Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/1fe3d7-9214-4de3-8f1c-2c0abbd2e85d/1/6PLJXBtU2gE271O6qfmIgRSfwpI.roa
File:                     6PLJXBtU2gE271O6qfmIgRSfwpI.roa (raw, json)
Hash identifier:          ZSkMQnUvi//VgXHaK0x+LxgfOW4LWoJMUZzYjht0r78=
Subject key identifier:   E8:F2:C9:5C:1B:54:DA:01:36:EF:53:BA:A9:F9:88:81:14:9F:C2:92
Certificate issuer:       /CN=6a9cf5a57bc7456d740b45e1fe08e369a9a1714a
Certificate serial:       018CCA9A0CCB837D42D7B1F0094F7B8B179E
Authority key identifier: 6A:9C:F5:A5:7B:C7:45:6D:74:0B:45:E1:FE:08:E3:69:A9:A1:71:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/apz1pXvHRW10C0Xh_gjjaamhcUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/1fe3d7-9214-4de3-8f1c-2c0abbd2e85d/1/6PLJXBtU2gE271O6qfmIgRSfwpI.roa
Signing time:             Tue 02 Jan 2024 14:35:42 +0000
ROA not before:           Tue 02 Jan 2024 14:35:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        62.182.102.0/24 maxlen: 24
                          62.182.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/1fe3d7-9214-4de3-8f1c-2c0abbd2e85d/1/apz1pXvHRW10C0Xh_gjjaamhcUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/1fe3d7-9214-4de3-8f1c-2c0abbd2e85d/1/apz1pXvHRW10C0Xh_gjjaamhcUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/apz1pXvHRW10C0Xh_gjjaamhcUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:0c:cb:83:7d:42:d7:b1:f0:09:4f:7b:8b:17:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a9cf5a57bc7456d740b45e1fe08e369a9a1714a
        Validity
            Not Before: Jan  2 14:35:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8f2c95c1b54da0136ef53baa9f98881149fc292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:95:e3:10:ae:cc:12:e2:a9:0e:c9:e8:b8:a0:
                    a1:82:53:76:6e:f5:d8:82:24:c8:a9:a8:b9:fb:3c:
                    14:f0:e1:14:c4:a7:08:16:2b:b7:29:fc:7b:8a:7e:
                    95:43:bf:e5:93:21:42:a7:1a:76:73:cc:af:f8:b5:
                    28:21:e7:b6:c0:a5:f7:31:ec:fa:81:bc:e8:3f:73:
                    b3:30:a5:8a:d1:70:bb:0b:b9:ef:b2:6b:fc:52:b9:
                    e0:4b:05:09:5e:a7:cf:87:64:a1:35:e9:31:0b:43:
                    57:9d:98:a3:4b:62:f5:10:0c:fe:41:98:43:54:45:
                    90:94:a8:1f:3d:2f:1b:1d:97:75:8f:e4:30:9b:5e:
                    65:ed:59:a3:a4:ef:72:11:69:44:25:16:83:cc:5f:
                    10:81:e2:5a:95:5a:25:c2:c0:72:c7:51:24:6c:dd:
                    53:33:40:81:e9:0f:71:20:06:f6:a4:78:32:cc:6d:
                    16:27:6a:2f:63:5e:00:6e:01:d8:8f:06:7b:88:36:
                    b8:6a:fd:25:23:ea:af:c6:0b:c3:6b:27:41:de:9a:
                    f5:47:e0:c5:fe:d7:d0:a0:0b:a9:7c:a3:1c:9d:d3:
                    8f:93:97:be:e7:f7:90:53:30:b4:6d:83:7b:af:9c:
                    62:f3:8e:37:f9:a6:bb:ce:93:7a:72:87:04:eb:1a:
                    a1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:F2:C9:5C:1B:54:DA:01:36:EF:53:BA:A9:F9:88:81:14:9F:C2:92
            X509v3 Authority Key Identifier:
                keyid:6A:9C:F5:A5:7B:C7:45:6D:74:0B:45:E1:FE:08:E3:69:A9:A1:71:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/apz1pXvHRW10C0Xh_gjjaamhcUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/1fe3d7-9214-4de3-8f1c-2c0abbd2e85d/1/6PLJXBtU2gE271O6qfmIgRSfwpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/1fe3d7-9214-4de3-8f1c-2c0abbd2e85d/1/apz1pXvHRW10C0Xh_gjjaamhcUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:f7:bc:a6:d0:24:28:61:38:31:34:21:a8:9e:50:d0:b3:12:
         3a:b6:c7:61:ce:98:02:ad:2f:62:27:97:6e:b7:65:6f:69:04:
         48:e0:e1:e3:1e:f2:e7:dd:4f:51:e1:f8:dd:2c:a4:12:f4:f7:
         3f:ec:94:3f:b2:ca:e9:49:f6:46:05:ab:d8:27:a2:b9:bf:39:
         5f:9d:39:3e:58:d2:b5:8e:5a:a6:e7:90:80:22:2b:73:9a:49:
         04:14:7f:4b:eb:a2:cb:39:09:1a:81:b3:e3:ff:7b:ac:94:c5:
         4a:8e:d4:b1:57:5c:bc:37:d6:a9:84:a1:f5:30:b4:94:6a:df:
         0b:6b:19:c4:09:cc:d9:06:2e:3c:4f:eb:78:68:80:e0:5d:59:
         26:4b:8d:24:5d:69:5c:cc:1f:e8:c0:8c:3b:79:54:1d:53:5c:
         4e:5d:30:04:f6:62:7a:9b:f7:33:84:d8:ca:b3:4e:44:73:6f:
         c3:da:74:3b:03:01:ca:1c:eb:a9:8b:ca:b2:93:0f:b0:0e:60:
         34:30:cb:72:2a:a3:5f:42:4c:b7:bd:b3:01:fd:89:a2:c3:99:
         39:fe:3a:10:e5:39:70:71:98:22:2e:d7:fa:b0:3f:d1:11:f3:
         9a:17:11:6d:78:81:a7:61:13:8a:de:5f:b2:05:ac:7b:0d:bd:
         ce:0c:27:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmgzLg31C17HwCU97ixeeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOWNmNWE1N2JjNzQ1NmQ3NDBiNDVlMWZlMDhlMzY5YTlh
MTcxNGEwHhcNMjQwMTAyMTQzNTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGYyYzk1YzFiNTRkYTAxMzZlZjUzYmFhOWY5ODg4MTE0OWZjMjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpXjEK7MEuKpDsnouKChglN2bvXY
giTIqai5+zwU8OEUxKcIFiu3Kfx7in6VQ7/lkyFCpxp2c8yv+LUoIee2wKX3Mez6
gbzoP3OzMKWK0XC7C7nvsmv8UrngSwUJXqfPh2ShNekxC0NXnZijS2L1EAz+QZhD
VEWQlKgfPS8bHZd1j+Qwm15l7VmjpO9yEWlEJRaDzF8QgeJalVolwsByx1EkbN1T
M0CB6Q9xIAb2pHgyzG0WJ2ovY14AbgHYjwZ7iDa4av0lI+qvxgvDaydB3pr1R+DF
/tfQoAupfKMcndOPk5e+5/eQUzC0bYN7r5xi8443+aa7zpN6cocE6xqhmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjyyVwbVNoBNu9Tuqn5iIEUn8KSMB8GA1UdIwQY
MBaAFGqc9aV7x0VtdAtF4f4I42mpoXFKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXB6MXBYdkhSVzEwQzBYaF9namphYW1oY1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xZmUzZDctOTIxNC00ZGUzLThmMWMt
MmMwYWJiZDJlODVkLzEvNlBMSlhCdFUyZ0UyNzFPNnFmbUlnUlNmd3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xZmUzZDctOTIxNC00ZGUzLThmMWMtMmMwYWJiZDJlODVk
LzEvYXB6MXBYdkhSVzEwQzBYaF9namphYW1oY1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPrZmMA0G
CSqGSIb3DQEBCwUAA4IBAQCk97ym0CQoYTgxNCGonlDQsxI6tsdhzpgCrS9iJ5du
t2VvaQRI4OHjHvLn3U9R4fjdLKQS9Pc/7JQ/ssrpSfZGBavYJ6K5vzlfnTk+WNK1
jlqm55CAIitzmkkEFH9L66LLOQkagbPj/3uslMVKjtSxV1y8N9aphKH1MLSUat8L
axnECczZBi48T+t4aIDgXVkmS40kXWlczB/owIw7eVQdU1xOXTAE9mJ6m/czhNjK
s05Ec2/D2nQ7AwHKHOupi8qykw+wDmA0MMtyKqNfQky3vbMB/Ymiw5k5/joQ5Tlw
cZgiLtf6sD/REfOaFxFteIGnYROK3l+yBax7Db3ODCdb
-----END CERTIFICATE-----