Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/6IR6lpjbITf9IUwjy2h0XoVLpQw.roa
File:                     6IR6lpjbITf9IUwjy2h0XoVLpQw.roa (raw, json)
Hash identifier:          ojCJ6/CVrPyQd418uRnR2XRdtHWiFolm5dez6Q6Uqt0=
Subject key identifier:   E8:84:7A:96:98:DB:21:37:FD:21:4C:23:CB:68:74:5E:85:4B:A5:0C
Certificate issuer:       /CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
Certificate serial:       018CC3B74442C87D09DCD4F4215A0715EC80
Authority key identifier: DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/6IR6lpjbITf9IUwjy2h0XoVLpQw.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        193.28.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:44:42:c8:7d:09:dc:d4:f4:21:5a:07:15:ec:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8847a9698db2137fd214c23cb68745e854ba50c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:07:15:a4:b3:3c:51:14:d8:95:13:c2:97:e9:
                    83:fe:30:1c:df:dc:a3:0f:cf:2d:e7:d0:52:4c:61:
                    0b:bb:39:b1:57:dd:d7:bc:3b:8d:2d:2e:1e:0b:26:
                    7e:99:cb:12:00:7f:c6:ee:07:b1:63:07:57:3a:0e:
                    26:2e:6c:88:b4:fe:3f:17:ec:b9:2e:d4:84:1f:c1:
                    25:0a:e3:51:f5:71:f2:3c:6b:3e:07:7d:42:4d:4a:
                    0a:45:81:38:42:bf:35:a2:37:92:f8:b3:d1:a9:68:
                    20:ed:1b:84:80:0a:be:80:d8:73:22:70:99:99:97:
                    8f:c8:f6:99:f1:4c:25:63:49:84:5e:38:fa:13:9f:
                    fa:92:f7:4c:bd:5a:d3:f3:12:40:9c:ee:70:e9:12:
                    81:25:e1:a6:2e:1c:de:ad:ad:48:d4:a8:c6:7a:50:
                    eb:88:d5:c8:58:f4:c9:0c:74:38:da:f4:3c:5d:26:
                    48:1a:1a:db:f3:5e:e1:ff:9d:e2:37:49:71:f6:16:
                    86:9c:cc:91:b8:c9:5e:3d:07:ce:f5:26:f8:a6:2f:
                    ed:e8:49:82:58:c4:eb:20:89:60:bd:34:7f:c9:fe:
                    86:35:c5:38:3b:78:a0:93:e7:c0:3d:fd:50:13:4c:
                    76:a8:d6:2c:f3:c4:7a:1b:7c:cf:40:de:cc:ed:48:
                    d6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:84:7A:96:98:DB:21:37:FD:21:4C:23:CB:68:74:5E:85:4B:A5:0C
            X509v3 Authority Key Identifier:
                keyid:DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/6IR6lpjbITf9IUwjy2h0XoVLpQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:c5:f3:63:3a:54:c7:93:49:02:12:1d:ac:92:d1:88:4a:5f:
         a8:6c:74:b9:3d:8c:e1:83:ad:3b:e2:85:09:4d:e6:08:7b:10:
         c1:1c:81:85:ab:85:a4:e8:c9:81:ea:e9:12:e7:3c:b5:9d:31:
         32:35:05:94:a3:a0:dc:ae:d5:69:14:73:90:86:ec:40:b8:a1:
         e7:b9:28:05:2e:98:33:82:33:d8:2c:9b:50:03:94:66:6b:08:
         28:9b:58:78:8a:92:8f:b3:eb:b4:f9:0b:58:6f:01:f1:de:6a:
         c8:68:1d:01:3d:d9:fa:05:8c:41:1a:30:d3:ea:5e:35:35:af:
         47:8a:4a:7c:d9:40:4d:67:3a:5f:7e:d5:ed:fb:bf:d0:d2:4e:
         45:73:14:18:bf:32:ee:1c:c2:e6:b8:23:3d:e3:93:14:2c:20:
         3e:81:da:1d:1a:0a:bf:33:7c:bb:1c:d7:b6:5d:c5:62:4c:26:
         0b:b7:bc:0e:6c:f7:13:61:96:77:98:13:83:d1:3e:63:cc:63:
         a0:ea:7b:d9:6d:71:ce:19:f6:83:d0:cc:9c:29:db:fb:90:72:
         4e:72:b3:d7:d7:88:9c:6e:bd:ab:df:f5:2c:95:dd:1e:5e:6d:
         eb:94:bb:25:3e:99:45:fa:ac:29:42:62:3a:dd:34:88:6d:c8:
         75:fb:86:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0RCyH0J3NT0IVoHFeyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZGU5MWEwZmIxZjRkZDE3OTAwZDA2ZGI2ZTg4MzM2Zjc4
YjVjMDUwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODg0N2E5Njk4ZGIyMTM3ZmQyMTRjMjNjYjY4NzQ1ZTg1NGJhNTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9AcVpLM8URTYlRPCl+mD/jAc39yj
D88t59BSTGELuzmxV93XvDuNLS4eCyZ+mcsSAH/G7gexYwdXOg4mLmyItP4/F+y5
LtSEH8ElCuNR9XHyPGs+B31CTUoKRYE4Qr81ojeS+LPRqWgg7RuEgAq+gNhzInCZ
mZePyPaZ8UwlY0mEXjj6E5/6kvdMvVrT8xJAnO5w6RKBJeGmLhzera1I1KjGelDr
iNXIWPTJDHQ42vQ8XSZIGhrb817h/53iN0lx9haGnMyRuMlePQfO9Sb4pi/t6EmC
WMTrIIlgvTR/yf6GNcU4O3igk+fAPf1QE0x2qNYs88R6G3zPQN7M7UjWQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiEepaY2yE3/SFMI8todF6FS6UMMB8GA1UdIwQY
MBaAFN7ekaD7H03ReQDQbbbogzb3i1wFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMt
MjFhNzAwYzcxMTlmLzEvNklSNmxwamJJVGY5SVV3ankyaDBYb1ZMcFF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMtMjFhNzAwYzcxMTlm
LzEvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRxHMA0G
CSqGSIb3DQEBCwUAA4IBAQCQxfNjOlTHk0kCEh2sktGISl+obHS5PYzhg6074oUJ
TeYIexDBHIGFq4Wk6MmB6ukS5zy1nTEyNQWUo6DcrtVpFHOQhuxAuKHnuSgFLpgz
gjPYLJtQA5Rmawgom1h4ipKPs+u0+QtYbwHx3mrIaB0BPdn6BYxBGjDT6l41Na9H
ikp82UBNZzpfftXt+7/Q0k5FcxQYvzLuHMLmuCM945MULCA+gdodGgq/M3y7HNe2
XcViTCYLt7wObPcTYZZ3mBOD0T5jzGOg6nvZbXHOGfaD0MycKdv7kHJOcrPX14ic
br2r3/Usld0eXm3rlLslPplF+qwpQmI63TSIbch1+4aM
-----END CERTIFICATE-----