Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/482984-d9e4-4d33-a8ec-f4bab719e070/1/6JWOOYN4BRoDbTffsNec1Sc_StE.roa
File:                     6JWOOYN4BRoDbTffsNec1Sc_StE.roa (raw, json)
Hash identifier:          D/nbsrkWfV/vreV6jKBSWY3pm0KYmRnRIjanaFXa/2I=
Subject key identifier:   E8:95:8E:39:83:78:05:1A:03:6D:37:DF:B0:D7:9C:D5:27:3F:4A:D1
Certificate issuer:       /CN=93785b3a9e33c52b58b9ec95a37723f0008bf946
Certificate serial:       018CC56E4D6AF6DF8BB7551A4C8424DD7F62
Authority key identifier: 93:78:5B:3A:9E:33:C5:2B:58:B9:EC:95:A3:77:23:F0:00:8B:F9:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k3hbOp4zxStYueyVo3cj8ACL-UY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/482984-d9e4-4d33-a8ec-f4bab719e070/1/6JWOOYN4BRoDbTffsNec1Sc_StE.roa
Signing time:             Mon 01 Jan 2024 14:29:49 +0000
ROA not before:           Mon 01 Jan 2024 14:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59620
IP address blocks:        185.165.96.0/24 maxlen: 24
                          185.165.97.0/24 maxlen: 24
                          185.165.98.0/24 maxlen: 24
                          185.165.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/482984-d9e4-4d33-a8ec-f4bab719e070/1/k3hbOp4zxStYueyVo3cj8ACL-UY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/482984-d9e4-4d33-a8ec-f4bab719e070/1/k3hbOp4zxStYueyVo3cj8ACL-UY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k3hbOp4zxStYueyVo3cj8ACL-UY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 08:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:4d:6a:f6:df:8b:b7:55:1a:4c:84:24:dd:7f:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93785b3a9e33c52b58b9ec95a37723f0008bf946
        Validity
            Not Before: Jan  1 14:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8958e398378051a036d37dfb0d79cd5273f4ad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:43:9d:de:7b:c6:61:73:0c:ee:c3:68:35:35:
                    21:a4:9b:a7:9b:3c:85:5d:64:10:f7:f2:1a:83:b1:
                    62:74:e7:cb:b7:3e:21:53:cb:ae:c8:fa:09:a3:58:
                    32:68:c2:91:40:5e:2a:21:9a:e7:09:75:8e:4c:67:
                    28:bb:62:6b:06:7b:29:38:67:37:f3:11:51:1f:18:
                    d0:2e:43:c2:15:d8:2b:46:71:ff:f4:a4:d8:4c:78:
                    0f:21:e6:e8:5a:36:43:4d:41:5e:69:af:85:47:1b:
                    44:fd:76:7f:cd:d8:1c:a4:46:29:c3:e2:09:d0:50:
                    58:ac:c2:12:e0:b1:f2:a9:5c:9f:25:3b:39:15:64:
                    ca:ff:6a:28:1d:39:bc:12:0a:7e:4c:1a:eb:8e:40:
                    6a:e4:58:a7:fb:7a:f3:dc:f1:85:28:50:5b:cc:85:
                    b0:5d:f0:72:eb:86:7a:29:9f:fe:90:8a:6f:41:44:
                    18:21:1f:0e:c8:2c:74:11:2b:67:6f:6c:0f:ff:bb:
                    19:f3:96:29:5e:57:5e:48:70:14:54:c8:f6:26:ba:
                    43:25:59:63:33:4c:4f:fa:d4:8f:a0:fd:5f:d1:65:
                    3b:07:51:53:4c:d5:66:a5:06:0b:e8:27:f2:33:a5:
                    f3:42:c3:1f:47:71:3d:66:0e:96:49:16:bf:a4:cf:
                    fb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:95:8E:39:83:78:05:1A:03:6D:37:DF:B0:D7:9C:D5:27:3F:4A:D1
            X509v3 Authority Key Identifier:
                keyid:93:78:5B:3A:9E:33:C5:2B:58:B9:EC:95:A3:77:23:F0:00:8B:F9:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k3hbOp4zxStYueyVo3cj8ACL-UY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/482984-d9e4-4d33-a8ec-f4bab719e070/1/6JWOOYN4BRoDbTffsNec1Sc_StE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/482984-d9e4-4d33-a8ec-f4bab719e070/1/k3hbOp4zxStYueyVo3cj8ACL-UY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:33:28:15:5d:f8:da:8c:09:b6:f9:f1:81:0d:d9:9b:b7:5d:
         a3:4e:e6:e3:b1:6b:c5:a2:02:cd:b2:f3:e7:43:cd:6b:fc:b6:
         b8:d9:5b:e4:c4:b2:43:fc:b7:c1:21:a4:f8:8e:73:78:d8:50:
         62:ac:63:1d:a9:74:82:57:82:fd:91:8d:69:0e:48:52:4f:66:
         3d:8b:3f:fd:18:48:69:e1:51:c6:f7:32:5f:51:bb:28:49:8a:
         05:46:05:fd:05:07:c3:f1:66:41:18:ad:3a:d9:95:ad:77:4c:
         20:09:1f:d2:59:e6:c5:aa:a7:77:d7:b1:2e:f1:c8:db:3e:6c:
         67:62:41:1b:a4:44:a2:8d:53:bd:92:e0:81:90:03:f1:76:35:
         84:1d:37:96:ac:8c:c3:86:04:fe:74:96:b9:3a:c0:80:71:cd:
         dd:b7:89:17:c6:a6:73:0a:7c:82:fd:5c:3b:4f:8f:a6:9a:31:
         7a:47:cc:b6:1d:e7:3a:34:18:07:a9:a1:78:ec:e7:c7:b1:9a:
         a3:9c:00:b6:fa:09:7b:54:8c:7d:85:1b:f0:93:02:83:5d:5b:
         76:99:cb:28:e4:2c:05:07:82:b9:c2:5e:7c:c9:62:67:e3:ce:
         08:1e:c1:c5:f8:1e:58:5f:52:cc:a3:01:3e:15:c6:b6:23:60:
         70:13:d4:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbk1q9t+Lt1UaTIQk3X9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNzg1YjNhOWUzM2M1MmI1OGI5ZWM5NWEzNzcyM2YwMDA4
YmY5NDYwHhcNMjQwMTAxMTQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODk1OGUzOTgzNzgwNTFhMDM2ZDM3ZGZiMGQ3OWNkNTI3M2Y0YWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEOd3nvGYXMM7sNoNTUhpJunmzyF
XWQQ9/Iag7FidOfLtz4hU8uuyPoJo1gyaMKRQF4qIZrnCXWOTGcou2JrBnspOGc3
8xFRHxjQLkPCFdgrRnH/9KTYTHgPIeboWjZDTUFeaa+FRxtE/XZ/zdgcpEYpw+IJ
0FBYrMIS4LHyqVyfJTs5FWTK/2ooHTm8Egp+TBrrjkBq5Fin+3rz3PGFKFBbzIWw
XfBy64Z6KZ/+kIpvQUQYIR8OyCx0EStnb2wP/7sZ85YpXldeSHAUVMj2JrpDJVlj
M0xP+tSPoP1f0WU7B1FTTNVmpQYL6CfyM6XzQsMfR3E9Zg6WSRa/pM/7EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiVjjmDeAUaA20337DXnNUnP0rRMB8GA1UdIwQY
MBaAFJN4WzqeM8UrWLnslaN3I/AAi/lGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazNoYk9wNHp4U3RZdWV5Vm8zY2o4QUNMLVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80ODI5ODQtZDllNC00ZDMzLWE4ZWMt
ZjRiYWI3MTllMDcwLzEvNkpXT09ZTjRCUm9EYlRmZnNOZWMxU2NfU3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80ODI5ODQtZDllNC00ZDMzLWE4ZWMtZjRiYWI3MTllMDcw
LzEvazNoYk9wNHp4U3RZdWV5Vm8zY2o4QUNMLVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaVgMA0G
CSqGSIb3DQEBCwUAA4IBAQCyMygVXfjajAm2+fGBDdmbt12jTubjsWvFogLNsvPn
Q81r/La42VvkxLJD/LfBIaT4jnN42FBirGMdqXSCV4L9kY1pDkhST2Y9iz/9GEhp
4VHG9zJfUbsoSYoFRgX9BQfD8WZBGK062ZWtd0wgCR/SWebFqqd317Eu8cjbPmxn
YkEbpESijVO9kuCBkAPxdjWEHTeWrIzDhgT+dJa5OsCAcc3dt4kXxqZzCnyC/Vw7
T4+mmjF6R8y2Hec6NBgHqaF47OfHsZqjnAC2+gl7VIx9hRvwkwKDXVt2mcso5CwF
B4K5wl58yWJn484IHsHF+B5YX1LMowE+Fca2I2BwE9Sy
-----END CERTIFICATE-----