Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/k6GXsFQTaGx0IG2zraMFfDQNux0.roa
File:                     k6GXsFQTaGx0IG2zraMFfDQNux0.roa (raw, json)
Hash identifier:          Fzb8cV9Hv7TffEK/1VHiBBmQSAWEjiannP5l6SG61vk=
Subject key identifier:   93:A1:97:B0:54:13:68:6C:74:20:6D:B3:AD:A3:05:7C:34:0D:BB:1D
Certificate issuer:       /CN=b414b09beeab905ff41e6813256054b182294297
Certificate serial:       018CC8DEC71DA7C125B47266B89FC4D9E12E
Authority key identifier: B4:14:B0:9B:EE:AB:90:5F:F4:1E:68:13:25:60:54:B1:82:29:42:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBSwm-6rkF_0HmgTJWBUsYIpQpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/k6GXsFQTaGx0IG2zraMFfDQNux0.roa
Signing time:             Tue 02 Jan 2024 06:31:32 +0000
ROA not before:           Tue 02 Jan 2024 06:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48871
IP address blocks:        185.30.152.0/24 maxlen: 24
                          2a04:4240::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/tBSwm-6rkF_0HmgTJWBUsYIpQpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/tBSwm-6rkF_0HmgTJWBUsYIpQpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBSwm-6rkF_0HmgTJWBUsYIpQpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c7:1d:a7:c1:25:b4:72:66:b8:9f:c4:d9:e1:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b414b09beeab905ff41e6813256054b182294297
        Validity
            Not Before: Jan  2 06:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93a197b05413686c74206db3ada3057c340dbb1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:df:2b:e8:c2:41:19:81:d9:3b:bb:63:7b:d2:
                    20:0f:f1:01:2d:f0:76:9d:83:bc:1d:2e:79:f7:cd:
                    84:cd:55:0d:be:41:7b:c6:6f:be:09:28:05:30:2d:
                    0e:bb:8b:b9:e0:03:9b:ca:e2:c3:ed:40:ef:ff:eb:
                    b8:0c:0e:ce:d0:ed:06:9a:66:c6:68:65:1b:db:cd:
                    40:b6:b4:6d:54:d6:1a:c1:d7:3e:95:32:f9:1b:21:
                    1c:bb:80:bc:bd:ea:20:80:bf:3a:56:9b:93:85:b3:
                    a1:cf:0a:18:74:77:52:10:f3:3a:85:a2:73:71:30:
                    3f:45:51:1a:03:0c:3d:7b:dc:33:d9:6a:e8:63:4d:
                    32:a7:73:0b:ed:a7:46:b5:a4:5d:6a:34:88:ae:c1:
                    8b:3c:01:2b:7a:47:4f:5c:92:dc:e0:57:7e:b6:9b:
                    99:1b:c0:71:83:11:fa:39:9c:1d:15:44:ab:37:0b:
                    c9:a8:33:0e:45:15:2e:20:7b:29:96:6c:b5:88:72:
                    40:57:2b:4f:85:cc:3e:54:0e:e9:71:df:11:fa:ff:
                    ee:e7:6b:0e:4d:84:57:79:e0:0a:2b:10:80:2a:49:
                    bc:fa:b4:7c:51:62:d6:4e:23:9d:43:b8:5f:61:f7:
                    5c:9b:d3:26:2e:84:c4:6b:dc:58:a3:cc:f1:9d:26:
                    89:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A1:97:B0:54:13:68:6C:74:20:6D:B3:AD:A3:05:7C:34:0D:BB:1D
            X509v3 Authority Key Identifier:
                keyid:B4:14:B0:9B:EE:AB:90:5F:F4:1E:68:13:25:60:54:B1:82:29:42:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBSwm-6rkF_0HmgTJWBUsYIpQpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/k6GXsFQTaGx0IG2zraMFfDQNux0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/tBSwm-6rkF_0HmgTJWBUsYIpQpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.152.0/24
                IPv6:
                  2a04:4240::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:90:be:e9:c7:b3:a7:aa:d9:b6:08:bb:a6:f9:61:0a:cd:dd:
         14:22:5b:13:47:41:bf:68:b4:b8:57:bd:c9:80:60:88:e7:6a:
         aa:66:a0:c9:58:4b:63:c4:ff:a4:db:b3:b7:96:e3:42:49:af:
         b3:e6:5e:da:f3:90:2a:b8:ea:77:39:a0:1f:2c:91:57:10:a8:
         44:b4:65:d0:f3:a6:50:98:a2:58:b1:9f:6c:d3:d8:8b:3c:87:
         79:6f:9c:8d:ee:7f:6a:4a:04:a6:24:9b:23:e2:6c:20:c5:b6:
         da:8f:01:e7:31:c8:0e:b2:17:ff:13:be:9c:61:73:69:30:d4:
         c0:09:64:c0:8b:91:bd:e6:73:a8:c5:79:bd:a8:bd:9d:77:a1:
         41:fb:3b:cf:05:ed:71:cc:06:2f:bf:fa:32:85:65:8f:22:8f:
         c4:17:68:f6:37:82:03:06:81:16:c4:c2:95:92:a5:63:50:1f:
         aa:48:b4:fe:93:bd:df:3a:55:34:49:85:bf:0e:58:2c:a9:2a:
         19:f4:64:94:e7:bc:63:5d:c7:2e:d9:a5:19:34:85:18:8d:95:
         19:ae:d9:40:38:5c:c3:59:bc:01:d7:84:a4:b3:f9:27:ac:58:
         5c:f3:fe:e2:3f:36:94:2c:f7:03:1c:c8:1a:d0:13:7d:75:24:
         9e:ad:15:60
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3scdp8EltHJmuJ/E2eEuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MTRiMDliZWVhYjkwNWZmNDFlNjgxMzI1NjA1NGIxODIy
OTQyOTcwHhcNMjQwMTAyMDYzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2ExOTdiMDU0MTM2ODZjNzQyMDZkYjNhZGEzMDU3YzM0MGRiYjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp98r6MJBGYHZO7tje9IgD/EBLfB2
nYO8HS55982EzVUNvkF7xm++CSgFMC0Ou4u54AObyuLD7UDv/+u4DA7O0O0GmmbG
aGUb281AtrRtVNYawdc+lTL5GyEcu4C8veoggL86VpuThbOhzwoYdHdSEPM6haJz
cTA/RVEaAww9e9wz2WroY00yp3ML7adGtaRdajSIrsGLPAErekdPXJLc4Fd+tpuZ
G8BxgxH6OZwdFUSrNwvJqDMORRUuIHsplmy1iHJAVytPhcw+VA7pcd8R+v/u52sO
TYRXeeAKKxCAKkm8+rR8UWLWTiOdQ7hfYfdcm9MmLoTEa9xYo8zxnSaJxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJOhl7BUE2hsdCBts62jBXw0DbsdMB8GA1UdIwQY
MBaAFLQUsJvuq5Bf9B5oEyVgVLGCKUKXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJTd20tNnJrRl8wSG1nVEpXQlVzWUlwUXBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84MDBlYjYtODY4Yi00YTMwLWI0MDIt
NGJjZTQyNDcyM2Q5LzEvazZHWHNGUVRhR3gwSUcyenJhTUZmRFFOdXgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84MDBlYjYtODY4Yi00YTMwLWI0MDItNGJjZTQyNDcyM2Q5
LzEvdEJTd20tNnJrRl8wSG1nVEpXQlVzWUlwUXBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuR6YMA0E
AgACMAcDBQAqBEJAMA0GCSqGSIb3DQEBCwUAA4IBAQCAkL7px7Onqtm2CLum+WEK
zd0UIlsTR0G/aLS4V73JgGCI52qqZqDJWEtjxP+k27O3luNCSa+z5l7a85AquOp3
OaAfLJFXEKhEtGXQ86ZQmKJYsZ9s09iLPId5b5yN7n9qSgSmJJsj4mwgxbbajwHn
McgOshf/E76cYXNpMNTACWTAi5G95nOoxXm9qL2dd6FB+zvPBe1xzAYvv/oyhWWP
Io/EF2j2N4IDBoEWxMKVkqVjUB+qSLT+k73fOlU0SYW/DlgsqSoZ9GSU57xjXccu
2aUZNIUYjZUZrtlAOFzDWbwB14Sks/knrFhc8/7iPzaULPcDHMga0BN9dSSerRVg
-----END CERTIFICATE-----