Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/6VqxblZ0kNaOYOzPisxO6FngelY.roa
File:                     6VqxblZ0kNaOYOzPisxO6FngelY.roa (raw, json)
Hash identifier:          2PTxITd6vOIS+MrE5rJ5V/eAGRolvcso+s7S8g0lRVM=
Subject key identifier:   E9:5A:B1:6E:56:74:90:D6:8E:60:EC:CF:8A:CC:4E:E8:59:E0:7A:56
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       0192C46CCACB29ACBF2A35D1D00A1A2A350A
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/6VqxblZ0kNaOYOzPisxO6FngelY.roa
Signing time:             Fri 25 Oct 2024 16:05:16 +0000
ROA not before:           Fri 25 Oct 2024 16:05:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52468
IP address blocks:        158.172.220.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c4:6c:ca:cb:29:ac:bf:2a:35:d1:d0:0a:1a:2a:35:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Oct 25 16:05:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e95ab16e567490d68e60eccf8acc4ee859e07a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:50:d1:2e:62:cc:ea:e3:8c:27:c9:66:ae:ad:
                    3d:be:31:2c:5a:2d:07:74:f7:13:5a:fa:e7:bc:8a:
                    1d:04:c9:69:a0:fe:b8:30:3f:8e:ab:3a:b1:07:dc:
                    e4:c9:1e:df:91:92:63:c1:e7:a9:83:69:b7:39:ee:
                    13:63:fb:a4:4e:c8:c2:a8:6a:57:34:0b:3d:4b:43:
                    b5:18:51:76:cb:d7:10:45:e2:5a:2a:36:b9:dc:15:
                    44:f1:71:bf:d9:c6:6f:0d:ed:ad:42:ec:d5:a9:09:
                    cc:cc:99:02:9d:42:21:6f:bf:a0:50:45:8f:c1:00:
                    5b:68:49:c8:34:70:08:59:47:d3:01:58:77:b9:df:
                    02:2f:4d:a4:c7:92:19:96:95:84:6b:97:7f:35:3b:
                    86:cd:4b:a4:8d:db:41:20:c1:b2:07:78:93:96:65:
                    e7:ed:c0:ba:53:44:a0:dc:4a:dd:fc:af:ca:5f:ee:
                    eb:96:95:bf:69:55:74:c8:1d:1f:c2:77:95:7a:cb:
                    f1:47:24:b8:08:fc:c3:bd:2f:9d:ce:ec:42:e1:32:
                    38:5a:e7:b3:91:82:b6:4c:e4:8a:ff:01:a6:4e:fa:
                    e3:44:54:3c:c9:69:1e:a2:db:36:26:5c:dc:d3:f9:
                    78:7d:fc:1c:c7:86:39:00:53:0b:7b:9a:27:97:4b:
                    c9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:5A:B1:6E:56:74:90:D6:8E:60:EC:CF:8A:CC:4E:E8:59:E0:7A:56
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/6VqxblZ0kNaOYOzPisxO6FngelY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:66:77:8b:35:4a:02:6f:b8:30:57:4b:5a:b3:80:54:b4:9e:
         ff:11:76:b2:68:95:94:b6:b7:4a:bb:ae:0f:d2:23:31:cc:74:
         09:3f:d3:73:26:f8:4c:fa:38:00:e1:2f:0f:28:38:9b:a2:56:
         a4:ea:0f:cf:83:62:9a:5d:5f:93:1c:08:1b:03:8b:75:98:80:
         fb:89:19:88:b4:89:c5:0e:f1:8b:21:3b:9c:99:5c:f4:36:71:
         41:54:25:73:55:e3:89:32:36:bb:40:c7:21:98:27:0a:b6:10:
         33:f2:43:17:dc:51:29:97:c1:8e:a9:fa:b7:9c:91:dd:ae:83:
         c3:e7:9a:8c:6e:13:46:30:c0:3a:16:53:5a:8b:d4:c6:b8:20:
         93:da:97:6f:e9:1b:93:62:d5:8e:d3:d6:b6:99:13:eb:27:b6:
         7a:50:aa:e3:0f:81:4a:7a:2b:de:dc:63:e7:14:c1:80:a7:60:
         c4:38:56:f7:25:3a:5e:b8:d4:3f:eb:1e:8e:51:37:b6:0a:69:
         7d:36:08:c4:a2:54:71:3f:4c:8f:6a:eb:40:3b:41:9c:46:e7:
         1b:40:3d:be:b2:b4:b6:a5:58:52:35:ba:3a:c6:43:5b:9a:0d:
         09:3c:c8:b2:7d:d3:87:ad:02:25:1d:00:11:e3:42:a5:06:3d:
         88:c2:22:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLEbMrLKay/KjXR0AoaKjUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjQxMDI1MTYwNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTVhYjE2ZTU2NzQ5MGQ2OGU2MGVjY2Y4YWNjNGVlODU5ZTA3YTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1DRLmLM6uOMJ8lmrq09vjEsWi0H
dPcTWvrnvIodBMlpoP64MD+OqzqxB9zkyR7fkZJjweepg2m3Oe4TY/ukTsjCqGpX
NAs9S0O1GFF2y9cQReJaKja53BVE8XG/2cZvDe2tQuzVqQnMzJkCnUIhb7+gUEWP
wQBbaEnINHAIWUfTAVh3ud8CL02kx5IZlpWEa5d/NTuGzUukjdtBIMGyB3iTlmXn
7cC6U0Sg3Erd/K/KX+7rlpW/aVV0yB0fwneVesvxRyS4CPzDvS+dzuxC4TI4Wuez
kYK2TOSK/wGmTvrjRFQ8yWkeots2Jlzc0/l4ffwcx4Y5AFMLe5onl0vJjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOlasW5WdJDWjmDsz4rMTuhZ4HpWMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvNlZxeGJsWjBrTmFPWU96UGlzeE82Rm5nZWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnqzcMA0G
CSqGSIb3DQEBCwUAA4IBAQAqZneLNUoCb7gwV0tas4BUtJ7/EXayaJWUtrdKu64P
0iMxzHQJP9NzJvhM+jgA4S8PKDibolak6g/Pg2KaXV+THAgbA4t1mID7iRmItInF
DvGLITucmVz0NnFBVCVzVeOJMja7QMchmCcKthAz8kMX3FEpl8GOqfq3nJHdroPD
55qMbhNGMMA6FlNai9TGuCCT2pdv6RuTYtWO09a2mRPrJ7Z6UKrjD4FKeive3GPn
FMGAp2DEOFb3JTpeuNQ/6x6OUTe2Cml9NgjEolRxP0yPautAO0GcRucbQD2+srS2
pVhSNbo6xkNbmg0JPMiyfdOHrQIlHQAR40KlBj2IwiL1
-----END CERTIFICATE-----