Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/6BNxWFWyiuFGZF7kihZnRq-4N-0.roa
File:                     6BNxWFWyiuFGZF7kihZnRq-4N-0.roa (raw, json)
Hash identifier:          oJcPrrjHNSFe5dpsDoDLvtdnbjGHbKs7zQNMYyxiRTw=
Subject key identifier:   E8:13:71:58:55:B2:8A:E1:46:64:5E:E4:8A:16:67:46:AF:B8:37:ED
Certificate issuer:       /CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
Certificate serial:       019151218F7E2A1573416075AE3EDF1C4C58
Authority key identifier: 75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/6BNxWFWyiuFGZF7kihZnRq-4N-0.roa
Signing time:             Wed 14 Aug 2024 13:43:59 +0000
ROA not before:           Wed 14 Aug 2024 13:43:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397373
IP address blocks:        185.177.231.0/24 maxlen: 24
                          213.178.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:51:21:8f:7e:2a:15:73:41:60:75:ae:3e:df:1c:4c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
        Validity
            Not Before: Aug 14 13:43:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e813715855b28ae146645ee48a166746afb837ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e3:b0:5b:ce:c1:60:c3:e4:2f:d0:10:98:8c:
                    41:87:c1:c0:4c:c3:02:6f:3d:e2:db:10:7d:33:d1:
                    2c:79:de:0b:5a:27:02:18:e3:da:90:31:90:89:cd:
                    bf:1d:3c:97:37:55:6e:73:04:2e:3e:9c:39:d3:3c:
                    6e:21:b8:e0:d6:1b:8b:15:0d:2d:47:1e:14:d6:b0:
                    c7:34:03:d0:f7:c0:d5:b3:4f:13:4b:88:f5:25:8b:
                    03:c4:bb:2f:d6:a0:f1:b7:28:9a:63:bc:40:1c:88:
                    3d:73:11:0d:97:e4:e6:c8:f0:33:ca:90:6c:90:bc:
                    44:f1:76:29:94:8b:01:60:f8:87:16:5b:99:8c:c3:
                    6b:f4:37:ce:2a:0b:00:a4:05:ad:c6:f9:5b:b2:6b:
                    d9:21:0d:33:9a:0b:d9:5a:37:6d:a1:52:94:36:d7:
                    6d:5c:68:d6:a2:c7:1d:e5:e2:37:93:bf:96:68:6c:
                    89:c9:a5:c9:c6:fd:6e:7d:b7:b2:f2:b3:7d:54:d9:
                    dc:47:81:75:f6:9e:bc:9a:fa:3c:d3:ba:ec:aa:d3:
                    b2:97:cb:ab:f4:c7:20:9c:8c:2f:b8:bf:96:91:19:
                    33:8f:09:cc:0e:07:e5:57:3d:77:b3:c8:7b:3e:0b:
                    af:1c:2a:d9:76:da:30:32:b4:b5:83:36:3b:e5:c5:
                    d2:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:13:71:58:55:B2:8A:E1:46:64:5E:E4:8A:16:67:46:AF:B8:37:ED
            X509v3 Authority Key Identifier:
                keyid:75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/6BNxWFWyiuFGZF7kihZnRq-4N-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.231.0/24
                  213.178.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:44:06:f9:c7:55:e2:a3:83:79:81:3e:c6:ad:3f:20:f9:b1:
         e7:74:ef:43:a1:33:f7:24:44:4f:fc:60:cb:d8:3b:48:aa:e2:
         f9:60:26:4b:12:cf:b4:27:55:8b:52:66:ce:d4:df:1d:13:4f:
         ff:e6:91:d5:18:6f:85:6d:8a:06:41:8e:6b:fd:b5:d9:25:f9:
         29:17:8c:3c:04:86:6a:29:cd:c8:44:53:63:b3:b0:6d:19:1b:
         7d:e8:02:92:de:70:02:43:bb:c3:cd:1a:d4:9b:ea:41:1d:68:
         d3:a8:9d:74:cb:fa:0a:56:f6:21:22:62:47:2b:1c:9b:ca:b9:
         c7:66:69:60:0b:d6:48:61:2e:4d:e0:63:ac:3e:96:3b:c2:58:
         ca:f9:84:89:6a:1e:86:e5:ad:9e:8b:6e:3c:f6:98:7c:af:c0:
         b5:80:d0:f5:ec:d6:db:9d:a9:b5:76:29:df:0b:09:46:f1:ba:
         f7:64:e2:96:27:87:1f:52:9c:5f:0b:42:6d:bc:ec:4d:28:5a:
         6f:a2:44:86:24:b2:a5:75:e3:b0:d7:58:c1:ef:ff:f9:8a:46:
         ab:67:d5:dd:13:94:62:7e:0b:b9:eb:ab:23:81:2b:45:fd:ac:
         0f:e4:2f:00:52:20:67:a0:dc:7b:16:37:49:f0:b6:68:77:07:
         aa:4f:08:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFRIY9+KhVzQWB1rj7fHExYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTRhYzRjN2Y0NTFjNWJiOTM4MmZiY2Q0NmQ3MGM0YzBm
OWRlNTYwHhcNMjQwODE0MTM0MzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODEzNzE1ODU1YjI4YWUxNDY2NDVlZTQ4YTE2Njc0NmFmYjgzN2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+OwW87BYMPkL9AQmIxBh8HATMMC
bz3i2xB9M9Esed4LWicCGOPakDGQic2/HTyXN1VucwQuPpw50zxuIbjg1huLFQ0t
Rx4U1rDHNAPQ98DVs08TS4j1JYsDxLsv1qDxtyiaY7xAHIg9cxENl+TmyPAzypBs
kLxE8XYplIsBYPiHFluZjMNr9DfOKgsApAWtxvlbsmvZIQ0zmgvZWjdtoVKUNtdt
XGjWoscd5eI3k7+WaGyJyaXJxv1ufbey8rN9VNncR4F19p68mvo807rsqtOyl8ur
9McgnIwvuL+WkRkzjwnMDgflVz13s8h7PguvHCrZdtowMrS1gzY75cXSPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOgTcVhVsorhRmRe5IoWZ0avuDftMB8GA1UdIwQY
MBaAFHVUrEx/RRxbuTgvvNRtcMTA+d5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4Mjgt
ZDkzMzdkYjM5ZDFmLzEvNkJOeFdGV3lpdUZHWkY3a2loWm5ScS00Ti0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4MjgtZDkzMzdkYjM5ZDFm
LzEvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubHnAwQA
1bKNMA0GCSqGSIb3DQEBCwUAA4IBAQBsRAb5x1Xio4N5gT7GrT8g+bHndO9DoTP3
JERP/GDL2DtIquL5YCZLEs+0J1WLUmbO1N8dE0//5pHVGG+FbYoGQY5r/bXZJfkp
F4w8BIZqKc3IRFNjs7BtGRt96AKS3nACQ7vDzRrUm+pBHWjTqJ10y/oKVvYhImJH
KxybyrnHZmlgC9ZIYS5N4GOsPpY7wljK+YSJah6G5a2ei2489ph8r8C1gND17Nbb
nam1dinfCwlG8br3ZOKWJ4cfUpxfC0JtvOxNKFpvokSGJLKldeOw11jB7//5ikar
Z9XdE5Rifgu566sjgStF/awP5C8AUiBnoNx7FjdJ8LZodweqTwg9
-----END CERTIFICATE-----