Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/6EZtxQeq6qwJgPyGGp5oEW9bOD4.roa
File:                     6EZtxQeq6qwJgPyGGp5oEW9bOD4.roa (raw, json)
Hash identifier:          KFZS4CouVrtYBnqCa/eOyjtYJiMOlzCzEMcaEaqzvv8=
Subject key identifier:   E8:46:6D:C5:07:AA:EA:AC:09:80:FC:86:1A:9E:68:11:6F:5B:38:3E
Certificate issuer:       /CN=c9d6b59a93e324083fbca4237e47e9f5ebf371ab
Certificate serial:       018CC8016AB6D72833DEB9DBB86A5F5E1940
Authority key identifier: C9:D6:B5:9A:93:E3:24:08:3F:BC:A4:23:7E:47:E9:F5:EB:F3:71:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/6EZtxQeq6qwJgPyGGp5oEW9bOD4.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        185.193.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6a:b6:d7:28:33:de:b9:db:b8:6a:5f:5e:19:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d6b59a93e324083fbca4237e47e9f5ebf371ab
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8466dc507aaeaac0980fc861a9e68116f5b383e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:19:f5:56:6a:c7:36:51:6f:da:5a:cc:5d:c6:
                    32:7d:0d:38:d7:fd:7a:23:86:9f:39:d4:7f:3d:ef:
                    b1:59:14:6b:07:0c:d1:13:ff:6d:5f:f3:f7:df:fc:
                    1d:3d:a5:16:76:0c:86:18:1b:a2:fc:24:66:a5:43:
                    d2:2f:b1:64:e9:0f:73:d8:6d:36:46:22:37:f2:87:
                    2a:fd:99:cd:a2:81:31:4a:0c:f4:c7:0d:67:c3:6b:
                    b6:92:ab:70:be:59:40:a4:5f:5e:fe:59:0c:29:3f:
                    c5:2c:a6:a4:36:3f:85:97:ea:16:47:15:87:53:92:
                    5e:2b:0f:15:75:84:06:32:5c:cc:16:e9:20:9b:d9:
                    79:33:2f:0c:4d:b3:a2:2d:61:88:22:5f:b8:db:89:
                    61:e2:d7:35:25:cd:aa:73:df:20:f1:e1:f9:ed:b7:
                    e4:fa:ac:a9:1b:6c:d3:c6:f3:b2:8a:47:9c:2d:24:
                    93:56:e0:fd:bd:50:45:50:6b:6b:4e:61:d5:cf:93:
                    65:9b:da:d2:f2:d0:63:85:ac:61:df:27:92:db:07:
                    21:ea:10:5e:63:eb:82:69:8f:df:4b:5b:f5:59:52:
                    11:6c:c0:57:d8:6e:47:fb:83:a7:86:a8:de:59:17:
                    be:e8:07:e8:72:b5:bb:bc:6b:f8:2a:c1:16:6f:2f:
                    e7:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:46:6D:C5:07:AA:EA:AC:09:80:FC:86:1A:9E:68:11:6F:5B:38:3E
            X509v3 Authority Key Identifier:
                keyid:C9:D6:B5:9A:93:E3:24:08:3F:BC:A4:23:7E:47:E9:F5:EB:F3:71:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/6EZtxQeq6qwJgPyGGp5oEW9bOD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:8d:63:54:68:4a:c9:67:69:14:9f:43:b3:2b:2d:3d:36:99:
         9f:40:2e:8b:f4:bf:be:9f:57:87:8f:ba:ce:48:19:f8:04:27:
         b6:e4:a4:a3:66:62:5b:70:d4:c9:10:34:14:8d:65:b9:26:38:
         50:f6:f8:38:22:7e:3c:c8:24:25:56:0a:73:e3:8a:63:be:d0:
         58:2f:47:ac:dd:c7:47:40:90:83:5e:42:78:79:28:f4:01:ce:
         2c:7d:f9:52:38:1d:43:ab:9f:54:dd:21:39:fb:ae:37:f7:4f:
         99:dd:e6:0c:98:5a:8d:45:0d:36:77:7d:a3:67:89:9d:4f:ac:
         bd:c9:22:d0:3f:04:aa:2a:07:93:bc:f0:e9:2c:9e:a5:66:4e:
         f4:fa:dc:27:64:21:99:20:3a:91:fb:99:6a:08:74:6c:43:bd:
         44:72:dc:59:c0:c9:33:43:97:77:43:83:00:fc:db:83:64:b2:
         d1:73:5a:36:cc:cb:33:35:9d:f2:ec:a2:d6:43:8f:7c:ae:45:
         c7:6f:46:03:d5:9f:77:95:e4:db:ce:3c:05:35:f8:31:2f:a5:
         d1:58:d6:dc:ea:c8:f5:50:b1:e9:1f:30:e8:85:34:90:c2:a0:
         24:03:e2:3e:8f:ce:de:60:9e:95:ba:8b:76:c1:82:2b:03:c5:
         84:28:62:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWq21ygz3rnbuGpfXhlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDZiNTlhOTNlMzI0MDgzZmJjYTQyMzdlNDdlOWY1ZWJm
MzcxYWIwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODQ2NmRjNTA3YWFlYWFjMDk4MGZjODYxYTllNjgxMTZmNWIzODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Bn1VmrHNlFv2lrMXcYyfQ041/16
I4afOdR/Pe+xWRRrBwzRE/9tX/P33/wdPaUWdgyGGBui/CRmpUPSL7Fk6Q9z2G02
RiI38ocq/ZnNooExSgz0xw1nw2u2kqtwvllApF9e/lkMKT/FLKakNj+Fl+oWRxWH
U5JeKw8VdYQGMlzMFukgm9l5My8MTbOiLWGIIl+424lh4tc1Jc2qc98g8eH57bfk
+qypG2zTxvOyikecLSSTVuD9vVBFUGtrTmHVz5Nlm9rS8tBjhaxh3yeS2wch6hBe
Y+uCaY/fS1v1WVIRbMBX2G5H+4OnhqjeWRe+6AfocrW7vGv4KsEWby/nsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhGbcUHquqsCYD8hhqeaBFvWzg+MB8GA1UdIwQY
MBaAFMnWtZqT4yQIP7ykI35H6fXr83GrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRhMW1wUGpKQWdfdktRamZrZnA5ZXZ6Y2FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82ODJiMDctNzczZi00NmZkLTgyZTIt
YjkyMTFlMWZjMWFjLzEvNkVadHhRZXE2cXdKZ1B5R0dwNW9FVzliT0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82ODJiMDctNzczZi00NmZkLTgyZTItYjkyMTFlMWZjMWFj
LzEveWRhMW1wUGpKQWdfdktRamZrZnA5ZXZ6Y2FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucGlMA0G
CSqGSIb3DQEBCwUAA4IBAQCwjWNUaErJZ2kUn0OzKy09NpmfQC6L9L++n1eHj7rO
SBn4BCe25KSjZmJbcNTJEDQUjWW5JjhQ9vg4In48yCQlVgpz44pjvtBYL0es3cdH
QJCDXkJ4eSj0Ac4sfflSOB1Dq59U3SE5+64390+Z3eYMmFqNRQ02d32jZ4mdT6y9
ySLQPwSqKgeTvPDpLJ6lZk70+twnZCGZIDqR+5lqCHRsQ71EctxZwMkzQ5d3Q4MA
/NuDZLLRc1o2zMszNZ3y7KLWQ498rkXHb0YD1Z93leTbzjwFNfgxL6XRWNbc6sj1
ULHpHzDohTSQwqAkA+I+j87eYJ6Vuot2wYIrA8WEKGJR
-----END CERTIFICATE-----