Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/I6IGWwtvcwjpv5OcYefwbQc8Dac.roa
File:                     I6IGWwtvcwjpv5OcYefwbQc8Dac.roa (raw, json)
Hash identifier:          XsrwhU20IGp39xs49VqrIKTfmkeTvzqhqNOw6J/CaTU=
Subject key identifier:   23:A2:06:5B:0B:6F:73:08:E9:BF:93:9C:61:E7:F0:6D:07:3C:0D:A7
Certificate issuer:       /CN=6ab4379e119e71001ccdfeebf4f2af2cf5f07a0a
Certificate serial:       019423D73BEC781E5BE7ACA9B2CDB606F218
Authority key identifier: 6A:B4:37:9E:11:9E:71:00:1C:CD:FE:EB:F4:F2:AF:2C:F5:F0:7A:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/arQ3nhGecQAczf7r9PKvLPXwego.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/I6IGWwtvcwjpv5OcYefwbQc8Dac.roa
Signing time:             Wed 01 Jan 2025 21:48:15 +0000
ROA not before:           Wed 01 Jan 2025 21:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33915
IP address blocks:        160.20.148.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/arQ3nhGecQAczf7r9PKvLPXwego.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/arQ3nhGecQAczf7r9PKvLPXwego.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/arQ3nhGecQAczf7r9PKvLPXwego.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:3b:ec:78:1e:5b:e7:ac:a9:b2:cd:b6:06:f2:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ab4379e119e71001ccdfeebf4f2af2cf5f07a0a
        Validity
            Not Before: Jan  1 21:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23a2065b0b6f7308e9bf939c61e7f06d073c0da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:1b:76:1e:ac:06:8a:58:3b:a9:8b:93:00:20:
                    41:1c:06:c8:8b:41:c3:16:2f:96:77:94:c7:18:a2:
                    5e:c4:0c:68:89:f3:19:92:8b:ac:eb:9b:56:fd:5a:
                    57:f3:47:eb:de:14:59:43:97:de:da:5d:81:ca:7f:
                    1f:b3:d7:a9:39:b0:38:48:70:6a:1b:1c:f1:58:9d:
                    47:e7:71:8b:be:ab:85:7d:54:51:a7:71:af:a0:ba:
                    a9:b6:fd:a7:94:c8:5f:41:e4:4f:4a:4c:4f:bf:90:
                    89:31:3d:6f:9c:81:b6:74:6d:a9:fb:f7:54:b9:a2:
                    72:e0:85:c4:56:9c:9c:7b:0d:1b:b9:55:4d:cb:87:
                    f5:4f:b4:31:85:0a:de:6c:dd:3e:af:eb:ee:82:b9:
                    8c:98:6a:2b:43:9b:3f:c1:81:e3:95:df:76:f9:cc:
                    a5:86:21:72:86:c0:4d:16:33:70:ae:dd:49:7c:7b:
                    49:36:5c:c3:18:e6:78:67:12:76:1c:46:b9:d4:d7:
                    07:60:c3:ce:55:08:0c:44:e0:40:da:da:d4:9a:c6:
                    9b:af:f6:03:21:40:3e:0e:a6:d4:4f:c4:4c:1d:d5:
                    1b:52:f2:15:0b:d1:76:5f:0b:23:26:bc:02:85:f6:
                    7c:71:d2:09:0e:9b:59:5d:8a:f9:1a:a7:1e:66:ad:
                    fc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:A2:06:5B:0B:6F:73:08:E9:BF:93:9C:61:E7:F0:6D:07:3C:0D:A7
            X509v3 Authority Key Identifier:
                keyid:6A:B4:37:9E:11:9E:71:00:1C:CD:FE:EB:F4:F2:AF:2C:F5:F0:7A:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/arQ3nhGecQAczf7r9PKvLPXwego.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/I6IGWwtvcwjpv5OcYefwbQc8Dac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/89a4bf-325a-4675-bb00-0a4338cdf97b/1/arQ3nhGecQAczf7r9PKvLPXwego.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:06:e7:8e:dd:35:69:43:27:6c:a7:ab:51:70:39:0a:ad:6b:
         7a:ba:99:e6:40:5a:04:1f:b3:12:7f:25:ab:68:95:83:99:5a:
         57:c2:7c:e1:de:6d:e2:75:ad:bc:5c:0a:19:e7:23:a0:f4:c4:
         5c:df:0d:27:12:7b:a8:c2:98:83:df:a5:3b:ca:5c:68:a4:12:
         41:60:46:d6:49:66:2a:8f:dd:47:5e:ec:92:dd:82:1d:9c:1c:
         3a:de:75:07:ba:20:5f:6e:1c:27:61:b3:35:ed:85:f0:d2:38:
         98:2a:65:ef:04:f1:d5:71:36:60:7d:a5:a6:e0:77:4f:03:ab:
         70:98:12:9d:9c:0e:44:a7:64:63:2b:25:cb:58:ac:96:5d:73:
         cb:fe:02:19:04:76:05:51:78:c5:87:b3:13:57:bc:f6:bb:18:
         fa:83:d1:02:24:b8:e5:fb:ec:ae:ca:71:4d:4f:9a:ab:46:9e:
         2e:5f:1d:97:5f:81:32:6a:d4:b1:c8:d4:ab:ff:c9:47:0f:e3:
         7b:f6:17:2e:8d:28:39:ce:44:cd:54:c5:d2:65:73:58:c4:29:
         51:85:c9:4d:0b:6b:65:98:3b:c3:8e:e0:86:5a:91:43:b1:f6:
         5e:6a:b2:78:b8:35:a4:34:5d:d6:cc:af:31:ef:f4:89:8e:2a:
         c1:69:90:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zvseB5b56ypss22BvIYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYjQzNzllMTE5ZTcxMDAxY2NkZmVlYmY0ZjJhZjJjZjVm
MDdhMGEwHhcNMjUwMTAxMjE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2EyMDY1YjBiNmY3MzA4ZTliZjkzOWM2MWU3ZjA2ZDA3M2MwZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ht2HqwGilg7qYuTACBBHAbIi0HD
Fi+Wd5THGKJexAxoifMZkous65tW/VpX80fr3hRZQ5fe2l2Byn8fs9epObA4SHBq
GxzxWJ1H53GLvquFfVRRp3GvoLqptv2nlMhfQeRPSkxPv5CJMT1vnIG2dG2p+/dU
uaJy4IXEVpycew0buVVNy4f1T7QxhQrebN0+r+vugrmMmGorQ5s/wYHjld92+cyl
hiFyhsBNFjNwrt1JfHtJNlzDGOZ4ZxJ2HEa51NcHYMPOVQgMROBA2trUmsabr/YD
IUA+DqbUT8RMHdUbUvIVC9F2XwsjJrwChfZ8cdIJDptZXYr5GqceZq38RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOiBlsLb3MI6b+TnGHn8G0HPA2nMB8GA1UdIwQY
MBaAFGq0N54RnnEAHM3+6/Tyryz18HoKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXJRM25oR2VjUUFjemY3cjlQS3ZMUFh3ZWdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC84OWE0YmYtMzI1YS00Njc1LWJiMDAt
MGE0MzM4Y2RmOTdiLzEvSTZJR1d3dHZjd2pwdjVPY1llZndiUWM4RGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC84OWE0YmYtMzI1YS00Njc1LWJiMDAtMGE0MzM4Y2RmOTdi
LzEvYXJRM25oR2VjUUFjemY3cjlQS3ZMUFh3ZWdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCoBSUMA0G
CSqGSIb3DQEBCwUAA4IBAQBlBueO3TVpQydsp6tRcDkKrWt6upnmQFoEH7MSfyWr
aJWDmVpXwnzh3m3ida28XAoZ5yOg9MRc3w0nEnuowpiD36U7ylxopBJBYEbWSWYq
j91HXuyS3YIdnBw63nUHuiBfbhwnYbM17YXw0jiYKmXvBPHVcTZgfaWm4HdPA6tw
mBKdnA5Ep2RjKyXLWKyWXXPL/gIZBHYFUXjFh7MTV7z2uxj6g9ECJLjl++yuynFN
T5qrRp4uXx2XX4EyatSxyNSr/8lHD+N79hcujSg5zkTNVMXSZXNYxClRhclNC2tl
mDvDjuCGWpFDsfZearJ4uDWkNF3WzK8x7/SJjirBaZDl
-----END CERTIFICATE-----