Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/bgwaHc6gzZlNY244O9MMe-GUJ_s.roa
File:                     bgwaHc6gzZlNY244O9MMe-GUJ_s.roa (raw, json)
Hash identifier:          33wzrbNSvEbTABUMKp3LEpRuOPz12Ltnsil4MkAKvI0=
Subject key identifier:   6E:0C:1A:1D:CE:A0:CD:99:4D:63:6E:38:3B:D3:0C:7B:E1:94:27:FB
Certificate issuer:       /CN=7a05ea59805f94be185282039bbae2fa8a9253f5
Certificate serial:       018CC6B7D5C04E177B09144C5B3E3563AA80
Authority key identifier: 7A:05:EA:59:80:5F:94:BE:18:52:82:03:9B:BA:E2:FA:8A:92:53:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/egXqWYBflL4YUoIDm7ri-oqSU_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/bgwaHc6gzZlNY244O9MMe-GUJ_s.roa
Signing time:             Mon 01 Jan 2024 20:29:45 +0000
ROA not before:           Mon 01 Jan 2024 20:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50376
IP address blocks:        212.6.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/egXqWYBflL4YUoIDm7ri-oqSU_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/egXqWYBflL4YUoIDm7ri-oqSU_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/egXqWYBflL4YUoIDm7ri-oqSU_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:d5:c0:4e:17:7b:09:14:4c:5b:3e:35:63:aa:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a05ea59805f94be185282039bbae2fa8a9253f5
        Validity
            Not Before: Jan  1 20:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e0c1a1dcea0cd994d636e383bd30c7be19427fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:74:89:55:cd:30:dc:80:46:97:7d:06:c5:ed:
                    53:f8:ec:0b:65:64:3f:0c:e7:fc:5b:2b:28:00:ff:
                    70:29:27:83:a4:17:c2:12:8b:81:77:9f:74:2c:75:
                    25:a3:ad:42:39:9c:be:9d:2c:3c:e4:b1:40:8d:91:
                    03:9a:b4:0f:34:e1:f2:fe:21:44:55:a1:a7:96:a9:
                    1d:d5:5d:07:a0:ba:e6:87:e6:ca:26:17:2c:1d:9c:
                    c9:02:58:96:08:13:a7:3f:04:eb:36:f4:1e:9b:e8:
                    de:26:60:06:23:cd:5c:8a:a4:5d:56:ba:15:e2:b4:
                    b2:12:b9:c7:1b:b4:c8:bd:71:38:d1:a3:06:83:28:
                    1e:8e:bf:73:7d:6e:c5:37:a6:58:1b:df:27:4b:1d:
                    fc:e1:e0:dd:98:6c:1d:32:90:ca:f9:64:d0:d6:0a:
                    5e:56:11:64:c5:03:fc:e9:0e:05:d9:87:01:39:ed:
                    18:24:59:90:c5:a7:43:0d:7c:de:5c:38:13:41:30:
                    a5:51:00:f6:3c:27:31:63:a1:e9:0a:15:ad:1a:6b:
                    9f:17:78:d5:49:2f:d6:9b:0b:13:0d:91:aa:00:7a:
                    3f:15:16:40:89:8a:76:b5:8a:0f:45:73:be:48:60:
                    cc:5e:b7:5b:f8:7b:bd:17:6c:42:2a:0b:e1:4d:a3:
                    ad:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:0C:1A:1D:CE:A0:CD:99:4D:63:6E:38:3B:D3:0C:7B:E1:94:27:FB
            X509v3 Authority Key Identifier:
                keyid:7A:05:EA:59:80:5F:94:BE:18:52:82:03:9B:BA:E2:FA:8A:92:53:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/egXqWYBflL4YUoIDm7ri-oqSU_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/bgwaHc6gzZlNY244O9MMe-GUJ_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/egXqWYBflL4YUoIDm7ri-oqSU_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:8d:ad:7f:b9:d1:f2:b5:03:d9:4c:95:6e:63:16:f3:27:6b:
         51:46:83:94:d3:7d:14:36:b1:db:41:73:96:71:a9:1d:6c:cc:
         86:8c:ac:ca:5b:e8:e8:15:00:99:b9:8c:5e:7a:b4:8b:94:1a:
         46:5a:4d:f2:0d:0a:2e:a0:31:96:0a:44:f1:b9:18:25:df:5e:
         01:c8:b5:9c:b9:b0:0c:fa:19:5f:b0:6b:bb:d0:64:2a:62:14:
         16:2b:e6:82:ac:fc:8b:52:0e:c4:76:ed:40:44:05:62:c0:e4:
         bb:13:8c:fa:38:1e:c9:4f:55:07:2f:52:55:5e:4f:89:13:e3:
         cf:52:a9:c4:9c:c4:a8:45:c2:93:15:a4:39:d4:d7:d6:38:02:
         46:d8:4b:4b:36:ab:41:21:98:48:32:a8:de:6c:a8:a1:8e:5d:
         3c:13:bd:5b:99:51:44:fd:31:e9:37:05:e0:67:1d:5c:7f:10:
         e0:c8:d7:7c:48:0e:f6:93:13:43:d5:48:2f:18:92:56:1d:be:
         e0:4f:18:40:78:2b:6c:3b:ea:b6:a7:65:b0:7a:2f:db:c4:e9:
         a4:6e:47:cd:7c:03:e7:a5:fe:e3:50:ea:f2:a9:2a:97:fc:2e:
         6b:4d:ce:f5:61:27:af:47:a0:df:17:77:11:a6:c2:d9:ec:a5:
         05:36:c4:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt9XAThd7CRRMWz41Y6qAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMDVlYTU5ODA1Zjk0YmUxODUyODIwMzliYmFlMmZhOGE5
MjUzZjUwHhcNMjQwMTAxMjAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTBjMWExZGNlYTBjZDk5NGQ2MzZlMzgzYmQzMGM3YmUxOTQyN2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHSJVc0w3IBGl30Gxe1T+OwLZWQ/
DOf8WysoAP9wKSeDpBfCEouBd590LHUlo61COZy+nSw85LFAjZEDmrQPNOHy/iFE
VaGnlqkd1V0HoLrmh+bKJhcsHZzJAliWCBOnPwTrNvQem+jeJmAGI81ciqRdVroV
4rSyErnHG7TIvXE40aMGgygejr9zfW7FN6ZYG98nSx384eDdmGwdMpDK+WTQ1gpe
VhFkxQP86Q4F2YcBOe0YJFmQxadDDXzeXDgTQTClUQD2PCcxY6HpChWtGmufF3jV
SS/WmwsTDZGqAHo/FRZAiYp2tYoPRXO+SGDMXrdb+Hu9F2xCKgvhTaOtVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG4MGh3OoM2ZTWNuODvTDHvhlCf7MB8GA1UdIwQY
MBaAFHoF6lmAX5S+GFKCA5u64vqKklP1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWdYcVdZQmZsTDRZVW9JRG03cmktb3FTVV9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9jZjI0YmQtYzE1Yi00ODRjLTk3MzIt
MDRiMzgxM2YzYjNkLzEvYmd3YUhjNmd6WmxOWTI0NE85TU1lLUdVSl9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9jZjI0YmQtYzE1Yi00ODRjLTk3MzItMDRiMzgxM2YzYjNk
LzEvZWdYcVdZQmZsTDRZVW9JRG03cmktb3FTVV9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AY7MA0G
CSqGSIb3DQEBCwUAA4IBAQCVja1/udHytQPZTJVuYxbzJ2tRRoOU030UNrHbQXOW
cakdbMyGjKzKW+joFQCZuYxeerSLlBpGWk3yDQouoDGWCkTxuRgl314ByLWcubAM
+hlfsGu70GQqYhQWK+aCrPyLUg7Edu1ARAViwOS7E4z6OB7JT1UHL1JVXk+JE+PP
UqnEnMSoRcKTFaQ51NfWOAJG2EtLNqtBIZhIMqjebKihjl08E71bmVFE/THpNwXg
Zx1cfxDgyNd8SA72kxND1UgvGJJWHb7gTxhAeCtsO+q2p2Wwei/bxOmkbkfNfAPn
pf7jUOryqSqX/C5rTc71YSevR6DfF3cRpsLZ7KUFNsQU
-----END CERTIFICATE-----