Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/6tVAZsKU-ZcZyojwDAf-C0Uh_ic.roa
File:                     6tVAZsKU-ZcZyojwDAf-C0Uh_ic.roa (raw, json)
Hash identifier:          DiOW8C4iMymlPiD/gs3PtbZMbrQ/9JvXlZWhh69vvwM=
Subject key identifier:   EA:D5:40:66:C2:94:F9:97:19:CA:88:F0:0C:07:FE:0B:45:21:FE:27
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B949EB8C5AD1BFD8B2FD4D292EFE8A
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/6tVAZsKU-ZcZyojwDAf-C0Uh_ic.roa
Signing time:             Mon 01 Jan 2024 20:31:21 +0000
ROA not before:           Mon 01 Jan 2024 20:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43289
IP address blocks:        92.243.67.0/24 maxlen: 24
                          2a03:f80:373::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:49:eb:8c:5a:d1:bf:d8:b2:fd:4d:29:2e:fe:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ead54066c294f99719ca88f00c07fe0b4521fe27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6f:be:fe:aa:68:00:ea:c3:35:4a:91:f3:43:
                    42:fa:97:2b:85:41:77:6c:53:6c:bd:91:e3:ed:a6:
                    35:2d:65:25:52:55:7f:83:a7:1c:2b:13:8e:ae:34:
                    25:63:61:6a:cf:28:b8:ff:61:73:87:07:16:8c:94:
                    e3:c6:74:1e:8c:90:00:02:f1:07:02:52:c5:77:d0:
                    ab:a6:be:66:e4:6d:46:2d:cc:1a:2c:07:7e:33:11:
                    29:ed:e4:e6:a1:38:58:b3:86:14:c1:5b:49:37:86:
                    c2:46:79:66:7b:1b:ae:0d:77:3c:b4:1f:57:ab:77:
                    29:d6:be:37:03:26:54:52:b8:9d:9f:ff:b8:bb:66:
                    e0:df:4f:ac:5b:39:7a:ac:fb:e4:00:8a:cf:ba:eb:
                    2e:4a:72:f3:e5:b0:d8:38:66:a5:3f:61:a6:c8:66:
                    3a:92:29:17:3a:8b:e8:01:bb:c3:c3:57:83:d1:c6:
                    59:13:ed:57:31:54:7b:2f:22:90:d4:94:2b:56:ed:
                    97:36:3f:8d:85:55:66:82:b5:fe:6a:53:ee:38:2e:
                    79:72:08:b9:3d:6c:e0:a5:dd:50:a4:15:e3:6b:ec:
                    5d:86:98:f8:6c:b3:96:57:d1:8d:71:e1:bc:ae:c5:
                    2c:7d:52:61:b3:b7:a2:3f:ef:d0:1a:13:86:62:1a:
                    a7:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D5:40:66:C2:94:F9:97:19:CA:88:F0:0C:07:FE:0B:45:21:FE:27
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/6tVAZsKU-ZcZyojwDAf-C0Uh_ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.243.67.0/24
                IPv6:
                  2a03:f80:373::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:8b:56:86:3c:2c:70:75:e7:f4:3b:4f:1e:27:f5:c9:78:28:
         42:eb:9e:93:db:ea:5d:50:61:15:60:36:b5:6a:8e:df:c4:00:
         6d:05:e3:0c:6e:b5:ab:76:53:ec:08:47:41:02:33:77:9a:74:
         72:f8:e9:e3:47:a5:09:18:f1:c9:e0:30:73:d1:e9:b1:e0:43:
         0b:1d:2d:d8:8f:77:93:d4:ee:e8:77:a1:ce:80:06:94:37:2f:
         f5:e7:69:82:8c:23:e4:77:40:94:08:6e:c3:b8:56:0e:bf:28:
         eb:ac:34:c0:00:28:b1:8b:b6:e1:c9:00:95:b5:ae:7e:5f:16:
         6a:8c:a2:73:49:84:5b:01:45:3b:a2:08:e5:a3:3d:7d:5f:87:
         e8:34:cb:1c:9d:e3:00:c2:a0:0b:1b:8a:6a:d7:34:30:f0:e3:
         bc:c4:41:24:9d:0a:6d:4f:5a:e6:83:d0:5b:51:cc:be:0c:60:
         bd:6d:22:74:7b:3b:b5:28:80:a2:7f:6d:a2:88:68:6f:8e:bb:
         8c:d7:07:1f:9c:af:af:bf:16:10:2f:df:cd:3d:ae:95:8d:51:
         fb:02:1e:1b:c4:8e:8b:b2:4b:c3:a5:2e:26:ee:94:cf:23:bb:
         dc:37:34:32:dd:48:df:ad:d1:fe:a6:18:fe:f2:28:2f:7e:bc:
         83:cc:6b:c1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuUnrjFrRv9iy/U0pLv6KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWQ1NDA2NmMyOTRmOTk3MTljYTg4ZjAwYzA3ZmUwYjQ1MjFmZTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxm++/qpoAOrDNUqR80NC+pcrhUF3
bFNsvZHj7aY1LWUlUlV/g6ccKxOOrjQlY2Fqzyi4/2FzhwcWjJTjxnQejJAAAvEH
AlLFd9Crpr5m5G1GLcwaLAd+MxEp7eTmoThYs4YUwVtJN4bCRnlmexuuDXc8tB9X
q3cp1r43AyZUUridn/+4u2bg30+sWzl6rPvkAIrPuusuSnLz5bDYOGalP2GmyGY6
kikXOovoAbvDw1eD0cZZE+1XMVR7LyKQ1JQrVu2XNj+NhVVmgrX+alPuOC55cgi5
PWzgpd1QpBXja+xdhpj4bLOWV9GNceG8rsUsfVJhs7eiP+/QGhOGYhqnHwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOrVQGbClPmXGcqI8AwH/gtFIf4nMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvNnRWQVpzS1UtWmNaeW9qd0RBZi1DMFVoX2ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXPNDMA8E
AgACMAkDBwAqAw+AA3MwDQYJKoZIhvcNAQELBQADggEBAEKLVoY8LHB15/Q7Tx4n
9cl4KELrnpPb6l1QYRVgNrVqjt/EAG0F4wxutat2U+wIR0ECM3eadHL46eNHpQkY
8cngMHPR6bHgQwsdLdiPd5PU7uh3oc6ABpQ3L/XnaYKMI+R3QJQIbsO4Vg6/KOus
NMAAKLGLtuHJAJW1rn5fFmqMonNJhFsBRTuiCOWjPX1fh+g0yxyd4wDCoAsbimrX
NDDw47zEQSSdCm1PWuaD0FtRzL4MYL1tInR7O7UogKJ/baKIaG+Ou4zXBx+cr6+/
FhAv3809rpWNUfsCHhvEjouyS8OlLibulM8ju9w3NDLdSN+t0f6mGP7yKC9+vIPM
a8E=
-----END CERTIFICATE-----