Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/on6FwcC25vnn_PDWTP5R35XYo9Q.roa
File:                     on6FwcC25vnn_PDWTP5R35XYo9Q.roa (raw, json)
Hash identifier:          ao5D+tgVMdFltlpZgknXEKRjCOHq7SxkVgVrANV4E20=
Subject key identifier:   A2:7E:85:C1:C0:B6:E6:F9:E7:FC:F0:D6:4C:FE:51:DF:95:D8:A3:D4
Certificate issuer:       /CN=6dd1dc4d2eb7bf2a3f08d545755477055143f174
Certificate serial:       019302C6C6D7B4018080566B744DFB7EBDC3
Authority key identifier: 6D:D1:DC:4D:2E:B7:BF:2A:3F:08:D5:45:75:54:77:05:51:43:F1:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bdHcTS63vyo_CNVFdVR3BVFD8XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/on6FwcC25vnn_PDWTP5R35XYo9Q.roa
Signing time:             Wed 06 Nov 2024 18:40:01 +0000
ROA not before:           Wed 06 Nov 2024 18:40:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212635
IP address blocks:        45.159.140.0/22 maxlen: 24
                          2a10:6e40::/30 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/bdHcTS63vyo_CNVFdVR3BVFD8XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/bdHcTS63vyo_CNVFdVR3BVFD8XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bdHcTS63vyo_CNVFdVR3BVFD8XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:c6:c6:d7:b4:01:80:80:56:6b:74:4d:fb:7e:bd:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dd1dc4d2eb7bf2a3f08d545755477055143f174
        Validity
            Not Before: Nov  6 18:40:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a27e85c1c0b6e6f9e7fcf0d64cfe51df95d8a3d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:94:f1:4f:77:37:a7:df:69:00:eb:74:7b:43:
                    d9:c9:49:93:ce:2c:0b:6b:4b:ee:6c:ce:78:88:a2:
                    ca:02:cc:c2:60:d2:82:ec:f8:b1:ab:c8:4d:d1:99:
                    46:66:f4:9d:7c:33:04:1a:92:87:5e:c4:bc:30:13:
                    39:5f:10:91:98:ea:6f:d2:38:c1:d7:fc:1d:48:0a:
                    c4:95:8a:12:df:fe:9f:bd:19:02:43:b1:e3:38:ed:
                    95:24:e8:b1:8c:f3:c7:2e:eb:80:5f:0d:4a:ec:94:
                    6d:4d:ad:db:0d:a2:2a:7c:0b:a9:b2:15:ec:b3:f7:
                    9b:67:53:f2:b7:29:5e:ab:eb:f2:21:b1:56:c2:3f:
                    b5:ae:26:83:2d:f7:66:54:6e:7d:0a:1d:ae:fe:3a:
                    b6:6a:36:6d:81:09:d7:d3:9b:12:e5:c9:40:ff:f4:
                    98:fa:d9:b6:8a:ce:8a:31:d4:c0:93:45:7c:77:08:
                    ca:a3:bc:12:1a:0d:47:e7:60:d8:68:aa:84:24:73:
                    58:40:3f:73:24:9f:b4:97:63:3d:9c:e0:d6:0f:81:
                    f7:0b:70:f5:5d:9f:14:2f:98:a1:2b:8a:5a:25:c3:
                    ad:4e:9f:56:4f:59:24:07:40:5d:1d:82:e6:3f:4e:
                    6d:f3:d8:df:ec:e0:77:c1:9f:7d:48:ba:34:ae:0f:
                    3f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:7E:85:C1:C0:B6:E6:F9:E7:FC:F0:D6:4C:FE:51:DF:95:D8:A3:D4
            X509v3 Authority Key Identifier:
                keyid:6D:D1:DC:4D:2E:B7:BF:2A:3F:08:D5:45:75:54:77:05:51:43:F1:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bdHcTS63vyo_CNVFdVR3BVFD8XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/on6FwcC25vnn_PDWTP5R35XYo9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/bdHcTS63vyo_CNVFdVR3BVFD8XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.140.0/22
                IPv6:
                  2a10:6e40::/30

    Signature Algorithm: sha256WithRSAEncryption
         1e:68:30:a7:e2:93:b1:45:c8:a1:67:b3:7a:00:53:8e:6a:aa:
         c9:ce:4b:ec:69:7e:ac:b8:fb:50:a4:5b:cc:38:94:16:42:1f:
         39:0f:63:a0:3b:c7:50:28:4f:69:86:e9:dd:dd:f6:9d:e6:17:
         d3:fa:13:56:cb:b4:14:9b:aa:3c:00:c5:0d:4f:8e:f0:af:86:
         59:69:5e:a7:36:09:e8:c0:37:23:c3:35:c5:9b:07:ce:fa:51:
         a3:62:62:f9:b6:82:e7:68:89:6c:c9:3a:74:90:99:de:90:06:
         09:7b:a4:62:2e:89:d9:68:24:18:ff:0d:6b:80:5b:75:ef:ed:
         72:bd:a7:ed:29:ac:a5:8d:73:3c:6b:a5:4e:4c:f8:cb:bb:59:
         93:14:96:cc:1a:df:d5:a8:6d:7e:00:b8:0d:5b:d1:4f:37:5a:
         73:1b:0a:82:fc:7b:5e:43:d1:64:70:95:12:c0:f0:31:26:25:
         de:90:4e:21:6d:93:b2:f8:5b:1f:ba:6f:c5:86:f5:66:b3:a0:
         2b:b8:bf:42:39:6a:d2:b8:fc:cb:26:39:f9:20:c1:0c:c9:a1:
         3e:19:e7:a9:e8:7c:cf:d2:ed:1c:bf:5d:72:12:05:d2:c1:0c:
         1c:e4:a6:c4:9b:49:90:b2:74:f4:a0:d7:5a:74:97:dc:44:17:
         ab:e2:9c:d3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMCxsbXtAGAgFZrdE37fr3DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZDFkYzRkMmViN2JmMmEzZjA4ZDU0NTc1NTQ3NzA1NTE0
M2YxNzQwHhcNMjQxMTA2MTg0MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjdlODVjMWMwYjZlNmY5ZTdmY2YwZDY0Y2ZlNTFkZjk1ZDhhM2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5TxT3c3p99pAOt0e0PZyUmTziwL
a0vubM54iKLKAszCYNKC7Pixq8hN0ZlGZvSdfDMEGpKHXsS8MBM5XxCRmOpv0jjB
1/wdSArElYoS3/6fvRkCQ7HjOO2VJOixjPPHLuuAXw1K7JRtTa3bDaIqfAupshXs
s/ebZ1Pytyleq+vyIbFWwj+1riaDLfdmVG59Ch2u/jq2ajZtgQnX05sS5clA//SY
+tm2is6KMdTAk0V8dwjKo7wSGg1H52DYaKqEJHNYQD9zJJ+0l2M9nODWD4H3C3D1
XZ8UL5ihK4paJcOtTp9WT1kkB0BdHYLmP05t89jf7OB3wZ99SLo0rg8/vQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKJ+hcHAtub55/zw1kz+Ud+V2KPUMB8GA1UdIwQY
MBaAFG3R3E0ut78qPwjVRXVUdwVRQ/F0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRIY1RTNjN2eW9fQ05WRmRWUjNCVkZEOFhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iZWU0ODMtZWViMy00YzUzLWE0NTYt
ZmI0YzU0YjY3MzNhLzEvb242RndjQzI1dm5uX1BEV1RQNVIzNVhZbzlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iZWU0ODMtZWViMy00YzUzLWE0NTYtZmI0YzU0YjY3MzNh
LzEvYmRIY1RTNjN2eW9fQ05WRmRWUjNCVkZEOFhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ+MMA0E
AgACMAcDBQIqEG5AMA0GCSqGSIb3DQEBCwUAA4IBAQAeaDCn4pOxRcihZ7N6AFOO
aqrJzkvsaX6suPtQpFvMOJQWQh85D2OgO8dQKE9phund3fad5hfT+hNWy7QUm6o8
AMUNT47wr4ZZaV6nNgnowDcjwzXFmwfO+lGjYmL5toLnaIlsyTp0kJnekAYJe6Ri
LonZaCQY/w1rgFt17+1yvaftKayljXM8a6VOTPjLu1mTFJbMGt/VqG1+ALgNW9FP
N1pzGwqC/HteQ9FkcJUSwPAxJiXekE4hbZOy+Fsfum/FhvVms6AruL9COWrSuPzL
Jjn5IMEMyaE+Geep6HzP0u0cv11yEgXSwQwc5KbEm0mQsnT0oNdadJfcRBer4pzT
-----END CERTIFICATE-----