Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/6b604b-4eed-4393-8e8c-cba0631f293f/1/6Clfp1XYtjdebzPcRXNX4Dd9xDA.roa
File:                     6Clfp1XYtjdebzPcRXNX4Dd9xDA.roa (raw, json)
Hash identifier:          HREg4H1g81DEAT+AzjTqvMZBf1ENoUa3Fjyhc/ucYGw=
Subject key identifier:   E8:29:5F:A7:55:D8:B6:37:5E:6F:33:DC:45:73:57:E0:37:7D:C4:30
Certificate issuer:       /CN=9b3620d6798e7eb186639c4548a0696af6e30589
Certificate serial:       018EBC80B001C0057E0F8C0C17858C48D556
Authority key identifier: 9B:36:20:D6:79:8E:7E:B1:86:63:9C:45:48:A0:69:6A:F6:E3:05:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mzYg1nmOfrGGY5xFSKBpavbjBYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/6b604b-4eed-4393-8e8c-cba0631f293f/1/6Clfp1XYtjdebzPcRXNX4Dd9xDA.roa
Signing time:             Mon 08 Apr 2024 06:58:54 +0000
ROA not before:           Mon 08 Apr 2024 06:58:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16189
IP address blocks:        185.171.4.0/22 maxlen: 24
                          2a07:97c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/6b604b-4eed-4393-8e8c-cba0631f293f/1/mzYg1nmOfrGGY5xFSKBpavbjBYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/6b604b-4eed-4393-8e8c-cba0631f293f/1/mzYg1nmOfrGGY5xFSKBpavbjBYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mzYg1nmOfrGGY5xFSKBpavbjBYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bc:80:b0:01:c0:05:7e:0f:8c:0c:17:85:8c:48:d5:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b3620d6798e7eb186639c4548a0696af6e30589
        Validity
            Not Before: Apr  8 06:58:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8295fa755d8b6375e6f33dc457357e0377dc430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:71:a3:74:ba:c0:12:68:4f:fb:14:3a:d0:a8:
                    5a:40:9b:a5:a8:87:49:09:bf:3f:c9:cb:42:12:74:
                    d2:0e:aa:25:63:9c:36:57:4b:4d:51:de:b7:fc:58:
                    49:b2:48:97:40:de:fc:b0:ce:e6:66:14:80:1b:e7:
                    87:5c:6a:7d:22:2e:e1:41:48:b0:9d:0a:e0:40:22:
                    9c:c1:96:90:51:55:bc:98:1a:61:96:1e:64:e0:75:
                    91:f2:76:09:db:db:67:f6:fa:67:01:55:15:d4:43:
                    cc:79:fe:e4:ee:94:ee:7b:ee:92:5c:1a:d9:43:f6:
                    e9:15:e0:ed:16:83:f7:b6:8a:f5:00:d9:99:7c:83:
                    72:7d:11:ef:d3:20:ec:a0:6a:33:37:19:87:84:cc:
                    1a:12:08:ac:fd:df:91:98:c9:fc:3d:82:fa:44:42:
                    b5:cd:26:17:70:8f:70:b8:12:c0:14:eb:bc:ec:93:
                    53:f4:97:ba:a5:a4:83:bc:d7:59:72:94:66:f1:e9:
                    d8:d5:2b:f7:ab:99:ae:21:8b:b7:f0:15:26:f8:35:
                    f4:82:ea:ee:6b:b5:0e:2f:10:87:82:8f:d5:09:ce:
                    f1:0d:aa:06:77:cc:e4:c5:59:3e:1a:66:d4:0d:8e:
                    6e:01:bb:0c:92:87:79:b1:ed:06:a6:7a:52:aa:05:
                    a7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:29:5F:A7:55:D8:B6:37:5E:6F:33:DC:45:73:57:E0:37:7D:C4:30
            X509v3 Authority Key Identifier:
                keyid:9B:36:20:D6:79:8E:7E:B1:86:63:9C:45:48:A0:69:6A:F6:E3:05:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mzYg1nmOfrGGY5xFSKBpavbjBYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/6b604b-4eed-4393-8e8c-cba0631f293f/1/6Clfp1XYtjdebzPcRXNX4Dd9xDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/6b604b-4eed-4393-8e8c-cba0631f293f/1/mzYg1nmOfrGGY5xFSKBpavbjBYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.4.0/22
                IPv6:
                  2a07:97c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:6b:a6:f1:2a:ce:22:2a:85:bf:24:bb:2e:ab:7b:68:27:ae:
         47:2c:a1:a5:6e:72:a5:cb:b7:af:34:7c:51:67:63:52:cd:f4:
         f7:3d:0b:21:c1:8a:47:ac:63:b8:b2:d4:ec:71:01:83:b8:c1:
         e9:5b:79:9e:72:4d:bd:7e:58:0b:8b:7f:38:ee:d7:37:81:00:
         52:51:df:d4:1f:61:5d:1d:37:7c:26:99:14:d5:0f:72:f9:50:
         82:3a:86:8f:79:4b:9e:1c:d4:2f:0d:c6:87:29:5e:bf:da:e4:
         73:f9:90:f7:79:58:08:b2:90:98:0e:68:35:46:14:8b:15:42:
         7d:b2:09:07:ef:15:8f:f0:82:81:29:82:1b:ca:dd:db:cb:b3:
         77:df:82:48:cd:4f:ba:4a:6f:61:a7:ac:6c:02:de:63:60:84:
         e8:c0:ed:6f:aa:30:7a:11:d6:29:f9:2e:4b:36:bf:bd:fa:3b:
         67:2e:89:0f:50:87:90:20:5b:32:2c:9b:9a:d9:7c:f3:8a:b0:
         4f:38:2c:12:0a:3e:47:51:3f:1a:3d:74:e0:00:a6:11:ff:a0:
         19:7e:b1:83:c3:fe:d8:98:34:e8:4c:0f:ce:d5:7e:da:f7:6f:
         ea:07:dd:91:6c:49:b3:7b:57:7e:f0:27:43:98:0f:c7:f0:72:
         dd:4b:d7:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY68gLABwAV+D4wMF4WMSNVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMzYyMGQ2Nzk4ZTdlYjE4NjYzOWM0NTQ4YTA2OTZhZjZl
MzA1ODkwHhcNMjQwNDA4MDY1ODU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODI5NWZhNzU1ZDhiNjM3NWU2ZjMzZGM0NTczNTdlMDM3N2RjNDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXGjdLrAEmhP+xQ60KhaQJulqIdJ
Cb8/yctCEnTSDqolY5w2V0tNUd63/FhJskiXQN78sM7mZhSAG+eHXGp9Ii7hQUiw
nQrgQCKcwZaQUVW8mBphlh5k4HWR8nYJ29tn9vpnAVUV1EPMef7k7pTue+6SXBrZ
Q/bpFeDtFoP3tor1ANmZfINyfRHv0yDsoGozNxmHhMwaEgis/d+RmMn8PYL6REK1
zSYXcI9wuBLAFOu87JNT9Je6paSDvNdZcpRm8enY1Sv3q5muIYu38BUm+DX0guru
a7UOLxCHgo/VCc7xDaoGd8zkxVk+GmbUDY5uAbsMkod5se0GpnpSqgWn3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOgpX6dV2LY3Xm8z3EVzV+A3fcQwMB8GA1UdIwQY
MBaAFJs2INZ5jn6xhmOcRUigaWr24wWJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXpZZzFubU9mckdHWTV4RlNLQnBhdmJqQllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS82YjYwNGItNGVlZC00MzkzLThlOGMt
Y2JhMDYzMWYyOTNmLzEvNkNsZnAxWFl0amRlYnpQY1JYTlg0RGQ5eERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS82YjYwNGItNGVlZC00MzkzLThlOGMtY2JhMDYzMWYyOTNm
LzEvbXpZZzFubU9mckdHWTV4RlNLQnBhdmJqQllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuasEMA0E
AgACMAcDBQMqB5fAMA0GCSqGSIb3DQEBCwUAA4IBAQAVa6bxKs4iKoW/JLsuq3to
J65HLKGlbnKly7evNHxRZ2NSzfT3PQshwYpHrGO4stTscQGDuMHpW3meck29flgL
i3847tc3gQBSUd/UH2FdHTd8JpkU1Q9y+VCCOoaPeUueHNQvDcaHKV6/2uRz+ZD3
eVgIspCYDmg1RhSLFUJ9sgkH7xWP8IKBKYIbyt3by7N334JIzU+6Sm9hp6xsAt5j
YITowO1vqjB6EdYp+S5LNr+9+jtnLokPUIeQIFsyLJua2XzzirBPOCwSCj5HUT8a
PXTgAKYR/6AZfrGDw/7YmDToTA/O1X7a92/qB92RbEmze1d+8CdDmA/H8HLdS9ey
-----END CERTIFICATE-----