Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/6F3PvZPslRMAayscJS7i9yG1fDM.roa
File:                     6F3PvZPslRMAayscJS7i9yG1fDM.roa (raw, json)
Hash identifier:          bysuuXbApdJlpWGKhq88H3GFYa+a/4QPQ3jg5f1JhBU=
Subject key identifier:   E8:5D:CF:BD:93:EC:95:13:00:6B:2B:1C:25:2E:E2:F7:21:B5:7C:33
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018EF274D2A150401EFF8307C219BCEE5C47
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/6F3PvZPslRMAayscJS7i9yG1fDM.roa
Signing time:             Thu 18 Apr 2024 18:25:26 +0000
ROA not before:           Thu 18 Apr 2024 18:25:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215073
IP address blocks:        185.254.239.0/24 maxlen: 24
                          193.160.143.0/24 maxlen: 24
                          194.62.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f2:74:d2:a1:50:40:1e:ff:83:07:c2:19:bc:ee:5c:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Apr 18 18:25:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e85dcfbd93ec9513006b2b1c252ee2f721b57c33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:05:a5:5e:fe:82:9a:ca:6a:39:1c:8f:21:fc:
                    94:2b:60:34:15:ad:63:76:2e:28:03:f2:9a:3f:52:
                    b4:ad:1c:a5:a3:1d:66:0b:f8:26:e4:83:bb:96:d3:
                    25:49:af:5b:85:5d:f5:db:d2:f9:96:cd:08:7a:08:
                    92:f5:b5:74:7c:54:26:02:9d:65:8f:d7:1d:04:21:
                    53:9f:4c:39:9b:e6:6c:27:c9:42:7d:49:61:82:5a:
                    bc:06:8b:ed:d3:2c:3f:6c:45:cc:33:bc:0b:b7:30:
                    81:a4:74:db:ee:9a:3d:61:3b:4c:ef:ee:93:06:2c:
                    5c:d1:e7:96:27:d0:34:72:d7:3c:bb:bc:b3:81:f0:
                    6a:82:7a:12:27:58:d8:3d:59:c1:65:56:71:6c:2b:
                    fe:df:71:88:8f:b0:f8:e8:0b:90:62:46:58:a1:d1:
                    21:08:3d:c1:ad:af:8f:c4:36:5e:af:db:dd:ab:86:
                    c6:18:e7:c1:a2:26:32:35:c8:12:b7:ed:13:9d:ed:
                    2e:31:9b:e5:0f:f6:a4:0f:b1:87:fb:1b:57:f6:cd:
                    de:32:cb:6f:9b:43:70:d6:11:20:90:ed:c9:0f:19:
                    f6:25:90:5e:71:a7:6d:db:4a:ef:98:a7:ff:55:25:
                    ad:8c:fc:07:c3:db:73:36:57:1e:53:4c:08:bf:61:
                    d3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:5D:CF:BD:93:EC:95:13:00:6B:2B:1C:25:2E:E2:F7:21:B5:7C:33
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/6F3PvZPslRMAayscJS7i9yG1fDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.239.0/24
                  193.160.143.0/24
                  194.62.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:91:90:75:10:80:bd:d4:88:54:de:eb:7b:92:8f:fa:ed:fd:
         00:84:76:13:f4:be:7e:16:06:f6:8d:ae:5a:a6:64:27:bd:37:
         9a:7a:2d:a7:7b:33:bd:5a:b5:e5:c2:33:3b:11:2a:a4:4b:d4:
         66:d6:db:a9:e0:be:df:bc:77:fa:2b:91:48:0f:76:ca:be:35:
         4f:bb:01:0c:6a:c9:07:cf:1c:da:5f:5b:8e:34:cb:91:f9:23:
         03:af:18:cf:11:34:f4:69:61:25:1f:94:ce:74:3a:c7:27:28:
         c8:d1:94:cb:ad:13:a5:d1:90:67:6a:00:78:85:9d:97:71:b6:
         af:ed:24:21:14:b1:9d:7b:1a:ac:1f:29:5d:82:29:03:1a:7f:
         d7:fd:14:16:b0:ca:e1:2c:a4:27:a7:1d:85:80:00:91:d0:a0:
         4d:08:f6:7d:ec:95:51:95:ed:f7:bc:e9:fa:7a:3d:32:ec:da:
         19:82:46:57:ce:aa:88:85:5b:92:ed:ff:bc:7e:59:7a:c0:a6:
         dd:2a:b4:2e:d3:9c:84:99:d8:ef:db:9b:b4:4d:c4:24:af:34:
         56:4d:ae:b4:3a:de:ff:bc:10:69:fe:21:d7:a3:36:25:15:b1:
         dc:a1:d2:17:4e:72:bc:e4:18:80:23:05:9a:38:0c:f2:f2:7a:
         de:73:1f:86
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7ydNKhUEAe/4MHwhm87lxHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwNDE4MTgyNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODVkY2ZiZDkzZWM5NTEzMDA2YjJiMWMyNTJlZTJmNzIxYjU3YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQWlXv6CmspqORyPIfyUK2A0Fa1j
di4oA/KaP1K0rRylox1mC/gm5IO7ltMlSa9bhV3129L5ls0IegiS9bV0fFQmAp1l
j9cdBCFTn0w5m+ZsJ8lCfUlhglq8Bovt0yw/bEXMM7wLtzCBpHTb7po9YTtM7+6T
Bixc0eeWJ9A0ctc8u7yzgfBqgnoSJ1jYPVnBZVZxbCv+33GIj7D46AuQYkZYodEh
CD3Bra+PxDZer9vdq4bGGOfBoiYyNcgSt+0Tne0uMZvlD/akD7GH+xtX9s3eMstv
m0Nw1hEgkO3JDxn2JZBecadt20rvmKf/VSWtjPwHw9tzNlceU0wIv2HTlQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOhdz72T7JUTAGsrHCUu4vchtXwzMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvNkYzUHZaUHNsUk1BYXlzY0pTN2k5eUcxZkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuf7vAwQA
waCPAwQAwj42MA0GCSqGSIb3DQEBCwUAA4IBAQBPkZB1EIC91IhU3ut7ko/67f0A
hHYT9L5+Fgb2ja5apmQnvTeaei2nezO9WrXlwjM7ESqkS9Rm1tup4L7fvHf6K5FI
D3bKvjVPuwEMaskHzxzaX1uONMuR+SMDrxjPETT0aWElH5TOdDrHJyjI0ZTLrROl
0ZBnagB4hZ2Xcbav7SQhFLGdexqsHyldgikDGn/X/RQWsMrhLKQnpx2FgACR0KBN
CPZ97JVRle33vOn6ej0y7NoZgkZXzqqIhVuS7f+8fll6wKbdKrQu05yEmdjv25u0
TcQkrzRWTa60Ot7/vBBp/iHXozYlFbHcodIXTnK85BiAIwWaOAzy8nrecx+G
-----END CERTIFICATE-----