Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/9b0c77-8085-4a5a-bace-143c3d38d17c/1/DR6ZGbif0VVW1sLPR9dtQznAkWY.roa
File:                     DR6ZGbif0VVW1sLPR9dtQznAkWY.roa (raw, json)
Hash identifier:          CPyIabgiO0KsuC6W1xYHhgaACWq/10vpAPMsePBYrmo=
Subject key identifier:   0D:1E:99:19:B8:9F:D1:55:56:D6:C2:CF:47:D7:6D:43:39:C0:91:66
Certificate issuer:       /CN=d2f6e6b5a34fd18b435385db87bb3ae974785108
Certificate serial:       018CC64B123A8E203E1BAB69735A6B857E47
Authority key identifier: D2:F6:E6:B5:A3:4F:D1:8B:43:53:85:DB:87:BB:3A:E9:74:78:51:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0vbmtaNP0YtDU4Xbh7s66XR4UQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/9b0c77-8085-4a5a-bace-143c3d38d17c/1/DR6ZGbif0VVW1sLPR9dtQznAkWY.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207509
IP address blocks:        185.25.94.0/24 maxlen: 24
                          2a0c:95c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/9b0c77-8085-4a5a-bace-143c3d38d17c/1/0vbmtaNP0YtDU4Xbh7s66XR4UQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/9b0c77-8085-4a5a-bace-143c3d38d17c/1/0vbmtaNP0YtDU4Xbh7s66XR4UQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0vbmtaNP0YtDU4Xbh7s66XR4UQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:12:3a:8e:20:3e:1b:ab:69:73:5a:6b:85:7e:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2f6e6b5a34fd18b435385db87bb3ae974785108
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d1e9919b89fd15556d6c2cf47d76d4339c09166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:fc:a9:da:42:b2:43:cb:71:92:0c:bc:62:21:
                    1d:9e:4c:66:58:4f:a8:4b:af:97:9d:5d:c6:de:5e:
                    56:ee:ba:e7:e0:02:6c:56:24:fa:5b:93:a8:32:5d:
                    f9:5a:9e:d7:8f:ac:01:a0:cf:b3:2a:a7:bf:da:d5:
                    3c:67:2f:5c:29:98:81:03:b4:f6:34:ec:ad:d9:2b:
                    d4:aa:df:52:e2:fd:f1:cc:f7:c4:54:bf:64:d9:17:
                    15:33:95:e7:5e:9f:2b:49:9c:70:7e:f0:8c:90:66:
                    36:6b:d1:c7:55:bf:4d:07:61:97:c8:7e:a9:b4:88:
                    b7:5e:70:c1:ff:c6:18:d7:eb:03:0f:28:3d:53:e8:
                    08:3f:39:7d:91:bb:97:50:c9:50:a7:52:45:04:b5:
                    3c:b1:5b:87:d3:95:88:f1:72:7c:c9:8f:cc:35:de:
                    2c:29:3e:92:90:7f:a5:c1:3d:70:eb:3a:e4:4b:8e:
                    d6:cc:12:54:a7:57:2e:ae:69:52:d1:59:93:40:df:
                    e5:67:80:18:38:b3:29:70:52:69:d7:cf:1f:e4:14:
                    28:0b:2a:8f:ad:ff:f5:cf:6e:b7:7f:9a:63:b1:92:
                    79:7f:52:63:3c:b2:d2:52:ed:71:81:b3:e3:5b:aa:
                    f2:24:0a:6a:d8:e0:04:a5:2a:73:eb:65:3e:fc:c8:
                    a2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1E:99:19:B8:9F:D1:55:56:D6:C2:CF:47:D7:6D:43:39:C0:91:66
            X509v3 Authority Key Identifier:
                keyid:D2:F6:E6:B5:A3:4F:D1:8B:43:53:85:DB:87:BB:3A:E9:74:78:51:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0vbmtaNP0YtDU4Xbh7s66XR4UQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9b0c77-8085-4a5a-bace-143c3d38d17c/1/DR6ZGbif0VVW1sLPR9dtQznAkWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9b0c77-8085-4a5a-bace-143c3d38d17c/1/0vbmtaNP0YtDU4Xbh7s66XR4UQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.94.0/24
                IPv6:
                  2a0c:95c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:ec:10:63:19:d2:4e:26:00:ce:98:2b:eb:8e:a5:8d:5a:09:
         e4:22:df:71:54:0c:9f:b0:40:8a:70:35:fe:a2:2c:21:15:05:
         ea:6e:41:00:63:fd:cb:cf:1f:bf:b2:81:1d:1e:32:57:2f:d3:
         e8:ad:76:8a:2f:94:50:47:42:aa:55:37:ae:68:d3:5b:0b:90:
         71:89:0d:6d:d7:e0:34:aa:5d:cc:26:1b:61:6c:f9:99:9a:9a:
         e7:5f:91:c5:fe:a3:43:22:9e:bf:74:fd:5c:70:66:5b:47:8e:
         30:dd:ea:3d:a0:3f:6b:b6:92:f5:8e:3b:5a:e1:e3:ba:78:36:
         a1:6e:58:6e:5d:56:da:c9:d8:12:89:93:c6:29:8b:32:fd:58:
         9b:cf:86:4e:22:4f:ff:0f:f7:2a:78:b6:c8:35:37:5d:01:e7:
         c0:6a:ac:23:53:88:2f:40:3a:21:55:18:6e:60:b0:48:27:73:
         eb:e3:69:fc:c6:bb:13:86:a2:ad:30:52:26:24:31:7f:a9:d2:
         2f:6a:bf:da:3a:43:bf:27:30:ce:3a:ed:e9:e9:d4:13:88:52:
         51:92:8e:3f:74:cf:b0:8e:d1:e8:dd:5e:94:f9:e6:5e:a3:0e:
         90:8b:99:73:31:69:ee:3a:2f:91:43:6e:ae:93:84:eb:8f:a6:
         ef:ff:3a:76
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSxI6jiA+G6tpc1prhX5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZjZlNmI1YTM0ZmQxOGI0MzUzODVkYjg3YmIzYWU5NzQ3
ODUxMDgwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFlOTkxOWI4OWZkMTU1NTZkNmMyY2Y0N2Q3NmQ0MzM5YzA5MTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvyp2kKyQ8txkgy8YiEdnkxmWE+o
S6+XnV3G3l5W7rrn4AJsViT6W5OoMl35Wp7Xj6wBoM+zKqe/2tU8Zy9cKZiBA7T2
NOyt2SvUqt9S4v3xzPfEVL9k2RcVM5XnXp8rSZxwfvCMkGY2a9HHVb9NB2GXyH6p
tIi3XnDB/8YY1+sDDyg9U+gIPzl9kbuXUMlQp1JFBLU8sVuH05WI8XJ8yY/MNd4s
KT6SkH+lwT1w6zrkS47WzBJUp1curmlS0VmTQN/lZ4AYOLMpcFJp188f5BQoCyqP
rf/1z263f5pjsZJ5f1JjPLLSUu1xgbPjW6ryJApq2OAEpSpz62U+/MiiVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA0emRm4n9FVVtbCz0fXbUM5wJFmMB8GA1UdIwQY
MBaAFNL25rWjT9GLQ1OF24e7Oul0eFEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHZibXRhTlAwWXREVTRYYmg3czY2WFI0VVFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS85YjBjNzctODA4NS00YTVhLWJhY2Ut
MTQzYzNkMzhkMTdjLzEvRFI2WkdiaWYwVlZXMXNMUFI5ZHRRem5Ba1dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS85YjBjNzctODA4NS00YTVhLWJhY2UtMTQzYzNkMzhkMTdj
LzEvMHZibXRhTlAwWXREVTRYYmg3czY2WFI0VVFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRleMA0E
AgACMAcDBQMqDJXAMA0GCSqGSIb3DQEBCwUAA4IBAQCO7BBjGdJOJgDOmCvrjqWN
WgnkIt9xVAyfsECKcDX+oiwhFQXqbkEAY/3Lzx+/soEdHjJXL9PorXaKL5RQR0Kq
VTeuaNNbC5BxiQ1t1+A0ql3MJhthbPmZmprnX5HF/qNDIp6/dP1ccGZbR44w3eo9
oD9rtpL1jjta4eO6eDahblhuXVbaydgSiZPGKYsy/Vibz4ZOIk//D/cqeLbINTdd
AefAaqwjU4gvQDohVRhuYLBIJ3Pr42n8xrsThqKtMFImJDF/qdIvar/aOkO/JzDO
Ou3p6dQTiFJRko4/dM+wjtHo3V6U+eZeow6Qi5lzMWnuOi+RQ26uk4Trj6bv/zp2
-----END CERTIFICATE-----