Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/6bJOMeGIXNZE1YFoKCAbkYUcYwY.roa
File:                     6bJOMeGIXNZE1YFoKCAbkYUcYwY.roa (raw, json)
Hash identifier:          owDMI7mNx+89GvxoaDkGkRx7kwdKDVorPbx9N713iwY=
Subject key identifier:   E9:B2:4E:31:E1:88:5C:D6:44:D5:81:68:28:20:1B:91:85:1C:63:06
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D6A634087C8DB0C746F4CCD23390F
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/6bJOMeGIXNZE1YFoKCAbkYUcYwY.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207826
IP address blocks:        94.236.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6a:63:40:87:c8:db:0c:74:6f:4c:cd:23:39:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9b24e31e1885cd644d5816828201b91851c6306
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6c:60:6a:2e:25:8f:37:d6:d5:84:15:18:d3:
                    dd:e3:55:40:ac:1c:0e:fe:b4:f4:f7:85:be:d0:9c:
                    f6:17:8c:1f:f4:43:53:fd:ee:16:48:4f:da:54:7c:
                    93:e5:58:4f:7a:31:da:bf:19:8e:67:e2:0a:74:ad:
                    64:9a:b3:1c:23:f4:20:93:c6:2e:0f:f3:dc:ed:8b:
                    52:08:57:94:77:fc:11:f0:06:cd:0c:7d:77:19:ca:
                    2e:ac:c9:07:00:33:99:26:5e:27:3f:47:58:db:75:
                    70:0d:26:3d:3b:ad:4f:99:b5:b8:7e:ef:63:77:5f:
                    a4:e1:de:02:99:71:a2:ce:f5:ea:73:3b:94:6d:1a:
                    93:f4:47:bd:ce:8f:b0:51:ae:ee:07:ca:df:a2:58:
                    91:be:8b:f4:59:5e:66:14:1d:63:55:aa:53:26:3d:
                    69:03:5f:c4:70:98:b4:4d:93:c9:19:ab:b4:ba:02:
                    50:eb:40:7d:f2:58:77:c4:53:01:87:bf:99:94:8a:
                    24:99:2f:9f:3d:7b:b0:6c:c9:5e:cf:ed:d5:ae:b9:
                    bf:b9:d3:67:0d:fc:95:90:34:d1:70:30:5b:c9:3f:
                    1e:b8:68:4a:58:78:4f:21:c9:fc:34:15:ce:13:c7:
                    91:1b:e8:2d:c8:7a:f8:51:61:d4:a7:26:f5:91:7d:
                    f8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:B2:4E:31:E1:88:5C:D6:44:D5:81:68:28:20:1B:91:85:1C:63:06
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/6bJOMeGIXNZE1YFoKCAbkYUcYwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.236.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:77:fa:15:99:57:8a:eb:60:6e:a8:b8:be:ad:24:30:40:5a:
         fd:4a:7a:12:2d:01:b7:7b:ec:56:be:ce:70:43:35:84:1a:a7:
         8c:87:f0:32:42:d2:17:0e:46:67:3d:90:0d:47:b0:a8:fb:c9:
         24:11:08:11:5d:af:3a:29:09:7e:1a:88:c6:f3:77:40:c2:9f:
         62:63:ff:76:05:3c:78:39:32:d7:37:d7:08:b0:96:ad:8b:ff:
         1c:5a:6f:1b:e6:b6:b1:ce:52:3a:fb:1e:5d:84:69:c6:cf:f5:
         42:8b:16:39:1a:dc:cf:34:d2:8a:34:e9:ee:50:81:ce:33:84:
         55:3f:07:84:56:32:01:e7:b7:dd:6a:ff:57:45:34:74:7c:b7:
         92:40:f8:53:1e:1c:9a:64:fc:e1:da:bd:32:8a:9d:3b:73:0b:
         ae:1b:f0:e3:a7:f7:3f:2a:83:76:64:89:af:dc:ef:85:d7:e8:
         e9:b5:73:c2:ea:19:f3:bc:d6:f1:5e:f5:3a:45:f7:a3:63:b2:
         0c:e7:9d:59:32:e5:5b:8a:e1:c2:95:69:c9:85:bf:e9:5e:b0:
         d7:fb:f7:84:b0:2b:84:ad:49:5d:5f:ff:b5:55:7b:89:9a:93:
         d4:bf:70:c1:eb:b4:34:d6:7b:7b:55:8f:0b:ce:ba:28:2a:25:
         e4:cb:74:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWpjQIfI2wx0b0zNIzkPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWIyNGUzMWUxODg1Y2Q2NDRkNTgxNjgyODIwMWI5MTg1MWM2MzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmxgai4ljzfW1YQVGNPd41VArBwO
/rT094W+0Jz2F4wf9ENT/e4WSE/aVHyT5VhPejHavxmOZ+IKdK1kmrMcI/Qgk8Yu
D/Pc7YtSCFeUd/wR8AbNDH13GcourMkHADOZJl4nP0dY23VwDSY9O61PmbW4fu9j
d1+k4d4CmXGizvXqczuUbRqT9Ee9zo+wUa7uB8rfoliRvov0WV5mFB1jVapTJj1p
A1/EcJi0TZPJGau0ugJQ60B98lh3xFMBh7+ZlIokmS+fPXuwbMlez+3Vrrm/udNn
DfyVkDTRcDBbyT8euGhKWHhPIcn8NBXOE8eRG+gtyHr4UWHUpyb1kX34uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOmyTjHhiFzWRNWBaCggG5GFHGMGMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvNmJKT01lR0lYTlpFMVlGb0tDQWJrWVVjWXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuypMA0G
CSqGSIb3DQEBCwUAA4IBAQBCd/oVmVeK62BuqLi+rSQwQFr9SnoSLQG3e+xWvs5w
QzWEGqeMh/AyQtIXDkZnPZANR7Co+8kkEQgRXa86KQl+GojG83dAwp9iY/92BTx4
OTLXN9cIsJati/8cWm8b5raxzlI6+x5dhGnGz/VCixY5GtzPNNKKNOnuUIHOM4RV
PweEVjIB57fdav9XRTR0fLeSQPhTHhyaZPzh2r0yip07cwuuG/Djp/c/KoN2ZImv
3O+F1+jptXPC6hnzvNbxXvU6RfejY7IM551ZMuVbiuHClWnJhb/pXrDX+/eEsCuE
rUldX/+1VXuJmpPUv3DB67Q01nt7VY8LzrooKiXky3Qm
-----END CERTIFICATE-----