Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/6NL4hH3WuXovydNutgqWGQv5utE.roa
File:                     6NL4hH3WuXovydNutgqWGQv5utE.roa (raw, json)
Hash identifier:          wB4RuHXBrSdutTxUi0h/GdFQ6wGPJBRpU6I9taGj54I=
Subject key identifier:   E8:D2:F8:84:7D:D6:B9:7A:2F:C9:D3:6E:B6:0A:96:19:0B:F9:BA:D1
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018CC50120C7B98E3E41630BD328D43BACAC
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/6NL4hH3WuXovydNutgqWGQv5utE.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216459
IP address blocks:        194.156.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:20:c7:b9:8e:3e:41:63:0b:d3:28:d4:3b:ac:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8d2f8847dd6b97a2fc9d36eb60a96190bf9bad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1c:10:b0:1b:3a:09:58:eb:fc:00:65:f0:69:
                    d4:0f:97:23:37:f2:b0:7e:d4:ee:45:27:8e:95:97:
                    2e:bd:c0:0d:ac:bd:7a:97:8a:57:cf:ff:76:61:aa:
                    30:d3:96:8c:b7:68:5c:ff:b6:a0:80:5b:65:a9:dc:
                    7c:ac:07:02:f1:7d:98:1c:ae:51:98:bf:cd:c6:24:
                    42:6f:2e:d8:78:dc:d3:fb:2d:7d:2d:f5:ce:bb:3a:
                    f8:1c:f1:1e:b4:01:34:08:c7:1c:d5:45:d5:65:c6:
                    46:5b:be:b2:3a:ea:59:c6:5d:6c:fb:8c:45:fd:dd:
                    e4:b7:6b:96:85:b4:7a:d8:b2:e4:35:52:82:fa:62:
                    8c:c0:81:e1:0f:c4:36:7e:f8:b5:c7:b2:7b:b1:64:
                    57:a1:4d:90:bb:ee:bf:3b:63:68:14:f4:33:a5:80:
                    20:26:10:c1:8c:8f:ff:2d:70:5e:16:e8:20:45:b7:
                    bd:39:f2:08:3e:81:fb:0b:97:cd:b6:78:fc:68:c7:
                    70:e9:40:96:29:18:3b:b9:fa:ad:f8:12:be:a5:ac:
                    c2:99:34:f1:2f:8b:b7:59:51:30:ec:40:02:46:e7:
                    37:6f:84:ac:7b:fe:b0:66:49:89:db:83:1f:0d:d3:
                    c3:71:f2:4d:4a:2e:c6:05:d7:44:47:b1:8e:fa:93:
                    a6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:D2:F8:84:7D:D6:B9:7A:2F:C9:D3:6E:B6:0A:96:19:0B:F9:BA:D1
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/6NL4hH3WuXovydNutgqWGQv5utE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:82:d2:c9:04:84:67:61:ad:d2:6e:14:23:77:7d:16:ad:bc:
         22:c2:0f:0a:75:fc:70:96:c8:d0:e3:ff:70:82:7f:a1:21:01:
         92:b9:5c:40:ff:d4:5d:84:12:be:30:f6:2e:10:f5:1c:b6:1d:
         d5:eb:40:2b:40:90:be:c2:d1:28:f0:cb:83:5d:3a:4b:73:94:
         11:67:3e:ee:9a:23:02:7d:e5:5a:26:19:97:d8:78:39:fb:55:
         ed:6c:01:b0:69:7c:b5:c8:d5:b6:bb:a5:b5:b0:e4:25:06:95:
         dd:ac:bd:3f:5c:f1:2b:d2:f8:b9:60:e7:da:38:4f:df:44:05:
         a4:b8:bb:d4:0b:5c:a5:bd:7d:a5:e8:55:07:90:0b:79:39:68:
         d9:18:99:f8:95:81:de:ce:49:52:71:80:1a:a4:7b:4e:ea:70:
         16:7c:43:5a:8b:84:a3:4f:5f:57:b8:2f:9c:b3:7b:97:af:ac:
         6f:08:7b:e7:a4:17:be:e4:d5:0f:00:be:96:ff:71:c4:9c:84:
         4b:f1:87:0e:62:de:6b:fa:22:c4:4e:89:ae:83:8e:ae:e7:e8:
         13:f6:aa:e2:c8:96:b0:77:72:79:90:d5:82:e9:3e:ec:4f:f5:
         26:14:a0:20:56:5e:4d:5b:83:64:65:50:89:15:39:39:ab:5f:
         78:b4:e8:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASDHuY4+QWML0yjUO6ysMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGQyZjg4NDdkZDZiOTdhMmZjOWQzNmViNjBhOTYxOTBiZjliYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRwQsBs6CVjr/ABl8GnUD5cjN/Kw
ftTuRSeOlZcuvcANrL16l4pXz/92Yaow05aMt2hc/7aggFtlqdx8rAcC8X2YHK5R
mL/NxiRCby7YeNzT+y19LfXOuzr4HPEetAE0CMcc1UXVZcZGW76yOupZxl1s+4xF
/d3kt2uWhbR62LLkNVKC+mKMwIHhD8Q2fvi1x7J7sWRXoU2Qu+6/O2NoFPQzpYAg
JhDBjI//LXBeFuggRbe9OfIIPoH7C5fNtnj8aMdw6UCWKRg7ufqt+BK+pazCmTTx
L4u3WVEw7EACRuc3b4Sse/6wZkmJ24MfDdPDcfJNSi7GBddER7GO+pOmzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjS+IR91rl6L8nTbrYKlhkL+brRMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvNk5MNGhIM1d1WG92eWROdXRncVdHUXY1dXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpywMA0G
CSqGSIb3DQEBCwUAA4IBAQC6gtLJBIRnYa3SbhQjd30Wrbwiwg8KdfxwlsjQ4/9w
gn+hIQGSuVxA/9RdhBK+MPYuEPUcth3V60ArQJC+wtEo8MuDXTpLc5QRZz7umiMC
feVaJhmX2Hg5+1XtbAGwaXy1yNW2u6W1sOQlBpXdrL0/XPEr0vi5YOfaOE/fRAWk
uLvUC1ylvX2l6FUHkAt5OWjZGJn4lYHezklScYAapHtO6nAWfENai4SjT19XuC+c
s3uXr6xvCHvnpBe+5NUPAL6W/3HEnIRL8YcOYt5r+iLETomug46u5+gT9qriyJaw
d3J5kNWC6T7sT/UmFKAgVl5NW4NkZVCJFTk5q194tOhc
-----END CERTIFICATE-----