Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/6C6pcsV0vRisOEJD-YisOjwmoK8.roa
File:                     6C6pcsV0vRisOEJD-YisOjwmoK8.roa (raw, json)
Hash identifier:          yVSgtKo+Ec6ZzfdfZCTOWFNeHTTGW/YCL32w+osuvVo=
Subject key identifier:   E8:2E:A9:72:C5:74:BD:18:AC:38:42:43:F9:88:AC:3A:3C:26:A0:AF
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       01933E6CFCEEAD9EF3F88AF56F41CBC8F6E3
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/6C6pcsV0vRisOEJD-YisOjwmoK8.roa
Signing time:             Mon 18 Nov 2024 08:39:10 +0000
ROA not before:           Mon 18 Nov 2024 08:39:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196695
IP address blocks:        45.147.3.0/24 maxlen: 24
                          91.200.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3e:6c:fc:ee:ad:9e:f3:f8:8a:f5:6f:41:cb:c8:f6:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Nov 18 08:39:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e82ea972c574bd18ac384243f988ac3a3c26a0af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:63:d1:87:0f:e1:cb:33:aa:c7:31:5b:bf:40:
                    d0:94:4f:24:01:99:1e:40:9d:18:ae:79:a8:5f:fd:
                    34:bd:b5:0f:6e:ad:af:38:f2:db:c7:b8:61:0b:8d:
                    95:4b:ba:01:55:2e:fa:6e:30:ca:71:e2:7a:eb:df:
                    cd:88:7e:a7:05:e2:05:10:52:40:b8:b0:2d:ee:70:
                    81:b5:1c:bb:00:36:d0:d1:f6:0d:a9:36:b8:c7:41:
                    91:bd:98:8b:37:12:62:1c:fd:fe:8b:ae:56:2d:3b:
                    36:af:92:7f:02:1a:a0:8d:9f:cb:86:cc:26:96:d5:
                    b4:d7:52:f8:24:05:59:b5:db:d7:fa:0c:f3:6b:b6:
                    7a:dd:e9:b8:ad:70:eb:85:b7:03:fd:27:2d:f1:fc:
                    9c:0a:ab:7e:42:8d:13:17:28:f3:17:80:c5:c2:6c:
                    60:c3:fc:87:f0:32:a3:c2:a0:f4:8d:77:2c:34:26:
                    96:85:98:af:cd:ed:ef:1d:fe:a8:8c:81:cc:d5:cd:
                    af:42:5f:ad:e3:f8:69:10:da:b7:c2:e5:83:58:52:
                    6d:b0:dd:ef:92:e3:e3:24:1f:f7:4a:e8:c5:df:08:
                    fd:fd:1f:54:05:2f:cf:c9:4c:3e:f6:f6:de:66:0b:
                    9f:68:0e:3a:e8:06:f8:65:2b:21:f4:d9:0d:1a:e5:
                    17:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:2E:A9:72:C5:74:BD:18:AC:38:42:43:F9:88:AC:3A:3C:26:A0:AF
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/6C6pcsV0vRisOEJD-YisOjwmoK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.3.0/24
                  91.200.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:09:99:9a:63:5e:f9:fa:23:11:1c:6c:4c:0f:17:7a:59:1f:
         95:a4:41:2c:c1:1a:3d:b1:3c:d8:86:50:0f:50:25:c6:3e:c1:
         28:70:15:f9:81:e0:5d:db:bf:be:31:a7:fc:c5:41:e2:15:ce:
         db:90:9b:b5:f0:fe:a0:e8:7a:31:fe:8f:2d:48:cf:b4:19:18:
         28:52:41:fb:c0:f4:ec:9e:b2:93:1b:d5:87:7d:04:81:f2:50:
         fd:0f:f4:6c:62:9e:9f:74:e9:b4:37:ad:a5:96:41:2e:92:fc:
         79:0b:41:ca:54:e9:5c:35:2f:0a:47:c0:3a:fd:39:cd:6f:93:
         2d:6e:bd:e9:de:19:84:ff:d9:fe:69:9b:9f:c6:41:1c:9a:6f:
         81:d1:f4:70:4f:84:5e:64:f0:c4:d9:52:bf:73:53:23:df:1a:
         dd:af:4f:bc:40:3c:67:10:ea:3b:e8:39:fc:51:bf:9b:9e:1a:
         f8:b1:6e:c4:6a:02:74:86:7b:93:66:5d:be:52:ad:3f:e5:e5:
         af:b7:4b:4a:b5:a1:a0:f4:b4:dd:53:9d:2e:60:e4:30:3d:6b:
         ef:43:58:e1:7e:4a:4e:21:c9:51:59:39:f2:49:d6:4f:ad:85:
         61:41:1f:87:e2:44:46:8b:da:01:c6:df:88:3f:e0:df:fc:91:
         3f:0b:7c:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZM+bPzurZ7z+Ir1b0HLyPbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQxMTE4MDgzOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODJlYTk3MmM1NzRiZDE4YWMzODQyNDNmOTg4YWMzYTNjMjZhMGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGPRhw/hyzOqxzFbv0DQlE8kAZke
QJ0YrnmoX/00vbUPbq2vOPLbx7hhC42VS7oBVS76bjDKceJ669/NiH6nBeIFEFJA
uLAt7nCBtRy7ADbQ0fYNqTa4x0GRvZiLNxJiHP3+i65WLTs2r5J/AhqgjZ/Lhswm
ltW011L4JAVZtdvX+gzza7Z63em4rXDrhbcD/Sct8fycCqt+Qo0TFyjzF4DFwmxg
w/yH8DKjwqD0jXcsNCaWhZivze3vHf6ojIHM1c2vQl+t4/hpENq3wuWDWFJtsN3v
kuPjJB/3SujF3wj9/R9UBS/PyUw+9vbeZgufaA466Ab4ZSsh9NkNGuUXiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOguqXLFdL0YrDhCQ/mIrDo8JqCvMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvNkM2cGNzVjB2UmlzT0VKRC1ZaXNPandtb0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZMDAwQA
W8iSMA0GCSqGSIb3DQEBCwUAA4IBAQAxCZmaY175+iMRHGxMDxd6WR+VpEEswRo9
sTzYhlAPUCXGPsEocBX5geBd27++Maf8xUHiFc7bkJu18P6g6Hox/o8tSM+0GRgo
UkH7wPTsnrKTG9WHfQSB8lD9D/RsYp6fdOm0N62llkEukvx5C0HKVOlcNS8KR8A6
/TnNb5Mtbr3p3hmE/9n+aZufxkEcmm+B0fRwT4ReZPDE2VK/c1Mj3xrdr0+8QDxn
EOo76Dn8Ub+bnhr4sW7EagJ0hnuTZl2+Uq0/5eWvt0tKtaGg9LTdU50uYOQwPWvv
Q1jhfkpOIclRWTnySdZPrYVhQR+H4kRGi9oBxt+IP+Df/JE/C3xv
-----END CERTIFICATE-----