Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/352487-a0c8-4d91-8e9d-67c1a63c5150/1/6GNxdzK9UE9bHySiQzQ4c2EkGfY.roa
File:                     6GNxdzK9UE9bHySiQzQ4c2EkGfY.roa (raw, json)
Hash identifier:          xWTUJszNKd3dbNHz1f2JomMkK2hd4V6IPZrJaK6VjKg=
Subject key identifier:   E8:63:71:77:32:BD:50:4F:5B:1F:24:A2:43:34:38:73:61:24:19:F6
Certificate issuer:       /CN=de0ccd2391fa32c0ade297c5fc883090b3991395
Certificate serial:       019427B49469208056DEEE4278618080BBE8
Authority key identifier: DE:0C:CD:23:91:FA:32:C0:AD:E2:97:C5:FC:88:30:90:B3:99:13:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3gzNI5H6MsCt4pfF_IgwkLOZE5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/352487-a0c8-4d91-8e9d-67c1a63c5150/1/6GNxdzK9UE9bHySiQzQ4c2EkGfY.roa
Signing time:             Thu 02 Jan 2025 15:48:53 +0000
ROA not before:           Thu 02 Jan 2025 15:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62035
IP address blocks:        185.193.244.0/22 maxlen: 24
                          2a0a:3cc0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/352487-a0c8-4d91-8e9d-67c1a63c5150/1/3gzNI5H6MsCt4pfF_IgwkLOZE5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/352487-a0c8-4d91-8e9d-67c1a63c5150/1/3gzNI5H6MsCt4pfF_IgwkLOZE5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3gzNI5H6MsCt4pfF_IgwkLOZE5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:94:69:20:80:56:de:ee:42:78:61:80:80:bb:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de0ccd2391fa32c0ade297c5fc883090b3991395
        Validity
            Not Before: Jan  2 15:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e863717732bd504f5b1f24a243343873612419f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:00:81:cd:cd:7b:97:80:d2:c2:22:8c:b7:b5:
                    08:e9:71:0a:25:56:c5:fe:cd:2f:f3:5d:ad:55:1e:
                    f2:3b:ba:58:77:08:a9:07:44:d2:bd:2b:f8:c3:fd:
                    ff:5c:8d:3b:32:9f:65:0b:bb:63:07:ec:ba:17:dd:
                    e3:29:ec:2c:ca:f1:5f:d7:75:3b:a3:e8:99:57:b3:
                    8a:b0:d6:13:60:70:94:6d:b1:49:d9:e4:49:40:5c:
                    02:50:1a:d8:26:41:9e:4a:f8:6c:ab:9e:3b:db:05:
                    58:fc:da:c2:79:aa:48:56:34:52:2f:b1:72:73:e5:
                    87:84:d8:7f:a2:34:5d:9f:1e:d0:02:7c:30:94:0d:
                    b6:b3:33:cf:b9:f1:18:55:6b:24:63:2e:33:c0:f4:
                    84:e9:a9:2b:77:cd:5a:c4:29:d2:f8:bd:f2:de:24:
                    99:38:11:f1:5a:09:42:b9:06:4f:25:09:52:cd:91:
                    c5:54:04:51:a2:e8:e4:2c:89:35:35:c5:c8:0b:ea:
                    01:c2:b6:eb:2f:da:ee:d6:1d:7c:1c:43:b4:9a:99:
                    0d:ff:92:f5:5f:96:1a:ba:1f:f3:2e:3b:3c:43:71:
                    86:4b:05:91:1f:71:67:0b:f5:f7:c1:b3:89:66:e1:
                    1e:a8:95:99:2a:47:f6:00:30:1d:33:a2:c3:27:b4:
                    f0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:63:71:77:32:BD:50:4F:5B:1F:24:A2:43:34:38:73:61:24:19:F6
            X509v3 Authority Key Identifier:
                keyid:DE:0C:CD:23:91:FA:32:C0:AD:E2:97:C5:FC:88:30:90:B3:99:13:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3gzNI5H6MsCt4pfF_IgwkLOZE5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/352487-a0c8-4d91-8e9d-67c1a63c5150/1/6GNxdzK9UE9bHySiQzQ4c2EkGfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/352487-a0c8-4d91-8e9d-67c1a63c5150/1/3gzNI5H6MsCt4pfF_IgwkLOZE5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.244.0/22
                IPv6:
                  2a0a:3cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:e0:8d:fc:37:a0:da:3a:bd:f2:e7:0c:1d:72:d4:68:b7:ce:
         a3:61:33:09:21:af:48:20:22:5f:ad:75:17:62:31:2e:fb:fa:
         97:eb:66:da:9b:ae:c6:fb:30:f2:90:f6:a2:da:45:84:f4:90:
         2f:f5:42:76:0a:c5:94:d3:0d:c6:68:d0:86:5e:cb:0f:0a:03:
         c8:8b:11:c7:e8:6c:68:cc:24:ac:a2:7d:2d:8c:b2:e3:22:8f:
         8b:61:e6:a9:9f:39:d5:60:77:26:86:75:57:63:d9:1c:75:55:
         0f:4e:49:da:fc:8b:17:7b:5f:70:27:60:e1:d2:d4:aa:13:73:
         c5:84:0d:eb:be:ab:b6:0c:51:d8:77:1e:b2:75:63:8d:15:eb:
         7c:98:03:a4:26:63:41:3e:a4:dc:ac:2f:59:8a:d5:dd:54:51:
         bd:b0:99:ac:36:23:74:7b:24:f4:97:1a:a7:84:d2:7e:88:07:
         b8:98:94:0d:a7:fb:38:59:ec:10:3d:9f:5c:6a:c6:a0:2a:ab:
         3c:7c:46:ad:9d:42:c0:de:e2:71:08:2b:76:cc:d8:52:b6:a5:
         73:9a:d3:44:21:15:d2:2a:fa:cc:34:a4:d4:89:d6:f1:2a:91:
         cd:eb:5d:9c:c2:7b:e9:4d:99:ab:51:da:56:23:a2:36:aa:ef:
         a6:02:9e:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntJRpIIBW3u5CeGGAgLvoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMGNjZDIzOTFmYTMyYzBhZGUyOTdjNWZjODgzMDkwYjM5
OTEzOTUwHhcNMjUwMTAyMTU0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODYzNzE3NzMyYmQ1MDRmNWIxZjI0YTI0MzM0Mzg3MzYxMjQxOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqACBzc17l4DSwiKMt7UI6XEKJVbF
/s0v812tVR7yO7pYdwipB0TSvSv4w/3/XI07Mp9lC7tjB+y6F93jKewsyvFf13U7
o+iZV7OKsNYTYHCUbbFJ2eRJQFwCUBrYJkGeSvhsq5472wVY/NrCeapIVjRSL7Fy
c+WHhNh/ojRdnx7QAnwwlA22szPPufEYVWskYy4zwPSE6akrd81axCnS+L3y3iSZ
OBHxWglCuQZPJQlSzZHFVARRoujkLIk1NcXIC+oBwrbrL9ru1h18HEO0mpkN/5L1
X5Yauh/zLjs8Q3GGSwWRH3FnC/X3wbOJZuEeqJWZKkf2ADAdM6LDJ7TwuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOhjcXcyvVBPWx8kokM0OHNhJBn2MB8GA1UdIwQY
MBaAFN4MzSOR+jLAreKXxfyIMJCzmROVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2d6Tkk1SDZNc0N0NHBmRl9JZ3drTE9aRTVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zNTI0ODctYTBjOC00ZDkxLThlOWQt
NjdjMWE2M2M1MTUwLzEvNkdOeGR6SzlVRTliSHlTaVF6UTRjMkVrR2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zNTI0ODctYTBjOC00ZDkxLThlOWQtNjdjMWE2M2M1MTUw
LzEvM2d6Tkk1SDZNc0N0NHBmRl9JZ3drTE9aRTVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucH0MA0E
AgACMAcDBQMqCjzAMA0GCSqGSIb3DQEBCwUAA4IBAQCc4I38N6DaOr3y5wwdctRo
t86jYTMJIa9IICJfrXUXYjEu+/qX62bam67G+zDykPai2kWE9JAv9UJ2CsWU0w3G
aNCGXssPCgPIixHH6GxozCSson0tjLLjIo+LYeapnznVYHcmhnVXY9kcdVUPTkna
/IsXe19wJ2Dh0tSqE3PFhA3rvqu2DFHYdx6ydWONFet8mAOkJmNBPqTcrC9ZitXd
VFG9sJmsNiN0eyT0lxqnhNJ+iAe4mJQNp/s4WewQPZ9casagKqs8fEatnULA3uJx
CCt2zNhStqVzmtNEIRXSKvrMNKTUidbxKpHN612cwnvpTZmrUdpWI6I2qu+mAp5S
-----END CERTIFICATE-----