Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/6bx91UkTF2LfOrJy3bRWFP0Yn4Q.roa
File:                     6bx91UkTF2LfOrJy3bRWFP0Yn4Q.roa (raw, json)
Hash identifier:          2OfFpmS0jLw8C1Ljj+oP+4GfoVXVmX+5xiX8Ca/ZM7Y=
Subject key identifier:   E9:BC:7D:D5:49:13:17:62:DF:3A:B2:72:DD:B4:56:14:FD:18:9F:84
Certificate issuer:       /CN=6af3aa0140b7983500ea829f3c36bbfb65af9972
Certificate serial:       018E618A1CCB3FEFC7191F7F5AFD11ACD762
Authority key identifier: 6A:F3:AA:01:40:B7:98:35:00:EA:82:9F:3C:36:BB:FB:65:AF:99:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/avOqAUC3mDUA6oKfPDa7-2WvmXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/6bx91UkTF2LfOrJy3bRWFP0Yn4Q.roa
Signing time:             Thu 21 Mar 2024 15:03:45 +0000
ROA not before:           Thu 21 Mar 2024 15:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        185.126.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/avOqAUC3mDUA6oKfPDa7-2WvmXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/avOqAUC3mDUA6oKfPDa7-2WvmXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/avOqAUC3mDUA6oKfPDa7-2WvmXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:8a:1c:cb:3f:ef:c7:19:1f:7f:5a:fd:11:ac:d7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6af3aa0140b7983500ea829f3c36bbfb65af9972
        Validity
            Not Before: Mar 21 15:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9bc7dd549131762df3ab272ddb45614fd189f84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1c:72:cc:96:fa:41:53:9c:3e:11:df:e3:36:
                    2a:32:af:43:68:36:48:35:9b:a3:94:a1:f7:81:e3:
                    5a:71:ca:36:b0:2a:45:79:0a:70:8b:f1:0a:ad:5d:
                    fd:81:08:60:ec:83:74:c0:1a:81:91:56:67:c3:c9:
                    d5:98:84:0f:20:84:c9:be:83:9b:6b:ad:04:71:38:
                    3e:9e:c2:67:b6:3f:65:c2:2a:6f:75:b4:44:ae:57:
                    cb:46:c8:00:ad:6c:98:fa:a2:52:6d:92:be:a4:00:
                    f6:fa:14:4c:e3:34:0b:97:de:ee:a2:7b:76:e1:45:
                    58:b5:18:ad:c7:b3:5e:40:19:28:4e:b5:7c:47:96:
                    09:31:b6:b5:0c:12:06:e7:dd:5a:e7:73:9b:a4:47:
                    55:63:cc:c2:93:dc:40:1d:07:7e:61:8b:c1:da:de:
                    d6:c9:eb:5e:d3:8f:7e:b1:b2:d6:87:7a:80:4f:45:
                    cb:c6:21:da:44:67:2d:d8:ca:38:66:97:47:c6:52:
                    dd:b0:83:d2:ca:d9:a8:44:21:11:15:1d:4e:1c:5b:
                    a7:23:bd:8b:69:cb:f7:d2:0c:cd:d9:a2:c1:b6:0b:
                    77:c2:de:10:0f:91:e9:89:f4:b0:f9:87:92:f7:72:
                    72:64:d9:69:54:e9:79:30:c5:d0:6e:c2:a2:1d:d4:
                    fb:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:BC:7D:D5:49:13:17:62:DF:3A:B2:72:DD:B4:56:14:FD:18:9F:84
            X509v3 Authority Key Identifier:
                keyid:6A:F3:AA:01:40:B7:98:35:00:EA:82:9F:3C:36:BB:FB:65:AF:99:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/avOqAUC3mDUA6oKfPDa7-2WvmXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/6bx91UkTF2LfOrJy3bRWFP0Yn4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/avOqAUC3mDUA6oKfPDa7-2WvmXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:10:13:eb:d1:34:df:88:a3:07:d7:e1:1f:5b:c5:8e:c0:62:
         0b:b2:c4:09:3c:01:62:1b:f6:3e:6f:a6:2f:1b:7e:e6:bd:d0:
         be:64:43:70:58:c2:16:91:1a:33:64:e5:cc:18:be:aa:50:fa:
         78:25:5a:f2:69:cf:f8:15:01:df:2d:29:4d:e9:cf:d3:24:b4:
         67:ba:76:f7:42:30:bf:45:29:08:5e:35:df:80:47:9c:00:eb:
         a6:f9:51:14:c2:38:a4:cb:b3:4c:ed:87:a2:2f:b9:19:45:0d:
         a6:4a:7b:8c:17:44:55:a2:fa:7c:a9:17:b7:83:24:7f:8f:7c:
         26:a8:57:80:e2:4d:d4:73:8a:45:10:07:32:c9:2b:e9:e8:0b:
         83:1d:51:19:53:15:8b:cb:87:e6:19:db:0f:48:d2:69:37:3c:
         fc:17:28:b4:b2:1b:32:77:6b:be:50:5c:7a:16:80:e1:5b:b1:
         96:e2:83:c0:fb:55:da:52:77:ef:01:49:a5:38:4f:f9:cb:c7:
         10:9f:0f:75:54:23:e8:a4:11:09:3b:44:5f:f0:ef:78:f8:db:
         37:89:e6:a9:08:bd:6f:bc:c3:14:5e:e5:f7:8e:20:e1:21:7c:
         5a:67:aa:37:5b:84:5c:9a:5c:73:16:2d:ec:18:4c:cd:ab:57:
         b6:6e:2d:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5hihzLP+/HGR9/Wv0RrNdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZjNhYTAxNDBiNzk4MzUwMGVhODI5ZjNjMzZiYmZiNjVh
Zjk5NzIwHhcNMjQwMzIxMTUwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWJjN2RkNTQ5MTMxNzYyZGYzYWIyNzJkZGI0NTYxNGZkMTg5Zjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBxyzJb6QVOcPhHf4zYqMq9DaDZI
NZujlKH3geNacco2sCpFeQpwi/EKrV39gQhg7IN0wBqBkVZnw8nVmIQPIITJvoOb
a60EcTg+nsJntj9lwipvdbRErlfLRsgArWyY+qJSbZK+pAD2+hRM4zQLl97uont2
4UVYtRitx7NeQBkoTrV8R5YJMba1DBIG591a53ObpEdVY8zCk9xAHQd+YYvB2t7W
yete049+sbLWh3qAT0XLxiHaRGct2Mo4ZpdHxlLdsIPSytmoRCERFR1OHFunI72L
acv30gzN2aLBtgt3wt4QD5HpifSw+YeS93JyZNlpVOl5MMXQbsKiHdT7lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOm8fdVJExdi3zqyct20VhT9GJ+EMB8GA1UdIwQY
MBaAFGrzqgFAt5g1AOqCnzw2u/tlr5lyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXZPcUFVQzNtRFVBNm9LZlBEYTctMld2bVhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8zMmIxYWMtNDE4OS00OWZkLWE5OTkt
YjhmM2I3NzllNTRiLzEvNmJ4OTFVa1RGMkxmT3JKeTNiUldGUDBZbjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8zMmIxYWMtNDE4OS00OWZkLWE5OTktYjhmM2I3NzllNTRi
LzEvYXZPcUFVQzNtRFVBNm9LZlBEYTctMld2bVhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX7cMA0G
CSqGSIb3DQEBCwUAA4IBAQBzEBPr0TTfiKMH1+EfW8WOwGILssQJPAFiG/Y+b6Yv
G37mvdC+ZENwWMIWkRozZOXMGL6qUPp4JVryac/4FQHfLSlN6c/TJLRnunb3QjC/
RSkIXjXfgEecAOum+VEUwjiky7NM7YeiL7kZRQ2mSnuMF0RVovp8qRe3gyR/j3wm
qFeA4k3Uc4pFEAcyySvp6AuDHVEZUxWLy4fmGdsPSNJpNzz8Fyi0shsyd2u+UFx6
FoDhW7GW4oPA+1XaUnfvAUmlOE/5y8cQnw91VCPopBEJO0Rf8O94+Ns3ieapCL1v
vMMUXuX3jiDhIXxaZ6o3W4RcmlxzFi3sGEzNq1e2bi0v
-----END CERTIFICATE-----