Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/Bkd4xvh2cEDvQLPYdDH7UvR4zzY.roa
File:                     Bkd4xvh2cEDvQLPYdDH7UvR4zzY.roa (raw, json)
Hash identifier:          /JvrMzqU9yJuUb/i0vILgFNpIuS4yx2N3kiE3mPse4o=
Subject key identifier:   06:47:78:C6:F8:76:70:40:EF:40:B3:D8:74:31:FB:52:F4:78:CF:36
Certificate issuer:       /CN=6faae55613fc89586f7bd6de0edca097b8615a6a
Certificate serial:       018CC7953B8E6116C5916484D6DF4D1736F3
Authority key identifier: 6F:AA:E5:56:13:FC:89:58:6F:7B:D6:DE:0E:DC:A0:97:B8:61:5A:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6rlVhP8iVhve9beDtygl7hhWmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/Bkd4xvh2cEDvQLPYdDH7UvR4zzY.roa
Signing time:             Tue 02 Jan 2024 00:31:35 +0000
ROA not before:           Tue 02 Jan 2024 00:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29488
IP address blocks:        217.74.176.0/20 maxlen: 20
                          2001:1a30::/32 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/b6rlVhP8iVhve9beDtygl7hhWmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/b6rlVhP8iVhve9beDtygl7hhWmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6rlVhP8iVhve9beDtygl7hhWmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3b:8e:61:16:c5:91:64:84:d6:df:4d:17:36:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6faae55613fc89586f7bd6de0edca097b8615a6a
        Validity
            Not Before: Jan  2 00:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=064778c6f8767040ef40b3d87431fb52f478cf36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:52:de:f8:82:bc:fc:a2:e7:1d:99:79:ca:11:
                    2d:68:54:30:ee:9a:66:c0:c9:98:41:d0:f7:f3:8e:
                    7d:e0:c8:e1:01:13:2a:64:af:f8:ca:d6:ea:a6:9f:
                    a9:be:e3:08:90:bd:11:89:54:ea:ce:26:d7:23:9d:
                    35:8f:d9:17:9b:d4:e2:5e:57:13:87:51:8f:87:ca:
                    fb:fe:34:3d:4c:e4:03:09:0c:5d:b6:77:a1:ba:cb:
                    f8:66:50:5a:8a:74:11:97:7d:8b:d7:ae:12:33:95:
                    ac:1a:e6:14:98:ba:57:66:c0:53:55:eb:68:0f:cc:
                    34:95:4a:53:70:0f:37:14:28:69:97:62:b7:4b:92:
                    0b:ad:95:75:28:26:27:dc:ff:12:40:63:11:6d:dd:
                    64:40:fa:07:d0:7c:a5:d0:d9:0e:8a:bd:52:b2:16:
                    35:56:e8:6a:68:3a:73:bc:42:43:25:25:45:26:b2:
                    52:ad:92:d6:18:36:5b:4f:47:68:92:ab:c3:91:35:
                    bc:cd:8c:ce:77:2d:13:67:0b:b7:55:60:77:e0:b4:
                    9c:c3:fb:84:bf:75:cb:65:34:ec:6a:dd:c3:60:c7:
                    f0:4a:a8:2d:62:c5:c9:70:5a:1d:85:33:b5:43:a9:
                    55:f2:a2:db:98:16:01:cf:dc:9a:3d:e1:19:b5:39:
                    66:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:47:78:C6:F8:76:70:40:EF:40:B3:D8:74:31:FB:52:F4:78:CF:36
            X509v3 Authority Key Identifier:
                keyid:6F:AA:E5:56:13:FC:89:58:6F:7B:D6:DE:0E:DC:A0:97:B8:61:5A:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6rlVhP8iVhve9beDtygl7hhWmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/Bkd4xvh2cEDvQLPYdDH7UvR4zzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/57889a-50df-4abf-81e5-1b12641f493b/1/b6rlVhP8iVhve9beDtygl7hhWmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.74.176.0/20
                IPv6:
                  2001:1a30::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:dc:fe:3e:0c:77:47:61:3a:bc:16:1c:5d:72:e5:55:55:de:
         07:62:ff:92:95:b6:99:17:04:4f:13:53:8b:07:9a:9c:a0:bb:
         32:9c:1c:4c:a1:c9:c0:ef:b1:02:f0:24:84:75:a7:9b:79:26:
         b5:f3:77:8d:e1:e6:65:71:18:e2:4a:a8:ff:1d:eb:99:a0:0e:
         cd:24:f8:39:bb:23:c1:60:1d:c1:38:ef:3b:7d:4d:89:6a:38:
         12:1b:29:76:5a:58:94:9a:49:ff:d7:c4:29:32:9f:45:14:38:
         48:59:85:77:f9:82:1f:d0:d2:57:9f:7b:8c:1e:75:d8:ee:34:
         aa:d4:c6:16:f9:1e:95:ce:60:95:9c:9e:36:cb:10:36:a5:58:
         15:06:d3:33:d5:8b:3c:15:09:45:65:d4:05:fb:96:96:6c:16:
         e3:77:22:2a:69:10:1a:c8:2b:e4:f8:d2:74:10:bc:2b:ce:09:
         d9:ce:77:08:80:c0:36:72:ff:a8:30:5f:1c:72:0e:4d:aa:ad:
         7b:9a:f4:ec:40:29:52:39:5e:60:b0:b0:a8:7a:bd:4c:d8:0d:
         cb:d9:a2:8e:75:04:c3:60:e1:2a:c0:aa:f9:61:d7:39:53:1a:
         99:1e:65:d6:84:38:f6:6b:6b:64:c3:df:2b:f2:aa:ba:d8:38:
         e7:c2:b3:8c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlTuOYRbFkWSE1t9NFzbzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYWFlNTU2MTNmYzg5NTg2ZjdiZDZkZTBlZGNhMDk3Yjg2
MTVhNmEwHhcNMjQwMTAyMDAzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQ3NzhjNmY4NzY3MDQwZWY0MGIzZDg3NDMxZmI1MmY0NzhjZjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlLe+IK8/KLnHZl5yhEtaFQw7ppm
wMmYQdD384594MjhARMqZK/4ytbqpp+pvuMIkL0RiVTqzibXI501j9kXm9TiXlcT
h1GPh8r7/jQ9TOQDCQxdtnehusv4ZlBainQRl32L164SM5WsGuYUmLpXZsBTVeto
D8w0lUpTcA83FChpl2K3S5ILrZV1KCYn3P8SQGMRbd1kQPoH0Hyl0NkOir1SshY1
VuhqaDpzvEJDJSVFJrJSrZLWGDZbT0dokqvDkTW8zYzOdy0TZwu3VWB34LScw/uE
v3XLZTTsat3DYMfwSqgtYsXJcFodhTO1Q6lV8qLbmBYBz9yaPeEZtTlmpwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAZHeMb4dnBA70Cz2HQx+1L0eM82MB8GA1UdIwQY
MBaAFG+q5VYT/IlYb3vW3g7coJe4YVpqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZybFZoUDhpVmh2ZTliZUR0eWdsN2hoV21vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi81Nzg4OWEtNTBkZi00YWJmLTgxZTUt
MWIxMjY0MWY0OTNiLzEvQmtkNHh2aDJjRUR2UUxQWWRESDdVdlI0enpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi81Nzg4OWEtNTBkZi00YWJmLTgxZTUtMWIxMjY0MWY0OTNi
LzEvYjZybFZoUDhpVmh2ZTliZUR0eWdsN2hoV21vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2UqwMA0E
AgACMAcDBQAgARowMA0GCSqGSIb3DQEBCwUAA4IBAQBq3P4+DHdHYTq8FhxdcuVV
Vd4HYv+SlbaZFwRPE1OLB5qcoLsynBxMocnA77EC8CSEdaebeSa183eN4eZlcRji
Sqj/HeuZoA7NJPg5uyPBYB3BOO87fU2JajgSGyl2WliUmkn/18QpMp9FFDhIWYV3
+YIf0NJXn3uMHnXY7jSq1MYW+R6VzmCVnJ42yxA2pVgVBtMz1Ys8FQlFZdQF+5aW
bBbjdyIqaRAayCvk+NJ0ELwrzgnZzncIgMA2cv+oMF8ccg5Nqq17mvTsQClSOV5g
sLCoer1M2A3L2aKOdQTDYOEqwKr5Ydc5UxqZHmXWhDj2a2tkw98r8qq62DjnwrOM
-----END CERTIFICATE-----