Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/6fQy8MpMPg8IxE9oDknAb_WFsTE.roa
File:                     6fQy8MpMPg8IxE9oDknAb_WFsTE.roa (raw, json)
Hash identifier:          I4meajXAzai7cJDEq+CavmANnr99mKEVlvBE5TjJ3EM=
Subject key identifier:   E9:F4:32:F0:CA:4C:3E:0F:08:C4:4F:68:0E:49:C0:6F:F5:85:B1:31
Certificate issuer:       /CN=21698c1cdc66dc285d0f807629c46261a88b2de7
Certificate serial:       018CC6B92936EB996EE900D4FB82869DF844
Authority key identifier: 21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/6fQy8MpMPg8IxE9oDknAb_WFsTE.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        193.164.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:29:36:eb:99:6e:e9:00:d4:fb:82:86:9d:f8:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21698c1cdc66dc285d0f807629c46261a88b2de7
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9f432f0ca4c3e0f08c44f680e49c06ff585b131
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:00:8f:44:82:4f:42:d9:26:36:32:0f:73:7a:
                    51:96:88:0d:2e:9e:57:88:91:e5:be:95:22:e6:90:
                    67:44:e4:d3:d3:4d:99:c6:c8:f9:f5:5a:66:a8:c1:
                    d2:63:ce:3b:14:8d:b7:1e:ff:05:a3:71:48:42:41:
                    ab:20:8d:b0:5b:65:d2:d3:23:24:71:85:84:53:e4:
                    ef:72:45:5e:64:35:6a:47:8c:a9:d8:e3:f3:01:12:
                    73:26:40:5b:73:e4:36:a9:5f:27:92:a5:82:81:8a:
                    33:e6:c8:aa:54:ba:e5:2b:00:f0:5d:e8:2c:81:64:
                    38:bb:f7:d6:7e:02:34:a8:e1:e9:be:90:c3:0e:eb:
                    c3:58:8b:59:50:88:09:dd:d3:9d:b5:8b:a5:50:17:
                    51:0b:13:0d:49:28:23:f5:38:4c:3e:5b:37:ab:ce:
                    dc:4f:7d:30:2a:7e:88:46:53:eb:2f:58:e3:b8:f4:
                    fa:42:0f:0a:37:6e:d0:cd:3e:d7:7a:76:9b:1a:97:
                    61:5b:c9:7a:c9:c5:43:e3:f0:c4:ca:86:12:ce:64:
                    7c:34:29:96:5f:96:08:10:3e:12:7b:bc:f6:fd:5d:
                    db:00:54:3a:e9:11:c3:ac:d2:5a:9e:0d:b4:5c:00:
                    fc:d4:2b:f5:c9:8b:d2:5e:db:ed:99:6d:53:68:73:
                    64:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F4:32:F0:CA:4C:3E:0F:08:C4:4F:68:0E:49:C0:6F:F5:85:B1:31
            X509v3 Authority Key Identifier:
                keyid:21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/6fQy8MpMPg8IxE9oDknAb_WFsTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:e8:6d:17:70:a4:3f:6d:08:15:9f:a2:2a:d5:87:64:08:03:
         9f:d6:ad:29:7f:6c:b6:db:b4:45:5c:c8:c7:62:86:cc:6f:cb:
         b6:61:44:23:91:da:1f:d2:71:86:3b:9c:df:18:8d:12:dd:f5:
         67:25:d6:d6:63:d1:0a:b1:8f:bd:79:1f:49:2b:be:af:d2:67:
         b3:a4:09:d0:2b:c6:1f:93:b8:77:ea:9e:dc:be:72:19:49:fd:
         3e:e4:0d:08:c8:2c:24:4c:20:e3:71:e2:21:20:fc:e7:e2:e1:
         5f:51:a4:5f:26:41:f7:3f:a6:10:b3:6c:b2:ed:b5:06:74:b4:
         25:e8:00:76:7e:06:06:be:19:76:d6:d4:9c:83:a8:6d:fe:9b:
         d2:d2:d1:7e:98:61:d3:4f:c2:c4:cd:a2:42:15:81:e4:72:87:
         8a:42:1a:aa:c7:c0:a0:f4:a5:4c:f7:c0:a8:77:ec:fd:8e:0a:
         75:41:81:e1:a9:9a:ba:c4:ae:ed:90:d1:b6:3f:b3:3c:03:43:
         3d:3e:35:7e:fe:31:8e:fe:65:11:76:83:30:6b:35:05:99:6f:
         f5:41:10:1b:be:60:98:7f:3b:72:f2:15:dd:25:3d:3a:e5:07:
         26:3a:e7:da:c6:6d:7d:69:c6:72:c4:dc:30:4e:59:b6:53:76:
         17:b9:99:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSk265lu6QDU+4KGnfhEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjk4YzFjZGM2NmRjMjg1ZDBmODA3NjI5YzQ2MjYxYTg4
YjJkZTcwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWY0MzJmMGNhNGMzZTBmMDhjNDRmNjgwZTQ5YzA2ZmY1ODViMTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgCPRIJPQtkmNjIPc3pRlogNLp5X
iJHlvpUi5pBnROTT002Zxsj59VpmqMHSY847FI23Hv8Fo3FIQkGrII2wW2XS0yMk
cYWEU+TvckVeZDVqR4yp2OPzARJzJkBbc+Q2qV8nkqWCgYoz5siqVLrlKwDwXegs
gWQ4u/fWfgI0qOHpvpDDDuvDWItZUIgJ3dOdtYulUBdRCxMNSSgj9ThMPls3q87c
T30wKn6IRlPrL1jjuPT6Qg8KN27QzT7XenabGpdhW8l6ycVD4/DEyoYSzmR8NCmW
X5YIED4Se7z2/V3bAFQ66RHDrNJang20XAD81Cv1yYvSXtvtmW1TaHNkuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOn0MvDKTD4PCMRPaA5JwG/1hbExMB8GA1UdIwQY
MBaAFCFpjBzcZtwoXQ+AdinEYmGoiy3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWIt
NGQ3MzczMGY3ZDMyLzEvNmZReThNcE1QZzhJeEU5b0RrbkFiX1dGc1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWItNGQ3MzczMGY3ZDMy
LzEvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaRZMA0G
CSqGSIb3DQEBCwUAA4IBAQCB6G0XcKQ/bQgVn6Iq1YdkCAOf1q0pf2y227RFXMjH
YobMb8u2YUQjkdof0nGGO5zfGI0S3fVnJdbWY9EKsY+9eR9JK76v0mezpAnQK8Yf
k7h36p7cvnIZSf0+5A0IyCwkTCDjceIhIPzn4uFfUaRfJkH3P6YQs2yy7bUGdLQl
6AB2fgYGvhl21tScg6ht/pvS0tF+mGHTT8LEzaJCFYHkcoeKQhqqx8Cg9KVM98Co
d+z9jgp1QYHhqZq6xK7tkNG2P7M8A0M9PjV+/jGO/mURdoMwazUFmW/1QRAbvmCY
fzty8hXdJT065QcmOufaxm19acZyxNwwTlm2U3YXuZk1
-----END CERTIFICATE-----