Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/6BYQ4By2tJL3cWm4L-BQSWyvJS0.roa
File:                     6BYQ4By2tJL3cWm4L-BQSWyvJS0.roa (raw, json)
Hash identifier:          3sAvJeopcRq49xZNtMv2qbQCEldVQVML4/pl6Sm3s88=
Subject key identifier:   E8:16:10:E0:1C:B6:B4:92:F7:71:69:B8:2F:E0:50:49:6C:AF:25:2D
Certificate issuer:       /CN=598fa4201344d4107f792eee2566c62d65714e2d
Certificate serial:       019425203E86DAAD09C862D8A3DE0FC2B49C
Authority key identifier: 59:8F:A4:20:13:44:D4:10:7F:79:2E:EE:25:66:C6:2D:65:71:4E:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/6BYQ4By2tJL3cWm4L-BQSWyvJS0.roa
Signing time:             Thu 02 Jan 2025 03:47:37 +0000
ROA not before:           Thu 02 Jan 2025 03:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207174
IP address blocks:        217.61.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:3e:86:da:ad:09:c8:62:d8:a3:de:0f:c2:b4:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=598fa4201344d4107f792eee2566c62d65714e2d
        Validity
            Not Before: Jan  2 03:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e81610e01cb6b492f77169b82fe050496caf252d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:3f:d0:87:b5:74:5a:ce:13:e7:b0:58:11:23:
                    8c:d1:db:95:4d:a6:ce:4b:6c:96:ee:6b:0b:c3:b1:
                    42:20:0e:f1:f2:82:c7:41:94:03:77:63:cc:dd:13:
                    a7:59:69:76:74:03:2e:88:7c:c3:92:49:20:e2:00:
                    7f:c7:83:1c:37:78:c4:e6:67:a9:7a:e6:ba:6f:41:
                    57:0a:b3:87:21:22:03:9d:61:75:c1:78:79:5f:c6:
                    01:d2:1e:ca:9e:f4:4d:f0:2b:24:b7:71:63:fe:d5:
                    3a:98:2d:ac:8d:87:5a:1d:c6:49:03:7a:b9:37:a3:
                    e1:fb:96:ff:42:0c:38:44:0f:f5:97:e8:a6:61:5d:
                    a0:67:93:94:b3:27:6f:5a:ab:6d:cd:16:87:16:ca:
                    50:c4:7c:39:cc:51:ce:77:bf:4d:cf:0a:8c:cf:b9:
                    35:ad:39:3a:4c:94:40:3a:db:26:df:36:bb:98:0b:
                    b7:42:e1:46:8a:13:b4:f5:45:f4:50:4c:17:df:c8:
                    ea:01:cc:78:35:10:bb:18:78:7f:e0:65:51:a3:2b:
                    0e:d2:5f:6d:d7:2f:89:b9:56:e7:76:e7:80:1d:a6:
                    5a:ed:da:e8:5f:4a:e7:9f:d0:a0:bc:00:a9:73:d6:
                    c3:66:56:04:65:65:dc:aa:79:12:65:1e:2c:09:57:
                    de:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:16:10:E0:1C:B6:B4:92:F7:71:69:B8:2F:E0:50:49:6C:AF:25:2D
            X509v3 Authority Key Identifier:
                keyid:59:8F:A4:20:13:44:D4:10:7F:79:2E:EE:25:66:C6:2D:65:71:4E:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/6BYQ4By2tJL3cWm4L-BQSWyvJS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.61.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:1e:3c:cb:13:22:07:b5:85:e6:33:cb:8f:c5:3c:fe:4a:b9:
         43:fd:24:cf:36:a4:c6:67:53:01:db:a3:63:3c:36:01:db:bd:
         5a:c5:5f:8b:f1:de:4e:1d:7f:e3:54:40:b9:b1:13:31:08:40:
         13:2e:fd:53:0a:f6:69:c2:aa:e9:13:62:20:b8:57:d4:19:e3:
         9f:7a:97:dd:10:07:16:28:f2:2c:df:df:cb:82:bc:95:cd:d7:
         73:87:c5:06:4a:0f:12:49:49:40:62:b5:24:46:b6:56:b9:e7:
         6d:8f:bc:21:62:93:aa:79:ab:12:9b:a6:c4:4c:fd:76:a6:83:
         87:83:a2:38:97:19:de:73:c2:54:98:e9:a6:5b:0d:ec:fc:a1:
         cb:49:f3:4e:ae:84:70:ee:cb:a3:a0:51:eb:c8:8c:aa:ee:50:
         0c:f1:8e:74:54:0a:78:94:96:3a:a7:51:65:9c:a4:1e:20:a5:
         34:38:3d:02:c2:2b:49:82:da:e2:36:e8:92:72:ed:e0:05:69:
         b4:55:97:d0:a5:d0:c0:11:d3:a5:06:d7:43:ca:ca:3d:b1:5d:
         83:61:6e:4d:6f:cf:07:8f:98:14:46:f9:ea:e9:5d:b1:f7:89:
         8a:ea:1d:d0:2a:ba:69:12:d5:a4:ce:03:66:a8:50:7f:57:49:
         2e:af:ae:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlID6G2q0JyGLYo94PwrScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5OGZhNDIwMTM0NGQ0MTA3Zjc5MmVlZTI1NjZjNjJkNjU3
MTRlMmQwHhcNMjUwMTAyMDM0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODE2MTBlMDFjYjZiNDkyZjc3MTY5YjgyZmUwNTA0OTZjYWYyNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8z/Qh7V0Ws4T57BYESOM0duVTabO
S2yW7msLw7FCIA7x8oLHQZQDd2PM3ROnWWl2dAMuiHzDkkkg4gB/x4McN3jE5mep
eua6b0FXCrOHISIDnWF1wXh5X8YB0h7KnvRN8Cskt3Fj/tU6mC2sjYdaHcZJA3q5
N6Ph+5b/Qgw4RA/1l+imYV2gZ5OUsydvWqttzRaHFspQxHw5zFHOd79NzwqMz7k1
rTk6TJRAOtsm3za7mAu3QuFGihO09UX0UEwX38jqAcx4NRC7GHh/4GVRoysO0l9t
1y+JuVbndueAHaZa7droX0rnn9CgvACpc9bDZlYEZWXcqnkSZR4sCVfe4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOgWEOActrSS93FpuC/gUElsryUtMB8GA1UdIwQY
MBaAFFmPpCATRNQQf3ku7iVmxi1lcU4tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1kta0lCTkUxQkJfZVM3dUpXYkdMV1Z4VGkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84MzhlZjEtNzM5My00ZmJkLWI2N2It
NjY0YjhmMDNkMTgwLzEvNkJZUTRCeTJ0SkwzY1dtNEwtQlFTV3l2SlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84MzhlZjEtNzM5My00ZmJkLWI2N2ItNjY0YjhmMDNkMTgw
LzEvV1kta0lCTkUxQkJfZVM3dUpXYkdMV1Z4VGkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2T2EMA0G
CSqGSIb3DQEBCwUAA4IBAQAzHjzLEyIHtYXmM8uPxTz+SrlD/STPNqTGZ1MB26Nj
PDYB271axV+L8d5OHX/jVEC5sRMxCEATLv1TCvZpwqrpE2IguFfUGeOfepfdEAcW
KPIs39/LgryVzddzh8UGSg8SSUlAYrUkRrZWuedtj7whYpOqeasSm6bETP12poOH
g6I4lxnec8JUmOmmWw3s/KHLSfNOroRw7sujoFHryIyq7lAM8Y50VAp4lJY6p1Fl
nKQeIKU0OD0CwitJgtriNuiScu3gBWm0VZfQpdDAEdOlBtdDyso9sV2DYW5Nb88H
j5gURvnq6V2x94mK6h3QKrppEtWkzgNmqFB/V0kur65G
-----END CERTIFICATE-----