Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/b6lQyYLpABoCwjSUXAJur7_bPK0.roa
File:                     b6lQyYLpABoCwjSUXAJur7_bPK0.roa (raw, json)
Hash identifier:          +E1xVFbG1LCDjB4tEpqyWrUKYsPtpeZRICkKHyjwr+A=
Subject key identifier:   6F:A9:50:C9:82:E9:00:1A:02:C2:34:94:5C:02:6E:AF:BF:DB:3C:AD
Certificate issuer:       /CN=df61a292223ad9aebc8ad82c2a56475fbd97a834
Certificate serial:       018EB41DD423A8F9DC273733F864EA3DC860
Authority key identifier: DF:61:A2:92:22:3A:D9:AE:BC:8A:D8:2C:2A:56:47:5F:BD:97:A8:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/b6lQyYLpABoCwjSUXAJur7_bPK0.roa
Signing time:             Sat 06 Apr 2024 15:53:57 +0000
ROA not before:           Sat 06 Apr 2024 15:53:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35732
IP address blocks:        45.129.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b4:1d:d4:23:a8:f9:dc:27:37:33:f8:64:ea:3d:c8:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df61a292223ad9aebc8ad82c2a56475fbd97a834
        Validity
            Not Before: Apr  6 15:53:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fa950c982e9001a02c234945c026eafbfdb3cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:64:7e:cb:d5:8b:08:55:41:82:a8:1c:96:0f:
                    8e:a8:0c:4b:8a:9c:a7:0e:ac:ec:2d:fa:52:c5:e7:
                    97:ea:dd:3c:9c:2f:a1:0c:71:10:64:a5:f6:7d:41:
                    69:b7:f0:f7:7c:ed:f6:d1:da:48:d5:24:e8:19:7a:
                    c9:22:42:03:1e:b3:94:71:ce:3b:2d:bd:b7:74:9a:
                    27:48:7b:67:c9:90:75:eb:2c:16:62:ca:c0:b4:06:
                    32:75:1b:79:38:de:67:6a:26:2c:43:bd:64:b3:07:
                    51:ef:c2:52:6e:2c:d5:9e:0d:bf:be:ae:29:8a:ad:
                    61:2a:d0:6b:3f:53:bd:25:36:8c:da:d7:0d:1c:2f:
                    4c:2a:7d:95:df:95:e1:2f:cc:78:43:58:fd:31:3f:
                    2f:ad:a9:06:f2:37:1b:69:4f:ad:3e:de:b4:27:fd:
                    19:ac:b1:86:7b:73:c1:77:3c:82:83:71:57:dd:64:
                    64:4e:5c:c3:77:4e:de:3e:10:b7:dc:18:84:2a:9d:
                    2c:59:23:44:6d:fe:c0:50:6b:f6:75:cc:fa:03:d1:
                    4e:e6:c8:d4:6a:07:15:7a:a4:66:87:e5:ae:61:71:
                    10:a3:b6:64:02:c2:9d:6b:b7:16:96:40:ab:a4:ff:
                    2d:db:12:af:a1:cd:64:f2:c8:43:ca:44:e4:fc:d8:
                    35:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:A9:50:C9:82:E9:00:1A:02:C2:34:94:5C:02:6E:AF:BF:DB:3C:AD
            X509v3 Authority Key Identifier:
                keyid:DF:61:A2:92:22:3A:D9:AE:BC:8A:D8:2C:2A:56:47:5F:BD:97:A8:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/b6lQyYLpABoCwjSUXAJur7_bPK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:38:bf:1e:c6:82:1b:fb:cc:c9:22:fa:b0:e3:d8:db:92:25:
         ab:b4:5b:38:00:9c:56:a0:ed:39:68:9d:85:c7:f5:72:e7:c3:
         a9:c7:cf:7d:ab:b8:2f:11:e4:a5:7a:22:1a:9c:1b:3d:f6:bf:
         84:c4:04:a9:ac:24:07:d6:49:d8:c1:a2:b8:3b:d6:67:13:58:
         61:e6:be:b7:40:7d:03:75:c1:29:99:26:05:1c:89:04:92:82:
         fc:7a:ff:5d:49:d1:c9:33:86:de:1d:67:fb:41:7d:ec:35:51:
         6f:29:77:5d:d0:10:01:b6:e6:cb:19:0a:29:c6:66:1c:6b:ed:
         23:0f:a3:6a:55:c6:09:2d:78:b1:e5:0f:71:22:d6:3b:f5:0c:
         c2:47:53:d0:2c:bc:83:75:62:b9:7f:49:c1:c8:1a:f4:65:14:
         ec:ca:0c:75:04:e3:e9:74:28:4f:5d:eb:f3:8d:6f:56:30:5b:
         22:0d:a7:97:57:f8:d6:99:59:c5:3a:40:06:51:4a:ad:b8:78:
         bf:f3:86:ff:1c:be:fc:e1:1e:ce:d9:97:4f:dc:70:a0:2b:2b:
         d2:e8:70:f8:31:87:4c:c4:ab:06:7f:f5:0d:ef:20:d2:76:2c:
         ab:3e:a0:ab:07:5a:49:45:ae:d2:fb:12:55:e7:08:60:e8:e4:
         66:ed:b2:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY60HdQjqPncJzcz+GTqPchgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNjFhMjkyMjIzYWQ5YWViYzhhZDgyYzJhNTY0NzVmYmQ5
N2E4MzQwHhcNMjQwNDA2MTU1MzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmE5NTBjOTgyZTkwMDFhMDJjMjM0OTQ1YzAyNmVhZmJmZGIzY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGR+y9WLCFVBgqgclg+OqAxLipyn
DqzsLfpSxeeX6t08nC+hDHEQZKX2fUFpt/D3fO320dpI1SToGXrJIkIDHrOUcc47
Lb23dJonSHtnyZB16ywWYsrAtAYydRt5ON5naiYsQ71kswdR78JSbizVng2/vq4p
iq1hKtBrP1O9JTaM2tcNHC9MKn2V35XhL8x4Q1j9MT8vrakG8jcbaU+tPt60J/0Z
rLGGe3PBdzyCg3FX3WRkTlzDd07ePhC33BiEKp0sWSNEbf7AUGv2dcz6A9FO5sjU
agcVeqRmh+WuYXEQo7ZkAsKda7cWlkCrpP8t2xKvoc1k8shDykTk/Ng1aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+pUMmC6QAaAsI0lFwCbq+/2zytMB8GA1UdIwQY
MBaAFN9hopIiOtmuvIrYLCpWR1+9l6g0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzJHaWtpSTYyYTY4aXRnc0tsWkhYNzJYcURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iN2Q4NzUtYjEyYy00ZWQ4LWI4MGYt
NDE0ODdmNGQ0MTcxLzEvYjZsUXlZTHBBQm9Dd2pTVVhBSnVyN19iUEswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iN2Q4NzUtYjEyYy00ZWQ4LWI4MGYtNDE0ODdmNGQ0MTcx
LzEvMzJHaWtpSTYyYTY4aXRnc0tsWkhYNzJYcURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYGKMA0G
CSqGSIb3DQEBCwUAA4IBAQCiOL8exoIb+8zJIvqw49jbkiWrtFs4AJxWoO05aJ2F
x/Vy58Opx899q7gvEeSleiIanBs99r+ExASprCQH1knYwaK4O9ZnE1hh5r63QH0D
dcEpmSYFHIkEkoL8ev9dSdHJM4beHWf7QX3sNVFvKXdd0BABtubLGQopxmYca+0j
D6NqVcYJLXix5Q9xItY79QzCR1PQLLyDdWK5f0nByBr0ZRTsygx1BOPpdChPXevz
jW9WMFsiDaeXV/jWmVnFOkAGUUqtuHi/84b/HL784R7O2ZdP3HCgKyvS6HD4MYdM
xKsGf/UN7yDSdiyrPqCrB1pJRa7S+xJV5whg6ORm7bLa
-----END CERTIFICATE-----