Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/x6m-kEFxi9P9RMEhOJTTQT7zlrY.roa
File:                     x6m-kEFxi9P9RMEhOJTTQT7zlrY.roa (raw, json)
Hash identifier:          5WoQwKbl1wG8ASZMf1gF/XYlV9jVRkKkRjJLgLqAuPo=
Subject key identifier:   C7:A9:BE:90:41:71:8B:D3:FD:44:C1:21:38:94:D3:41:3E:F3:96:B6
Certificate issuer:       /CN=c221258974ee8e054560c7176f8347d4355b9a87
Certificate serial:       018CC86EF071D454B85174FB1E7EA65BA5F7
Authority key identifier: C2:21:25:89:74:EE:8E:05:45:60:C7:17:6F:83:47:D4:35:5B:9A:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wiEliXTujgVFYMcXb4NH1DVbmoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/x6m-kEFxi9P9RMEhOJTTQT7zlrY.roa
Signing time:             Tue 02 Jan 2024 04:29:22 +0000
ROA not before:           Tue 02 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42926
IP address blocks:        193.84.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/wiEliXTujgVFYMcXb4NH1DVbmoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/wiEliXTujgVFYMcXb4NH1DVbmoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wiEliXTujgVFYMcXb4NH1DVbmoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f0:71:d4:54:b8:51:74:fb:1e:7e:a6:5b:a5:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c221258974ee8e054560c7176f8347d4355b9a87
        Validity
            Not Before: Jan  2 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7a9be9041718bd3fd44c1213894d3413ef396b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7c:c1:98:d0:94:7b:d0:94:e8:2d:08:64:02:
                    04:2e:fa:31:b6:fe:3e:48:69:6a:d0:a2:07:84:18:
                    b7:86:2a:2d:48:df:2e:1e:6a:ec:0d:8d:1d:a8:ed:
                    76:8e:80:27:b0:a3:49:d2:38:ca:fc:79:bc:19:b8:
                    b6:59:f1:17:43:4c:be:1b:fd:f5:35:49:6e:c2:b3:
                    ef:c9:88:bd:57:bd:bd:aa:fb:2d:fe:76:63:9a:ad:
                    3a:f8:17:66:b8:82:b2:55:48:65:28:ce:65:1b:49:
                    7d:33:16:39:f1:1e:ed:cf:99:7b:60:e5:12:0e:2d:
                    46:cc:b7:10:f6:7a:20:b0:2b:b2:ae:47:26:3d:c2:
                    ff:c7:25:8a:be:94:93:be:98:5d:18:04:d6:51:d5:
                    6b:3d:85:c0:07:ab:11:e7:6e:c0:9e:c8:e3:2f:5e:
                    3c:f3:57:6c:43:09:1c:f4:07:65:9e:4d:68:ae:32:
                    9c:19:8f:39:1d:d7:34:0d:89:77:36:8b:80:74:c4:
                    9b:24:82:b2:2a:4c:2d:66:9a:e4:e1:17:c0:8f:b7:
                    d3:08:d7:06:55:2e:29:d3:6c:71:00:9b:37:e0:fd:
                    0d:e6:e4:91:e6:f8:0f:0d:f1:38:3b:d5:72:e3:3f:
                    c2:4c:ec:4d:1a:fc:5a:92:52:5e:e3:3a:0c:88:12:
                    d2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:A9:BE:90:41:71:8B:D3:FD:44:C1:21:38:94:D3:41:3E:F3:96:B6
            X509v3 Authority Key Identifier:
                keyid:C2:21:25:89:74:EE:8E:05:45:60:C7:17:6F:83:47:D4:35:5B:9A:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wiEliXTujgVFYMcXb4NH1DVbmoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/x6m-kEFxi9P9RMEhOJTTQT7zlrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/wiEliXTujgVFYMcXb4NH1DVbmoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:58:77:c6:9b:03:5b:5c:e9:94:d9:46:3d:87:e6:60:4f:c5:
         d2:ab:14:bd:b0:7d:fc:65:5e:2b:2f:dc:fc:06:c2:94:6a:fb:
         3c:f6:51:81:e0:95:40:14:18:b3:a3:e5:bf:4f:a0:c8:09:a5:
         b6:f6:8c:9a:4f:26:a5:42:b5:92:8d:2b:e7:c2:95:07:57:0e:
         b0:f6:01:6b:96:c8:9c:e2:49:eb:82:50:cf:85:b6:8c:53:a3:
         c8:e3:aa:2a:f2:ac:f4:fb:e2:08:45:66:1e:45:65:08:9e:2b:
         6e:ad:08:96:01:3a:22:b4:2a:3d:c1:89:df:b6:54:5c:31:66:
         2c:05:2f:9f:db:6f:40:07:ec:40:55:c5:31:97:dd:d4:3f:45:
         b8:86:37:66:d0:63:cb:d3:81:b9:dc:ea:ba:4e:78:fd:c4:20:
         2e:9d:64:64:cb:99:f3:0e:36:8f:4f:a2:eb:2a:1f:37:42:18:
         d0:f6:aa:e6:a0:2d:a3:44:ba:06:13:01:0a:b1:fb:7f:5f:ae:
         34:02:5a:75:50:94:cd:1a:6f:02:6c:6b:da:9b:60:1e:11:cc:
         cc:c1:ac:fe:b9:de:53:ee:8d:53:c1:75:62:32:86:52:c8:14:
         13:db:6d:8c:9c:1f:7f:0e:11:7c:33:28:74:16:48:4b:b0:5e:
         c4:a4:5b:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvBx1FS4UXT7Hn6mW6X3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjEyNTg5NzRlZThlMDU0NTYwYzcxNzZmODM0N2Q0MzU1
YjlhODcwHhcNMjQwMTAyMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2E5YmU5MDQxNzE4YmQzZmQ0NGMxMjEzODk0ZDM0MTNlZjM5NmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHzBmNCUe9CU6C0IZAIELvoxtv4+
SGlq0KIHhBi3hiotSN8uHmrsDY0dqO12joAnsKNJ0jjK/Hm8Gbi2WfEXQ0y+G/31
NUluwrPvyYi9V729qvst/nZjmq06+BdmuIKyVUhlKM5lG0l9MxY58R7tz5l7YOUS
Di1GzLcQ9nogsCuyrkcmPcL/xyWKvpSTvphdGATWUdVrPYXAB6sR527AnsjjL148
81dsQwkc9Adlnk1orjKcGY85Hdc0DYl3NouAdMSbJIKyKkwtZprk4RfAj7fTCNcG
VS4p02xxAJs34P0N5uSR5vgPDfE4O9Vy4z/CTOxNGvxaklJe4zoMiBLSHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMepvpBBcYvT/UTBITiU00E+85a2MB8GA1UdIwQY
MBaAFMIhJYl07o4FRWDHF2+DR9Q1W5qHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lFbGlYVHVqZ1ZGWU1jWGI0TkgxRFZibW9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8wODQ4MmYtYTdjNS00NjI3LWEwNjgt
MjVmNzlkMmQ4YzE3LzEveDZtLWtFRnhpOVA5Uk1FaE9KVFRRVDd6bHJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8wODQ4MmYtYTdjNS00NjI3LWEwNjgtMjVmNzlkMmQ4YzE3
LzEvd2lFbGlYVHVqZ1ZGWU1jWGI0TkgxRFZibW9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVRmMA0G
CSqGSIb3DQEBCwUAA4IBAQBNWHfGmwNbXOmU2UY9h+ZgT8XSqxS9sH38ZV4rL9z8
BsKUavs89lGB4JVAFBizo+W/T6DICaW29oyaTyalQrWSjSvnwpUHVw6w9gFrlsic
4knrglDPhbaMU6PI46oq8qz0++IIRWYeRWUIniturQiWAToitCo9wYnftlRcMWYs
BS+f229AB+xAVcUxl93UP0W4hjdm0GPL04G53Oq6Tnj9xCAunWRky5nzDjaPT6Lr
Kh83QhjQ9qrmoC2jRLoGEwEKsft/X640Alp1UJTNGm8CbGvam2AeEczMwaz+ud5T
7o1TwXViMoZSyBQT222MnB9/DhF8Myh0FkhLsF7EpFtr
-----END CERTIFICATE-----