Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6WpW15xtN9OAtK9XbhXfEY-0WCM.roa
File:                     6WpW15xtN9OAtK9XbhXfEY-0WCM.roa (raw, json)
Hash identifier:          R24PgcqyZ2bHHKbQJ8rZZK0hnKneAflPpApD7f76rQ4=
Subject key identifier:   E9:6A:56:D7:9C:6D:37:D3:80:B4:AF:57:6E:15:DF:11:8F:B4:58:23
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0D10559FDFBA4524F8234AFE2335
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6WpW15xtN9OAtK9XbhXfEY-0WCM.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200391
IP address blocks:        5.188.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0d:10:55:9f:df:ba:45:24:f8:23:4a:fe:23:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e96a56d79c6d37d380b4af576e15df118fb45823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d6:d8:8e:78:b3:c3:d8:26:7c:61:8f:19:81:
                    dc:8d:de:5c:93:58:4e:b9:03:ba:fc:63:d5:c7:e7:
                    3d:b9:8e:fe:9e:5f:1a:b0:eb:42:ab:24:09:11:ea:
                    7e:9a:df:5d:9f:40:d6:c8:1c:e0:54:03:37:46:85:
                    cf:55:28:01:53:98:04:1c:fa:8d:e2:8c:c7:4b:35:
                    20:a5:09:2b:12:08:76:62:06:3c:fe:2d:80:67:b9:
                    97:d3:fe:73:27:81:b5:aa:c3:e5:13:cb:35:62:b6:
                    52:74:28:e1:65:d3:e7:36:41:aa:38:8d:e5:e3:f7:
                    51:e3:38:db:91:f2:f6:52:80:20:f2:a5:af:80:cd:
                    74:a9:77:43:6d:ba:05:e9:fd:40:65:a5:af:db:59:
                    d9:a0:57:90:ea:48:da:d8:41:56:66:00:d2:77:bd:
                    d7:d0:03:fd:69:82:6d:6b:b9:fd:15:54:61:68:0b:
                    5f:22:09:d6:7f:f9:aa:27:08:5c:14:c4:92:90:0d:
                    3d:0e:16:c6:7b:0e:e2:b7:52:78:77:61:b1:71:63:
                    17:f0:28:cd:e3:45:40:74:bf:30:66:72:8b:32:c8:
                    54:30:73:84:02:2d:7a:99:94:e9:72:67:9b:fa:6d:
                    6e:93:cb:2d:c8:dc:8a:09:e2:64:e2:20:fd:fb:89:
                    82:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:6A:56:D7:9C:6D:37:D3:80:B4:AF:57:6E:15:DF:11:8F:B4:58:23
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6WpW15xtN9OAtK9XbhXfEY-0WCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:81:ae:f8:1d:72:69:a8:1a:b0:bc:b3:e5:c0:ee:da:e7:ad:
         23:a5:ed:00:af:a2:48:63:90:4c:c0:3f:83:e1:3d:4c:b0:5c:
         0d:97:f9:c4:fa:61:64:fd:67:33:a3:ef:83:4a:fe:79:e1:5b:
         5d:a3:06:48:66:53:0e:77:d4:57:ae:e0:41:7e:80:c9:91:81:
         9b:09:a6:36:ca:f7:f8:dc:4b:32:8a:3f:2b:35:c8:4b:59:fe:
         f5:89:c2:cf:56:af:30:1b:9e:14:30:9a:12:e0:ea:4c:ad:5b:
         ef:11:7f:0c:b5:09:b5:cd:01:45:84:5e:5b:01:30:29:74:65:
         15:68:f0:e4:6c:1b:f6:7d:99:bf:74:48:d3:c1:4b:da:9c:5d:
         82:2b:cf:cd:45:2c:1f:39:de:7e:e5:1a:e9:29:58:c6:de:87:
         c3:b4:5b:04:8d:94:50:a4:2a:15:59:8c:e5:91:2f:d2:d8:12:
         6b:44:bb:c4:6e:19:e9:c0:8b:da:7c:2f:38:be:fb:c2:0c:91:
         6c:5b:0e:e0:45:09:0d:ff:ac:19:b6:9d:da:43:26:24:9e:c0:
         f8:06:5d:9a:fb:80:d2:64:c4:8a:d5:bf:fe:92:80:14:14:b3:
         5a:c3:0c:fb:7a:b5:1b:24:72:45:d2:75:3a:f2:dc:6f:5f:5b:
         30:4c:c6:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg0QVZ/fukUk+CNK/iM1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTZhNTZkNzljNmQzN2QzODBiNGFmNTc2ZTE1ZGYxMThmYjQ1ODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdbYjnizw9gmfGGPGYHcjd5ck1hO
uQO6/GPVx+c9uY7+nl8asOtCqyQJEep+mt9dn0DWyBzgVAM3RoXPVSgBU5gEHPqN
4ozHSzUgpQkrEgh2YgY8/i2AZ7mX0/5zJ4G1qsPlE8s1YrZSdCjhZdPnNkGqOI3l
4/dR4zjbkfL2UoAg8qWvgM10qXdDbboF6f1AZaWv21nZoFeQ6kja2EFWZgDSd73X
0AP9aYJta7n9FVRhaAtfIgnWf/mqJwhcFMSSkA09DhbGew7it1J4d2GxcWMX8CjN
40VAdL8wZnKLMshUMHOEAi16mZTpcmeb+m1uk8styNyKCeJk4iD9+4mCWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOlqVtecbTfTgLSvV24V3xGPtFgjMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvNldwVzE1eHROOU9BdEs5WGJoWGZFWS0wV0NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbzOMA0G
CSqGSIb3DQEBCwUAA4IBAQDMga74HXJpqBqwvLPlwO7a560jpe0Ar6JIY5BMwD+D
4T1MsFwNl/nE+mFk/Wczo++DSv554VtdowZIZlMOd9RXruBBfoDJkYGbCaY2yvf4
3Esyij8rNchLWf71icLPVq8wG54UMJoS4OpMrVvvEX8MtQm1zQFFhF5bATApdGUV
aPDkbBv2fZm/dEjTwUvanF2CK8/NRSwfOd5+5RrpKVjG3ofDtFsEjZRQpCoVWYzl
kS/S2BJrRLvEbhnpwIvafC84vvvCDJFsWw7gRQkN/6wZtp3aQyYknsD4Bl2a+4DS
ZMSK1b/+koAUFLNawwz7erUbJHJF0nU68txvX1swTMZa
-----END CERTIFICATE-----