Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/6fH3TVwaivkx9_5c6cIs1Li5VfE.roa
File:                     6fH3TVwaivkx9_5c6cIs1Li5VfE.roa (raw, json)
Hash identifier:          eUqAkCIJ7ZoEVolWLao4oQVstQJ8zPMPnad3YIlph/4=
Subject key identifier:   E9:F1:F7:4D:5C:1A:8A:F9:31:F7:FE:5C:E9:C2:2C:D4:B8:B9:55:F1
Certificate issuer:       /CN=9863354a111af6d5e1ad10da38ad8144b6be868e
Certificate serial:       018CC7272FE5A3C9FF395DEE78DD9CF417B7
Authority key identifier: 98:63:35:4A:11:1A:F6:D5:E1:AD:10:DA:38:AD:81:44:B6:BE:86:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/6fH3TVwaivkx9_5c6cIs1Li5VfE.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.135.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2f:e5:a3:c9:ff:39:5d:ee:78:dd:9c:f4:17:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9863354a111af6d5e1ad10da38ad8144b6be868e
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9f1f74d5c1a8af931f7fe5ce9c22cd4b8b955f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2f:be:58:44:ec:38:b8:5a:23:3a:4a:59:78:
                    ab:57:ba:cb:d3:dc:5c:1e:79:e7:7c:33:2d:fb:18:
                    f4:17:53:46:28:aa:e4:1c:af:8f:32:f1:75:d0:47:
                    66:d1:45:15:37:23:f1:ca:cf:33:63:0d:c4:e0:81:
                    bf:88:a7:0b:41:0b:c0:4d:44:a0:8a:90:00:c2:bc:
                    43:2a:26:5c:48:e1:36:f5:ee:32:19:72:0b:63:d7:
                    8d:c1:bc:86:b2:cc:a0:3b:9a:91:90:5d:3f:c2:27:
                    3b:21:92:81:a7:5a:0d:87:3b:82:06:67:0a:cf:5f:
                    68:f6:62:ae:6e:3f:be:25:e8:1d:8f:13:12:b2:47:
                    eb:54:57:28:e9:c4:f9:79:33:84:20:10:1f:19:e5:
                    f7:6d:bd:6e:74:01:52:89:72:ec:22:0e:34:7c:27:
                    56:c1:fb:f2:93:1e:22:14:8c:cf:68:32:19:12:48:
                    88:81:77:fe:6d:34:60:7d:df:52:ee:87:2f:1c:cf:
                    28:f8:9e:82:93:9f:d6:98:7d:b2:a1:7d:4a:a7:3c:
                    01:dc:ef:39:fd:10:de:e3:cf:8b:2e:04:92:85:ff:
                    78:28:eb:f7:91:ca:b4:4b:42:4c:b9:96:28:55:2e:
                    68:f2:f4:bb:7c:24:8d:f6:57:e0:2b:66:94:fc:b3:
                    76:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F1:F7:4D:5C:1A:8A:F9:31:F7:FE:5C:E9:C2:2C:D4:B8:B9:55:F1
            X509v3 Authority Key Identifier:
                keyid:98:63:35:4A:11:1A:F6:D5:E1:AD:10:DA:38:AD:81:44:B6:BE:86:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/6fH3TVwaivkx9_5c6cIs1Li5VfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:a9:8d:54:9c:09:da:3f:fc:8e:90:df:82:63:98:8a:6f:13:
         7a:d7:09:3a:61:d9:41:29:0c:ad:7b:e2:61:45:2f:d4:20:b4:
         0e:d2:05:d4:92:0c:4a:77:70:09:53:67:d0:c6:8e:86:a4:6a:
         f6:96:e2:95:f0:38:f4:ba:7d:fb:d2:d9:36:a9:e7:1c:bd:5e:
         c2:7d:f9:1b:3d:7b:ff:2e:8f:1d:0c:bc:f2:fe:8b:b8:8a:96:
         b1:2e:02:35:98:f7:b7:bf:ef:6d:06:63:62:d8:b4:5c:4f:28:
         2b:5e:84:f4:61:c7:db:91:0c:4d:e3:0d:f6:13:0d:c7:6f:41:
         08:d2:27:31:73:1d:63:1f:8c:c3:1e:2f:fd:e7:41:f1:34:82:
         04:39:b7:15:e8:55:d1:8e:a7:e5:2e:cf:ea:c4:33:91:41:40:
         6d:d2:06:b5:85:1d:b4:22:23:95:cb:6a:d1:0b:3b:0c:89:63:
         71:75:b4:6f:77:31:65:37:f6:f8:a1:a2:d1:bc:76:13:38:fe:
         d5:46:8a:10:51:0f:29:82:4e:a3:d3:97:d6:b6:40:cf:5f:98:
         bb:d0:3d:5b:71:75:8f:94:ab:6a:ca:39:0e:f6:6e:8d:d6:37:
         e4:17:42:c4:ac:29:c3:b7:7b:ca:38:8a:04:57:1b:e4:a6:1d:
         2a:bb:cd:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJy/lo8n/OV3ueN2c9Be3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjMzNTRhMTExYWY2ZDVlMWFkMTBkYTM4YWQ4MTQ0YjZi
ZTg2OGUwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWYxZjc0ZDVjMWE4YWY5MzFmN2ZlNWNlOWMyMmNkNGI4Yjk1NWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApC++WETsOLhaIzpKWXirV7rL09xc
HnnnfDMt+xj0F1NGKKrkHK+PMvF10Edm0UUVNyPxys8zYw3E4IG/iKcLQQvATUSg
ipAAwrxDKiZcSOE29e4yGXILY9eNwbyGssygO5qRkF0/wic7IZKBp1oNhzuCBmcK
z19o9mKubj++JegdjxMSskfrVFco6cT5eTOEIBAfGeX3bb1udAFSiXLsIg40fCdW
wfvykx4iFIzPaDIZEkiIgXf+bTRgfd9S7ocvHM8o+J6Ck5/WmH2yoX1KpzwB3O85
/RDe48+LLgSShf94KOv3kcq0S0JMuZYoVS5o8vS7fCSN9lfgK2aU/LN2MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnx901cGor5Mff+XOnCLNS4uVXxMB8GA1UdIwQY
MBaAFJhjNUoRGvbV4a0Q2jitgUS2voaOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdNMVNoRWE5dFhoclJEYU9LMkJSTGEtaG80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9iZWE4NDctYTc4My00ODlkLWFlNGIt
NTNmNTc1MDRlZjM1LzEvNmZIM1RWd2Fpdmt4OV81YzZjSXMxTGk1VmZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9iZWE4NDctYTc4My00ODlkLWFlNGItNTNmNTc1MDRlZjM1
LzEvbUdNMVNoRWE5dFhoclJEYU9LMkJSTGEtaG80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYdlMA0G
CSqGSIb3DQEBCwUAA4IBAQCZqY1UnAnaP/yOkN+CY5iKbxN61wk6YdlBKQyte+Jh
RS/UILQO0gXUkgxKd3AJU2fQxo6GpGr2luKV8Dj0un370tk2qeccvV7CffkbPXv/
Lo8dDLzy/ou4ipaxLgI1mPe3v+9tBmNi2LRcTygrXoT0YcfbkQxN4w32Ew3Hb0EI
0icxcx1jH4zDHi/950HxNIIEObcV6FXRjqflLs/qxDORQUBt0ga1hR20IiOVy2rR
CzsMiWNxdbRvdzFlN/b4oaLRvHYTOP7VRooQUQ8pgk6j05fWtkDPX5i70D1bcXWP
lKtqyjkO9m6N1jfkF0LErCnDt3vKOIoEVxvkph0qu80X
-----END CERTIFICATE-----