Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/6GnMWzvqDhNoG586SjflpMNkSlk.roa
File:                     6GnMWzvqDhNoG586SjflpMNkSlk.roa (raw, json)
Hash identifier:          f6HD33e5N7CzJEplFE6fBSNtttwH95XxOfqnVBpop48=
Subject key identifier:   E8:69:CC:5B:3B:EA:0E:13:68:1B:9F:3A:4A:37:E5:A4:C3:64:4A:59
Certificate issuer:       /CN=454bf58119cfe99f1749bcd9bd124702ba9cb713
Certificate serial:       018E7FE8C517BDCC9A940E430C7C001C9A23
Authority key identifier: 45:4B:F5:81:19:CF:E9:9F:17:49:BC:D9:BD:12:47:02:BA:9C:B7:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RUv1gRnP6Z8XSbzZvRJHArqctxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/6GnMWzvqDhNoG586SjflpMNkSlk.roa
Signing time:             Wed 27 Mar 2024 12:35:45 +0000
ROA not before:           Wed 27 Mar 2024 12:35:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201863
IP address blocks:        185.225.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/RUv1gRnP6Z8XSbzZvRJHArqctxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/RUv1gRnP6Z8XSbzZvRJHArqctxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RUv1gRnP6Z8XSbzZvRJHArqctxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:e8:c5:17:bd:cc:9a:94:0e:43:0c:7c:00:1c:9a:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=454bf58119cfe99f1749bcd9bd124702ba9cb713
        Validity
            Not Before: Mar 27 12:35:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e869cc5b3bea0e13681b9f3a4a37e5a4c3644a59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:dc:6b:de:24:06:e0:83:9e:fc:fc:d3:26:f5:
                    ad:1b:83:2a:b8:21:db:b6:86:0c:a8:3a:23:55:7b:
                    e1:5e:6b:53:ee:03:a9:43:20:99:f3:53:2e:42:97:
                    3a:3c:45:ba:ba:cf:a0:6b:9f:ba:5e:2d:a2:7e:ef:
                    ef:29:71:5a:43:71:cf:6b:7f:57:fd:34:8d:f4:ad:
                    c0:e4:cb:91:9d:43:6e:fe:f9:6b:70:18:e2:cf:77:
                    f8:de:71:5c:ff:e5:60:ce:f3:ea:99:57:2c:c4:cb:
                    7d:ab:6b:17:9c:e3:a9:93:04:96:5d:90:d7:fb:01:
                    15:cb:57:f1:01:09:a4:ff:1c:63:66:0e:4c:54:8f:
                    a1:41:69:09:53:b4:a1:5d:c5:58:5b:d7:2b:1e:4d:
                    f9:a7:71:0a:a0:d7:13:99:01:7a:c5:77:fd:6c:e7:
                    cf:c2:51:12:f2:69:5b:66:26:c2:29:8d:f2:47:51:
                    90:f0:0b:69:3f:45:81:4a:78:05:e9:52:34:02:3d:
                    ab:7a:35:70:61:e2:27:23:87:37:5b:e6:a9:10:f1:
                    02:c9:b3:50:da:d0:b5:6f:68:40:75:c7:77:8d:a1:
                    6d:31:f2:6c:b8:59:2d:d2:53:b8:79:64:32:f0:90:
                    2f:53:55:96:a8:41:e1:8d:ff:ca:05:92:71:46:f1:
                    bd:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:69:CC:5B:3B:EA:0E:13:68:1B:9F:3A:4A:37:E5:A4:C3:64:4A:59
            X509v3 Authority Key Identifier:
                keyid:45:4B:F5:81:19:CF:E9:9F:17:49:BC:D9:BD:12:47:02:BA:9C:B7:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RUv1gRnP6Z8XSbzZvRJHArqctxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/6GnMWzvqDhNoG586SjflpMNkSlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/RUv1gRnP6Z8XSbzZvRJHArqctxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:30:1a:d6:dc:34:68:b9:42:84:73:8e:31:19:9c:06:8f:1d:
         57:5c:19:e8:60:2e:bf:20:06:04:57:8e:4e:c2:35:61:bb:08:
         65:ad:78:1f:cd:00:b9:de:86:f9:74:5b:a2:47:05:3a:f7:22:
         98:22:f2:86:2a:c5:6f:a6:a1:3b:76:56:9d:aa:d5:b9:0d:96:
         f3:e9:7d:a0:bd:a9:c6:7a:b3:e5:c7:46:e0:b7:4e:83:b4:af:
         97:61:d8:c9:f5:57:d7:45:7f:57:c0:48:1f:9c:f4:90:95:d0:
         d3:92:e3:26:e5:29:6a:2d:6a:fa:17:cd:ce:41:32:28:17:21:
         cd:8f:f5:fe:c3:9b:ab:f7:d4:ac:a2:1b:3b:04:58:37:fc:33:
         4b:25:6c:b4:d3:db:e0:f2:16:ff:62:5e:e3:f3:da:40:17:03:
         fc:8c:73:60:ee:c7:c8:f6:6c:da:08:bc:d5:92:de:ad:d9:27:
         33:83:2e:7e:91:2e:4c:36:ab:74:7a:db:b5:24:db:9c:a9:35:
         09:4d:ed:60:76:f4:8e:98:a3:a2:a4:ee:6e:52:1c:c0:53:6c:
         0a:51:19:57:fb:ed:69:92:a9:2e:6e:b0:ee:12:9b:24:6f:c6:
         00:93:cf:a7:17:d6:47:e8:75:42:79:b4:2b:c0:ca:33:54:86:
         f4:48:62:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5/6MUXvcyalA5DDHwAHJojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NGJmNTgxMTljZmU5OWYxNzQ5YmNkOWJkMTI0NzAyYmE5
Y2I3MTMwHhcNMjQwMzI3MTIzNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODY5Y2M1YjNiZWEwZTEzNjgxYjlmM2E0YTM3ZTVhNGMzNjQ0YTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Nxr3iQG4IOe/PzTJvWtG4MquCHb
toYMqDojVXvhXmtT7gOpQyCZ81MuQpc6PEW6us+ga5+6Xi2ifu/vKXFaQ3HPa39X
/TSN9K3A5MuRnUNu/vlrcBjiz3f43nFc/+VgzvPqmVcsxMt9q2sXnOOpkwSWXZDX
+wEVy1fxAQmk/xxjZg5MVI+hQWkJU7ShXcVYW9crHk35p3EKoNcTmQF6xXf9bOfP
wlES8mlbZibCKY3yR1GQ8AtpP0WBSngF6VI0Aj2rejVwYeInI4c3W+apEPECybNQ
2tC1b2hAdcd3jaFtMfJsuFkt0lO4eWQy8JAvU1WWqEHhjf/KBZJxRvG98QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhpzFs76g4TaBufOko35aTDZEpZMB8GA1UdIwQY
MBaAFEVL9YEZz+mfF0m82b0SRwK6nLcTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlV2MWdSblA2WjhYU2J6WnZSSkhBcnFjdHhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9jNmQwOTItY2M2MC00YTUxLWIwMTAt
MGE2ZTZkZmJkMmUzLzEvNkduTVd6dnFEaE5vRzU4NlNqZmxwTU5rU2xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9jNmQwOTItY2M2MC00YTUxLWIwMTAtMGE2ZTZkZmJkMmUz
LzEvUlV2MWdSblA2WjhYU2J6WnZSSkhBcnFjdHhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueGnMA0G
CSqGSIb3DQEBCwUAA4IBAQA2MBrW3DRouUKEc44xGZwGjx1XXBnoYC6/IAYEV45O
wjVhuwhlrXgfzQC53ob5dFuiRwU69yKYIvKGKsVvpqE7dladqtW5DZbz6X2gvanG
erPlx0bgt06DtK+XYdjJ9VfXRX9XwEgfnPSQldDTkuMm5SlqLWr6F83OQTIoFyHN
j/X+w5ur99Ssohs7BFg3/DNLJWy009vg8hb/Yl7j89pAFwP8jHNg7sfI9mzaCLzV
kt6t2Sczgy5+kS5MNqt0etu1JNucqTUJTe1gdvSOmKOipO5uUhzAU2wKURlX++1p
kqkubrDuEpskb8YAk8+nF9ZH6HVCebQrwMozVIb0SGIw
-----END CERTIFICATE-----