Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/a5f150-3d83-42cb-9a47-e3cfe6cec0ac/1/6kCBLIZL1Utyl61fy1p6EW7akTU.roa
File:                     6kCBLIZL1Utyl61fy1p6EW7akTU.roa (raw, json)
Hash identifier:          NMn7Jz/myMcH5rlH91oLz3Top7oHGVHXBAR/Jc98yhE=
Subject key identifier:   EA:40:81:2C:86:4B:D5:4B:72:97:AD:5F:CB:5A:7A:11:6E:DA:91:35
Certificate issuer:       /CN=38b5bd39b74f23d7683d1238ea9aca3c66a631a3
Certificate serial:       0194214416F9476850C5F8CD48E9DB2BDC8B
Authority key identifier: 38:B5:BD:39:B7:4F:23:D7:68:3D:12:38:EA:9A:CA:3C:66:A6:31:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLW9ObdPI9doPRI46prKPGamMaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/a5f150-3d83-42cb-9a47-e3cfe6cec0ac/1/6kCBLIZL1Utyl61fy1p6EW7akTU.roa
Signing time:             Wed 01 Jan 2025 09:48:17 +0000
ROA not before:           Wed 01 Jan 2025 09:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3203
IP address blocks:        176.115.128.0/22 maxlen: 22
                          176.115.132.0/22 maxlen: 22
                          193.0.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/a5f150-3d83-42cb-9a47-e3cfe6cec0ac/1/OLW9ObdPI9doPRI46prKPGamMaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/a5f150-3d83-42cb-9a47-e3cfe6cec0ac/1/OLW9ObdPI9doPRI46prKPGamMaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLW9ObdPI9doPRI46prKPGamMaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:16:f9:47:68:50:c5:f8:cd:48:e9:db:2b:dc:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b5bd39b74f23d7683d1238ea9aca3c66a631a3
        Validity
            Not Before: Jan  1 09:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea40812c864bd54b7297ad5fcb5a7a116eda9135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f1:dc:12:02:8d:76:e4:67:51:ae:db:b5:66:
                    e4:c4:27:e9:77:3c:1b:f3:59:84:a4:3d:28:45:e6:
                    d7:ff:e3:71:ec:92:56:5a:0d:21:20:de:15:60:8e:
                    2c:07:05:f0:6d:bc:37:69:cd:43:98:76:2e:7e:db:
                    11:0e:f6:a4:27:4e:57:70:e6:35:9e:3c:12:de:6a:
                    0f:36:97:c6:e4:f7:8b:5c:e2:0a:cc:3f:4c:af:fb:
                    cc:00:70:9b:c0:c7:80:b0:f2:06:86:e5:db:19:6a:
                    b5:d8:66:b5:0c:65:86:2e:c7:28:ab:df:4a:e2:5c:
                    7b:9c:03:4d:d6:6f:9f:fc:15:e8:46:50:e5:05:46:
                    b5:2c:56:0c:98:16:42:cc:4c:7a:63:21:83:52:b8:
                    18:b3:f8:34:2e:8f:88:b7:1e:2b:f6:60:65:78:19:
                    cd:ec:5a:f7:32:f2:c2:b5:8b:70:08:12:b0:0a:e3:
                    8e:3a:0c:a7:e4:82:48:4e:cf:d2:c4:50:9d:9a:dc:
                    d7:e1:6a:81:e1:3a:4e:80:c2:1d:18:cf:55:1b:df:
                    25:14:2d:40:41:66:ac:2f:65:a2:d3:1a:42:c5:78:
                    06:09:25:73:34:58:d9:bd:96:fb:71:0d:c5:bb:2c:
                    3b:09:95:4c:86:ea:22:28:37:e9:9f:6c:b8:65:91:
                    ef:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:40:81:2C:86:4B:D5:4B:72:97:AD:5F:CB:5A:7A:11:6E:DA:91:35
            X509v3 Authority Key Identifier:
                keyid:38:B5:BD:39:B7:4F:23:D7:68:3D:12:38:EA:9A:CA:3C:66:A6:31:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLW9ObdPI9doPRI46prKPGamMaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a5f150-3d83-42cb-9a47-e3cfe6cec0ac/1/6kCBLIZL1Utyl61fy1p6EW7akTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a5f150-3d83-42cb-9a47-e3cfe6cec0ac/1/OLW9ObdPI9doPRI46prKPGamMaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.115.128.0/21
                  193.0.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:8d:bd:a0:41:49:f0:4b:36:73:6c:f8:e5:15:bf:a5:39:3e:
         e9:93:f8:c7:0d:7d:c6:73:de:0f:cc:e1:9c:12:30:7e:a0:62:
         d5:1d:e4:fb:61:61:d1:ba:8b:73:a6:e9:05:7d:02:a8:92:60:
         46:56:05:63:2b:ea:be:54:f0:14:e8:10:07:95:66:d8:a7:eb:
         dd:7a:69:6c:b5:c8:7d:74:40:85:b2:a4:a1:bf:bd:ff:6d:bf:
         9c:91:0a:6c:64:3d:92:f9:c1:6b:ff:1b:c2:42:b9:d8:f7:2d:
         ab:79:3e:09:9a:9a:fc:3b:66:82:91:16:97:aa:cf:c6:61:03:
         69:74:0c:85:11:aa:6b:6d:42:f6:31:4f:37:5a:8f:9e:a2:b0:
         bd:ff:9f:25:75:7e:88:20:1d:b2:31:d5:f0:73:c4:19:8a:d0:
         88:7b:9c:df:79:ed:df:35:d9:a6:ee:39:74:23:20:79:6c:71:
         b4:43:80:d0:03:01:f1:f7:bb:38:07:1e:d0:2a:25:2f:81:fb:
         6a:13:bf:3b:fe:0e:d3:c4:83:92:21:3b:89:42:69:19:47:8e:
         0f:a3:7b:af:2e:dc:99:2b:bd:bd:00:1c:f2:e4:e7:2e:bf:00:
         df:c8:fa:7e:9b:a4:f3:1a:fb:54:cd:0a:b6:0e:1b:1d:a3:45:
         ba:89:5f:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRBb5R2hQxfjNSOnbK9yLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjViZDM5Yjc0ZjIzZDc2ODNkMTIzOGVhOWFjYTNjNjZh
NjMxYTMwHhcNMjUwMTAxMDk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQwODEyYzg2NGJkNTRiNzI5N2FkNWZjYjVhN2ExMTZlZGE5MTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/HcEgKNduRnUa7btWbkxCfpdzwb
81mEpD0oRebX/+Nx7JJWWg0hIN4VYI4sBwXwbbw3ac1DmHYuftsRDvakJ05XcOY1
njwS3moPNpfG5PeLXOIKzD9Mr/vMAHCbwMeAsPIGhuXbGWq12Ga1DGWGLscoq99K
4lx7nANN1m+f/BXoRlDlBUa1LFYMmBZCzEx6YyGDUrgYs/g0Lo+Itx4r9mBleBnN
7Fr3MvLCtYtwCBKwCuOOOgyn5IJITs/SxFCdmtzX4WqB4TpOgMIdGM9VG98lFC1A
QWasL2Wi0xpCxXgGCSVzNFjZvZb7cQ3Fuyw7CZVMhuoiKDfpn2y4ZZHvBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOpAgSyGS9VLcpetX8taehFu2pE1MB8GA1UdIwQY
MBaAFDi1vTm3TyPXaD0SOOqayjxmpjGjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xXOU9iZFBJOWRvUFJJNDZwcktQR2FtTWFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9hNWYxNTAtM2Q4My00MmNiLTlhNDct
ZTNjZmU2Y2VjMGFjLzEvNmtDQkxJWkwxVXR5bDYxZnkxcDZFVzdha1RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9hNWYxNTAtM2Q4My00MmNiLTlhNDctZTNjZmU2Y2VjMGFj
LzEvT0xXOU9iZFBJOWRvUFJJNDZwcktQR2FtTWFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDsHOAAwQC
wQCEMA0GCSqGSIb3DQEBCwUAA4IBAQCdjb2gQUnwSzZzbPjlFb+lOT7pk/jHDX3G
c94PzOGcEjB+oGLVHeT7YWHRuotzpukFfQKokmBGVgVjK+q+VPAU6BAHlWbYp+vd
emlstch9dECFsqShv73/bb+ckQpsZD2S+cFr/xvCQrnY9y2reT4Jmpr8O2aCkRaX
qs/GYQNpdAyFEaprbUL2MU83Wo+eorC9/58ldX6IIB2yMdXwc8QZitCIe5zfee3f
Ndmm7jl0IyB5bHG0Q4DQAwHx97s4Bx7QKiUvgftqE787/g7TxIOSITuJQmkZR44P
o3uvLtyZK729ABzy5OcuvwDfyPp+m6TzGvtUzQq2Dhsdo0W6iV96
-----END CERTIFICATE-----