Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/B6NuQ3b2SVtYW88nCBliDpKMPn0.roa
File:                     B6NuQ3b2SVtYW88nCBliDpKMPn0.roa (raw, json)
Hash identifier:          eix4LBTI09mJ3CSFqcdCUpicMNVBtvTo41vLrPv4/2E=
Subject key identifier:   07:A3:6E:43:76:F6:49:5B:58:5B:CF:27:08:19:62:0E:92:8C:3E:7D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01942220146AABD866B78876B79EFA508070
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/B6NuQ3b2SVtYW88nCBliDpKMPn0.roa
Signing time:             Wed 01 Jan 2025 13:48:35 +0000
ROA not before:           Wed 01 Jan 2025 13:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30937
IP address blocks:        80.68.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:14:6a:ab:d8:66:b7:88:76:b7:9e:fa:50:80:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07a36e4376f6495b585bcf270819620e928c3e7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:49:c0:18:e6:38:fd:fb:46:24:db:b3:60:6c:
                    8f:e2:f9:f5:d3:64:8a:ad:e0:4a:0d:04:2a:1e:8e:
                    42:7b:08:ac:c8:b8:e5:d0:f9:4e:cd:d3:fe:0b:3e:
                    73:75:d7:21:b3:72:ac:cf:e8:6c:f7:1b:66:92:48:
                    aa:72:02:81:df:81:03:32:d2:41:72:c3:3f:3c:1f:
                    95:57:78:4b:8a:b1:b2:12:01:83:0b:39:8b:a3:f7:
                    d4:3d:f2:3d:62:46:1c:9d:f2:3b:bd:c4:2e:df:5a:
                    bc:c0:14:a0:7e:1b:d8:a3:4e:0f:1b:eb:c0:04:45:
                    e9:58:a9:d3:68:4b:2d:0f:b9:a6:70:7c:da:d9:74:
                    03:72:b9:c3:7d:d6:64:f0:7b:ed:34:89:32:15:ef:
                    af:3e:75:ed:52:e0:3b:d9:03:ee:26:18:5c:30:66:
                    d7:89:78:44:fc:32:4b:1b:ce:33:3d:ed:85:6e:5d:
                    6e:49:b5:81:9f:dc:be:e4:a9:c6:65:ef:a1:be:ff:
                    87:99:08:d5:67:9d:23:e9:78:de:2f:f9:10:3c:6f:
                    af:d3:8d:91:a5:41:cd:d3:91:e9:5b:9c:72:56:e4:
                    04:1c:ee:3a:97:48:0c:43:0c:58:9a:6a:5b:b6:1b:
                    46:8e:8e:4b:07:ca:3c:7b:ec:ea:98:46:b5:00:6b:
                    4b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A3:6E:43:76:F6:49:5B:58:5B:CF:27:08:19:62:0E:92:8C:3E:7D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/B6NuQ3b2SVtYW88nCBliDpKMPn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.68.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:c6:fe:41:a3:da:61:fd:4d:98:70:1a:97:0b:bb:f4:9e:89:
         b3:cd:f4:e6:a8:2e:47:82:15:3a:a5:ab:31:03:8e:a4:c8:d4:
         3f:d7:25:63:63:ea:08:4f:68:dd:3a:9d:a8:dd:2f:a8:bc:f7:
         62:41:e2:ff:db:64:d9:92:85:d6:5d:ec:59:71:9c:6a:34:47:
         bb:20:3d:1f:c3:a8:e1:4f:70:ee:77:9a:12:81:55:92:64:da:
         52:7b:d7:e1:0b:2e:35:e7:af:32:58:6e:5f:de:e0:b0:66:d8:
         6c:66:09:a4:3a:5b:30:76:dc:55:6c:4c:b0:eb:cc:27:3a:1d:
         99:b1:ee:a4:3d:03:49:c8:be:85:4c:27:ef:17:ab:34:84:a5:
         62:d4:1f:3f:41:9c:26:06:99:79:cc:c1:62:9e:62:98:2b:2f:
         fa:a5:bc:cf:fb:57:01:9c:19:a8:6d:98:07:a2:cb:74:a9:c0:
         4e:97:fd:4d:47:b1:91:2d:36:a6:18:b7:b3:08:87:63:32:ce:
         5c:a9:4f:f9:07:2d:b8:c6:81:41:be:79:67:30:a0:fc:78:45:
         89:3e:d6:da:46:d7:89:8b:55:f9:12:cb:78:f9:a1:f3:98:66:
         7c:fd:bd:03:8d:84:73:45:c3:04:3a:7f:c7:90:cd:9b:58:4f:
         7d:62:be:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBRqq9hmt4h2t576UIBwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2EzNmU0Mzc2ZjY0OTViNTg1YmNmMjcwODE5NjIwZTkyOGMzZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0nAGOY4/ftGJNuzYGyP4vn102SK
reBKDQQqHo5CewisyLjl0PlOzdP+Cz5zddchs3Ksz+hs9xtmkkiqcgKB34EDMtJB
csM/PB+VV3hLirGyEgGDCzmLo/fUPfI9YkYcnfI7vcQu31q8wBSgfhvYo04PG+vA
BEXpWKnTaEstD7mmcHza2XQDcrnDfdZk8HvtNIkyFe+vPnXtUuA72QPuJhhcMGbX
iXhE/DJLG84zPe2Fbl1uSbWBn9y+5KnGZe+hvv+HmQjVZ50j6XjeL/kQPG+v042R
pUHN05HpW5xyVuQEHO46l0gMQwxYmmpbthtGjo5LB8o8e+zqmEa1AGtLNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAejbkN29klbWFvPJwgZYg6SjD59MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQjZOdVEzYjJTVnRZVzg4bkNCbGlEcEtNUG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUESbMA0G
CSqGSIb3DQEBCwUAA4IBAQBfxv5Bo9ph/U2YcBqXC7v0nomzzfTmqC5HghU6pasx
A46kyNQ/1yVjY+oIT2jdOp2o3S+ovPdiQeL/22TZkoXWXexZcZxqNEe7ID0fw6jh
T3Dud5oSgVWSZNpSe9fhCy41568yWG5f3uCwZthsZgmkOlswdtxVbEyw68wnOh2Z
se6kPQNJyL6FTCfvF6s0hKVi1B8/QZwmBpl5zMFinmKYKy/6pbzP+1cBnBmobZgH
ost0qcBOl/1NR7GRLTamGLezCIdjMs5cqU/5By24xoFBvnlnMKD8eEWJPtbaRteJ
i1X5Est4+aHzmGZ8/b0DjYRzRcMEOn/HkM2bWE99Yr5n
-----END CERTIFICATE-----