Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/8c52a7-6609-450a-b361-63939505fe66/1/6mFWWvmAT5bsbpGhrdS4280FBZ0.roa
File:                     6mFWWvmAT5bsbpGhrdS4280FBZ0.roa (raw, json)
Hash identifier:          hhnVXV6NbpaD8wWoWB6TkszRJCN8jzZOHkVGDzev+wo=
Subject key identifier:   EA:61:56:5A:F9:80:4F:96:EC:6E:91:A1:AD:D4:B8:DB:CD:05:05:9D
Certificate issuer:       /CN=8d2f0791b0525159720b191c411bcc47420f1ce2
Certificate serial:       018CC86FCEAAF03FAD2FAF9C7BC235C88578
Authority key identifier: 8D:2F:07:91:B0:52:51:59:72:0B:19:1C:41:1B:CC:47:42:0F:1C:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jS8HkbBSUVlyCxkcQRvMR0IPHOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/8c52a7-6609-450a-b361-63939505fe66/1/6mFWWvmAT5bsbpGhrdS4280FBZ0.roa
Signing time:             Tue 02 Jan 2024 04:30:19 +0000
ROA not before:           Tue 02 Jan 2024 04:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24641
IP address blocks:        185.146.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/8c52a7-6609-450a-b361-63939505fe66/1/jS8HkbBSUVlyCxkcQRvMR0IPHOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/8c52a7-6609-450a-b361-63939505fe66/1/jS8HkbBSUVlyCxkcQRvMR0IPHOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jS8HkbBSUVlyCxkcQRvMR0IPHOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ce:aa:f0:3f:ad:2f:af:9c:7b:c2:35:c8:85:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d2f0791b0525159720b191c411bcc47420f1ce2
        Validity
            Not Before: Jan  2 04:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea61565af9804f96ec6e91a1add4b8dbcd05059d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:25:6d:07:e4:38:07:9f:8f:8c:2e:20:33:5c:
                    d2:51:7a:63:ae:80:1a:19:e8:16:7e:29:ad:f4:c1:
                    61:0a:2b:e8:dd:7d:65:c3:b1:8a:e9:f3:61:65:7c:
                    ef:b8:9e:a7:ab:1a:68:f7:f9:cc:4a:4f:f2:9e:7c:
                    7b:57:79:83:25:13:d6:c0:aa:35:bc:50:c4:f8:97:
                    d1:2f:90:3e:6a:44:c1:36:b2:d7:49:de:56:2a:7d:
                    cc:bd:14:2b:ac:c6:ad:df:16:ec:91:71:32:91:ee:
                    2e:a5:5a:e7:1e:bc:6b:f8:13:59:7a:dc:ac:7b:01:
                    90:f5:fb:14:31:a1:24:04:ab:3b:27:63:59:70:2d:
                    e0:96:ec:f8:2c:e7:2c:a0:5c:9a:58:dd:25:bc:11:
                    28:44:01:c9:a0:76:7b:e3:98:4a:64:be:27:c9:4e:
                    89:d5:d8:d0:c6:64:20:84:d9:5e:6a:e4:57:d6:dc:
                    47:e1:8a:5d:c7:3a:f3:c6:d1:b2:78:86:68:df:fd:
                    10:ed:55:f2:1d:8b:0f:bf:ca:61:ac:64:a4:a5:43:
                    cc:a8:b6:b5:6c:74:ac:bc:6e:d3:8f:f6:af:6e:04:
                    91:a3:6c:f2:33:bc:fd:b7:91:8d:fc:01:90:d2:e9:
                    0b:4b:41:b4:fa:0e:87:a3:9f:e6:ff:f2:9b:ce:1f:
                    ad:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:61:56:5A:F9:80:4F:96:EC:6E:91:A1:AD:D4:B8:DB:CD:05:05:9D
            X509v3 Authority Key Identifier:
                keyid:8D:2F:07:91:B0:52:51:59:72:0B:19:1C:41:1B:CC:47:42:0F:1C:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jS8HkbBSUVlyCxkcQRvMR0IPHOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8c52a7-6609-450a-b361-63939505fe66/1/6mFWWvmAT5bsbpGhrdS4280FBZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8c52a7-6609-450a-b361-63939505fe66/1/jS8HkbBSUVlyCxkcQRvMR0IPHOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:45:b4:40:71:ba:94:88:31:14:1c:8a:be:c3:44:e7:88:b2:
         52:75:c4:4c:7a:98:89:c7:59:47:5b:61:f4:15:05:02:dc:22:
         5f:c5:6f:de:65:3a:d5:0e:a4:46:0e:0c:90:57:3a:7f:1f:14:
         bb:36:28:c9:46:a8:a9:f4:ac:cf:04:35:03:5b:ef:89:e7:41:
         fc:8b:7c:be:78:6c:a1:e2:5d:84:49:7a:c2:21:fe:db:66:bc:
         68:a5:1b:83:8b:2f:a6:d1:da:46:79:4e:33:f3:06:64:30:cb:
         dd:ff:43:ff:19:bc:b8:a3:00:e2:ee:97:56:17:26:62:2f:72:
         14:4a:8f:de:62:0c:8c:a3:11:64:87:dd:49:f8:f6:cd:d0:26:
         66:7e:f2:5b:59:92:cf:4d:e9:1b:b9:2c:99:99:ea:62:05:cd:
         5b:e0:cb:18:aa:ac:36:a3:22:bf:15:e1:e4:eb:65:5a:a6:69:
         d7:18:52:8b:63:f9:3d:59:79:ab:da:19:df:de:ba:dd:27:27:
         c9:54:e1:3e:3a:d2:a2:b5:71:22:6d:64:1f:fa:85:d6:31:f5:
         c5:97:d4:cc:8a:88:8a:70:8e:70:af:bc:6c:1a:8d:53:4f:66:
         6f:f7:6e:55:02:e3:c7:6a:4f:6c:fa:e0:b5:c2:d1:e8:61:03:
         37:c5:16:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb86q8D+tL6+ce8I1yIV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMmYwNzkxYjA1MjUxNTk3MjBiMTkxYzQxMWJjYzQ3NDIw
ZjFjZTIwHhcNMjQwMTAyMDQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTYxNTY1YWY5ODA0Zjk2ZWM2ZTkxYTFhZGQ0YjhkYmNkMDUwNTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSVtB+Q4B5+PjC4gM1zSUXpjroAa
GegWfimt9MFhCivo3X1lw7GK6fNhZXzvuJ6nqxpo9/nMSk/ynnx7V3mDJRPWwKo1
vFDE+JfRL5A+akTBNrLXSd5WKn3MvRQrrMat3xbskXEyke4upVrnHrxr+BNZetys
ewGQ9fsUMaEkBKs7J2NZcC3gluz4LOcsoFyaWN0lvBEoRAHJoHZ745hKZL4nyU6J
1djQxmQghNleauRX1txH4YpdxzrzxtGyeIZo3/0Q7VXyHYsPv8phrGSkpUPMqLa1
bHSsvG7Tj/avbgSRo2zyM7z9t5GN/AGQ0ukLS0G0+g6Ho5/m//Kbzh+tcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOphVlr5gE+W7G6Roa3UuNvNBQWdMB8GA1UdIwQY
MBaAFI0vB5GwUlFZcgsZHEEbzEdCDxziMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalM4SGtiQlNVVmx5Q3hrY1FSdk1SMElQSE9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS84YzUyYTctNjYwOS00NTBhLWIzNjEt
NjM5Mzk1MDVmZTY2LzEvNm1GV1d2bUFUNWJzYnBHaHJkUzQyODBGQlowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS84YzUyYTctNjYwOS00NTBhLWIzNjEtNjM5Mzk1MDVmZTY2
LzEvalM4SGtiQlNVVmx5Q3hrY1FSdk1SMElQSE9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZIEMA0G
CSqGSIb3DQEBCwUAA4IBAQCNRbRAcbqUiDEUHIq+w0TniLJSdcRMepiJx1lHW2H0
FQUC3CJfxW/eZTrVDqRGDgyQVzp/HxS7NijJRqip9KzPBDUDW++J50H8i3y+eGyh
4l2ESXrCIf7bZrxopRuDiy+m0dpGeU4z8wZkMMvd/0P/Gby4owDi7pdWFyZiL3IU
So/eYgyMoxFkh91J+PbN0CZmfvJbWZLPTekbuSyZmepiBc1b4MsYqqw2oyK/FeHk
62VapmnXGFKLY/k9WXmr2hnf3rrdJyfJVOE+OtKitXEibWQf+oXWMfXFl9TMioiK
cI5wr7xsGo1TT2Zv925VAuPHak9s+uC1wtHoYQM3xRY+
-----END CERTIFICATE-----