Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/6p0BqTbPpM77HYQ5qoM5-0hBN6U.roa
File:                     6p0BqTbPpM77HYQ5qoM5-0hBN6U.roa (raw, json)
Hash identifier:          aTA4/b6jadrTrpiTC+GyK8NqpUsbxY6eU7htDNfF60c=
Subject key identifier:   EA:9D:01:A9:36:CF:A4:CE:FB:1D:84:39:AA:83:39:FB:48:41:37:A5
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AD85F331252B43AEDA47FE652D59A
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/6p0BqTbPpM77HYQ5qoM5-0hBN6U.roa
Signing time:             Mon 01 Jan 2024 18:30:42 +0000
ROA not before:           Mon 01 Jan 2024 18:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8614
IP address blocks:        217.156.124.0/24 maxlen: 24
                          193.231.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d8:5f:33:12:52:b4:3a:ed:a4:7f:e6:52:d5:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea9d01a936cfa4cefb1d8439aa8339fb484137a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:5c:ff:3f:44:65:88:ab:90:dd:90:a3:7c:6d:
                    78:85:ad:ce:1a:fa:b1:43:d7:aa:e4:25:08:90:98:
                    90:d4:34:cb:5e:e9:06:28:62:0c:fd:99:dd:c2:ae:
                    3b:0f:61:d2:d0:91:71:ea:67:74:1d:a4:b9:c5:f5:
                    25:2b:9b:57:1b:ba:86:ee:d3:9a:b5:6c:69:30:e3:
                    34:a4:45:65:89:ac:0e:e1:a3:14:44:76:90:63:38:
                    f1:f5:9e:98:64:7a:78:98:23:c3:ef:78:f0:9f:df:
                    d6:c8:c4:d1:73:99:2d:3d:1c:e0:ee:42:40:54:bd:
                    88:98:cc:c0:04:36:19:0d:01:04:e9:89:57:eb:0b:
                    e8:7f:5b:42:3e:3a:26:d4:ef:53:97:fc:ea:4a:5d:
                    48:5d:c1:c8:5e:7c:3b:fd:fe:bb:97:29:6f:74:e4:
                    ee:ac:83:cc:d7:33:53:cf:91:26:5e:6a:1a:44:f9:
                    c8:0b:12:a1:31:69:f6:d7:92:9a:8c:42:54:3c:5c:
                    e7:ce:c3:42:65:b9:c4:04:e5:47:3d:99:4a:0f:65:
                    3c:26:0b:92:65:20:aa:6d:0b:88:b0:41:8c:01:ce:
                    24:d9:0b:61:0d:0e:cc:c6:af:13:e4:6d:f4:56:5f:
                    fe:52:99:c8:85:c6:bf:80:c0:f5:ce:1a:dc:5d:5e:
                    48:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:9D:01:A9:36:CF:A4:CE:FB:1D:84:39:AA:83:39:FB:48:41:37:A5
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/6p0BqTbPpM77HYQ5qoM5-0hBN6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.231.172.0/24
                  217.156.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ff:6d:cd:78:61:02:7a:93:a3:88:e4:98:c1:12:ee:6e:6c:
         ce:c9:2f:f5:2f:ef:77:6c:0f:b2:69:4c:14:c3:dd:f9:43:bb:
         8d:c4:de:22:3d:27:e7:e5:47:c7:a7:57:d1:3c:83:1e:28:d5:
         20:df:23:53:67:2d:8f:77:a9:3c:ac:e7:37:6e:b1:c6:61:b3:
         7e:0d:d4:8a:d1:5d:ac:45:d8:3c:2b:7e:44:3a:bc:21:b3:8a:
         9c:45:6a:89:35:45:c5:6b:bf:a5:94:5b:a3:6b:de:3d:a5:3d:
         0a:33:06:32:8a:2e:f5:f5:f7:c6:17:1a:54:25:a3:01:03:53:
         ee:2c:a7:94:a2:bc:29:db:23:bf:a5:46:1f:0a:24:9d:7f:59:
         65:cc:e0:95:95:51:52:76:06:d7:48:ad:7f:9b:4f:ef:8d:c6:
         13:f0:7f:aa:92:e2:6e:54:b3:3f:63:05:22:e8:2c:94:94:ef:
         40:45:e0:41:3b:55:6c:ae:13:a5:db:da:7c:32:ca:0e:6a:33:
         be:d4:2f:a3:33:48:33:5b:f9:86:70:6c:d0:b3:5f:af:1c:9c:
         5e:2b:9a:c4:c9:1e:6e:58:0c:17:02:61:7b:ed:fc:1a:4d:35:
         86:91:52:54:83:10:ee:d2:8e:ce:c9:fb:07:d9:58:c9:68:f2:
         ae:25:48:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSthfMxJStDrtpH/mUtWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTlkMDFhOTM2Y2ZhNGNlZmIxZDg0MzlhYTgzMzlmYjQ4NDEzN2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVz/P0RliKuQ3ZCjfG14ha3OGvqx
Q9eq5CUIkJiQ1DTLXukGKGIM/Zndwq47D2HS0JFx6md0HaS5xfUlK5tXG7qG7tOa
tWxpMOM0pEVliawO4aMURHaQYzjx9Z6YZHp4mCPD73jwn9/WyMTRc5ktPRzg7kJA
VL2ImMzABDYZDQEE6YlX6wvof1tCPjom1O9Tl/zqSl1IXcHIXnw7/f67lylvdOTu
rIPM1zNTz5EmXmoaRPnICxKhMWn215KajEJUPFznzsNCZbnEBOVHPZlKD2U8JguS
ZSCqbQuIsEGMAc4k2QthDQ7Mxq8T5G30Vl/+UpnIhca/gMD1zhrcXV5IhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOqdAak2z6TO+x2EOaqDOftIQTelMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvNnAwQnFUYlBwTTc3SFlRNXFvTTUtMGhCTjZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAweesAwQA
2Zx8MA0GCSqGSIb3DQEBCwUAA4IBAQBc/23NeGECepOjiOSYwRLubmzOyS/1L+93
bA+yaUwUw935Q7uNxN4iPSfn5UfHp1fRPIMeKNUg3yNTZy2Pd6k8rOc3brHGYbN+
DdSK0V2sRdg8K35EOrwhs4qcRWqJNUXFa7+llFuja949pT0KMwYyii719ffGFxpU
JaMBA1PuLKeUorwp2yO/pUYfCiSdf1llzOCVlVFSdgbXSK1/m0/vjcYT8H+qkuJu
VLM/YwUi6CyUlO9AReBBO1VsrhOl29p8MsoOajO+1C+jM0gzW/mGcGzQs1+vHJxe
K5rEyR5uWAwXAmF77fwaTTWGkVJUgxDu0o7OyfsH2VjJaPKuJUg/
-----END CERTIFICATE-----