Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/6X-OxNlXuo3jcHegobZ1Q3lfe-s.roa
File:                     6X-OxNlXuo3jcHegobZ1Q3lfe-s.roa (raw, json)
Hash identifier:          RAwlQ5FqxhMqiKiLr11juRycFwcaVPyqB79O2YEw+aU=
Subject key identifier:   E9:7F:8E:C4:D9:57:BA:8D:E3:70:77:A0:A1:B6:75:43:79:5F:7B:EB
Certificate issuer:       /CN=94d98e8fec680775a157266e0c6b78b141a34f5e
Certificate serial:       018FF2BB8A379F72F7BD5B631EF8BFA6DE47
Authority key identifier: 94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/6X-OxNlXuo3jcHegobZ1Q3lfe-s.roa
Signing time:             Fri 07 Jun 2024 12:45:27 +0000
ROA not before:           Fri 07 Jun 2024 12:45:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50979
IP address blocks:        195.123.208.0/21 maxlen: 21
                          2a02:27ac::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:bb:8a:37:9f:72:f7:bd:5b:63:1e:f8:bf:a6:de:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94d98e8fec680775a157266e0c6b78b141a34f5e
        Validity
            Not Before: Jun  7 12:45:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e97f8ec4d957ba8de37077a0a1b67543795f7beb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:22:15:5e:f1:1b:87:69:db:fc:63:10:be:e0:
                    cc:66:cb:0b:84:98:f5:90:74:7e:ee:69:48:b9:31:
                    4e:6c:c6:6e:92:17:6a:33:0d:ee:43:54:a6:a7:9f:
                    5d:6b:9e:34:ef:02:b4:ff:03:ee:8c:a7:7d:2b:de:
                    a2:f9:6b:d4:f6:47:57:36:65:c9:ef:2e:a1:e7:1e:
                    34:29:38:4e:cd:be:75:fb:89:f3:6b:31:03:1b:ac:
                    72:58:2f:79:6f:59:53:d8:98:19:86:c4:1a:e7:84:
                    96:e3:ab:9d:be:bf:61:80:18:88:51:05:bb:5b:ad:
                    ef:2c:fb:1f:dd:aa:b4:6b:b8:ef:69:eb:03:7e:9f:
                    ef:bb:f1:0f:3e:3e:ba:05:58:46:8c:07:86:66:59:
                    97:98:54:ba:1c:4e:84:83:54:f1:52:7a:10:2a:af:
                    e6:64:58:2e:da:26:7f:b1:17:2b:bf:69:a8:c5:b0:
                    ef:8a:a9:0b:4b:40:80:f8:09:8c:00:23:47:fa:3c:
                    64:c5:04:ba:b7:1a:9d:d4:fa:ed:34:fc:dc:37:a7:
                    05:84:c8:2f:ae:53:22:9f:ac:91:4c:1f:68:5f:1f:
                    99:a8:df:a1:80:e8:56:e1:59:cd:c8:03:e8:9f:2e:
                    e3:cf:b4:28:f2:34:7c:e9:33:57:cd:33:1b:52:92:
                    de:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:7F:8E:C4:D9:57:BA:8D:E3:70:77:A0:A1:B6:75:43:79:5F:7B:EB
            X509v3 Authority Key Identifier:
                keyid:94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/6X-OxNlXuo3jcHegobZ1Q3lfe-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.123.208.0/21
                IPv6:
                  2a02:27ac::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:da:7d:be:5f:bd:96:00:d5:e5:99:0a:74:54:af:c1:0d:47:
         6e:f3:38:0c:e7:66:84:c0:d4:6f:9b:7a:e9:5a:fe:de:85:29:
         d0:13:7f:94:ed:76:99:fa:ea:0d:5c:08:cd:59:93:59:a4:4a:
         56:7b:4c:06:0c:86:09:05:ea:ff:6d:2f:70:6f:88:09:f2:39:
         16:83:80:cd:e8:f5:1a:81:ac:7d:8b:34:67:5c:76:19:04:5f:
         51:70:9d:f3:d5:fa:c6:bb:93:0e:91:c6:69:df:78:08:56:9d:
         e8:27:3c:95:ae:03:1b:d2:7b:8e:21:19:c9:30:5b:45:df:82:
         d3:27:43:15:0d:28:af:84:1c:8e:ee:e0:92:b7:ea:a6:c7:2d:
         47:07:a1:bb:0d:0c:27:a3:69:8b:fd:11:95:4d:8b:88:46:06:
         c1:8a:75:1a:05:ba:c7:9c:ef:ec:f4:39:95:50:1f:2d:68:14:
         9f:4e:ac:9e:bc:ce:a5:4d:9f:b6:a0:68:1c:cb:c0:b0:38:cc:
         84:09:f5:d3:96:bc:4f:81:e7:e2:28:95:86:5f:73:bb:6d:3e:
         ce:db:de:08:16:56:89:51:21:63:b9:f1:46:7f:a2:2a:0e:84:
         fe:d9:96:5d:f2:c7:71:66:91:47:9a:41:24:4e:8f:c2:45:dc:
         f8:28:3d:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY/yu4o3n3L3vVtjHvi/pt5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZDk4ZThmZWM2ODA3NzVhMTU3MjY2ZTBjNmI3OGIxNDFh
MzRmNWUwHhcNMjQwNjA3MTI0NTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTdmOGVjNGQ5NTdiYThkZTM3MDc3YTBhMWI2NzU0Mzc5NWY3YmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSIVXvEbh2nb/GMQvuDMZssLhJj1
kHR+7mlIuTFObMZukhdqMw3uQ1Smp59da5407wK0/wPujKd9K96i+WvU9kdXNmXJ
7y6h5x40KThOzb51+4nzazEDG6xyWC95b1lT2JgZhsQa54SW46udvr9hgBiIUQW7
W63vLPsf3aq0a7jvaesDfp/vu/EPPj66BVhGjAeGZlmXmFS6HE6Eg1TxUnoQKq/m
ZFgu2iZ/sRcrv2moxbDviqkLS0CA+AmMACNH+jxkxQS6txqd1PrtNPzcN6cFhMgv
rlMin6yRTB9oXx+ZqN+hgOhW4VnNyAPony7jz7Qo8jR86TNXzTMbUpLe9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOl/jsTZV7qN43B3oKG2dUN5X3vrMB8GA1UdIwQY
MBaAFJTZjo/saAd1oVcmbgxreLFBo09eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzkt
ODdkMTdkZjc0YzdlLzEvNlgtT3hObFh1bzNqY0hlZ29iWjFRM2xmZS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzktODdkMTdkZjc0Yzdl
LzEvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDw3vQMA0E
AgACMAcDBQAqAiesMA0GCSqGSIb3DQEBCwUAA4IBAQCE2n2+X72WANXlmQp0VK/B
DUdu8zgM52aEwNRvm3rpWv7ehSnQE3+U7XaZ+uoNXAjNWZNZpEpWe0wGDIYJBer/
bS9wb4gJ8jkWg4DN6PUagax9izRnXHYZBF9RcJ3z1frGu5MOkcZp33gIVp3oJzyV
rgMb0nuOIRnJMFtF34LTJ0MVDSivhByO7uCSt+qmxy1HB6G7DQwno2mL/RGVTYuI
RgbBinUaBbrHnO/s9DmVUB8taBSfTqyevM6lTZ+2oGgcy8CwOMyECfXTlrxPgefi
KJWGX3O7bT7O294IFlaJUSFjufFGf6IqDoT+2ZZd8sdxZpFHmkEkTo/CRdz4KD39
-----END CERTIFICATE-----