Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7aa89e-4bae-4014-82b9-7208cd98d881/1/6i7wzRKt2RNBRQ1kHNpioBDfnuw.roa
File:                     6i7wzRKt2RNBRQ1kHNpioBDfnuw.roa (raw, json)
Hash identifier:          OzL85nJNYsIxa5prJHxeKES3MF4dEmI+vf+f2FNSKnc=
Subject key identifier:   EA:2E:F0:CD:12:AD:D9:13:41:45:0D:64:1C:DA:62:A0:10:DF:9E:EC
Certificate issuer:       /CN=577cd086d6b82925abb8bb815e658852522e0921
Certificate serial:       018CC7273ABCBA04CA24A2D4FC727A7CEA98
Authority key identifier: 57:7C:D0:86:D6:B8:29:25:AB:B8:BB:81:5E:65:88:52:52:2E:09:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3zQhta4KSWruLuBXmWIUlIuCSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7aa89e-4bae-4014-82b9-7208cd98d881/1/6i7wzRKt2RNBRQ1kHNpioBDfnuw.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44329
IP address blocks:        194.50.28.0/24 maxlen: 24
                          2001:67c:ac::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7aa89e-4bae-4014-82b9-7208cd98d881/1/V3zQhta4KSWruLuBXmWIUlIuCSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7aa89e-4bae-4014-82b9-7208cd98d881/1/V3zQhta4KSWruLuBXmWIUlIuCSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3zQhta4KSWruLuBXmWIUlIuCSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3a:bc:ba:04:ca:24:a2:d4:fc:72:7a:7c:ea:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=577cd086d6b82925abb8bb815e658852522e0921
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea2ef0cd12add91341450d641cda62a010df9eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2b:e9:ae:33:40:26:44:d2:19:a5:d8:19:cb:
                    fb:0e:9d:fb:66:28:91:ab:d9:a2:29:09:cc:e1:d2:
                    47:82:ed:49:bf:97:58:73:0e:ab:8f:d5:ad:5f:d5:
                    68:94:8b:81:62:e1:a5:1c:4f:fc:2c:19:9a:a9:92:
                    ba:51:b7:1d:46:cc:52:4e:0b:ff:70:01:dd:d0:19:
                    83:19:a6:b8:33:fe:45:01:05:4b:70:24:80:b1:fb:
                    6e:2f:ce:75:6d:56:33:02:dc:e8:98:fc:cd:8e:a0:
                    66:77:cb:0a:6f:1d:bd:08:79:89:e2:bf:37:06:18:
                    72:44:3c:dc:a2:fa:06:4d:42:4d:f5:1a:77:23:f6:
                    96:22:23:f0:7b:55:f5:9f:50:c2:3f:ae:88:a2:fd:
                    36:4f:a6:38:02:ec:af:2b:84:6f:81:30:b6:2a:46:
                    9a:0a:3c:62:db:19:1c:f4:16:9f:ae:57:61:d7:fe:
                    60:45:40:c1:aa:43:bd:9c:61:0d:43:c7:8f:48:bc:
                    fa:7a:91:30:98:5f:05:01:4e:aa:22:a0:4b:e7:0c:
                    7e:aa:c2:27:03:c6:e0:da:64:82:6b:41:ef:48:99:
                    89:01:4a:cb:12:0b:ee:d6:69:e1:90:4f:3b:1f:99:
                    75:43:65:50:a3:84:b1:73:26:90:99:44:5f:7b:79:
                    21:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2E:F0:CD:12:AD:D9:13:41:45:0D:64:1C:DA:62:A0:10:DF:9E:EC
            X509v3 Authority Key Identifier:
                keyid:57:7C:D0:86:D6:B8:29:25:AB:B8:BB:81:5E:65:88:52:52:2E:09:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3zQhta4KSWruLuBXmWIUlIuCSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7aa89e-4bae-4014-82b9-7208cd98d881/1/6i7wzRKt2RNBRQ1kHNpioBDfnuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7aa89e-4bae-4014-82b9-7208cd98d881/1/V3zQhta4KSWruLuBXmWIUlIuCSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.28.0/24
                IPv6:
                  2001:67c:ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:f6:d8:a9:2c:71:e6:f2:92:26:4c:5d:bb:56:11:2e:db:2f:
         dc:68:d7:7b:dc:e2:94:ba:29:b0:3c:dc:9d:4e:6b:02:62:b6:
         ea:f4:b7:05:98:99:98:8b:97:f5:1e:5c:86:2f:0d:0d:11:2f:
         5b:40:6c:00:81:a2:fc:0c:77:00:87:d7:f5:5b:fd:3b:f2:ba:
         52:53:5e:87:e5:34:5c:1e:b1:19:df:52:4d:cd:99:3d:7e:d3:
         90:62:80:69:30:ac:12:a9:b0:83:d1:15:4d:56:2f:38:2d:1e:
         0d:ee:6d:7b:2d:3a:f4:f9:f8:a6:d8:47:a8:22:f5:f1:60:c9:
         35:3c:ff:98:cf:5e:14:f5:9a:08:e4:0c:4c:1a:b8:03:93:b0:
         e7:c3:9b:fc:ca:a0:46:60:c4:c9:7f:33:a7:dc:8d:a4:3d:40:
         a8:11:b1:b4:05:3f:de:fd:08:4b:1c:6c:8f:b7:98:da:f2:06:
         8a:5d:f2:dc:4b:f4:21:f4:cf:a8:67:77:22:c3:72:22:a1:c6:
         ef:7d:ab:78:28:a2:b1:de:4a:80:19:15:30:57:cf:90:33:47:
         c0:07:b7:4b:e9:af:7d:c3:df:19:b2:e5:b5:8d:36:66:bf:e8:
         0b:8b:26:c7:c5:00:5b:3f:0f:38:97:60:e5:ef:1d:dc:c5:ec:
         3e:f3:a1:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJzq8ugTKJKLU/HJ6fOqYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3N2NkMDg2ZDZiODI5MjVhYmI4YmI4MTVlNjU4ODUyNTIy
ZTA5MjEwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTJlZjBjZDEyYWRkOTEzNDE0NTBkNjQxY2RhNjJhMDEwZGY5ZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyvprjNAJkTSGaXYGcv7Dp37ZiiR
q9miKQnM4dJHgu1Jv5dYcw6rj9WtX9VolIuBYuGlHE/8LBmaqZK6UbcdRsxSTgv/
cAHd0BmDGaa4M/5FAQVLcCSAsftuL851bVYzAtzomPzNjqBmd8sKbx29CHmJ4r83
BhhyRDzcovoGTUJN9Rp3I/aWIiPwe1X1n1DCP66Iov02T6Y4AuyvK4RvgTC2Kkaa
Cjxi2xkc9Bafrldh1/5gRUDBqkO9nGENQ8ePSLz6epEwmF8FAU6qIqBL5wx+qsIn
A8bg2mSCa0HvSJmJAUrLEgvu1mnhkE87H5l1Q2VQo4SxcyaQmURfe3khRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOou8M0SrdkTQUUNZBzaYqAQ357sMB8GA1UdIwQY
MBaAFFd80IbWuCklq7i7gV5liFJSLgkhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjN6UWh0YTRLU1dydUx1QlhtV0lVbEl1Q1NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YWE4OWUtNGJhZS00MDE0LTgyYjkt
NzIwOGNkOThkODgxLzEvNmk3d3pSS3QyUk5CUlExa0hOcGlvQkRmbnV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YWE4OWUtNGJhZS00MDE0LTgyYjktNzIwOGNkOThkODgx
LzEvVjN6UWh0YTRLU1dydUx1QlhtV0lVbEl1Q1NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwjIcMA8E
AgACMAkDBwAgAQZ8AKwwDQYJKoZIhvcNAQELBQADggEBACX22KkscebykiZMXbtW
ES7bL9xo13vc4pS6KbA83J1OawJitur0twWYmZiLl/UeXIYvDQ0RL1tAbACBovwM
dwCH1/Vb/TvyulJTXoflNFwesRnfUk3NmT1+05BigGkwrBKpsIPRFU1WLzgtHg3u
bXstOvT5+KbYR6gi9fFgyTU8/5jPXhT1mgjkDEwauAOTsOfDm/zKoEZgxMl/M6fc
jaQ9QKgRsbQFP979CEscbI+3mNryBopd8txL9CH0z6hndyLDciKhxu99q3goorHe
SoAZFTBXz5AzR8AHt0vpr33D3xmy5bWNNma/6AuLJsfFAFs/DziXYOXvHdzF7D7z
oUU=
-----END CERTIFICATE-----