Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/6IR7xaE8Zqir6m1CPg4xur13Ua4.roa
File:                     6IR7xaE8Zqir6m1CPg4xur13Ua4.roa (raw, json)
Hash identifier:          N/ou9nr7c64+2oGins2BNmNaUTxt/J/OzuhIV2VlHU8=
Subject key identifier:   E8:84:7B:C5:A1:3C:66:A8:AB:EA:6D:42:3E:0E:31:BA:BD:77:51:AE
Certificate issuer:       /CN=2cfaa22bd65cac82858ea091686d5b3b4be3bd39
Certificate serial:       018CC493849F883C76AF123ECEC655403B47
Authority key identifier: 2C:FA:A2:2B:D6:5C:AC:82:85:8E:A0:91:68:6D:5B:3B:4B:E3:BD:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/6IR7xaE8Zqir6m1CPg4xur13Ua4.roa
Signing time:             Mon 01 Jan 2024 10:30:51 +0000
ROA not before:           Mon 01 Jan 2024 10:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204046
IP address blocks:        185.116.104.0/22 maxlen: 24
                          2a06:7d80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:84:9f:88:3c:76:af:12:3e:ce:c6:55:40:3b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cfaa22bd65cac82858ea091686d5b3b4be3bd39
        Validity
            Not Before: Jan  1 10:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8847bc5a13c66a8abea6d423e0e31babd7751ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5b:01:86:c3:c7:05:0b:3d:c6:50:aa:12:0b:
                    06:36:6e:24:76:01:c9:40:53:d5:44:48:73:50:ad:
                    24:56:06:c4:ba:c2:b1:54:1c:10:dd:e0:ca:a0:08:
                    3e:90:e9:9a:e8:a6:8b:18:16:0a:70:d9:44:2b:11:
                    41:67:84:8a:61:a0:fd:99:45:f6:3d:f0:4e:c0:f7:
                    5d:5e:f4:2c:0f:9c:cf:55:11:9b:9f:28:3a:41:41:
                    2f:2b:d9:77:3f:f0:3e:2a:80:85:05:91:03:1a:b6:
                    9c:32:f6:fb:b0:f9:4b:bc:7b:1e:e6:09:ab:d7:a7:
                    49:29:c1:28:48:76:78:9e:56:67:50:b4:76:ab:d1:
                    9f:0d:a4:5e:e2:1e:80:4c:73:3e:ce:94:d8:0d:be:
                    01:ef:23:19:4d:95:a9:67:ca:a6:e4:89:fa:69:f3:
                    47:c5:2a:31:5d:99:c0:2b:cf:33:a3:0f:84:9c:45:
                    6a:64:ab:5e:49:24:43:06:bb:0d:a4:16:04:87:1f:
                    77:4c:92:fe:76:19:cf:c0:0a:8e:ee:74:e4:73:44:
                    70:3c:16:c3:0c:9c:cd:f3:39:52:74:4f:67:dc:97:
                    87:92:a7:ea:7f:2a:6a:14:05:03:84:df:fa:d8:19:
                    16:3e:4c:96:01:a8:c7:63:aa:dc:91:5e:60:a0:53:
                    ef:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:84:7B:C5:A1:3C:66:A8:AB:EA:6D:42:3E:0E:31:BA:BD:77:51:AE
            X509v3 Authority Key Identifier:
                keyid:2C:FA:A2:2B:D6:5C:AC:82:85:8E:A0:91:68:6D:5B:3B:4B:E3:BD:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/6IR7xaE8Zqir6m1CPg4xur13Ua4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.104.0/22
                IPv6:
                  2a06:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:d8:90:8d:3e:27:bd:e2:9d:7e:23:e6:5a:ec:74:87:a9:0e:
         9c:a0:3d:4a:b0:df:63:0b:4e:e4:e7:89:27:21:23:52:52:ef:
         6a:44:ed:eb:23:17:a8:6a:16:e6:3a:70:f8:77:5b:27:9b:2a:
         5c:55:77:31:ba:53:4b:4d:0b:70:28:b7:3b:c6:6a:32:3c:dc:
         61:41:29:83:12:8d:f8:63:de:f0:f4:5d:e2:40:92:c5:a5:90:
         4b:ed:e5:36:46:b5:93:d8:e5:02:45:20:65:10:50:39:7f:f7:
         b2:e1:b3:3f:42:86:ea:3f:26:80:6d:0f:ac:2d:40:df:78:83:
         93:10:84:28:69:56:01:a4:67:3b:da:9a:11:28:b7:60:44:f7:
         93:6d:bd:da:d3:8f:28:68:70:eb:f8:72:aa:1e:45:0f:33:d4:
         45:04:06:ce:28:85:78:f3:9b:91:50:18:a3:07:c7:cb:0e:8d:
         4f:33:fe:b2:60:2a:dc:b5:79:ce:cc:20:49:40:bb:79:57:d1:
         b0:81:49:44:81:4e:c1:65:72:e4:94:59:b9:52:aa:b7:d9:01:
         7a:ee:f8:e0:07:1c:47:a6:29:82:25:e8:40:15:ea:af:64:9d:
         0a:21:28:0e:c5:28:bb:14:67:d9:85:ba:af:a0:37:c3:7e:65:
         1c:fa:05:9a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk4SfiDx2rxI+zsZVQDtHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjZmFhMjJiZDY1Y2FjODI4NThlYTA5MTY4NmQ1YjNiNGJl
M2JkMzkwHhcNMjQwMTAxMTAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODg0N2JjNWExM2M2NmE4YWJlYTZkNDIzZTBlMzFiYWJkNzc1MWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlsBhsPHBQs9xlCqEgsGNm4kdgHJ
QFPVREhzUK0kVgbEusKxVBwQ3eDKoAg+kOma6KaLGBYKcNlEKxFBZ4SKYaD9mUX2
PfBOwPddXvQsD5zPVRGbnyg6QUEvK9l3P/A+KoCFBZEDGracMvb7sPlLvHse5gmr
16dJKcEoSHZ4nlZnULR2q9GfDaRe4h6ATHM+zpTYDb4B7yMZTZWpZ8qm5In6afNH
xSoxXZnAK88zow+EnEVqZKteSSRDBrsNpBYEhx93TJL+dhnPwAqO7nTkc0RwPBbD
DJzN8zlSdE9n3JeHkqfqfypqFAUDhN/62BkWPkyWAajHY6rckV5goFPvjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOiEe8WhPGaoq+ptQj4OMbq9d1GuMB8GA1UdIwQY
MBaAFCz6oivWXKyChY6gkWhtWztL4705MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFBxaUs5WmNySUtGanFDUmFHMWJPMHZqdlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS81YmU0NGMtYTRmMi00YmQwLWI1YTct
YjQ2ODgzOGM3ZmRmLzEvNklSN3hhRThacWlyNm0xQ1BnNHh1cjEzVWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS81YmU0NGMtYTRmMi00YmQwLWI1YTctYjQ2ODgzOGM3ZmRm
LzEvTFBxaUs5WmNySUtGanFDUmFHMWJPMHZqdlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXRoMA0E
AgACMAcDBQMqBn2AMA0GCSqGSIb3DQEBCwUAA4IBAQCS2JCNPie94p1+I+Za7HSH
qQ6coD1KsN9jC07k54knISNSUu9qRO3rIxeoahbmOnD4d1snmypcVXcxulNLTQtw
KLc7xmoyPNxhQSmDEo34Y97w9F3iQJLFpZBL7eU2RrWT2OUCRSBlEFA5f/ey4bM/
QobqPyaAbQ+sLUDfeIOTEIQoaVYBpGc72poRKLdgRPeTbb3a048oaHDr+HKqHkUP
M9RFBAbOKIV485uRUBijB8fLDo1PM/6yYCrctXnOzCBJQLt5V9GwgUlEgU7BZXLk
lFm5Uqq32QF67vjgBxxHpimCJehAFeqvZJ0KISgOxSi7FGfZhbqvoDfDfmUc+gWa
-----END CERTIFICATE-----