Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/b6hTkKbNOfIbaG8yD7-BS_Yj6KI.roa
File:                     b6hTkKbNOfIbaG8yD7-BS_Yj6KI.roa (raw, json)
Hash identifier:          vo3HwfgLG2dbcNhI9BKjmqquo/hk8biJHEghUjke/Vw=
Subject key identifier:   6F:A8:53:90:A6:CD:39:F2:1B:68:6F:32:0F:BF:81:4B:F6:23:E8:A2
Certificate issuer:       /CN=1534838bb317b8186699f0a4485db6d9da1908d2
Certificate serial:       01942143D3B82CAEFF34A7EC8121745EB1F2
Authority key identifier: 15:34:83:8B:B3:17:B8:18:66:99:F0:A4:48:5D:B6:D9:DA:19:08:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FTSDi7MXuBhmmfCkSF222doZCNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/b6hTkKbNOfIbaG8yD7-BS_Yj6KI.roa
Signing time:             Wed 01 Jan 2025 09:48:00 +0000
ROA not before:           Wed 01 Jan 2025 09:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42
IP address blocks:        194.0.42.0/24 maxlen: 24
                          2001:678:60::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/FTSDi7MXuBhmmfCkSF222doZCNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/FTSDi7MXuBhmmfCkSF222doZCNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FTSDi7MXuBhmmfCkSF222doZCNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 10:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d3:b8:2c:ae:ff:34:a7:ec:81:21:74:5e:b1:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1534838bb317b8186699f0a4485db6d9da1908d2
        Validity
            Not Before: Jan  1 09:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fa85390a6cd39f21b686f320fbf814bf623e8a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:cd:d6:e5:2e:9f:a6:b3:1d:d3:69:e7:91:7d:
                    6b:dd:86:06:df:19:f8:a3:19:cf:3c:2f:45:5f:df:
                    c8:9a:b3:a1:c0:4a:c3:33:f9:d4:0b:82:4b:dd:3f:
                    f3:e9:c9:a3:d0:c2:e8:a1:21:a3:25:90:53:a7:bb:
                    d6:6b:81:09:d2:5a:73:9c:2a:f0:54:01:96:b8:2f:
                    ac:b2:73:60:d6:35:f2:9d:e2:d9:51:cf:10:77:5d:
                    82:ec:70:08:ec:61:c9:3f:ac:3e:91:b5:f4:68:b9:
                    b5:04:8b:51:26:32:4d:bc:3d:c4:d1:81:23:9a:ae:
                    f9:24:74:81:70:ed:23:67:26:72:d3:e7:b3:95:04:
                    e8:36:45:75:d5:48:25:9c:7c:9f:fd:59:61:bb:82:
                    bd:86:3e:2c:bd:dc:d3:35:e0:c1:05:2c:bd:b1:d6:
                    22:f3:e9:7b:88:87:e1:ac:59:cd:54:e0:99:8a:82:
                    40:03:b3:b3:60:db:0b:ed:95:f0:79:2d:f0:6c:fe:
                    4c:da:6f:e3:25:e1:e4:60:17:1a:ec:91:51:b6:86:
                    2f:e5:e1:fd:c0:5d:65:a7:80:13:7e:e3:18:26:e0:
                    1d:e7:f2:33:24:bf:0f:f2:84:66:a1:51:b1:1b:d1:
                    c0:86:d4:0e:d2:89:cd:19:b3:0c:73:11:52:b2:9f:
                    3b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:A8:53:90:A6:CD:39:F2:1B:68:6F:32:0F:BF:81:4B:F6:23:E8:A2
            X509v3 Authority Key Identifier:
                keyid:15:34:83:8B:B3:17:B8:18:66:99:F0:A4:48:5D:B6:D9:DA:19:08:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FTSDi7MXuBhmmfCkSF222doZCNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/b6hTkKbNOfIbaG8yD7-BS_Yj6KI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/FTSDi7MXuBhmmfCkSF222doZCNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.42.0/24
                IPv6:
                  2001:678:60::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:99:f4:4e:48:23:aa:28:46:29:42:68:c4:61:a1:74:e4:b7:
         96:c7:6f:66:75:8c:58:a8:28:80:66:2b:2b:1b:8d:2e:03:64:
         91:4a:79:21:af:70:17:8a:fa:3b:83:df:58:cc:d4:5b:ca:2c:
         cf:99:b3:14:71:3b:70:d4:de:bf:30:00:11:d4:70:13:bb:9f:
         1a:c2:4c:54:3d:3b:5c:e9:32:c6:c1:6f:59:b8:28:e0:a3:79:
         e0:3b:69:5f:a2:36:d1:3d:2b:58:49:89:c7:eb:5d:7e:d0:88:
         3e:b0:ad:c0:e8:c2:c4:43:6c:bb:b2:ea:c0:43:7b:74:31:00:
         de:19:07:0b:75:9a:4e:63:74:ee:ae:4e:3c:c8:c9:80:1d:b9:
         3f:30:b5:c3:b7:18:14:66:7c:af:02:2f:7b:76:e4:d2:fb:03:
         00:1e:56:37:6e:d7:fe:82:f3:15:ee:d8:ab:a3:e9:d8:23:af:
         00:02:1d:d5:66:52:c0:8a:0f:f3:93:11:f5:3a:b7:5c:a7:b3:
         b0:d1:d7:05:b7:90:cd:8e:93:db:f6:21:f5:e3:62:d1:42:7e:
         17:35:23:2f:60:57:6e:80:20:2e:39:7f:6b:60:7b:47:c9:3b:
         37:7f:4b:76:1a:e1:7b:79:4b:51:a3:40:a0:83:57:ea:76:48:
         21:19:61:b4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhQ9O4LK7/NKfsgSF0XrHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MzQ4MzhiYjMxN2I4MTg2Njk5ZjBhNDQ4NWRiNmQ5ZGEx
OTA4ZDIwHhcNMjUwMTAxMDk0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmE4NTM5MGE2Y2QzOWYyMWI2ODZmMzIwZmJmODE0YmY2MjNlOGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+83W5S6fprMd02nnkX1r3YYG3xn4
oxnPPC9FX9/ImrOhwErDM/nUC4JL3T/z6cmj0MLooSGjJZBTp7vWa4EJ0lpznCrw
VAGWuC+ssnNg1jXyneLZUc8Qd12C7HAI7GHJP6w+kbX0aLm1BItRJjJNvD3E0YEj
mq75JHSBcO0jZyZy0+ezlQToNkV11UglnHyf/Vlhu4K9hj4svdzTNeDBBSy9sdYi
8+l7iIfhrFnNVOCZioJAA7OzYNsL7ZXweS3wbP5M2m/jJeHkYBca7JFRtoYv5eH9
wF1lp4ATfuMYJuAd5/IzJL8P8oRmoVGxG9HAhtQO0onNGbMMcxFSsp87GQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG+oU5CmzTnyG2hvMg+/gUv2I+iiMB8GA1UdIwQY
MBaAFBU0g4uzF7gYZpnwpEhdttnaGQjSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlRTRGk3TVh1QmhtbWZDa1NGMjIyZG9aQ05JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xNGMxY2EtMTg3NC00N2FjLWExOGUt
M2ExNDRjNzBlMGIwLzEvYjZoVGtLYk5PZkliYUc4eUQ3LUJTX1lqNktJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xNGMxY2EtMTg3NC00N2FjLWExOGUtM2ExNDRjNzBlMGIw
LzEvRlRTRGk3TVh1QmhtbWZDa1NGMjIyZG9aQ05JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgAqMA8E
AgACMAkDBwAgAQZ4AGAwDQYJKoZIhvcNAQELBQADggEBAAmZ9E5II6ooRilCaMRh
oXTkt5bHb2Z1jFioKIBmKysbjS4DZJFKeSGvcBeK+juD31jM1FvKLM+ZsxRxO3DU
3r8wABHUcBO7nxrCTFQ9O1zpMsbBb1m4KOCjeeA7aV+iNtE9K1hJicfrXX7QiD6w
rcDowsRDbLuy6sBDe3QxAN4ZBwt1mk5jdO6uTjzIyYAduT8wtcO3GBRmfK8CL3t2
5NL7AwAeVjdu1/6C8xXu2Kuj6dgjrwACHdVmUsCKD/OTEfU6t1yns7DR1wW3kM2O
k9v2IfXjYtFCfhc1Iy9gV26AIC45f2tge0fJOzd/S3Ya4Xt5S1GjQKCDV+p2SCEZ
YbQ=
-----END CERTIFICATE-----