Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/c69eef-5ac2-4768-83b7-ecdf2a906b4c/1/Pn6PKvmjygzpmRg76VHYY6aEB1U.roa
File:                     Pn6PKvmjygzpmRg76VHYY6aEB1U.roa (raw, json)
Hash identifier:          Ao0ERPimWqUlgAFvMnvSU0eGNfTJ4P16SYshNdqRIzA=
Subject key identifier:   3E:7E:8F:2A:F9:A3:CA:0C:E9:99:18:3B:E9:51:D8:63:A6:84:07:55
Certificate issuer:       /CN=ba274155104e43328c3bfa2ad6ac6719766f1325
Certificate serial:       01901201EC7EF203FD895999059255A03933
Authority key identifier: BA:27:41:55:10:4E:43:32:8C:3B:FA:2A:D6:AC:67:19:76:6F:13:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uidBVRBOQzKMO_oq1qxnGXZvEyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/c69eef-5ac2-4768-83b7-ecdf2a906b4c/1/Pn6PKvmjygzpmRg76VHYY6aEB1U.roa
Signing time:             Thu 13 Jun 2024 14:30:34 +0000
ROA not before:           Thu 13 Jun 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49487
IP address blocks:        188.94.240.0/24 maxlen: 24
                          188.94.241.0/24 maxlen: 24
                          188.94.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/c69eef-5ac2-4768-83b7-ecdf2a906b4c/1/uidBVRBOQzKMO_oq1qxnGXZvEyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/c69eef-5ac2-4768-83b7-ecdf2a906b4c/1/uidBVRBOQzKMO_oq1qxnGXZvEyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uidBVRBOQzKMO_oq1qxnGXZvEyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:12:01:ec:7e:f2:03:fd:89:59:99:05:92:55:a0:39:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba274155104e43328c3bfa2ad6ac6719766f1325
        Validity
            Not Before: Jun 13 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e7e8f2af9a3ca0ce999183be951d863a6840755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2c:bb:00:37:3b:66:7f:8c:24:f2:f9:10:d9:
                    f7:40:14:a6:f9:ab:6e:cf:63:d5:31:fc:9a:ea:eb:
                    55:34:2b:24:a6:01:b4:78:46:23:c2:2a:0e:09:be:
                    34:02:71:60:68:47:a7:41:9c:eb:b1:0f:dc:5b:4e:
                    e1:39:91:6d:66:1e:2f:95:46:a6:0e:5b:db:ba:90:
                    72:c3:de:33:9f:f3:4d:09:58:a3:4e:66:24:ef:da:
                    92:8a:11:6a:42:7c:c5:d7:a6:4b:1b:04:5a:6c:5d:
                    f5:17:f3:3b:51:28:5d:38:b4:43:10:e5:39:1a:88:
                    9b:d6:a5:dc:a3:14:3a:1e:be:0e:0d:6d:f9:5f:8a:
                    09:0f:a5:23:c0:3e:f7:2e:62:56:f0:6e:1b:93:b2:
                    6e:91:af:b3:80:39:d9:05:0b:1c:29:bf:4a:3b:46:
                    0a:e8:53:b5:c7:54:a3:17:39:9e:b8:d4:fa:96:d2:
                    08:2e:3d:63:77:e0:0d:40:f0:4e:1b:3f:fc:fc:b1:
                    44:97:76:b8:8d:8f:d6:c5:76:64:c0:f9:3f:15:fb:
                    6b:22:53:16:96:14:21:37:37:59:e4:64:90:a9:9d:
                    ca:22:7c:b9:70:73:20:96:bf:ab:00:be:f4:5e:43:
                    3a:86:4a:e1:45:bd:1f:8d:a8:cc:5d:25:86:7c:75:
                    10:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:7E:8F:2A:F9:A3:CA:0C:E9:99:18:3B:E9:51:D8:63:A6:84:07:55
            X509v3 Authority Key Identifier:
                keyid:BA:27:41:55:10:4E:43:32:8C:3B:FA:2A:D6:AC:67:19:76:6F:13:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uidBVRBOQzKMO_oq1qxnGXZvEyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/c69eef-5ac2-4768-83b7-ecdf2a906b4c/1/Pn6PKvmjygzpmRg76VHYY6aEB1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/c69eef-5ac2-4768-83b7-ecdf2a906b4c/1/uidBVRBOQzKMO_oq1qxnGXZvEyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.94.240.0-188.94.242.255

    Signature Algorithm: sha256WithRSAEncryption
         91:68:37:2c:a7:e8:7f:c4:62:9a:c1:45:c9:8a:bc:b0:91:b5:
         f3:52:61:9f:01:86:5e:0b:37:82:a4:c3:84:12:d8:9e:fc:d4:
         c2:36:5b:1a:b5:3f:30:3e:e2:d2:fb:8f:29:b1:ad:ed:79:cb:
         d9:90:f6:7e:63:1b:02:08:91:36:60:c3:c5:8c:ca:3e:31:dc:
         c2:cd:79:3b:d4:2c:04:77:fc:d0:67:fc:03:ba:f2:e2:af:60:
         e8:2d:aa:67:f2:eb:90:dd:61:8f:85:fd:03:4a:49:6e:62:6f:
         c3:b3:fc:a8:ec:f6:6d:95:52:e7:7f:3b:7d:e3:80:3b:67:6a:
         1c:a4:d1:c0:1b:3f:44:33:70:c4:4f:88:b5:de:fc:52:fe:23:
         0e:4b:c0:7c:5f:f4:67:35:88:8b:8b:71:e7:a9:be:4f:45:ef:
         f7:d1:05:18:67:67:53:54:90:af:4c:68:78:61:cc:28:f2:63:
         97:b7:16:d6:be:85:c5:9d:f7:85:3c:c1:f7:5a:1f:67:38:95:
         bd:e6:00:a6:cf:6f:72:ee:e4:71:65:97:02:2e:b3:69:17:70:
         25:44:47:30:2c:33:2d:85:21:dc:4a:e7:0d:85:f5:83:5c:df:
         c7:fd:87:99:ad:a1:be:4a:5d:f0:03:61:0f:d2:c9:c6:87:dd:
         03:b1:f2:5e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZASAex+8gP9iVmZBZJVoDkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMjc0MTU1MTA0ZTQzMzI4YzNiZmEyYWQ2YWM2NzE5NzY2
ZjEzMjUwHhcNMjQwNjEzMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTdlOGYyYWY5YTNjYTBjZTk5OTE4M2JlOTUxZDg2M2E2ODQwNzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCy7ADc7Zn+MJPL5ENn3QBSm+atu
z2PVMfya6utVNCskpgG0eEYjwioOCb40AnFgaEenQZzrsQ/cW07hOZFtZh4vlUam
DlvbupByw94zn/NNCVijTmYk79qSihFqQnzF16ZLGwRabF31F/M7UShdOLRDEOU5
Goib1qXcoxQ6Hr4ODW35X4oJD6UjwD73LmJW8G4bk7Juka+zgDnZBQscKb9KO0YK
6FO1x1SjFzmeuNT6ltIILj1jd+ANQPBOGz/8/LFEl3a4jY/WxXZkwPk/FftrIlMW
lhQhNzdZ5GSQqZ3KIny5cHMglr+rAL70XkM6hkrhRb0fjajMXSWGfHUQSwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD5+jyr5o8oM6ZkYO+lR2GOmhAdVMB8GA1UdIwQY
MBaAFLonQVUQTkMyjDv6KtasZxl2bxMlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWlkQlZSQk9RektNT19vcTFxeG5HWFp2RXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9jNjllZWYtNWFjMi00NzY4LTgzYjct
ZWNkZjJhOTA2YjRjLzEvUG42UEt2bWp5Z3pwbVJnNzZWSFlZNmFFQjFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9jNjllZWYtNWFjMi00NzY4LTgzYjctZWNkZjJhOTA2YjRj
LzEvdWlkQlZSQk9RektNT19vcTFxeG5HWFp2RXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAS8XvAD
BAC8XvIwDQYJKoZIhvcNAQELBQADggEBAJFoNyyn6H/EYprBRcmKvLCRtfNSYZ8B
hl4LN4Kkw4QS2J781MI2Wxq1PzA+4tL7jymxre15y9mQ9n5jGwIIkTZgw8WMyj4x
3MLNeTvULAR3/NBn/AO68uKvYOgtqmfy65DdYY+F/QNKSW5ib8Oz/Kjs9m2VUud/
O33jgDtnahyk0cAbP0QzcMRPiLXe/FL+Iw5LwHxf9Gc1iIuLceepvk9F7/fRBRhn
Z1NUkK9MaHhhzCjyY5e3Fta+hcWd94U8wfdaH2c4lb3mAKbPb3Lu5HFllwIus2kX
cCVERzAsMy2FIdxK5w2F9YNc38f9h5mtob5KXfADYQ/SycaH3QOx8l4=
-----END CERTIFICATE-----