Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/6T-TmHo2ek6WHm6sD9IGPiUc9pA.roa
File:                     6T-TmHo2ek6WHm6sD9IGPiUc9pA.roa (raw, json)
Hash identifier:          CnTXoiVDaOKGFdYnTwzIidAhzVy5cM7qHPh+UnpjTr0=
Subject key identifier:   E9:3F:93:98:7A:36:7A:4E:96:1E:6E:AC:0F:D2:06:3E:25:1C:F6:90
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       018DC1F9ACD5B2490C0A8947C8A195E0F5E2
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/6T-TmHo2ek6WHm6sD9IGPiUc9pA.roa
Signing time:             Mon 19 Feb 2024 15:26:21 +0000
ROA not before:           Mon 19 Feb 2024 15:26:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215583
IP address blocks:        109.68.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:f9:ac:d5:b2:49:0c:0a:89:47:c8:a1:95:e0:f5:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Feb 19 15:26:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e93f93987a367a4e961e6eac0fd2063e251cf690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:17:d3:4f:af:65:00:ab:3e:ec:60:4b:98:29:
                    1b:88:32:bf:32:3c:32:6a:be:aa:33:bf:d3:9a:42:
                    04:d8:cf:ee:75:43:f0:50:ea:25:65:d1:65:61:3e:
                    5f:45:ed:70:42:3f:77:12:df:28:5a:42:a2:99:23:
                    86:97:1f:15:32:54:0c:29:6d:78:3e:3f:bb:79:75:
                    01:06:1b:95:82:88:69:45:9a:9b:61:e2:05:e4:b9:
                    77:41:80:5e:32:66:e1:28:07:4b:45:c4:b0:10:3a:
                    9b:98:8f:b9:e5:2a:75:20:cb:f4:ac:09:38:43:bd:
                    8c:91:05:d5:b8:86:0f:d6:ca:5c:e7:1b:80:d0:e6:
                    05:64:8e:80:39:11:f0:fb:1d:87:73:6a:81:9c:4f:
                    bf:6f:10:e7:7b:73:99:e4:69:bf:8a:68:aa:66:00:
                    96:76:d8:c1:7c:a3:41:50:a2:30:c1:31:5f:2c:c1:
                    36:2b:bb:72:99:78:1b:e5:18:83:8c:78:07:6f:08:
                    65:14:a4:1a:a8:77:3d:7b:ad:0d:9a:e4:01:2d:07:
                    b3:87:1f:03:fa:5b:2a:a4:b5:eb:07:fa:6f:4a:97:
                    13:d9:fa:2a:56:11:72:49:c2:82:49:5d:b2:f9:f2:
                    7f:36:cd:1d:0b:fa:de:7d:35:c5:63:e4:ff:72:4e:
                    78:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:3F:93:98:7A:36:7A:4E:96:1E:6E:AC:0F:D2:06:3E:25:1C:F6:90
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/6T-TmHo2ek6WHm6sD9IGPiUc9pA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:fb:ce:b2:a2:96:fe:ee:0c:61:bf:ad:f2:76:65:62:8e:90:
         43:22:8b:e5:22:3d:3f:67:94:4a:82:c5:1b:35:bb:37:a7:f8:
         e9:3d:10:65:aa:ed:95:52:35:23:ab:57:0b:b0:81:6e:be:89:
         ac:0e:83:1e:34:97:f5:53:8c:30:22:d7:c8:72:35:79:b9:bf:
         b4:46:93:75:90:6e:26:29:f5:dd:74:45:c1:05:86:00:0f:76:
         4e:df:26:bd:a9:e6:2e:db:da:7f:dc:72:9c:0a:09:4a:3c:fc:
         4b:9f:29:97:26:2a:ea:45:b3:20:36:f1:de:e7:18:b1:f5:60:
         de:65:fd:52:fa:22:92:6c:b2:9b:fd:1b:47:73:21:7e:37:b5:
         92:d5:3b:c5:f2:6b:2f:76:67:25:fe:4f:31:2b:d8:a6:a3:33:
         66:68:e6:a9:ab:89:26:37:de:f7:4a:78:1b:e6:d2:5f:20:b4:
         a2:c6:90:d5:a6:93:82:ec:fa:00:f7:db:34:52:e5:af:c8:84:
         bf:e2:5a:29:83:7b:86:f5:89:71:9d:09:52:64:88:30:ed:cd:
         58:c1:b4:ff:ca:82:5b:84:7a:66:99:87:9f:e4:f6:d4:3f:c2:
         b7:6b:7b:29:a9:33:d3:b4:38:bf:e0:79:9c:07:87:e3:4e:45:
         a4:e3:3f:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3B+azVskkMColHyKGV4PXiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjQwMjE5MTUyNjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTNmOTM5ODdhMzY3YTRlOTYxZTZlYWMwZmQyMDYzZTI1MWNmNjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBfTT69lAKs+7GBLmCkbiDK/Mjwy
ar6qM7/TmkIE2M/udUPwUOolZdFlYT5fRe1wQj93Et8oWkKimSOGlx8VMlQMKW14
Pj+7eXUBBhuVgohpRZqbYeIF5Ll3QYBeMmbhKAdLRcSwEDqbmI+55Sp1IMv0rAk4
Q72MkQXVuIYP1spc5xuA0OYFZI6AORHw+x2Hc2qBnE+/bxDne3OZ5Gm/imiqZgCW
dtjBfKNBUKIwwTFfLME2K7tymXgb5RiDjHgHbwhlFKQaqHc9e60NmuQBLQezhx8D
+lsqpLXrB/pvSpcT2foqVhFyScKCSV2y+fJ/Ns0dC/refTXFY+T/ck54tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOk/k5h6NnpOlh5urA/SBj4lHPaQMB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvNlQtVG1IbzJlazZXSG02c0Q5SUdQaVVjOXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUSUMA0G
CSqGSIb3DQEBCwUAA4IBAQBk+86yopb+7gxhv63ydmVijpBDIovlIj0/Z5RKgsUb
Nbs3p/jpPRBlqu2VUjUjq1cLsIFuvomsDoMeNJf1U4wwItfIcjV5ub+0RpN1kG4m
KfXddEXBBYYAD3ZO3ya9qeYu29p/3HKcCglKPPxLnymXJirqRbMgNvHe5xix9WDe
Zf1S+iKSbLKb/RtHcyF+N7WS1TvF8msvdmcl/k8xK9imozNmaOapq4kmN973Sngb
5tJfILSixpDVppOC7PoA99s0UuWvyIS/4lopg3uG9YlxnQlSZIgw7c1YwbT/yoJb
hHpmmYef5PbUP8K3a3spqTPTtDi/4HmcB4fjTkWk4z8x
-----END CERTIFICATE-----