Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/6RUOgT5E66UkKibqGKBJ8EPXLs4.roa
File:                     6RUOgT5E66UkKibqGKBJ8EPXLs4.roa (raw, json)
Hash identifier:          iqp10G8cwTc8qrbRkY/sRPnMclBr1eoo5QTSKQouii0=
Subject key identifier:   E9:15:0E:81:3E:44:EB:A5:24:2A:26:EA:18:A0:49:F0:43:D7:2E:CE
Certificate issuer:       /CN=3447a30428254c9970fcfbdffef06b0d6b490f0e
Certificate serial:       01901305EF4E8890D7F5CBF6A9F522B6CFBE
Authority key identifier: 34:47:A3:04:28:25:4C:99:70:FC:FB:DF:FE:F0:6B:0D:6B:49:0F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NEejBCglTJlw_Pvf_vBrDWtJDw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/6RUOgT5E66UkKibqGKBJ8EPXLs4.roa
Signing time:             Thu 13 Jun 2024 19:14:34 +0000
ROA not before:           Thu 13 Jun 2024 19:14:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42198
IP address blocks:        193.30.32.0/22 maxlen: 24
                          2a0c:8540::/43 maxlen: 48
                          2a0c:8541::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/NEejBCglTJlw_Pvf_vBrDWtJDw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/NEejBCglTJlw_Pvf_vBrDWtJDw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NEejBCglTJlw_Pvf_vBrDWtJDw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 22:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:13:05:ef:4e:88:90:d7:f5:cb:f6:a9:f5:22:b6:cf:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3447a30428254c9970fcfbdffef06b0d6b490f0e
        Validity
            Not Before: Jun 13 19:14:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9150e813e44eba5242a26ea18a049f043d72ece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3f:e2:bb:48:90:67:48:1a:55:25:77:eb:e6:
                    c8:6a:47:a5:c0:8e:6a:75:22:6c:e9:36:bb:20:df:
                    54:54:d5:db:11:58:6e:9b:bd:83:b3:da:0d:18:c0:
                    f9:c0:c9:f5:ec:d0:af:1c:d9:94:2d:e7:87:36:c7:
                    8d:6f:6f:84:72:05:2f:dd:af:25:84:dc:98:58:fe:
                    09:25:06:7c:d4:14:ff:ac:5f:ee:ba:00:82:9f:53:
                    76:47:f8:2b:3c:f0:7f:33:11:64:a0:2d:5a:2e:8b:
                    4a:4c:97:06:31:4e:54:06:10:8f:7b:3b:c3:09:c0:
                    01:1a:12:e1:79:1c:5a:97:24:50:d5:5b:2e:5c:b5:
                    f3:ae:ae:df:00:e1:84:65:be:14:ac:d2:b0:f4:2e:
                    38:57:3d:17:24:5b:38:18:bc:94:2e:b7:49:6a:f1:
                    b4:a7:da:e0:1a:af:05:85:4c:c1:8c:73:ae:5d:35:
                    90:75:ae:09:32:4c:82:0d:e0:ee:05:b4:d8:d9:df:
                    a6:c8:4a:6d:92:5e:be:04:4a:5d:50:a4:1e:f0:f1:
                    64:af:5c:84:86:fb:ad:08:1e:26:24:61:a2:d4:79:
                    f2:1d:de:9f:d4:0a:e8:63:05:f5:24:1e:bf:75:c6:
                    c9:c7:8a:3f:44:68:fe:c1:03:50:d6:51:40:e4:58:
                    cf:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:15:0E:81:3E:44:EB:A5:24:2A:26:EA:18:A0:49:F0:43:D7:2E:CE
            X509v3 Authority Key Identifier:
                keyid:34:47:A3:04:28:25:4C:99:70:FC:FB:DF:FE:F0:6B:0D:6B:49:0F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NEejBCglTJlw_Pvf_vBrDWtJDw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/6RUOgT5E66UkKibqGKBJ8EPXLs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/NEejBCglTJlw_Pvf_vBrDWtJDw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.32.0/22
                IPv6:
                  2a0c:8540::/43
                  2a0c:8541::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:24:69:15:e4:b5:e5:4a:46:5a:c7:3f:83:d2:01:8e:8f:59:
         fa:d3:4e:ba:26:7e:f4:18:88:af:ee:77:4d:91:92:8a:35:d9:
         e6:95:d0:1b:b8:37:5c:45:3c:fc:1a:02:f1:47:fa:95:26:cd:
         95:ac:45:62:ff:7d:90:33:05:13:8a:80:f4:4a:eb:ec:7b:e5:
         a1:8d:64:3d:ca:47:7a:20:b1:a7:b1:e1:c3:a9:83:e9:b4:b7:
         e4:44:19:12:db:bf:c3:ad:11:63:95:2e:93:0e:c3:81:d5:bc:
         85:aa:b0:3f:80:db:a0:2f:ae:a7:f1:cb:99:e6:17:db:3a:0d:
         de:a8:87:a1:d6:f1:e3:8f:91:38:59:a2:9e:05:7f:0d:71:95:
         ba:e3:cb:06:cd:df:50:e5:33:ca:58:54:0d:e0:3d:4f:7a:55:
         fc:0c:23:95:c8:c1:59:7b:a1:30:3a:9b:99:18:df:59:5c:88:
         b1:77:d5:6c:4b:d3:95:58:ae:b7:38:99:be:23:0f:9f:f5:6a:
         eb:31:9a:47:75:5e:31:8f:05:bf:9e:9e:22:cf:19:c8:46:c2:
         48:6f:87:2a:3d:d9:1c:c7:fc:e3:46:af:30:b9:43:73:54:f0:
         cf:73:91:1f:0e:a6:a4:3c:c3:48:50:32:01:55:a0:ef:89:d7:
         5c:b6:9d:d5
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZATBe9OiJDX9cv2qfUits++MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NDdhMzA0MjgyNTRjOTk3MGZjZmJkZmZlZjA2YjBkNmI0
OTBmMGUwHhcNMjQwNjEzMTkxNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTE1MGU4MTNlNDRlYmE1MjQyYTI2ZWExOGEwNDlmMDQzZDcyZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT/iu0iQZ0gaVSV36+bIakelwI5q
dSJs6Ta7IN9UVNXbEVhum72Ds9oNGMD5wMn17NCvHNmULeeHNseNb2+EcgUv3a8l
hNyYWP4JJQZ81BT/rF/uugCCn1N2R/grPPB/MxFkoC1aLotKTJcGMU5UBhCPezvD
CcABGhLheRxalyRQ1VsuXLXzrq7fAOGEZb4UrNKw9C44Vz0XJFs4GLyULrdJavG0
p9rgGq8FhUzBjHOuXTWQda4JMkyCDeDuBbTY2d+myEptkl6+BEpdUKQe8PFkr1yE
hvutCB4mJGGi1HnyHd6f1AroYwX1JB6/dcbJx4o/RGj+wQNQ1lFA5FjPVQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFOkVDoE+ROulJCom6higSfBD1y7OMB8GA1UdIwQY
MBaAFDRHowQoJUyZcPz73/7waw1rSQ8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkVlakJDZ2xUSmx3X1B2Zl92QnJEV3RKRHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9mYzQxOWEtNWMyMS00ZDJmLTliODAt
YmRlMDI4YWQ1OTMwLzEvNlJVT2dUNUU2NlVrS2licUdLQko4RVBYTHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9mYzQxOWEtNWMyMS00ZDJmLTliODAtYmRlMDI4YWQ1OTMw
LzEvTkVlakJDZ2xUSmx3X1B2Zl92QnJEV3RKRHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQCwR4gMBYE
AgACMBADBwUqDIVAAAADBQAqDIVBMA0GCSqGSIb3DQEBCwUAA4IBAQARJGkV5LXl
SkZaxz+D0gGOj1n60066Jn70GIiv7ndNkZKKNdnmldAbuDdcRTz8GgLxR/qVJs2V
rEVi/32QMwUTioD0Suvse+WhjWQ9ykd6ILGnseHDqYPptLfkRBkS27/DrRFjlS6T
DsOB1byFqrA/gNugL66n8cuZ5hfbOg3eqIeh1vHjj5E4WaKeBX8NcZW648sGzd9Q
5TPKWFQN4D1PelX8DCOVyMFZe6EwOpuZGN9ZXIixd9VsS9OVWK63OJm+Iw+f9Wrr
MZpHdV4xjwW/np4izxnIRsJIb4cqPdkcx/zjRq8wuUNzVPDPc5EfDqakPMNIUDIB
VaDviddctp3V
-----END CERTIFICATE-----