Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/21b558-7e89-41a2-825d-072262e30fc5/1/v6PTi9n_jlJgnQNnPn9q43-2ne4.roa
File:                     v6PTi9n_jlJgnQNnPn9q43-2ne4.roa (raw, json)
Hash identifier:          xOCKK9nROZqddeKjTuTHELl4lvw96hnuAUMOJ1TF4ws=
Subject key identifier:   BF:A3:D3:8B:D9:FF:8E:52:60:9D:03:67:3E:7F:6A:E3:7F:B6:9D:EE
Certificate issuer:       /CN=b739c4e3fe869d9783ba2dadf660dccd0fa53707
Certificate serial:       018CC4931E7FD86063314A53A1D046696B36
Authority key identifier: B7:39:C4:E3:FE:86:9D:97:83:BA:2D:AD:F6:60:DC:CD:0F:A5:37:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tznE4_6GnZeDui2t9mDczQ-lNwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/21b558-7e89-41a2-825d-072262e30fc5/1/v6PTi9n_jlJgnQNnPn9q43-2ne4.roa
Signing time:             Mon 01 Jan 2024 10:30:24 +0000
ROA not before:           Mon 01 Jan 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209815
IP address blocks:        194.31.136.0/22 maxlen: 22
                          2a09:1380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/21b558-7e89-41a2-825d-072262e30fc5/1/tznE4_6GnZeDui2t9mDczQ-lNwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/21b558-7e89-41a2-825d-072262e30fc5/1/tznE4_6GnZeDui2t9mDczQ-lNwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tznE4_6GnZeDui2t9mDczQ-lNwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1e:7f:d8:60:63:31:4a:53:a1:d0:46:69:6b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b739c4e3fe869d9783ba2dadf660dccd0fa53707
        Validity
            Not Before: Jan  1 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfa3d38bd9ff8e52609d03673e7f6ae37fb69dee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:0a:e0:eb:2a:2d:f7:8b:0f:a5:d0:fe:56:9c:
                    c5:b3:85:fd:02:e9:a9:79:07:b8:dd:69:ba:cc:0b:
                    75:7a:c6:33:6b:a1:00:43:dd:0a:f8:74:c0:01:19:
                    da:17:e6:56:ea:ce:8a:11:0c:da:b4:dc:cc:c5:dc:
                    31:4a:fc:9f:7b:eb:68:f3:ff:c7:ad:53:b4:ea:53:
                    7c:7c:a0:ef:ae:0f:23:39:fd:06:5c:f6:70:b9:31:
                    1a:dd:08:7f:55:db:1b:e6:c9:6d:56:31:e1:b7:08:
                    13:3d:6e:9c:ce:37:db:e6:f5:49:e1:88:85:62:65:
                    c1:fe:5f:e6:16:f1:f6:b0:a0:6f:3f:2b:8c:7e:bb:
                    14:32:24:0c:c4:3c:88:41:62:fb:1b:ad:1d:92:de:
                    f2:e3:78:0a:f5:76:15:20:c1:0e:dc:83:7a:32:8b:
                    e8:f9:81:30:bb:14:2a:5e:ff:ac:2c:e0:32:16:8b:
                    9e:08:12:f3:8a:19:43:fe:da:0a:5a:e1:39:57:fa:
                    b6:22:7e:4b:54:8a:a6:b7:d1:13:b2:dc:7d:92:8b:
                    ae:b7:13:c3:cd:8f:e0:99:96:8e:5f:7a:30:96:09:
                    b2:04:a4:a8:42:47:0d:e2:5d:2a:4c:8c:4a:00:44:
                    3a:a1:61:13:08:f1:96:e4:0d:d5:c6:0a:eb:18:c9:
                    97:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:A3:D3:8B:D9:FF:8E:52:60:9D:03:67:3E:7F:6A:E3:7F:B6:9D:EE
            X509v3 Authority Key Identifier:
                keyid:B7:39:C4:E3:FE:86:9D:97:83:BA:2D:AD:F6:60:DC:CD:0F:A5:37:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tznE4_6GnZeDui2t9mDczQ-lNwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/21b558-7e89-41a2-825d-072262e30fc5/1/v6PTi9n_jlJgnQNnPn9q43-2ne4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/21b558-7e89-41a2-825d-072262e30fc5/1/tznE4_6GnZeDui2t9mDczQ-lNwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.136.0/22
                IPv6:
                  2a09:1380::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:90:cc:7f:06:2b:d4:5d:ee:e2:cb:15:f5:ce:23:37:e2:bd:
         df:a3:39:8d:a5:31:7c:38:58:b1:18:70:a8:2a:6f:86:7a:4f:
         2d:f0:c5:4e:fb:d9:8b:f2:8c:85:09:96:e5:99:52:f8:3f:28:
         fe:99:3a:58:05:e4:01:1d:34:00:54:bd:f0:46:a0:f9:a6:b6:
         c2:6f:03:85:16:e4:9b:70:8b:26:01:3b:cd:68:c3:c3:79:86:
         84:bc:b2:74:38:c2:a0:16:e9:97:eb:2e:a6:1d:c1:e6:45:c8:
         ff:72:56:d2:db:14:34:ee:72:c0:94:56:db:57:81:ab:6f:9c:
         f9:58:40:67:63:ca:30:84:2e:97:75:e9:0a:74:06:6d:f2:d6:
         df:db:d0:64:0e:a5:5b:2c:25:16:0a:8a:03:70:46:75:10:3b:
         f4:ef:89:98:09:6e:e2:0a:d9:d1:ba:06:4a:ba:e6:1c:56:1b:
         29:2d:b0:33:59:8e:3c:12:ea:fc:fb:64:ce:bd:26:67:c4:1a:
         55:44:08:f8:9f:41:ec:7e:53:41:83:0d:b8:a6:4a:f3:65:f7:
         0d:cc:27:c5:47:7f:3c:1b:90:2f:25:a7:b0:52:62:6f:c8:98:
         8a:a1:59:a7:e7:a0:37:6c:7c:f3:9b:e0:c1:c3:26:b9:5d:3b:
         61:08:60:ff
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkx5/2GBjMUpTodBGaWs2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MzljNGUzZmU4NjlkOTc4M2JhMmRhZGY2NjBkY2NkMGZh
NTM3MDcwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmEzZDM4YmQ5ZmY4ZTUyNjA5ZDAzNjczZTdmNmFlMzdmYjY5ZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwrg6yot94sPpdD+VpzFs4X9Aump
eQe43Wm6zAt1esYza6EAQ90K+HTAARnaF+ZW6s6KEQzatNzMxdwxSvyfe+to8//H
rVO06lN8fKDvrg8jOf0GXPZwuTEa3Qh/Vdsb5sltVjHhtwgTPW6czjfb5vVJ4YiF
YmXB/l/mFvH2sKBvPyuMfrsUMiQMxDyIQWL7G60dkt7y43gK9XYVIMEO3IN6Movo
+YEwuxQqXv+sLOAyFoueCBLzihlD/toKWuE5V/q2In5LVIqmt9ETstx9kouutxPD
zY/gmZaOX3owlgmyBKSoQkcN4l0qTIxKAEQ6oWETCPGW5A3VxgrrGMmXKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL+j04vZ/45SYJ0DZz5/auN/tp3uMB8GA1UdIwQY
MBaAFLc5xOP+hp2Xg7otrfZg3M0PpTcHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHpuRTRfNkduWmVEdWkydDltRGN6US1sTndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8yMWI1NTgtN2U4OS00MWEyLTgyNWQt
MDcyMjYyZTMwZmM1LzEvdjZQVGk5bl9qbEpnblFOblBuOXE0My0ybmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8yMWI1NTgtN2U4OS00MWEyLTgyNWQtMDcyMjYyZTMwZmM1
LzEvdHpuRTRfNkduWmVEdWkydDltRGN6US1sTndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwh+IMA0E
AgACMAcDBQMqCROAMA0GCSqGSIb3DQEBCwUAA4IBAQAUkMx/BivUXe7iyxX1ziM3
4r3fozmNpTF8OFixGHCoKm+Gek8t8MVO+9mL8oyFCZblmVL4Pyj+mTpYBeQBHTQA
VL3wRqD5prbCbwOFFuSbcIsmATvNaMPDeYaEvLJ0OMKgFumX6y6mHcHmRcj/clbS
2xQ07nLAlFbbV4Grb5z5WEBnY8owhC6XdekKdAZt8tbf29BkDqVbLCUWCooDcEZ1
EDv074mYCW7iCtnRugZKuuYcVhspLbAzWY48Eur8+2TOvSZnxBpVRAj4n0HsflNB
gw24pkrzZfcNzCfFR388G5AvJaewUmJvyJiKoVmn56A3bHzzm+DBwya5XTthCGD/
-----END CERTIFICATE-----