Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/c8c5e4-225a-489e-9100-ab2ce94c1423/1/6WuJDLqkK5Z2xYhmx8u-BtyhDdY.roa
File:                     6WuJDLqkK5Z2xYhmx8u-BtyhDdY.roa (raw, json)
Hash identifier:          Z9if4/2cziiCIHbICv5He2M3Y8yqRKqweMqrZaw0Dls=
Subject key identifier:   E9:6B:89:0C:BA:A4:2B:96:76:C5:88:66:C7:CB:BE:06:DC:A1:0D:D6
Certificate issuer:       /CN=ee37d34869bc60b7d9e78335f4a32381fb7210e5
Certificate serial:       018CC87124BEE1A74F5D7FEC09FCB719F27F
Authority key identifier: EE:37:D3:48:69:BC:60:B7:D9:E7:83:35:F4:A3:23:81:FB:72:10:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jfTSGm8YLfZ54M19KMjgftyEOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/c8c5e4-225a-489e-9100-ab2ce94c1423/1/6WuJDLqkK5Z2xYhmx8u-BtyhDdY.roa
Signing time:             Tue 02 Jan 2024 04:31:47 +0000
ROA not before:           Tue 02 Jan 2024 04:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47187
IP address blocks:        185.29.144.0/24 maxlen: 24
                          185.29.145.0/24 maxlen: 24
                          185.29.146.0/24 maxlen: 24
                          185.29.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/c8c5e4-225a-489e-9100-ab2ce94c1423/1/7jfTSGm8YLfZ54M19KMjgftyEOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/c8c5e4-225a-489e-9100-ab2ce94c1423/1/7jfTSGm8YLfZ54M19KMjgftyEOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jfTSGm8YLfZ54M19KMjgftyEOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:24:be:e1:a7:4f:5d:7f:ec:09:fc:b7:19:f2:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee37d34869bc60b7d9e78335f4a32381fb7210e5
        Validity
            Not Before: Jan  2 04:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e96b890cbaa42b9676c58866c7cbbe06dca10dd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:98:7e:8e:3c:43:0f:b5:e8:30:b0:9b:46:d2:
                    83:0d:81:df:87:a5:e0:2f:f4:c8:5e:6c:e3:3d:98:
                    37:e6:66:f1:1f:8d:a7:a7:87:f2:8c:62:bd:44:af:
                    76:b7:e7:25:4d:f9:74:09:bb:16:35:bb:d7:c0:63:
                    c8:3c:03:5c:3f:1e:76:8b:6c:1c:ee:7b:a0:f2:a4:
                    ce:af:be:40:0e:a0:42:f9:93:e7:d0:04:29:45:71:
                    7f:99:c3:44:af:39:01:c4:2b:71:1e:3d:3b:32:d7:
                    48:2e:62:9a:96:c3:88:53:de:46:92:01:33:8c:22:
                    8a:54:fc:b1:f0:59:8b:56:75:ef:31:32:2c:29:53:
                    71:da:37:e8:cd:47:82:93:48:0d:d8:97:6f:9a:24:
                    91:83:20:68:28:84:b0:73:01:dc:49:cb:b7:97:e6:
                    12:75:1f:d6:82:5a:7e:d4:75:70:be:0a:26:a0:0b:
                    f6:ca:1f:fa:30:2b:6d:a6:63:a1:d6:e0:61:18:69:
                    f5:f6:33:31:98:6b:7e:6d:db:2d:b1:fa:36:3e:ee:
                    b1:75:10:a8:7b:85:a2:30:88:17:0e:23:9b:bc:a1:
                    f0:ba:85:75:34:48:99:c4:65:74:4c:a7:c7:67:88:
                    f3:76:c0:aa:a0:89:ee:2f:79:6c:50:48:ba:86:0c:
                    e7:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:6B:89:0C:BA:A4:2B:96:76:C5:88:66:C7:CB:BE:06:DC:A1:0D:D6
            X509v3 Authority Key Identifier:
                keyid:EE:37:D3:48:69:BC:60:B7:D9:E7:83:35:F4:A3:23:81:FB:72:10:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jfTSGm8YLfZ54M19KMjgftyEOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/c8c5e4-225a-489e-9100-ab2ce94c1423/1/6WuJDLqkK5Z2xYhmx8u-BtyhDdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/c8c5e4-225a-489e-9100-ab2ce94c1423/1/7jfTSGm8YLfZ54M19KMjgftyEOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:d9:28:c9:e8:80:41:53:51:d2:f0:06:fe:1e:72:02:61:7a:
         36:87:94:63:29:53:1d:36:79:d0:99:81:bf:62:da:eb:67:d0:
         99:e0:2e:85:fe:84:4b:98:32:3d:e6:57:8c:d1:17:52:14:35:
         09:98:ce:2d:de:05:bd:ca:c7:fb:8c:4f:d3:11:65:3f:c5:77:
         b5:7b:ff:11:6f:54:81:7e:88:29:d2:64:ad:9e:87:db:79:36:
         93:78:4c:ff:3e:ba:84:bf:f7:72:f5:64:73:65:0f:7e:11:e5:
         8b:56:6c:3f:9e:5a:27:6b:84:bc:d8:d7:b9:f3:e0:69:b9:f5:
         5f:43:10:e6:73:37:41:09:e5:5c:ad:7d:27:a0:ac:dc:48:8d:
         e5:6a:59:00:18:68:27:d5:ac:17:e2:a6:07:9e:6a:cc:63:ec:
         1b:95:52:2a:2e:8a:26:2b:33:e7:60:65:99:f7:ea:6c:6e:b4:
         42:2d:26:be:23:21:34:49:fb:3a:55:9c:2a:1e:3f:46:35:9d:
         f9:61:8a:ac:70:fc:6e:44:1d:a1:8f:15:0b:70:35:98:ea:4b:
         e6:af:f9:6b:1b:e9:94:82:09:9a:de:f5:f1:da:da:fe:b3:de:
         32:d4:63:27:2e:b6:3b:41:51:58:59:27:9c:3f:3c:8a:6c:11:
         cd:ad:4b:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcSS+4adPXX/sCfy3GfJ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzdkMzQ4NjliYzYwYjdkOWU3ODMzNWY0YTMyMzgxZmI3
MjEwZTUwHhcNMjQwMTAyMDQzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTZiODkwY2JhYTQyYjk2NzZjNTg4NjZjN2NiYmUwNmRjYTEwZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5h+jjxDD7XoMLCbRtKDDYHfh6Xg
L/TIXmzjPZg35mbxH42np4fyjGK9RK92t+clTfl0CbsWNbvXwGPIPANcPx52i2wc
7nug8qTOr75ADqBC+ZPn0AQpRXF/mcNErzkBxCtxHj07MtdILmKalsOIU95GkgEz
jCKKVPyx8FmLVnXvMTIsKVNx2jfozUeCk0gN2JdvmiSRgyBoKISwcwHcScu3l+YS
dR/Wglp+1HVwvgomoAv2yh/6MCttpmOh1uBhGGn19jMxmGt+bdstsfo2Pu6xdRCo
e4WiMIgXDiObvKHwuoV1NEiZxGV0TKfHZ4jzdsCqoInuL3lsUEi6hgzntwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOlriQy6pCuWdsWIZsfLvgbcoQ3WMB8GA1UdIwQY
MBaAFO4300hpvGC32eeDNfSjI4H7chDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pmVFNHbThZTGZaNTRNMTlLTWpnZnR5RU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9jOGM1ZTQtMjI1YS00ODllLTkxMDAt
YWIyY2U5NGMxNDIzLzEvNld1SkRMcWtLNVoyeFlobXg4dS1CdHloRGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9jOGM1ZTQtMjI1YS00ODllLTkxMDAtYWIyY2U5NGMxNDIz
LzEvN2pmVFNHbThZTGZaNTRNMTlLTWpnZnR5RU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR2QMA0G
CSqGSIb3DQEBCwUAA4IBAQBX2SjJ6IBBU1HS8Ab+HnICYXo2h5RjKVMdNnnQmYG/
YtrrZ9CZ4C6F/oRLmDI95leM0RdSFDUJmM4t3gW9ysf7jE/TEWU/xXe1e/8Rb1SB
fogp0mStnofbeTaTeEz/PrqEv/dy9WRzZQ9+EeWLVmw/nlona4S82Ne58+BpufVf
QxDmczdBCeVcrX0noKzcSI3lalkAGGgn1awX4qYHnmrMY+wblVIqLoomKzPnYGWZ
9+psbrRCLSa+IyE0Sfs6VZwqHj9GNZ35YYqscPxuRB2hjxULcDWY6kvmr/lrG+mU
ggma3vXx2tr+s94y1GMnLrY7QVFYWSecPzyKbBHNrUtt
-----END CERTIFICATE-----