Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/6kSNO4q11KUII70MaOJKkb7-8sg.roa
File:                     6kSNO4q11KUII70MaOJKkb7-8sg.roa (raw, json)
Hash identifier:          po7fMOEHEv78blrhtlvLrqv8BATiXO+irHU+tW7u7Us=
Subject key identifier:   EA:44:8D:3B:8A:B5:D4:A5:08:23:BD:0C:68:E2:4A:91:BE:FE:F2:C8
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019424454D97FBF58148A34DEDFEEC0DE5EF
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/6kSNO4q11KUII70MaOJKkb7-8sg.roa
Signing time:             Wed 01 Jan 2025 23:48:29 +0000
ROA not before:           Wed 01 Jan 2025 23:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        185.226.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4d:97:fb:f5:81:48:a3:4d:ed:fe:ec:0d:e5:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea448d3b8ab5d4a50823bd0c68e24a91befef2c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9b:ad:6a:fc:90:2c:2a:f1:5c:db:42:90:34:
                    af:c8:10:e4:ec:f2:dd:1f:a3:ef:24:11:b4:98:6c:
                    34:b1:50:af:77:3a:bd:be:44:ef:6c:f1:3d:82:ac:
                    d6:5d:db:f2:10:5e:f0:ee:ef:5a:2b:da:22:c9:9f:
                    d9:4a:1a:ca:02:64:a9:37:e0:3f:d2:66:64:b6:3c:
                    c7:f7:f8:05:5e:a8:69:42:75:d4:10:53:cd:be:73:
                    3b:fb:ae:66:29:4b:a5:62:d4:59:76:9c:77:13:f4:
                    2c:e3:8b:c8:f6:41:0e:d4:3a:55:9f:a1:97:62:04:
                    a4:99:80:c7:c9:82:60:2c:c4:87:59:fb:7c:cd:be:
                    00:d8:ff:a9:25:57:82:76:74:4a:8e:ad:a6:0a:cb:
                    eb:30:5a:8d:20:64:32:2c:37:b1:32:8f:15:c9:26:
                    78:de:0a:dd:95:d9:c0:b6:7f:47:f1:8a:67:33:dd:
                    cd:77:81:30:1d:1a:67:95:97:71:03:97:96:50:8e:
                    92:e2:84:3a:4b:3f:00:16:92:cc:8a:81:2a:1e:e8:
                    69:0b:ca:0c:eb:3b:6a:1a:af:15:27:39:ad:df:f8:
                    0c:c4:2d:01:8c:d4:0a:45:62:48:6b:2b:da:1c:4e:
                    2e:b7:e3:7e:90:05:6b:8a:42:50:88:49:eb:57:84:
                    a7:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:44:8D:3B:8A:B5:D4:A5:08:23:BD:0C:68:E2:4A:91:BE:FE:F2:C8
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/6kSNO4q11KUII70MaOJKkb7-8sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:0f:6a:20:9e:9a:cc:95:d6:a2:95:34:19:d4:73:4c:7c:43:
         98:62:62:2e:71:1d:16:3a:13:90:d1:09:f1:10:99:7f:82:0a:
         63:5e:cd:d7:da:2d:f6:a6:22:fa:92:d2:f7:15:2e:38:8a:3e:
         95:ad:c0:a3:a2:fe:0c:88:04:f6:b3:9b:b4:e1:f9:d9:ca:92:
         dd:08:c2:5f:c0:43:f9:2a:22:5c:f9:f4:06:48:86:e4:b0:db:
         26:87:5c:d8:88:37:55:c3:16:db:b8:75:a1:74:f6:bb:cc:5b:
         ef:41:47:31:38:0d:b0:db:a9:55:23:5b:37:13:78:28:23:ee:
         0e:17:50:8e:28:64:0d:53:08:9a:44:88:23:a5:8d:04:4f:25:
         a9:05:59:82:dc:64:7a:48:63:b1:6e:87:b0:e6:24:ea:f3:3d:
         8c:6c:a3:7f:bd:ce:69:54:ba:9b:2a:e5:5c:e0:cd:be:12:0f:
         2d:09:6f:26:bf:c7:50:91:ad:2b:e2:36:66:13:5c:90:f2:02:
         62:96:30:c5:b1:8a:4b:7a:4e:11:3e:85:ad:cc:51:52:ce:d0:
         a0:1a:c6:0e:31:3a:11:e2:d2:d4:ad:ab:3f:29:c2:a4:bf:72:
         67:1e:cd:8d:2c:d1:13:bf:60:e1:5f:b4:c0:dd:2e:98:ea:74:
         e2:45:0e:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRU2X+/WBSKNN7f7sDeXvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQ0OGQzYjhhYjVkNGE1MDgyM2JkMGM2OGUyNGE5MWJlZmVmMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArputavyQLCrxXNtCkDSvyBDk7PLd
H6PvJBG0mGw0sVCvdzq9vkTvbPE9gqzWXdvyEF7w7u9aK9oiyZ/ZShrKAmSpN+A/
0mZktjzH9/gFXqhpQnXUEFPNvnM7+65mKUulYtRZdpx3E/Qs44vI9kEO1DpVn6GX
YgSkmYDHyYJgLMSHWft8zb4A2P+pJVeCdnRKjq2mCsvrMFqNIGQyLDexMo8VySZ4
3grdldnAtn9H8YpnM93Nd4EwHRpnlZdxA5eWUI6S4oQ6Sz8AFpLMioEqHuhpC8oM
6ztqGq8VJzmt3/gMxC0BjNQKRWJIayvaHE4ut+N+kAVrikJQiEnrV4SnGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpEjTuKtdSlCCO9DGjiSpG+/vLIMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvNmtTTk80cTExS1VJSTcwTWFPSktrYjctOHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueK0MA0G
CSqGSIb3DQEBCwUAA4IBAQCaD2ognprMldailTQZ1HNMfEOYYmIucR0WOhOQ0Qnx
EJl/ggpjXs3X2i32piL6ktL3FS44ij6VrcCjov4MiAT2s5u04fnZypLdCMJfwEP5
KiJc+fQGSIbksNsmh1zYiDdVwxbbuHWhdPa7zFvvQUcxOA2w26lVI1s3E3goI+4O
F1COKGQNUwiaRIgjpY0ETyWpBVmC3GR6SGOxboew5iTq8z2MbKN/vc5pVLqbKuVc
4M2+Eg8tCW8mv8dQka0r4jZmE1yQ8gJiljDFsYpLek4RPoWtzFFSztCgGsYOMToR
4tLUras/KcKkv3JnHs2NLNETv2DhX7TA3S6Y6nTiRQ4E
-----END CERTIFICATE-----