Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/f6JSHXR5IJWIrISIaHnp-KNuzWU.roa
File:                     f6JSHXR5IJWIrISIaHnp-KNuzWU.roa (raw, json)
Hash identifier:          s/mEZEFFKWN/UlAEF3Xf3k+mfTd0XXLmhrPGmyFlvdo=
Subject key identifier:   7F:A2:52:1D:74:79:20:95:88:AC:84:88:68:79:E9:F8:A3:6E:CD:65
Certificate issuer:       /CN=06bd30ac3561a1df7fc6b296bf9d29dd5581f1ee
Certificate serial:       019425216BA7BFD7E7D7698BA9F29D33D3C8
Authority key identifier: 06:BD:30:AC:35:61:A1:DF:7F:C6:B2:96:BF:9D:29:DD:55:81:F1:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Br0wrDVhod9_xrKWv50p3VWB8e4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/f6JSHXR5IJWIrISIaHnp-KNuzWU.roa
Signing time:             Thu 02 Jan 2025 03:48:54 +0000
ROA not before:           Thu 02 Jan 2025 03:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.23.152.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/Br0wrDVhod9_xrKWv50p3VWB8e4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/Br0wrDVhod9_xrKWv50p3VWB8e4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Br0wrDVhod9_xrKWv50p3VWB8e4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6b:a7:bf:d7:e7:d7:69:8b:a9:f2:9d:33:d3:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06bd30ac3561a1df7fc6b296bf9d29dd5581f1ee
        Validity
            Not Before: Jan  2 03:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fa2521d7479209588ac84886879e9f8a36ecd65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:94:ae:96:82:ff:9d:92:d3:38:d3:b0:1d:30:
                    54:86:0a:fc:9b:e4:39:58:ba:c6:fe:1e:52:49:f3:
                    bc:93:84:96:fb:10:c7:49:a3:6c:fe:d8:e3:24:49:
                    b1:90:6a:59:fc:0f:d5:3b:31:43:7c:26:6e:84:b1:
                    da:5b:8f:5d:6e:b4:0f:03:9c:1d:b4:5a:07:76:45:
                    11:b1:cf:df:d1:1d:4e:8f:e3:5f:28:49:7e:1f:cb:
                    52:b8:ee:08:99:a6:03:d2:b8:06:97:c5:52:2e:58:
                    cb:f3:ce:80:21:30:c4:76:21:b5:48:3e:a4:9b:65:
                    de:c6:e1:0a:9d:c7:ed:fb:eb:b2:c6:a1:b6:73:91:
                    2a:ba:c8:fb:33:3d:29:48:3b:c3:71:32:32:0c:c4:
                    f3:91:aa:9c:95:97:9d:e9:85:4b:8a:6e:35:1f:0c:
                    da:bc:08:64:54:f9:4a:58:37:e2:64:ad:54:4c:10:
                    a2:ed:b0:c3:18:d8:f4:b0:48:c9:e3:f6:3c:be:04:
                    69:4e:c4:04:4e:dc:b5:26:e3:3d:69:5e:b3:f2:36:
                    da:fa:57:c6:ee:1b:d9:d5:f2:da:65:77:c5:81:3b:
                    0a:d0:e1:a6:ba:23:92:14:9e:1b:78:83:1f:9f:fc:
                    0f:1b:94:53:42:c7:6d:f7:e8:82:ac:f8:61:c8:11:
                    10:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:A2:52:1D:74:79:20:95:88:AC:84:88:68:79:E9:F8:A3:6E:CD:65
            X509v3 Authority Key Identifier:
                keyid:06:BD:30:AC:35:61:A1:DF:7F:C6:B2:96:BF:9D:29:DD:55:81:F1:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Br0wrDVhod9_xrKWv50p3VWB8e4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/f6JSHXR5IJWIrISIaHnp-KNuzWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/Br0wrDVhod9_xrKWv50p3VWB8e4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:67:a3:85:b9:c5:d3:66:8c:89:dd:99:60:3d:f4:ce:01:1e:
         01:17:8f:5b:ac:9c:bd:cb:93:2c:fa:f8:d8:4e:fd:57:e7:18:
         95:b4:2b:36:be:41:21:fd:33:3d:c7:47:a5:87:5c:43:33:b2:
         4e:2e:a3:81:d0:b8:70:5b:7b:91:b2:2e:de:bb:15:05:03:42:
         36:b1:36:b9:e4:60:06:d9:0c:94:fb:cc:1e:1d:61:5b:29:bd:
         6b:54:fb:98:d8:e6:85:7d:2e:f8:70:6f:9b:45:81:82:ea:28:
         ac:bb:e5:aa:45:89:47:7c:01:fe:38:72:38:81:4e:1e:62:52:
         31:7e:8d:c4:38:0b:ef:6b:ef:26:91:2a:f5:b1:9c:d8:5a:f4:
         88:84:ab:d2:de:7b:50:58:61:a4:a9:db:14:0d:51:7e:9f:96:
         56:2f:bf:7d:99:12:07:e6:52:96:d3:a1:01:0e:75:75:fd:72:
         75:74:de:5c:9e:b4:58:31:ae:00:ef:6e:80:5b:dc:69:af:78:
         1c:1a:77:f3:db:20:1e:6e:5b:98:1c:8d:eb:6e:5c:a8:f0:8d:
         03:40:5e:41:5b:37:cd:a0:ce:57:a1:27:9c:89:e9:45:9a:17:
         c5:23:48:de:65:8a:9e:99:2e:49:59:eb:d9:85:06:f4:6c:b4:
         c9:55:18:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWunv9fn12mLqfKdM9PIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YmQzMGFjMzU2MWExZGY3ZmM2YjI5NmJmOWQyOWRkNTU4
MWYxZWUwHhcNMjUwMTAyMDM0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmEyNTIxZDc0NzkyMDk1ODhhYzg0ODg2ODc5ZTlmOGEzNmVjZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpSuloL/nZLTONOwHTBUhgr8m+Q5
WLrG/h5SSfO8k4SW+xDHSaNs/tjjJEmxkGpZ/A/VOzFDfCZuhLHaW49dbrQPA5wd
tFoHdkURsc/f0R1Oj+NfKEl+H8tSuO4ImaYD0rgGl8VSLljL886AITDEdiG1SD6k
m2XexuEKncft++uyxqG2c5Equsj7Mz0pSDvDcTIyDMTzkaqclZed6YVLim41Hwza
vAhkVPlKWDfiZK1UTBCi7bDDGNj0sEjJ4/Y8vgRpTsQETty1JuM9aV6z8jba+lfG
7hvZ1fLaZXfFgTsK0OGmuiOSFJ4beIMfn/wPG5RTQsdt9+iCrPhhyBEQSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+iUh10eSCViKyEiGh56fijbs1lMB8GA1UdIwQY
MBaAFAa9MKw1YaHff8aylr+dKd1VgfHuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnIwd3JEVmhvZDlfeHJLV3Y1MHAzVldCOGU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9hMDFhYjUtODNjMC00ZTE5LTkwOTMt
NzkxNzViMTUxYTUyLzEvZjZKU0hYUjVJSldJcklTSWFIbnAtS051eldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9hMDFhYjUtODNjMC00ZTE5LTkwOTMtNzkxNzViMTUxYTUy
LzEvQnIwd3JEVmhvZDlfeHJLV3Y1MHAzVldCOGU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuReYMA0G
CSqGSIb3DQEBCwUAA4IBAQBQZ6OFucXTZoyJ3ZlgPfTOAR4BF49brJy9y5Ms+vjY
Tv1X5xiVtCs2vkEh/TM9x0elh1xDM7JOLqOB0LhwW3uRsi7euxUFA0I2sTa55GAG
2QyU+8weHWFbKb1rVPuY2OaFfS74cG+bRYGC6iisu+WqRYlHfAH+OHI4gU4eYlIx
fo3EOAvva+8mkSr1sZzYWvSIhKvS3ntQWGGkqdsUDVF+n5ZWL799mRIH5lKW06EB
DnV1/XJ1dN5cnrRYMa4A726AW9xpr3gcGnfz2yAebluYHI3rblyo8I0DQF5BWzfN
oM5XoSecielFmhfFI0jeZYqemS5JWevZhQb0bLTJVRgs
-----END CERTIFICATE-----