Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/i6GLHagrcdIxWmPemHfDHtNizqg.roa
File:                     i6GLHagrcdIxWmPemHfDHtNizqg.roa (raw, json)
Hash identifier:          FmNuK4urS1Ccc8mNJv5iFoY6gb4+IjlRaBVpdBCZf7w=
Subject key identifier:   8B:A1:8B:1D:A8:2B:71:D2:31:5A:63:DE:98:77:C3:1E:D3:62:CE:A8
Certificate issuer:       /CN=1779b95d8a58fcca6a812e777e7ef69453f8ac98
Certificate serial:       018CC8016F7F792695B4B769AD2D8BC29F03
Authority key identifier: 17:79:B9:5D:8A:58:FC:CA:6A:81:2E:77:7E:7E:F6:94:53:F8:AC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3m5XYpY_MpqgS53fn72lFP4rJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/i6GLHagrcdIxWmPemHfDHtNizqg.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209620
IP address blocks:        185.184.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/F3m5XYpY_MpqgS53fn72lFP4rJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/F3m5XYpY_MpqgS53fn72lFP4rJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3m5XYpY_MpqgS53fn72lFP4rJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6f:7f:79:26:95:b4:b7:69:ad:2d:8b:c2:9f:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1779b95d8a58fcca6a812e777e7ef69453f8ac98
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ba18b1da82b71d2315a63de9877c31ed362cea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f8:98:8b:77:c4:32:e5:04:55:3c:5d:fa:ac:
                    05:7a:a0:b3:a4:af:58:6f:07:a7:26:e1:28:c3:57:
                    1b:68:03:12:08:c9:f2:55:cf:d1:d2:e9:e5:f3:1b:
                    3a:1c:ca:a2:fe:77:36:b0:5f:b8:22:08:db:72:22:
                    de:13:37:24:73:8a:8b:c5:77:74:94:b7:06:5b:70:
                    54:26:7b:9e:c9:c0:47:a0:ac:b6:ce:7a:46:55:91:
                    55:29:ff:2d:a5:93:69:e2:16:a1:c4:f3:c7:20:8f:
                    3e:8a:96:70:1a:c9:13:80:22:58:91:e8:0c:1c:de:
                    3d:41:f7:2b:f2:86:ce:6f:1a:2a:64:2f:4a:f8:89:
                    c6:8c:0b:37:8c:06:b8:c5:45:79:f6:4d:62:cd:ad:
                    71:cb:5c:62:66:f0:1e:cb:90:70:07:4b:bd:c0:26:
                    f1:87:ec:6b:4c:ae:a3:d1:e1:6f:33:4f:5e:6f:a5:
                    f1:95:a4:01:08:f7:a3:79:f0:70:5c:73:2a:5a:11:
                    64:17:ae:81:e7:e8:1e:4c:04:b3:da:85:80:21:c5:
                    5d:c5:11:f3:f9:38:98:b8:4c:ae:d5:78:78:2c:0c:
                    df:c4:c9:12:e6:e1:65:29:c1:5a:5c:78:97:a8:fe:
                    ed:bf:51:9e:99:91:67:bc:d5:bd:bb:93:63:67:bf:
                    9c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A1:8B:1D:A8:2B:71:D2:31:5A:63:DE:98:77:C3:1E:D3:62:CE:A8
            X509v3 Authority Key Identifier:
                keyid:17:79:B9:5D:8A:58:FC:CA:6A:81:2E:77:7E:7E:F6:94:53:F8:AC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3m5XYpY_MpqgS53fn72lFP4rJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/i6GLHagrcdIxWmPemHfDHtNizqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/F3m5XYpY_MpqgS53fn72lFP4rJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:0e:88:26:dd:c1:ee:ba:e9:ab:51:63:ee:d1:a0:01:e2:e7:
         39:0b:b9:fa:c0:8a:dd:6f:b0:8e:c8:66:c8:2f:f4:9e:41:ff:
         ef:0d:dc:6d:93:0c:99:c8:73:d4:47:73:56:b9:f4:59:b4:f4:
         36:94:10:5f:d8:6c:9a:5d:38:fb:2c:76:fe:dd:cc:15:74:6c:
         c7:d0:62:d4:81:f5:26:2c:f6:9e:3b:0e:d4:52:95:cf:48:87:
         c7:0b:c5:74:15:60:87:9e:69:a2:15:c2:ee:07:f6:39:4e:13:
         2d:67:6d:64:c5:31:78:18:96:89:97:cd:97:a0:3a:5e:83:3b:
         98:a7:01:15:8a:6c:18:c3:7f:9f:da:9e:e2:92:37:d7:c8:35:
         dd:7e:8e:3c:94:1a:4e:6d:cf:6a:00:01:31:bf:a7:45:6d:59:
         bc:89:63:e2:01:bd:a2:b4:90:a6:78:77:7c:44:4f:6a:d7:a2:
         f5:d1:7a:b6:7f:ea:61:c2:1f:80:f4:f2:10:c8:ba:05:fb:31:
         06:d2:2a:08:30:6e:83:35:9d:ba:40:f0:6d:c4:7d:8a:c0:a6:
         6b:30:36:e4:f4:61:bc:a8:3e:ec:fe:8a:9f:10:5b:00:01:01:
         a1:c1:fc:a5:4f:6a:ec:ff:04:d7:92:a3:ff:fd:6f:0b:14:cb:
         23:8d:92:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAW9/eSaVtLdprS2Lwp8DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzliOTVkOGE1OGZjY2E2YTgxMmU3NzdlN2VmNjk0NTNm
OGFjOTgwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmExOGIxZGE4MmI3MWQyMzE1YTYzZGU5ODc3YzMxZWQzNjJjZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/iYi3fEMuUEVTxd+qwFeqCzpK9Y
bwenJuEow1cbaAMSCMnyVc/R0unl8xs6HMqi/nc2sF+4IgjbciLeEzckc4qLxXd0
lLcGW3BUJnueycBHoKy2znpGVZFVKf8tpZNp4hahxPPHII8+ipZwGskTgCJYkegM
HN49Qfcr8obObxoqZC9K+InGjAs3jAa4xUV59k1iza1xy1xiZvAey5BwB0u9wCbx
h+xrTK6j0eFvM09eb6XxlaQBCPejefBwXHMqWhFkF66B5+geTASz2oWAIcVdxRHz
+TiYuEyu1Xh4LAzfxMkS5uFlKcFaXHiXqP7tv1GemZFnvNW9u5NjZ7+cdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuhix2oK3HSMVpj3ph3wx7TYs6oMB8GA1UdIwQY
MBaAFBd5uV2KWPzKaoEud35+9pRT+KyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNtNVhZcFlfTXBxZ1M1M2ZuNzJsRlA0ckpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iM2MwNjUtZWQxYy00NTg1LTk5YTYt
NDA3ZTNmZTYzOTQ1LzEvaTZHTEhhZ3JjZEl4V21QZW1IZkRIdE5penFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iM2MwNjUtZWQxYy00NTg1LTk5YTYtNDA3ZTNmZTYzOTQ1
LzEvRjNtNVhZcFlfTXBxZ1M1M2ZuNzJsRlA0ckpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubjVMA0G
CSqGSIb3DQEBCwUAA4IBAQAdDogm3cHuuumrUWPu0aAB4uc5C7n6wIrdb7COyGbI
L/SeQf/vDdxtkwyZyHPUR3NWufRZtPQ2lBBf2GyaXTj7LHb+3cwVdGzH0GLUgfUm
LPaeOw7UUpXPSIfHC8V0FWCHnmmiFcLuB/Y5ThMtZ21kxTF4GJaJl82XoDpegzuY
pwEVimwYw3+f2p7ikjfXyDXdfo48lBpObc9qAAExv6dFbVm8iWPiAb2itJCmeHd8
RE9q16L10Xq2f+phwh+A9PIQyLoF+zEG0ioIMG6DNZ26QPBtxH2KwKZrMDbk9GG8
qD7s/oqfEFsAAQGhwfylT2rs/wTXkqP//W8LFMsjjZJn
-----END CERTIFICATE-----