Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/6rSYDlahqxAMhXgQw81eb38H2ws.roa
File:                     6rSYDlahqxAMhXgQw81eb38H2ws.roa (raw, json)
Hash identifier:          Yqp4awb33+XqHY1Jun00P/TvqylcqiRwucOcFd+4YOM=
Subject key identifier:   EA:B4:98:0E:56:A1:AB:10:0C:85:78:10:C3:CD:5E:6F:7F:07:DB:0B
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       018CC79486FA3752261E5127AC4CC2DEB2C8
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/6rSYDlahqxAMhXgQw81eb38H2ws.roa
Signing time:             Tue 02 Jan 2024 00:30:49 +0000
ROA not before:           Tue 02 Jan 2024 00:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211064
IP address blocks:        185.236.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:86:fa:37:52:26:1e:51:27:ac:4c:c2:de:b2:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Jan  2 00:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eab4980e56a1ab100c857810c3cd5e6f7f07db0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:2b:79:cf:9c:28:cb:f4:e0:3c:40:f1:40:6a:
                    67:2d:a0:29:6f:7b:7d:37:9a:ae:f3:93:17:98:d0:
                    9f:18:36:84:6a:f0:d7:d2:33:f6:fc:a5:41:03:2f:
                    5b:dd:26:e1:3b:60:1f:ff:93:16:81:27:f7:7a:c2:
                    a7:d2:3f:8d:2b:cb:6e:19:a1:e1:ed:6b:b0:7b:71:
                    2c:ee:31:0d:a9:af:df:a3:35:38:92:b9:a0:7a:f0:
                    9a:95:5d:b7:00:72:4b:7b:1d:63:a2:e9:73:9e:7d:
                    8f:c7:70:46:5f:ac:fa:7e:31:a0:69:f2:63:d1:48:
                    fb:93:c9:62:8d:51:b0:99:0e:c7:8a:88:a9:1f:25:
                    d4:17:4d:57:bf:1c:ad:7b:c9:da:fc:57:49:48:41:
                    52:c1:35:8f:71:6b:41:fd:00:78:9f:3a:45:59:4c:
                    b3:ab:ba:3a:b5:fb:0b:e9:46:b5:0f:17:7c:01:63:
                    17:bb:23:52:50:46:13:39:45:61:39:ad:15:43:e5:
                    d7:09:be:c3:38:1d:a7:63:62:16:c9:95:2e:d4:be:
                    d6:14:9b:db:02:78:2e:b2:b5:1d:4f:9f:b5:e0:04:
                    9f:c5:d0:18:13:d0:fd:3c:ba:e8:32:f1:78:1f:04:
                    44:fc:86:4e:23:64:47:ea:e2:bc:c9:fc:30:9a:61:
                    9f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:B4:98:0E:56:A1:AB:10:0C:85:78:10:C3:CD:5E:6F:7F:07:DB:0B
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/6rSYDlahqxAMhXgQw81eb38H2ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:d5:0a:ff:a9:e4:a7:50:7a:b3:e6:d5:71:8d:57:76:21:42:
         ce:f3:40:5c:9a:41:98:ba:fe:cc:af:3b:71:80:df:1e:15:7a:
         3d:ac:d0:9d:dc:ff:4d:00:69:f4:d2:54:0f:62:7e:b5:8f:03:
         4f:f8:ce:33:ca:b0:71:cf:33:1d:6a:7f:a4:dc:8f:12:bd:24:
         89:42:7c:5e:a4:1e:a2:4c:c0:8f:71:fa:57:07:31:ef:ab:04:
         b3:4c:45:0b:57:84:bb:fb:34:4b:a1:83:1d:87:b8:bc:b1:a9:
         17:12:86:8a:b2:d4:aa:73:eb:75:b3:c5:d0:8b:8a:49:ec:7e:
         bc:87:c9:f9:01:e2:d0:3b:8e:a4:0c:b2:52:99:f9:e8:aa:e1:
         95:62:f0:dd:a2:c1:3a:9a:0c:80:68:bd:4b:86:f6:17:9d:af:
         73:86:fb:fe:3c:24:bb:6b:00:b1:2f:0f:fc:50:28:d0:1e:01:
         40:5b:ab:d1:bf:30:a3:e6:44:2e:99:1e:06:9b:42:a8:6b:85:
         7b:3f:86:7e:2a:3b:63:3a:87:9b:26:65:af:7e:5c:6a:40:cf:
         f9:de:c4:29:dc:1c:64:73:00:40:88:0c:f4:eb:08:05:e8:c5:
         40:40:d5:0e:d7:d8:30:59:df:e6:0d:4b:09:30:d2:a6:f4:8f:
         3e:5e:0f:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlIb6N1ImHlEnrEzC3rLIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjQwMTAyMDAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWI0OTgwZTU2YTFhYjEwMGM4NTc4MTBjM2NkNWU2ZjdmMDdkYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCt5z5woy/TgPEDxQGpnLaApb3t9
N5qu85MXmNCfGDaEavDX0jP2/KVBAy9b3SbhO2Af/5MWgSf3esKn0j+NK8tuGaHh
7Wuwe3Es7jENqa/fozU4krmgevCalV23AHJLex1joulznn2Px3BGX6z6fjGgafJj
0Uj7k8lijVGwmQ7HioipHyXUF01Xvxyte8na/FdJSEFSwTWPcWtB/QB4nzpFWUyz
q7o6tfsL6Ua1Dxd8AWMXuyNSUEYTOUVhOa0VQ+XXCb7DOB2nY2IWyZUu1L7WFJvb
AngusrUdT5+14ASfxdAYE9D9PLroMvF4HwRE/IZOI2RH6uK8yfwwmmGfuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOq0mA5WoasQDIV4EMPNXm9/B9sLMB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvNnJTWURsYWhxeEFNaFhnUXc4MWViMzhIMndzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueyMMA0G
CSqGSIb3DQEBCwUAA4IBAQCq1Qr/qeSnUHqz5tVxjVd2IULO80BcmkGYuv7Mrztx
gN8eFXo9rNCd3P9NAGn00lQPYn61jwNP+M4zyrBxzzMdan+k3I8SvSSJQnxepB6i
TMCPcfpXBzHvqwSzTEULV4S7+zRLoYMdh7i8sakXEoaKstSqc+t1s8XQi4pJ7H68
h8n5AeLQO46kDLJSmfnoquGVYvDdosE6mgyAaL1LhvYXna9zhvv+PCS7awCxLw/8
UCjQHgFAW6vRvzCj5kQumR4Gm0Koa4V7P4Z+KjtjOoebJmWvflxqQM/53sQp3Bxk
cwBAiAz06wgF6MVAQNUO19gwWd/mDUsJMNKm9I8+Xg9m
-----END CERTIFICATE-----