Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/aSd2JtI3QbtrLuyZ-SuACjxaHdc.roa
File:                     aSd2JtI3QbtrLuyZ-SuACjxaHdc.roa (raw, json)
Hash identifier:          Sgd1aw22rI6zg6QtUckbIF8VHMalDI+dnYMeD24zrPY=
Subject key identifier:   69:27:76:26:D2:37:41:BB:6B:2E:EC:99:F9:2B:80:0A:3C:5A:1D:D7
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018F52577EC97F7E2E40DC141A3A91FA9762
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/aSd2JtI3QbtrLuyZ-SuACjxaHdc.roa
Signing time:             Tue 07 May 2024 09:16:56 +0000
ROA not before:           Tue 07 May 2024 09:16:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44881
IP address blocks:        84.54.55.0/24 maxlen: 24
                          178.22.24.0/24 maxlen: 24
                          213.109.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:52:57:7e:c9:7f:7e:2e:40:dc:14:1a:3a:91:fa:97:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: May  7 09:16:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69277626d23741bb6b2eec99f92b800a3c5a1dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a4:8c:c8:55:e3:97:d2:d2:74:4a:6b:05:62:
                    46:81:23:f5:47:de:66:d7:39:32:a1:b0:04:56:76:
                    d1:b9:1b:e2:cc:5e:1c:86:f8:e2:c9:3a:18:1b:83:
                    e3:89:ef:27:dd:0f:66:ba:04:80:f5:25:b3:5c:42:
                    24:3e:4f:24:55:d9:cf:22:73:30:5f:59:41:64:8d:
                    f5:48:0a:0f:29:7e:18:86:7c:b6:90:40:cd:96:fa:
                    1b:ca:ae:76:52:9c:99:c4:cd:41:59:61:bf:c9:f1:
                    9b:82:ea:ab:24:62:49:dc:85:ac:85:f1:2e:0d:90:
                    a8:33:21:e3:f7:16:6b:28:1a:fe:1b:85:d2:d5:c7:
                    70:c9:4e:62:20:a9:76:15:da:08:42:6b:8d:36:d8:
                    fb:9b:dd:35:79:57:83:32:e1:55:d2:f3:9b:b2:6f:
                    34:76:1b:4f:48:51:b7:75:b6:b6:2f:1f:a9:eb:05:
                    31:fc:03:fd:76:14:8b:b3:0d:1a:6c:36:0c:29:12:
                    f1:e9:db:bb:68:21:1e:12:99:c7:06:48:68:aa:f2:
                    6a:df:02:ca:2a:cc:10:1c:2d:5c:27:47:35:c0:54:
                    22:f2:cf:66:d3:55:5e:81:ac:65:06:4c:14:ee:8f:
                    a5:9c:75:c7:0a:77:0b:dc:c7:d0:34:f8:20:51:db:
                    92:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:27:76:26:D2:37:41:BB:6B:2E:EC:99:F9:2B:80:0A:3C:5A:1D:D7
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/aSd2JtI3QbtrLuyZ-SuACjxaHdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.55.0/24
                  178.22.24.0/24
                  213.109.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:4f:4c:9e:dd:cb:6b:5d:e7:70:f3:ea:c7:00:44:8a:67:a3:
         2f:d5:1f:ae:be:95:9b:be:d7:cb:af:86:45:24:d8:6e:0f:95:
         2f:91:36:8f:12:9a:04:af:5d:b7:fb:f4:8f:22:53:90:97:90:
         1b:10:f4:77:3d:14:66:9b:7d:45:a6:67:09:d3:43:22:cf:b9:
         31:9e:0d:66:07:79:85:cf:2e:c4:58:ca:a7:63:5c:4d:2e:08:
         5a:03:48:e7:f3:89:98:2b:2c:2f:1a:a2:80:66:c3:91:c2:c0:
         a8:46:03:ad:53:18:29:2e:1f:41:63:f1:f4:01:7c:cf:0f:3a:
         46:11:01:d0:22:67:b2:27:a4:5f:51:a3:38:8a:09:75:87:2e:
         ee:bf:f1:59:61:13:9d:3a:2e:b4:9c:4d:57:70:58:24:78:90:
         73:37:3f:71:da:04:f2:51:49:53:ff:51:d5:52:99:14:f6:e9:
         77:8a:87:3d:97:31:fb:cf:01:3f:28:2c:c4:98:1d:d9:aa:f1:
         a3:9a:e4:f5:a7:ae:80:50:36:d6:22:99:c2:cf:0d:70:82:fa:
         fe:a0:ac:10:0c:da:cd:a6:4e:2b:b9:70:0a:6d:3b:02:f8:ba:
         5a:8c:a0:6e:7b:d0:7a:11:27:95:d4:0f:2c:cb:73:e2:b5:b9:
         24:a9:79:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY9SV37Jf34uQNwUGjqR+pdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwNTA3MDkxNjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTI3NzYyNmQyMzc0MWJiNmIyZWVjOTlmOTJiODAwYTNjNWExZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqSMyFXjl9LSdEprBWJGgSP1R95m
1zkyobAEVnbRuRvizF4chvjiyToYG4Pjie8n3Q9mugSA9SWzXEIkPk8kVdnPInMw
X1lBZI31SAoPKX4Yhny2kEDNlvobyq52UpyZxM1BWWG/yfGbguqrJGJJ3IWshfEu
DZCoMyHj9xZrKBr+G4XS1cdwyU5iIKl2FdoIQmuNNtj7m901eVeDMuFV0vObsm80
dhtPSFG3dba2Lx+p6wUx/AP9dhSLsw0abDYMKRLx6du7aCEeEpnHBkhoqvJq3wLK
KswQHC1cJ0c1wFQi8s9m01VegaxlBkwU7o+lnHXHCncL3MfQNPggUduSMQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGkndibSN0G7ay7smfkrgAo8Wh3XMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvYVNkMkp0STNRYnRyTHV5Wi1TdUFDanhhSGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVDY3AwQA
shYYAwQA1W1gMA0GCSqGSIb3DQEBCwUAA4IBAQAeT0ye3ctrXedw8+rHAESKZ6Mv
1R+uvpWbvtfLr4ZFJNhuD5UvkTaPEpoEr123+/SPIlOQl5AbEPR3PRRmm31FpmcJ
00Miz7kxng1mB3mFzy7EWMqnY1xNLghaA0jn84mYKywvGqKAZsORwsCoRgOtUxgp
Lh9BY/H0AXzPDzpGEQHQImeyJ6RfUaM4igl1hy7uv/FZYROdOi60nE1XcFgkeJBz
Nz9x2gTyUUlT/1HVUpkU9ul3ioc9lzH7zwE/KCzEmB3ZqvGjmuT1p66AUDbWIpnC
zw1wgvr+oKwQDNrNpk4ruXAKbTsC+LpajKBue9B6ESeV1A8sy3PitbkkqXmH
-----END CERTIFICATE-----