Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/DWj8st9oQojzguqxL3thZ4pk9Mk.roa
File:                     DWj8st9oQojzguqxL3thZ4pk9Mk.roa (raw, json)
Hash identifier:          Xaeb2317/EmVNv7W343TXy+As0v9VAtxDCMBgY57ryw=
Subject key identifier:   0D:68:FC:B2:DF:68:42:88:F3:82:EA:B1:2F:7B:61:67:8A:64:F4:C9
Certificate issuer:       /CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
Certificate serial:       019265FA328B47B90E13574211087F58FBA0
Authority key identifier: 6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/DWj8st9oQojzguqxL3thZ4pk9Mk.roa
Signing time:             Mon 07 Oct 2024 07:55:48 +0000
ROA not before:           Mon 07 Oct 2024 07:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        145.69.64.0/22 maxlen: 22
                          145.69.68.0/22 maxlen: 22
                          145.69.72.0/22 maxlen: 22
                          145.69.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:65:fa:32:8b:47:b9:0e:13:57:42:11:08:7f:58:fb:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
        Validity
            Not Before: Oct  7 07:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d68fcb2df684288f382eab12f7b61678a64f4c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2a:2d:cd:6d:e3:70:3a:7b:8b:43:a9:bd:ec:
                    a2:87:0c:9d:26:f7:dd:78:3b:44:10:6b:31:5e:8a:
                    8a:45:33:21:72:66:c4:1a:3e:0b:b5:5c:07:0f:f6:
                    e4:fd:25:5e:c7:e2:62:a9:44:ac:3f:67:b8:ed:61:
                    30:eb:78:21:3b:79:06:6b:14:c3:d0:bd:89:36:8d:
                    58:e0:a1:27:43:e1:2f:cd:6b:93:9f:07:c0:36:dc:
                    2a:a1:52:31:70:75:3b:96:2a:a2:80:74:fd:53:7f:
                    05:c3:47:0e:71:e8:9f:e3:95:db:d0:5b:96:b9:31:
                    73:98:ef:01:5f:c2:81:41:d8:9b:2e:12:b4:ff:42:
                    08:94:16:12:4f:02:a4:4a:41:bc:47:ee:ff:af:31:
                    15:be:b2:0c:be:82:9a:88:49:98:50:3c:05:6a:3d:
                    1e:8c:ba:e1:22:1e:7f:8f:b6:8f:cf:ee:18:95:64:
                    6e:7e:19:bc:2a:ed:54:5b:9d:05:9f:1f:c0:19:89:
                    1e:be:a8:6f:e6:33:81:5a:86:53:25:98:25:30:1f:
                    e3:1c:57:72:46:4e:ee:70:3b:ac:d6:e5:3e:7a:25:
                    cb:ef:bf:63:29:81:ac:16:b0:ec:09:0e:a4:fd:31:
                    0e:bc:7d:46:f4:be:26:0a:a9:15:58:00:f0:c1:0e:
                    db:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:68:FC:B2:DF:68:42:88:F3:82:EA:B1:2F:7B:61:67:8A:64:F4:C9
            X509v3 Authority Key Identifier:
                keyid:6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/DWj8st9oQojzguqxL3thZ4pk9Mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.69.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1b:f9:f1:51:c7:e3:72:08:97:06:c4:ac:29:9c:ea:79:d7:cc:
         16:83:8d:d4:19:71:41:9f:45:61:64:fa:ac:e6:11:f6:65:05:
         18:ec:0a:b4:35:b0:58:70:d7:67:22:73:e5:c1:a8:28:0d:51:
         70:b6:16:1c:f4:31:2f:c6:40:3b:50:2f:c6:07:e2:83:08:ba:
         d8:d6:18:db:6d:69:78:0b:94:c3:b9:16:16:aa:7c:bc:d0:27:
         16:96:8f:c7:44:f2:28:c4:68:60:72:7f:e7:43:b5:53:cb:21:
         ea:d8:1a:98:db:c4:1d:98:f1:64:1e:c7:97:12:db:f5:7e:7c:
         7f:43:0c:d1:9e:cd:22:47:51:1f:8c:88:77:ac:23:d4:37:3d:
         35:77:80:49:1e:1d:0f:80:cf:e4:76:89:a1:b1:66:c3:91:e5:
         20:bd:90:4f:d7:76:a3:4d:6a:f5:26:71:98:e9:55:80:63:bf:
         91:85:d9:53:c3:94:a3:23:d7:a2:ea:ad:25:89:5f:55:56:5e:
         95:f4:82:06:6e:a4:e4:58:63:26:d7:22:28:ce:8f:6e:87:26:
         53:67:a8:72:07:ff:37:ea:ff:bb:41:a1:d9:fa:84:43:40:e0:
         7e:df:d5:7b:0d:0d:8c:55:ea:65:01:ed:84:d9:8e:7f:ef:b1:
         de:dc:cc:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJl+jKLR7kOE1dCEQh/WPugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDY5ZTE5ZTEyYzEwNDAwNGU4YjRiNzVmOGE3Nzg5Yjdl
MTEzOTYwHhcNMjQxMDA3MDc1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDY4ZmNiMmRmNjg0Mjg4ZjM4MmVhYjEyZjdiNjE2NzhhNjRmNGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yotzW3jcDp7i0OpveyihwydJvfd
eDtEEGsxXoqKRTMhcmbEGj4LtVwHD/bk/SVex+JiqUSsP2e47WEw63ghO3kGaxTD
0L2JNo1Y4KEnQ+EvzWuTnwfANtwqoVIxcHU7liqigHT9U38Fw0cOceif45Xb0FuW
uTFzmO8BX8KBQdibLhK0/0IIlBYSTwKkSkG8R+7/rzEVvrIMvoKaiEmYUDwFaj0e
jLrhIh5/j7aPz+4YlWRufhm8Ku1UW50Fnx/AGYkevqhv5jOBWoZTJZglMB/jHFdy
Rk7ucDus1uU+eiXL779jKYGsFrDsCQ6k/TEOvH1G9L4mCqkVWADwwQ7bFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1o/LLfaEKI84LqsS97YWeKZPTJMB8GA1UdIwQY
MBaAFG0GnhnhLBBABOi0t1+Kd4m34ROWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmIt
N2JmZjI5NmM2YjAyLzEvRFdqOHN0OW9Rb2p6Z3VxeEwzdGhaNHBrOU1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmItN2JmZjI5NmM2YjAy
LzEvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEkUVAMA0G
CSqGSIb3DQEBCwUAA4IBAQAb+fFRx+NyCJcGxKwpnOp518wWg43UGXFBn0VhZPqs
5hH2ZQUY7Aq0NbBYcNdnInPlwagoDVFwthYc9DEvxkA7UC/GB+KDCLrY1hjbbWl4
C5TDuRYWqny80CcWlo/HRPIoxGhgcn/nQ7VTyyHq2BqY28QdmPFkHseXEtv1fnx/
QwzRns0iR1EfjIh3rCPUNz01d4BJHh0PgM/kdomhsWbDkeUgvZBP13ajTWr1JnGY
6VWAY7+RhdlTw5SjI9ei6q0liV9VVl6V9IIGbqTkWGMm1yIozo9uhyZTZ6hyB/83
6v+7QaHZ+oRDQOB+39V7DQ2MVeplAe2E2Y5/77He3MzZ
-----END CERTIFICATE-----