Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/b6QMF74wF01wlBWgUywRsmP3cGw.roa
File:                     b6QMF74wF01wlBWgUywRsmP3cGw.roa (raw, json)
Hash identifier:          mCNVR2N9fZow4RurrMaom9Uu+qamMdZIjWplYZcfRCk=
Subject key identifier:   6F:A4:0C:17:BE:30:17:4D:70:94:15:A0:53:2C:11:B2:63:F7:70:6C
Certificate issuer:       /CN=642794c2d2cfa054638ba950a5f668e87601412d
Certificate serial:       019424B3A95597F733DE863876D4DEE1F3F0
Authority key identifier: 64:27:94:C2:D2:CF:A0:54:63:8B:A9:50:A5:F6:68:E8:76:01:41:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZCeUwtLPoFRji6lQpfZo6HYBQS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/b6QMF74wF01wlBWgUywRsmP3cGw.roa
Signing time:             Thu 02 Jan 2025 01:49:01 +0000
ROA not before:           Thu 02 Jan 2025 01:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197775
IP address blocks:        62.102.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/ZCeUwtLPoFRji6lQpfZo6HYBQS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/ZCeUwtLPoFRji6lQpfZo6HYBQS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZCeUwtLPoFRji6lQpfZo6HYBQS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a9:55:97:f7:33:de:86:38:76:d4:de:e1:f3:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=642794c2d2cfa054638ba950a5f668e87601412d
        Validity
            Not Before: Jan  2 01:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fa40c17be30174d709415a0532c11b263f7706c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:eb:f7:fb:ae:9e:c5:57:07:32:8a:e8:18:61:
                    11:d4:83:fc:84:71:cb:2f:4c:fb:96:85:aa:7a:99:
                    6a:0e:5d:e8:3b:8e:c4:94:27:dd:b4:e7:83:3f:3f:
                    8e:fe:10:65:ff:d4:46:fa:f2:20:74:03:ff:be:fc:
                    82:14:47:e7:99:ee:03:40:b2:e5:55:ba:97:6c:a0:
                    8a:a0:6e:d5:e5:ee:6a:11:12:d8:ec:ef:1a:e6:0f:
                    52:45:a8:09:b9:73:a0:f6:a1:c7:f0:40:55:7d:c2:
                    7a:fd:18:f7:b0:4f:88:fa:3c:60:b6:b5:7f:db:52:
                    39:52:66:15:df:07:68:4a:6e:49:8b:1f:54:f6:c7:
                    0e:a8:e3:2b:d4:42:e7:f7:22:d3:57:5d:b6:11:04:
                    a8:94:dd:0c:2c:88:a9:0a:cf:d8:30:d4:fd:fa:28:
                    d6:f6:22:1b:59:16:c8:b4:21:6f:ef:38:88:11:98:
                    08:22:8e:97:5b:4e:6e:69:05:85:77:72:fb:99:06:
                    42:4d:61:0d:28:54:2b:ef:87:b6:16:90:76:30:81:
                    57:b5:a0:a6:d7:60:49:2e:0b:1f:3d:ae:ff:d8:a9:
                    f4:f4:76:21:fb:6f:60:40:9d:45:29:b4:76:2a:88:
                    c5:a4:66:9a:57:9f:44:9a:e5:15:3e:82:17:84:89:
                    a2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:A4:0C:17:BE:30:17:4D:70:94:15:A0:53:2C:11:B2:63:F7:70:6C
            X509v3 Authority Key Identifier:
                keyid:64:27:94:C2:D2:CF:A0:54:63:8B:A9:50:A5:F6:68:E8:76:01:41:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZCeUwtLPoFRji6lQpfZo6HYBQS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/b6QMF74wF01wlBWgUywRsmP3cGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f70a9c-1528-4e66-b7a6-061639812c74/1/ZCeUwtLPoFRji6lQpfZo6HYBQS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.102.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:6d:73:55:13:94:5d:8f:8a:2c:87:6b:4d:29:65:3c:05:86:
         7d:48:48:8f:b0:40:74:5d:c0:ea:41:7e:45:a3:e3:ce:4a:70:
         f1:63:ed:9e:a1:e4:c6:57:17:ef:d7:8f:7d:63:ad:36:ac:27:
         7a:ba:df:b9:cc:f9:96:b6:e0:79:45:cd:2b:18:ca:fa:61:33:
         85:b9:97:8c:17:c6:07:b1:16:45:35:85:19:6b:22:93:04:1c:
         39:f2:a9:ac:51:5a:00:8d:3e:fc:e8:57:cd:aa:bb:db:01:76:
         2b:e7:c3:2d:a4:04:7d:cd:59:9d:86:13:78:64:70:71:73:cc:
         96:0f:5d:be:bb:4a:a2:5b:64:32:d1:2b:4d:69:f9:ad:cc:c0:
         a5:8b:05:23:d2:0b:21:40:15:71:30:39:ac:c5:ae:b8:f2:47:
         35:b9:aa:2b:7a:b4:5e:40:c8:88:85:a5:ff:53:7b:e5:c7:97:
         ca:f2:31:9d:71:7c:58:89:85:bd:70:60:71:15:e2:cc:9c:5f:
         c1:47:fa:c2:53:69:ea:8a:66:2f:09:ff:74:49:c6:8e:70:7e:
         af:a1:d5:16:b1:79:9a:cc:cd:68:cd:e1:27:94:52:ef:d8:91:
         38:d2:c5:4d:38:d3:ff:ad:7d:8c:df:92:f7:74:92:64:2d:8f:
         14:ea:12:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6lVl/cz3oY4dtTe4fPwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0Mjc5NGMyZDJjZmEwNTQ2MzhiYTk1MGE1ZjY2OGU4NzYw
MTQxMmQwHhcNMjUwMTAyMDE0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmE0MGMxN2JlMzAxNzRkNzA5NDE1YTA1MzJjMTFiMjYzZjc3MDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOv3+66exVcHMoroGGER1IP8hHHL
L0z7loWqeplqDl3oO47ElCfdtOeDPz+O/hBl/9RG+vIgdAP/vvyCFEfnme4DQLLl
VbqXbKCKoG7V5e5qERLY7O8a5g9SRagJuXOg9qHH8EBVfcJ6/Rj3sE+I+jxgtrV/
21I5UmYV3wdoSm5Jix9U9scOqOMr1ELn9yLTV122EQSolN0MLIipCs/YMNT9+ijW
9iIbWRbItCFv7ziIEZgIIo6XW05uaQWFd3L7mQZCTWENKFQr74e2FpB2MIFXtaCm
12BJLgsfPa7/2Kn09HYh+29gQJ1FKbR2KojFpGaaV59EmuUVPoIXhImiJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+kDBe+MBdNcJQVoFMsEbJj93BsMB8GA1UdIwQY
MBaAFGQnlMLSz6BUY4upUKX2aOh2AUEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkNlVXd0TFBvRlJqaTZsUXBmWm82SFlCUVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9mNzBhOWMtMTUyOC00ZTY2LWI3YTYt
MDYxNjM5ODEyYzc0LzEvYjZRTUY3NHdGMDF3bEJXZ1V5d1JzbVAzY0d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9mNzBhOWMtMTUyOC00ZTY2LWI3YTYtMDYxNjM5ODEyYzc0
LzEvWkNlVXd0TFBvRlJqaTZsUXBmWm82SFlCUVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPmaWMA0G
CSqGSIb3DQEBCwUAA4IBAQApbXNVE5Rdj4osh2tNKWU8BYZ9SEiPsEB0XcDqQX5F
o+POSnDxY+2eoeTGVxfv1499Y602rCd6ut+5zPmWtuB5Rc0rGMr6YTOFuZeMF8YH
sRZFNYUZayKTBBw58qmsUVoAjT786FfNqrvbAXYr58MtpAR9zVmdhhN4ZHBxc8yW
D12+u0qiW2Qy0StNafmtzMCliwUj0gshQBVxMDmsxa648kc1uaorerReQMiIhaX/
U3vlx5fK8jGdcXxYiYW9cGBxFeLMnF/BR/rCU2nqimYvCf90ScaOcH6vodUWsXma
zM1ozeEnlFLv2JE40sVNONP/rX2M35L3dJJkLY8U6hLw
-----END CERTIFICATE-----