Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/6xWqQPhAYauShadXSNreSc5s3U4.roa
File:                     6xWqQPhAYauShadXSNreSc5s3U4.roa (raw, json)
Hash identifier:          s27R1xiwKCcAU+YPa2QmVA6onHr4IC0g4E99sKkzZ4Q=
Subject key identifier:   EB:15:AA:40:F8:40:61:AB:92:85:A7:57:48:DA:DE:49:CE:6C:DD:4E
Certificate issuer:       /CN=2d676a61dcf4d222ba66cda19430f61e611d8aae
Certificate serial:       018CC26D17086591303B13F134669D48BC61
Authority key identifier: 2D:67:6A:61:DC:F4:D2:22:BA:66:CD:A1:94:30:F6:1E:61:1D:8A:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LWdqYdz00iK6Zs2hlDD2HmEdiq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/6xWqQPhAYauShadXSNreSc5s3U4.roa
Signing time:             Mon 01 Jan 2024 00:29:38 +0000
ROA not before:           Mon 01 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33011
IP address blocks:        185.235.236.0/22 maxlen: 24
                          2a0d:8100::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/LWdqYdz00iK6Zs2hlDD2HmEdiq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/LWdqYdz00iK6Zs2hlDD2HmEdiq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LWdqYdz00iK6Zs2hlDD2HmEdiq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:17:08:65:91:30:3b:13:f1:34:66:9d:48:bc:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d676a61dcf4d222ba66cda19430f61e611d8aae
        Validity
            Not Before: Jan  1 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb15aa40f84061ab9285a75748dade49ce6cdd4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e9:fe:f4:96:b4:7c:5d:4a:37:97:13:d9:b1:
                    d7:88:ef:d0:0e:b1:e9:46:4c:5a:9f:b4:6b:a1:5f:
                    22:3d:e6:53:1d:9c:0d:5a:90:63:db:59:48:ef:32:
                    ca:34:bf:f8:5d:4d:16:67:67:be:23:be:82:31:26:
                    de:91:9d:a5:cd:9a:3b:a5:31:8f:5d:be:77:dd:c5:
                    71:13:94:11:a8:1b:20:b3:f2:00:63:4d:74:b1:2b:
                    e7:6d:66:ab:42:5e:6f:d2:7d:8f:90:54:ee:8f:70:
                    77:15:0f:b4:9d:8e:a2:03:47:0c:e3:08:0b:02:5b:
                    03:61:4d:16:c3:12:ff:d6:25:52:07:6f:92:96:34:
                    2e:24:54:40:8e:6d:48:85:ed:0b:e7:a5:8c:f0:7f:
                    c7:ff:7c:74:78:a8:5e:03:74:eb:88:49:8c:4c:99:
                    d4:d4:c0:95:d4:e9:65:7f:bb:76:6d:4a:83:f9:52:
                    75:06:1b:bd:cb:f2:69:d1:37:1a:47:48:3c:f2:95:
                    75:03:65:ab:2b:4c:04:04:e0:26:1b:d5:c2:44:7e:
                    5f:3f:5c:72:e5:72:e1:8b:f0:9e:48:db:7b:03:ef:
                    d2:83:0f:af:b2:c3:1e:7f:78:b8:cf:c8:ce:ca:f6:
                    3c:d7:8e:43:eb:72:61:21:8d:53:2b:7b:66:6f:bb:
                    b8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:15:AA:40:F8:40:61:AB:92:85:A7:57:48:DA:DE:49:CE:6C:DD:4E
            X509v3 Authority Key Identifier:
                keyid:2D:67:6A:61:DC:F4:D2:22:BA:66:CD:A1:94:30:F6:1E:61:1D:8A:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LWdqYdz00iK6Zs2hlDD2HmEdiq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/6xWqQPhAYauShadXSNreSc5s3U4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/LWdqYdz00iK6Zs2hlDD2HmEdiq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.236.0/22
                IPv6:
                  2a0d:8100::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:e9:d1:37:5f:5e:4f:31:d7:fb:72:a3:5c:1d:dd:98:45:cd:
         20:c3:29:32:ad:ee:d5:0d:cf:e0:b8:73:ea:3d:f4:c1:a5:72:
         d9:f4:f5:9c:a0:38:52:e7:f1:5f:0e:2a:85:5a:8b:ab:cf:47:
         4d:e1:d8:eb:8e:b5:a8:47:cf:88:69:4d:8b:d7:a4:e9:12:1d:
         92:aa:be:be:5b:cb:a9:3c:92:42:4b:8b:5d:97:49:4e:2c:c1:
         14:20:59:ea:56:a1:60:ad:ea:e6:1a:dd:01:e4:e6:6d:7d:8a:
         30:52:f0:e2:5f:b7:22:18:a8:17:b3:f9:12:34:31:65:5f:b6:
         7a:7d:f8:3b:9f:df:d6:62:b4:1c:2e:0d:e2:0e:f8:48:09:21:
         a3:21:a3:4b:65:dd:e1:38:bb:7e:d4:d9:8a:71:10:62:8b:74:
         d7:a9:9c:3b:ea:87:0f:fc:f6:b5:7e:a4:74:92:95:7c:f3:9c:
         84:98:26:ef:6d:99:20:50:6b:42:3e:6a:e3:af:bb:f7:93:72:
         d9:58:8a:a8:b6:f8:a8:c5:80:c3:6a:e7:53:3e:26:92:36:53:
         46:e5:cd:5f:88:c0:5d:00:58:38:73:d3:42:e3:74:0f:87:77:
         e1:34:9a:63:54:b5:ac:a6:3a:14:36:85:a9:32:2a:6f:01:82:
         2d:6d:84:aa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbRcIZZEwOxPxNGadSLxhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNjc2YTYxZGNmNGQyMjJiYTY2Y2RhMTk0MzBmNjFlNjEx
ZDhhYWUwHhcNMjQwMTAxMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjE1YWE0MGY4NDA2MWFiOTI4NWE3NTc0OGRhZGU0OWNlNmNkZDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgen+9Ja0fF1KN5cT2bHXiO/QDrHp
Rkxan7RroV8iPeZTHZwNWpBj21lI7zLKNL/4XU0WZ2e+I76CMSbekZ2lzZo7pTGP
Xb533cVxE5QRqBsgs/IAY010sSvnbWarQl5v0n2PkFTuj3B3FQ+0nY6iA0cM4wgL
AlsDYU0WwxL/1iVSB2+SljQuJFRAjm1Ihe0L56WM8H/H/3x0eKheA3TriEmMTJnU
1MCV1Ollf7t2bUqD+VJ1Bhu9y/Jp0TcaR0g88pV1A2WrK0wEBOAmG9XCRH5fP1xy
5XLhi/CeSNt7A+/Sgw+vssMef3i4z8jOyvY8145D63JhIY1TK3tmb7u40wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOsVqkD4QGGrkoWnV0ja3knObN1OMB8GA1UdIwQY
MBaAFC1namHc9NIiumbNoZQw9h5hHYquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFdkcVlkejAwaUs2WnMyaGxERDJIbUVkaXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9iMmM2OGUtZWIzYi00ZTAxLWI1MGEt
YTg2YTI0NjU1ODcwLzEvNnhXcVFQaEFZYXVTaGFkWFNOcmVTYzVzM1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9iMmM2OGUtZWIzYi00ZTAxLWI1MGEtYTg2YTI0NjU1ODcw
LzEvTFdkcVlkejAwaUs2WnMyaGxERDJIbUVkaXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuevsMA0E
AgACMAcDBQAqDYEAMA0GCSqGSIb3DQEBCwUAA4IBAQCs6dE3X15PMdf7cqNcHd2Y
Rc0gwykyre7VDc/guHPqPfTBpXLZ9PWcoDhS5/FfDiqFWourz0dN4djrjrWoR8+I
aU2L16TpEh2Sqr6+W8upPJJCS4tdl0lOLMEUIFnqVqFgrermGt0B5OZtfYowUvDi
X7ciGKgXs/kSNDFlX7Z6ffg7n9/WYrQcLg3iDvhICSGjIaNLZd3hOLt+1NmKcRBi
i3TXqZw76ocP/Pa1fqR0kpV885yEmCbvbZkgUGtCPmrjr7v3k3LZWIqotvioxYDD
audTPiaSNlNG5c1fiMBdAFg4c9NC43QPh3fhNJpjVLWspjoUNoWpMipvAYItbYSq
-----END CERTIFICATE-----