Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/6KDubmDAuMfkB4BVkuovZlQ-iUI.roa
File:                     6KDubmDAuMfkB4BVkuovZlQ-iUI.roa (raw, json)
Hash identifier:          DLuUgaNrnHbzdBu70kgz9oJ71Nw/yVTJLGmKiEVZKCQ=
Subject key identifier:   E8:A0:EE:6E:60:C0:B8:C7:E4:07:80:55:92:EA:2F:66:54:3E:89:42
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018D49B781E2F24C7468128457DEAE314A4F
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/6KDubmDAuMfkB4BVkuovZlQ-iUI.roa
Signing time:             Sat 27 Jan 2024 06:59:39 +0000
ROA not before:           Sat 27 Jan 2024 06:59:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152159
IP address blocks:        194.120.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:49:b7:81:e2:f2:4c:74:68:12:84:57:de:ae:31:4a:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan 27 06:59:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8a0ee6e60c0b8c7e407805592ea2f66543e8942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:80:78:6b:d5:da:69:e2:73:55:35:29:8e:d0:
                    ce:95:3e:5f:16:5c:eb:fd:11:7f:55:a0:ab:e6:ec:
                    30:d3:c7:5f:44:60:ec:1f:d6:3e:a6:e4:d0:97:3a:
                    52:21:3c:d9:da:86:da:93:2c:4b:c3:9d:d4:4a:65:
                    4c:c6:dc:6b:08:1a:bd:f8:82:1d:e9:32:fd:45:88:
                    90:5e:ff:a8:d3:13:fb:89:02:f0:b0:8e:90:0f:b0:
                    4b:a7:49:1b:a2:01:f1:c4:c6:a6:83:49:7f:21:6e:
                    72:ad:02:2a:94:3d:4a:a5:8f:c8:36:8a:6e:54:4f:
                    fe:43:ad:a8:42:f6:bc:06:18:d4:e1:07:56:4c:99:
                    9d:75:1b:dc:cf:17:73:82:63:53:ad:d7:8a:8a:c1:
                    ce:f9:7b:4b:df:38:29:3e:76:8d:d8:e9:9c:f3:63:
                    f3:4a:ec:c7:5e:cd:47:35:21:17:9e:d5:2c:c8:a7:
                    d1:12:60:11:31:ce:45:a9:17:ef:b2:c7:a2:7b:6f:
                    0e:1f:c4:69:dc:61:2e:da:c3:db:df:24:bb:1d:60:
                    b4:b6:86:fb:38:60:b4:f0:93:6f:3d:da:83:b6:c1:
                    b5:fe:81:c9:6a:2b:bc:1a:67:81:cc:5c:c6:6f:ee:
                    b5:15:84:f2:c1:63:99:82:d3:b7:17:27:ef:eb:10:
                    42:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A0:EE:6E:60:C0:B8:C7:E4:07:80:55:92:EA:2F:66:54:3E:89:42
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/6KDubmDAuMfkB4BVkuovZlQ-iUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:52:2b:b3:7c:9a:29:45:5e:51:9a:f8:b2:7c:77:e3:42:8f:
         8f:52:16:01:63:cb:a3:6d:d1:46:da:b9:e1:6c:0a:42:4a:ca:
         45:97:90:72:f9:89:b6:e0:3b:d3:81:2d:61:ac:b5:a4:fb:ce:
         52:bd:dc:e4:5f:98:e1:4e:51:05:db:24:ad:26:93:8a:ee:eb:
         a8:29:ad:0e:c1:0f:ca:72:86:81:90:78:17:66:21:5a:00:85:
         38:58:60:f5:71:1a:01:61:4a:1c:e0:13:8c:cc:0b:82:7d:d0:
         c4:ef:f1:05:96:03:4c:14:27:84:00:3f:8f:91:7d:5d:16:a4:
         fb:91:34:24:31:c0:d4:c6:a1:23:e7:e6:68:8d:fa:97:a6:f1:
         00:ae:9c:7a:4b:b2:a7:34:2b:1d:f5:f6:a2:09:99:50:6f:69:
         86:44:a5:6a:e4:61:8f:32:9c:f0:a7:b9:ce:47:36:01:b8:0f:
         20:3c:f1:7b:8b:b5:24:23:aa:ec:f0:99:58:4f:5e:bd:75:71:
         8b:00:8e:ac:3c:9f:e4:46:26:56:0b:35:32:ae:52:ab:3c:bd:
         39:26:ed:25:de:7b:35:27:79:5a:4f:ce:fc:e3:00:f4:49:91:
         91:f6:f6:5e:ae:e3:c6:94:ba:60:f5:b8:de:3e:ea:f9:b3:2e:
         22:25:cc:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1Jt4Hi8kx0aBKEV96uMUpPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTI3MDY1OTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGEwZWU2ZTYwYzBiOGM3ZTQwNzgwNTU5MmVhMmY2NjU0M2U4OTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoB4a9XaaeJzVTUpjtDOlT5fFlzr
/RF/VaCr5uww08dfRGDsH9Y+puTQlzpSITzZ2obakyxLw53USmVMxtxrCBq9+IId
6TL9RYiQXv+o0xP7iQLwsI6QD7BLp0kbogHxxMamg0l/IW5yrQIqlD1KpY/INopu
VE/+Q62oQva8BhjU4QdWTJmddRvczxdzgmNTrdeKisHO+XtL3zgpPnaN2Omc82Pz
SuzHXs1HNSEXntUsyKfREmARMc5FqRfvsseie28OH8Rp3GEu2sPb3yS7HWC0tob7
OGC08JNvPdqDtsG1/oHJaiu8GmeBzFzGb+61FYTywWOZgtO3Fyfv6xBCbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOig7m5gwLjH5AeAVZLqL2ZUPolCMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvNktEdWJtREF1TWZrQjRCVmt1b3ZabFEtaVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnikMA0G
CSqGSIb3DQEBCwUAA4IBAQCgUiuzfJopRV5RmviyfHfjQo+PUhYBY8ujbdFG2rnh
bApCSspFl5By+Ym24DvTgS1hrLWk+85SvdzkX5jhTlEF2yStJpOK7uuoKa0OwQ/K
coaBkHgXZiFaAIU4WGD1cRoBYUoc4BOMzAuCfdDE7/EFlgNMFCeEAD+PkX1dFqT7
kTQkMcDUxqEj5+ZojfqXpvEArpx6S7KnNCsd9faiCZlQb2mGRKVq5GGPMpzwp7nO
RzYBuA8gPPF7i7UkI6rs8JlYT169dXGLAI6sPJ/kRiZWCzUyrlKrPL05Ju0l3ns1
J3laT8784wD0SZGR9vZeruPGlLpg9bjePur5sy4iJczR
-----END CERTIFICATE-----