Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/6t9icJaYCV18zfqCTWXG_iZERm0.roa
File:                     6t9icJaYCV18zfqCTWXG_iZERm0.roa (raw, json)
Hash identifier:          Ft8Wnep1HEXHhBo0A0NCMXIzxphln4N5EJLDJz5rqOc=
Subject key identifier:   EA:DF:62:70:96:98:09:5D:7C:CD:FA:82:4D:65:C6:FE:26:44:46:6D
Certificate issuer:       /CN=297ae7592ca52491dc166a30fe1477d712bd465d
Certificate serial:       01924C00BA7707D58F19FC74ABC255F0464B
Authority key identifier: 29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/6t9icJaYCV18zfqCTWXG_iZERm0.roa
Signing time:             Wed 02 Oct 2024 06:52:48 +0000
ROA not before:           Wed 02 Oct 2024 06:52:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28762
IP address blocks:        94.159.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4c:00:ba:77:07:d5:8f:19:fc:74:ab:c2:55:f0:46:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ae7592ca52491dc166a30fe1477d712bd465d
        Validity
            Not Before: Oct  2 06:52:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eadf62709698095d7ccdfa824d65c6fe2644466d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:9d:b2:61:18:d0:46:65:41:58:56:57:2e:cd:
                    8c:20:c8:1c:10:3e:a7:4c:5f:52:05:75:38:a4:c5:
                    55:1b:24:0e:33:86:86:e8:df:bf:aa:00:ae:04:07:
                    9b:c2:20:09:50:77:f4:44:0c:29:92:8a:5a:12:01:
                    c7:53:4e:af:e0:bd:0b:e7:d0:4a:13:0f:2e:41:a7:
                    fb:f3:86:53:39:7a:fe:35:e7:2a:79:64:7b:a1:b6:
                    8e:48:1d:4f:bd:70:6b:c1:51:77:0c:55:bc:51:ae:
                    7e:d1:26:c8:cd:b4:51:d9:26:21:40:2e:34:9a:0c:
                    07:1e:28:70:59:0e:ae:30:ee:93:39:ca:4f:a9:7f:
                    eb:55:78:d1:48:1e:46:77:b8:f8:57:7d:a5:2f:6c:
                    53:35:b8:7c:14:de:b0:c2:46:e5:6a:01:0e:57:20:
                    ee:f9:1a:de:9c:1b:46:44:2c:fe:1f:5c:c9:3e:ed:
                    34:38:97:24:0a:77:c6:0f:2d:16:c8:08:81:da:09:
                    5d:a2:c4:df:fa:b3:70:0d:4f:bb:ce:77:28:d4:b5:
                    22:d7:85:d7:b4:79:a0:ff:2f:0f:21:d3:b4:07:11:
                    76:08:67:c4:a9:06:6e:40:49:3d:f5:8a:4b:ab:6a:
                    a5:27:f0:3b:13:f5:71:b2:a4:d5:ce:95:e7:9d:09:
                    ac:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:DF:62:70:96:98:09:5D:7C:CD:FA:82:4D:65:C6:FE:26:44:46:6D
            X509v3 Authority Key Identifier:
                keyid:29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/6t9icJaYCV18zfqCTWXG_iZERm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.159.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:ab:ee:a8:60:3b:1e:d2:5f:43:31:c2:7d:98:d1:eb:ee:cb:
         1d:84:14:0d:28:71:a5:52:f9:6c:e5:70:50:a2:5e:5c:b4:97:
         38:bc:b9:23:9d:0f:00:7a:09:95:38:13:ab:f3:b6:58:5b:9e:
         9c:64:93:85:64:90:c0:3c:bf:21:15:b9:eb:d6:f0:ee:51:99:
         71:2a:9f:59:3a:9f:ab:a5:2f:70:60:32:4b:a3:47:71:4d:c9:
         d3:d2:0b:d7:51:e9:61:71:3c:7f:8f:c9:2f:13:06:81:41:f9:
         ea:0f:18:f2:62:d9:25:ea:b9:98:de:00:f9:a3:73:33:fe:9f:
         b8:7d:54:db:d7:9d:20:31:ae:bb:df:8e:6e:bc:7a:ca:58:9c:
         23:da:5f:59:af:7f:2a:31:e3:f5:aa:ec:03:01:55:fe:7a:39:
         e3:04:c8:24:42:46:26:85:b1:a6:7e:cd:a9:5a:54:67:21:bc:
         4b:4a:46:ba:15:40:dd:32:ad:ef:a1:d3:f6:79:da:51:cb:a8:
         1e:91:3b:d2:c4:0f:f5:ef:47:f0:b4:4b:27:38:f0:e3:d1:1b:
         5d:b2:7c:eb:f3:4f:84:4d:98:77:a9:77:b3:26:39:97:4e:00:
         81:c8:c3:10:b1:46:95:7f:11:20:f7:07:73:73:51:69:d0:b9:
         00:5d:46:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJMALp3B9WPGfx0q8JV8EZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2FlNzU5MmNhNTI0OTFkYzE2NmEzMGZlMTQ3N2Q3MTJi
ZDQ2NWQwHhcNMjQxMDAyMDY1MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWRmNjI3MDk2OTgwOTVkN2NjZGZhODI0ZDY1YzZmZTI2NDQ0NjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7p2yYRjQRmVBWFZXLs2MIMgcED6n
TF9SBXU4pMVVGyQOM4aG6N+/qgCuBAebwiAJUHf0RAwpkopaEgHHU06v4L0L59BK
Ew8uQaf784ZTOXr+NecqeWR7obaOSB1PvXBrwVF3DFW8Ua5+0SbIzbRR2SYhQC40
mgwHHihwWQ6uMO6TOcpPqX/rVXjRSB5Gd7j4V32lL2xTNbh8FN6wwkblagEOVyDu
+RrenBtGRCz+H1zJPu00OJckCnfGDy0WyAiB2gldosTf+rNwDU+7znco1LUi14XX
tHmg/y8PIdO0BxF2CGfEqQZuQEk99YpLq2qlJ/A7E/VxsqTVzpXnnQmsKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrfYnCWmAldfM36gk1lxv4mREZtMB8GA1UdIwQY
MBaAFCl651kspSSR3BZqMP4Ud9cSvUZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgt
MzkxMGE1OWExMTIxLzEvNnQ5aWNKYVlDVjE4emZxQ1RXWEdfaVpFUm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgtMzkxMGE1OWExMTIx
LzEvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXp9WMA0G
CSqGSIb3DQEBCwUAA4IBAQBzq+6oYDse0l9DMcJ9mNHr7ssdhBQNKHGlUvls5XBQ
ol5ctJc4vLkjnQ8AegmVOBOr87ZYW56cZJOFZJDAPL8hFbnr1vDuUZlxKp9ZOp+r
pS9wYDJLo0dxTcnT0gvXUelhcTx/j8kvEwaBQfnqDxjyYtkl6rmY3gD5o3Mz/p+4
fVTb150gMa67345uvHrKWJwj2l9Zr38qMeP1quwDAVX+ejnjBMgkQkYmhbGmfs2p
WlRnIbxLSka6FUDdMq3vodP2edpRy6gekTvSxA/170fwtEsnOPDj0Rtdsnzr80+E
TZh3qXezJjmXTgCByMMQsUaVfxEg9wdzc1Fp0LkAXUaa
-----END CERTIFICATE-----