Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/6G89pW9vGPjY4ZUh0bXzJpHdGnw.roa
File:                     6G89pW9vGPjY4ZUh0bXzJpHdGnw.roa (raw, json)
Hash identifier:          mI18Va7uu1ECGGUiA+LPSKLZzTwvnJMsTmBV5a0iNT8=
Subject key identifier:   E8:6F:3D:A5:6F:6F:18:F8:D8:E1:95:21:D1:B5:F3:26:91:DD:1A:7C
Certificate issuer:       /CN=8d4437f05cde6b0041149f61c473c8ed18db4b44
Certificate serial:       018CC56DFA60450A18C9EA016274EA3CE4E2
Authority key identifier: 8D:44:37:F0:5C:DE:6B:00:41:14:9F:61:C4:73:C8:ED:18:DB:4B:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/6G89pW9vGPjY4ZUh0bXzJpHdGnw.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201116
IP address blocks:        193.34.236.0/23 maxlen: 23
                          193.34.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fa:60:45:0a:18:c9:ea:01:62:74:ea:3c:e4:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d4437f05cde6b0041149f61c473c8ed18db4b44
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e86f3da56f6f18f8d8e19521d1b5f32691dd1a7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c1:37:dc:33:79:8b:eb:59:8d:5b:e8:70:26:
                    3b:8a:0d:aa:db:0b:10:0b:5d:dc:06:8f:01:ef:80:
                    53:3c:2e:c5:b2:d4:be:d0:41:ee:d5:ce:3d:f8:bc:
                    88:0c:f5:4d:67:44:4f:ad:72:fc:7d:ca:88:8d:1c:
                    36:82:db:3c:b5:07:d9:86:ee:f6:49:62:d5:b4:70:
                    42:c8:4f:08:09:0a:41:81:8c:03:e3:6d:8d:ca:91:
                    02:8b:0b:3a:ef:6c:69:6b:fa:db:0b:bc:7b:65:47:
                    bb:62:41:7c:5c:cd:51:7c:81:38:7a:12:fb:09:53:
                    53:2f:b9:69:35:ac:c1:fc:87:e7:af:3a:47:b5:27:
                    1b:f2:ba:56:0a:71:0f:6a:dc:ce:56:36:fe:2d:04:
                    44:f6:43:a9:b9:b9:ef:82:58:bc:c4:1d:bc:59:59:
                    cb:05:f6:30:c2:12:f7:dd:70:ca:9f:c2:87:4a:2f:
                    38:a4:a8:0b:00:84:31:60:0d:50:e6:41:d0:2d:c7:
                    ee:ca:9f:17:e9:fc:1f:7d:c0:1f:9f:82:67:03:d7:
                    36:fb:17:52:07:17:5a:51:c3:bf:5a:8e:44:e0:20:
                    3f:02:a2:8a:93:e6:89:95:e6:80:d7:f6:7b:ec:82:
                    90:7f:bd:bb:0f:60:19:f6:a9:ce:dd:db:33:26:61:
                    0e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:6F:3D:A5:6F:6F:18:F8:D8:E1:95:21:D1:B5:F3:26:91:DD:1A:7C
            X509v3 Authority Key Identifier:
                keyid:8D:44:37:F0:5C:DE:6B:00:41:14:9F:61:C4:73:C8:ED:18:DB:4B:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/6G89pW9vGPjY4ZUh0bXzJpHdGnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:42:a6:d3:b3:0a:e0:0c:35:c0:8e:08:3e:45:e1:3d:7d:16:
         9f:f8:55:31:1b:8a:40:e6:2e:04:8f:95:af:4f:f0:6b:39:0c:
         57:01:2c:ba:4b:76:42:61:9f:d3:d9:70:ca:f8:7f:ce:18:0e:
         15:26:70:c1:9d:ab:96:b8:0d:a7:e1:6d:e1:fc:a4:07:f2:2f:
         45:d6:0e:36:25:a9:bf:a7:41:a9:0b:b1:4c:da:46:86:38:3b:
         6b:47:b6:16:c0:cd:47:35:57:b8:65:4f:8b:01:8c:b4:67:a3:
         fd:98:a0:e6:46:c3:7c:b8:2d:51:e5:29:ba:fe:75:77:f9:a8:
         39:86:39:49:70:26:4e:bb:e8:fd:81:cf:90:28:1e:1d:27:06:
         85:06:aa:d4:b7:8d:36:5d:51:a1:67:50:55:3d:0a:3d:95:1e:
         a1:68:de:77:1b:d6:2a:62:b8:37:f2:de:0e:be:44:18:f0:ca:
         7a:a3:03:b7:db:8a:f8:94:57:ea:72:f7:06:4d:68:75:6b:27:
         91:83:71:ff:60:d5:21:6e:17:04:3b:77:e7:27:96:d3:df:9f:
         79:68:e4:68:df:9b:b5:e1:e9:38:46:37:ab:a5:eb:c2:41:fd:
         30:7a:bc:17:f2:c8:36:71:83:05:bd:86:aa:66:13:be:80:83:
         08:13:7d:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfpgRQoYyeoBYnTqPOTiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNDQzN2YwNWNkZTZiMDA0MTE0OWY2MWM0NzNjOGVkMThk
YjRiNDQwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODZmM2RhNTZmNmYxOGY4ZDhlMTk1MjFkMWI1ZjMyNjkxZGQxYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8E33DN5i+tZjVvocCY7ig2q2wsQ
C13cBo8B74BTPC7FstS+0EHu1c49+LyIDPVNZ0RPrXL8fcqIjRw2gts8tQfZhu72
SWLVtHBCyE8ICQpBgYwD422NypECiws672xpa/rbC7x7ZUe7YkF8XM1RfIE4ehL7
CVNTL7lpNazB/IfnrzpHtScb8rpWCnEPatzOVjb+LQRE9kOpubnvgli8xB28WVnL
BfYwwhL33XDKn8KHSi84pKgLAIQxYA1Q5kHQLcfuyp8X6fwffcAfn4JnA9c2+xdS
BxdaUcO/Wo5E4CA/AqKKk+aJleaA1/Z77IKQf727D2AZ9qnO3dszJmEOSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhvPaVvbxj42OGVIdG18yaR3Rp8MB8GA1UdIwQY
MBaAFI1EN/Bc3msAQRSfYcRzyO0Y20tEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalVRMzhGemVhd0JCRko5aHhIUEk3UmpiUzBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC82MjM5YTAtZjYxYi00ZDQ0LTk5ZmQt
NzFiOTA5MWVkYWIwLzEvNkc4OXBXOXZHUGpZNFpVaDBiWHpKcEhkR253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC82MjM5YTAtZjYxYi00ZDQ0LTk5ZmQtNzFiOTA5MWVkYWIw
LzEvalVRMzhGemVhd0JCRko5aHhIUEk3UmpiUzBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSLsMA0G
CSqGSIb3DQEBCwUAA4IBAQAeQqbTswrgDDXAjgg+ReE9fRaf+FUxG4pA5i4Ej5Wv
T/BrOQxXASy6S3ZCYZ/T2XDK+H/OGA4VJnDBnauWuA2n4W3h/KQH8i9F1g42Jam/
p0GpC7FM2kaGODtrR7YWwM1HNVe4ZU+LAYy0Z6P9mKDmRsN8uC1R5Sm6/nV3+ag5
hjlJcCZOu+j9gc+QKB4dJwaFBqrUt402XVGhZ1BVPQo9lR6haN53G9YqYrg38t4O
vkQY8Mp6owO324r4lFfqcvcGTWh1ayeRg3H/YNUhbhcEO3fnJ5bT3595aORo35u1
4ek4RjerpevCQf0werwX8sg2cYMFvYaqZhO+gIMIE33w
-----END CERTIFICATE-----