Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/6PXgUBKTZCIOw13uQ-Fwm6UfGJo.roa
File:                     6PXgUBKTZCIOw13uQ-Fwm6UfGJo.roa (raw, json)
Hash identifier:          tH4Nm9qGIS1vGAGhnvmQeVPMFAPiBrDLDuHOdaIwL7I=
Subject key identifier:   E8:F5:E0:50:12:93:64:22:0E:C3:5D:EE:43:E1:70:9B:A5:1F:18:9A
Certificate issuer:       /CN=90694a622866ae158ed287d2533d40baabea6d7d
Certificate serial:       019073C2B53139D06EE71F12557B04004BAE
Authority key identifier: 90:69:4A:62:28:66:AE:15:8E:D2:87:D2:53:3D:40:BA:AB:EA:6D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kGlKYihmrhWO0ofSUz1AuqvqbX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/6PXgUBKTZCIOw13uQ-Fwm6UfGJo.roa
Signing time:             Tue 02 Jul 2024 14:04:18 +0000
ROA not before:           Tue 02 Jul 2024 14:04:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214589
IP address blocks:        195.189.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/kGlKYihmrhWO0ofSUz1AuqvqbX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/kGlKYihmrhWO0ofSUz1AuqvqbX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kGlKYihmrhWO0ofSUz1AuqvqbX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:73:c2:b5:31:39:d0:6e:e7:1f:12:55:7b:04:00:4b:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90694a622866ae158ed287d2533d40baabea6d7d
        Validity
            Not Before: Jul  2 14:04:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8f5e050129364220ec35dee43e1709ba51f189a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a3:b9:a3:d3:6b:20:45:82:e8:2f:d6:f7:81:
                    0a:e0:d5:84:08:4b:5f:e6:c6:ce:21:30:c4:5c:2c:
                    2d:64:28:28:35:3b:f3:cd:a7:b0:b6:4a:f1:b8:6e:
                    fd:01:56:93:71:68:f9:b3:e4:73:04:f7:a4:ad:aa:
                    68:a8:1b:d1:45:22:4d:d7:c3:18:b3:68:88:03:d7:
                    15:63:31:8c:17:3a:c8:7f:6f:ae:37:40:51:aa:af:
                    54:79:35:31:37:af:3e:32:46:2b:95:c3:b4:a6:ea:
                    b3:c1:4e:ef:ad:fc:28:c3:29:53:0c:4d:35:70:41:
                    f2:e7:53:13:a7:b2:c3:c4:d0:5c:08:ea:87:5b:30:
                    b6:a8:6e:e5:17:3b:c0:9e:a7:42:79:e6:0c:7e:c5:
                    59:be:73:1f:91:cb:e9:4d:37:6b:dd:a5:33:ac:cb:
                    0d:c9:30:99:48:27:ba:2f:32:06:25:7c:4b:4f:e6:
                    3a:d7:a4:09:c3:da:c0:8a:73:01:db:84:11:43:c5:
                    64:0c:bc:0f:36:19:bb:98:6b:f5:08:7d:ca:5a:cb:
                    c8:33:bd:3a:85:ee:00:61:82:11:49:2d:e3:e2:6d:
                    8d:9a:9d:5c:3b:23:5b:79:c2:31:8b:32:67:8a:8e:
                    6c:51:35:66:fa:f2:af:22:23:b2:32:6f:59:1c:2e:
                    da:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:F5:E0:50:12:93:64:22:0E:C3:5D:EE:43:E1:70:9B:A5:1F:18:9A
            X509v3 Authority Key Identifier:
                keyid:90:69:4A:62:28:66:AE:15:8E:D2:87:D2:53:3D:40:BA:AB:EA:6D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kGlKYihmrhWO0ofSUz1AuqvqbX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/6PXgUBKTZCIOw13uQ-Fwm6UfGJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/kGlKYihmrhWO0ofSUz1AuqvqbX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:fe:31:76:36:1a:cd:ce:f8:8d:9d:7e:c3:4a:96:8a:6a:16:
         95:a0:65:bc:d4:56:b0:66:00:9a:cb:ea:57:3f:68:cb:15:ef:
         99:a1:c4:ba:e5:f0:ef:ab:10:4c:8f:e9:6d:e4:22:bc:75:74:
         64:cc:30:39:bc:f4:67:a4:8e:22:8e:bb:43:e1:2f:f5:8f:a9:
         5b:5e:61:2a:7b:50:d0:cb:d4:d0:5d:f2:77:be:cd:5f:f4:0b:
         25:8a:e9:34:c0:4d:8b:9b:64:05:fd:e9:16:73:aa:f8:da:06:
         f6:f5:82:dc:eb:84:90:76:c9:15:a0:bc:97:88:51:90:d4:48:
         44:83:96:e1:ec:d0:e3:a2:98:96:09:6c:45:4a:ef:dc:8d:b2:
         48:9b:e8:f2:c5:2a:73:97:98:9f:0d:d5:15:3b:7d:73:97:4f:
         76:8d:b0:17:50:aa:24:18:4e:02:ab:bc:df:f7:1e:c5:b1:3d:
         11:15:60:b3:90:0d:66:d9:69:6a:b0:df:b9:6d:1e:4a:b0:c5:
         1d:5c:69:f1:a1:ec:11:bc:ba:0d:c2:56:31:0b:e6:5b:27:f6:
         e4:75:c4:2a:a6:27:f3:6a:02:27:47:73:8b:b2:71:6c:0e:eb:
         5e:92:18:ad:f1:63:79:78:f0:0e:68:95:b2:b8:4f:df:a7:62:
         1d:b8:83:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBzwrUxOdBu5x8SVXsEAEuuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNjk0YTYyMjg2NmFlMTU4ZWQyODdkMjUzM2Q0MGJhYWJl
YTZkN2QwHhcNMjQwNzAyMTQwNDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGY1ZTA1MDEyOTM2NDIyMGVjMzVkZWU0M2UxNzA5YmE1MWYxODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKO5o9NrIEWC6C/W94EK4NWECEtf
5sbOITDEXCwtZCgoNTvzzaewtkrxuG79AVaTcWj5s+RzBPekrapoqBvRRSJN18MY
s2iIA9cVYzGMFzrIf2+uN0BRqq9UeTUxN68+MkYrlcO0puqzwU7vrfwowylTDE01
cEHy51MTp7LDxNBcCOqHWzC2qG7lFzvAnqdCeeYMfsVZvnMfkcvpTTdr3aUzrMsN
yTCZSCe6LzIGJXxLT+Y616QJw9rAinMB24QRQ8VkDLwPNhm7mGv1CH3KWsvIM706
he4AYYIRSS3j4m2Nmp1cOyNbecIxizJnio5sUTVm+vKvIiOyMm9ZHC7aYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOj14FASk2QiDsNd7kPhcJulHxiaMB8GA1UdIwQY
MBaAFJBpSmIoZq4VjtKH0lM9QLqr6m19MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0dsS1lpaG1yaFdPMG9mU1V6MUF1cXZxYlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9iOWUyZjctMjFkYy00MmMwLTk0YjAt
MTNjMGE2MzNlOWY0LzEvNlBYZ1VCS1RaQ0lPdzEzdVEtRndtNlVmR0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9iOWUyZjctMjFkYy00MmMwLTk0YjAtMTNjMGE2MzNlOWY0
LzEva0dsS1lpaG1yaFdPMG9mU1V6MUF1cXZxYlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw70kMA0G
CSqGSIb3DQEBCwUAA4IBAQCh/jF2NhrNzviNnX7DSpaKahaVoGW81FawZgCay+pX
P2jLFe+ZocS65fDvqxBMj+lt5CK8dXRkzDA5vPRnpI4ijrtD4S/1j6lbXmEqe1DQ
y9TQXfJ3vs1f9Asliuk0wE2Lm2QF/ekWc6r42gb29YLc64SQdskVoLyXiFGQ1EhE
g5bh7NDjopiWCWxFSu/cjbJIm+jyxSpzl5ifDdUVO31zl092jbAXUKokGE4Cq7zf
9x7FsT0RFWCzkA1m2WlqsN+5bR5KsMUdXGnxoewRvLoNwlYxC+ZbJ/bkdcQqpifz
agInR3OLsnFsDutekhit8WN5ePAOaJWyuE/fp2IduIPj
-----END CERTIFICATE-----