:46:ff:42:ba:0b:b6:25:
         eb:e0:f6:9f:7e:13:84:1f:ad:5a:a0:3b:6e:0d:cd:dd:ad:7f:
         6e:c5:8a:38:ef:67:35:e4:cb:f7:7e:4e:be:87:7a:fb:ca:a0:
         a4:20:95:4f:b0:5f:ea:b2:42:43:82:29:1b:4f:d4:1e:a5:f3:
         55:4c:52:9a:a2:b5:12:54:0e:85:43:c4:c0:6b:83:98:f6:af:
         15:3f:50:9a:c8:c2:ab:59:22:7e:8c:de:03:c8:e7:9e:f9:a0:
         b7:66:c2:09:79:fa:15:40:88:4b:7c:dd:38:db:b4:29:d0:6c:
         6c:25:9c:9e:b7:66:d2:8b:34:8b:49:e1:8a:e2:35:95:70:e9:
         30:fc:2e:c8:95:c9:53:31:c1:2c:b0:c6:15:44:e7:d7:dc:9e:
         0b:ee:a7:f8:71:07:90:91:b0:ab:a7:c6:a7:22:76:c3:4a:ec:
         03:03:fb:8c:f2:2d:65:84:9f:43:2c:6e:68:be:b6:e5:62:b1:
         81:ca:3d:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJVGdStsXpMw9sfS4/DBCguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMmE2YTIyMzJjNDM5ZjA0NjIwYzgyYjRkN2UxNGU5ZGY3
MjExNDMwHhcNMjQxMDA0MDExNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTc2YjBlODYyMWM0NDNiNDgyMWQwOTk5NzljNmFjNDVjNDJmZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBrhga3qXgG2HdXpBs91ihvub0TO
RJvDcMG8NqWQAXqA3UsGVX3N7K3HgoZKgvWnpxlDgYp4dy8rC7bdEP0RkcWFhTio
Mrf22DXFhBghkES0y5R9VOlclA4YsaKs2G9toI7OUJjlnDelh83T96vFRJAczPC+
FCalgwaU6eyAR/hL0RyaUN7xMDDz1H3y1ezVUDMUQHqeGNA+niXeKRL/dQ3VzXzx
asBUYEbqobDEdSXR9HZDi1T2GCzNkKD4EkLKzV3qmbfkY/85AWT65ShAj2OpIUaq
VbIuEGKTMjzH9o8ktukWNsyGyD+1qVkwl4RKPGs8cxKPZY8VhmgRnNtpYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLV2sOhiHEQ7SCHQmZecasRcQv1KMB8GA1UdIwQY
MBaAFL0qaiIyxDnwRiDIK01+FOnfchFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlNwcUlqTEVPZkJHSU1nclRYNFU2ZDl5RVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82YWZkNjAtODNlOC00MjNkLTg3OGIt
OTA5YjZhYjg1ZWU5LzEvdFhhdzZHSWNSRHRJSWRDWmw1eHF4RnhDX1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82YWZkNjAtODNlOC00MjNkLTg3OGItOTA5YjZhYjg1ZWU5
LzEvdlNwcUlqTEVPZkJHSU1nclRYNFU2ZDl5RVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw87yMA0G
CSqGSIb3DQEBCwUAA4IBAQBxMZJK1umDWJ39yU2hhsfUXJewnSdQkpVM0FHZc9R5
T79IJrCVks/k+G2aSNogibNqQSd4W0FTmFS6MyD2mQk1Gkb/QroLtiXr4PaffhOE
H61aoDtuDc3drX9uxYo472c15Mv3fk6+h3r7yqCkIJVPsF/qskJDgikbT9QepfNV
TFKaorUSVA6FQ8TAa4OY9q8VP1CayMKrWSJ+jN4DyOee+aC3ZsIJefoVQIhLfN04
27Qp0GxsJZyet2bSizSLSeGK4jWVcOkw/C7IlclTMcEssMYVROfX3J4L7qf4cQeQ
kbCrp8anInbDSuwDA/uM8i1lhJ9DLG5ovrblYrGByj2M
-----END CERTIFICATE-----