Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/W6_DQlsQaxAQb_csshCOZ2B3qKQ.roa
File:                     W6_DQlsQaxAQb_csshCOZ2B3qKQ.roa (raw, json)
Hash identifier:          rAXfvjE6cqpnb+hknfkDMn7vMOn19LbD2joxkcAFI/Y=
Subject key identifier:   5B:AF:C3:42:5B:10:6B:10:10:6F:F7:2C:B2:10:8E:67:60:77:A8:A4
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B72C2776DA5D20A234DD4329CF3D33
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/W6_DQlsQaxAQb_csshCOZ2B3qKQ.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8567
IP address blocks:        217.167.116.0/24 maxlen: 24
                          217.167.117.0/24 maxlen: 24
                          212.234.160.0/24 maxlen: 24
                          212.234.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2c:27:76:da:5d:20:a2:34:dd:43:29:cf:3d:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bafc3425b106b10106ff72cb2108e676077a8a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a4:24:7a:d7:df:7f:08:5d:b9:a4:60:22:64:
                    20:3a:ca:fc:c2:89:5a:c9:81:09:15:50:2a:b7:e7:
                    01:b8:b7:d7:24:de:eb:55:22:50:53:bb:67:49:d7:
                    15:b6:d1:6e:9d:18:15:49:7d:a4:a2:b8:70:d5:93:
                    0f:78:c0:15:fe:86:d1:c5:5c:54:46:72:ce:92:e3:
                    56:61:5c:00:33:05:ae:50:f9:17:a8:5d:2e:88:19:
                    a4:90:6f:95:d8:53:ab:b6:8a:a9:db:93:b5:67:c2:
                    0e:f0:b1:c2:cf:87:7a:e5:c5:54:60:c8:90:64:2a:
                    d0:c3:f8:06:42:bb:f0:ea:34:9d:ac:d3:17:49:4c:
                    19:0e:73:ae:aa:82:70:1e:f5:9d:52:ab:7d:e9:38:
                    13:20:fe:c5:cc:3a:2d:b7:5a:a8:1d:49:1c:4b:45:
                    7f:0e:56:08:31:55:79:3d:9a:c9:28:a1:f1:36:4f:
                    48:91:bc:a8:5c:f5:f1:d9:47:31:d6:52:c8:12:b9:
                    a7:57:62:6e:75:7a:b9:51:97:e7:e7:a9:1a:96:c6:
                    c6:d8:a2:7c:fc:83:0a:d8:d7:e5:51:75:80:c7:af:
                    83:b8:3c:4e:c0:b0:e7:eb:40:e8:78:03:a9:95:c4:
                    25:17:66:86:80:1b:7d:92:cb:8e:e6:de:ab:9e:7c:
                    1e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:AF:C3:42:5B:10:6B:10:10:6F:F7:2C:B2:10:8E:67:60:77:A8:A4
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/W6_DQlsQaxAQb_csshCOZ2B3qKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.234.160.0/23
                  217.167.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:76:a8:6b:0e:ba:fe:67:e5:4b:79:01:a4:b7:9c:8d:f4:ea:
         e6:11:0d:4f:c6:a6:d9:aa:46:44:1d:7e:92:c3:e3:5c:69:8a:
         e5:2f:51:79:1a:ff:11:4f:2f:5c:55:ab:d7:b1:ae:b1:8b:fa:
         98:76:40:de:4c:b0:88:62:99:3f:0a:60:98:b0:a1:b2:ab:ef:
         55:86:34:11:0e:52:a4:4f:74:c2:31:1f:a1:cf:36:13:a3:e2:
         c4:85:3a:d5:2f:0e:6a:9c:0f:c2:85:23:67:b5:85:e0:da:b5:
         1e:f0:e0:6a:09:e0:7a:03:48:19:f4:79:57:c5:87:fb:e9:c3:
         a0:67:86:3d:db:eb:48:26:fc:74:75:28:40:cb:5d:62:0d:55:
         62:e8:9e:c2:8d:04:96:75:7c:df:f4:81:9b:79:ef:c1:c6:0f:
         ce:0b:c2:ca:be:4b:2f:08:12:03:98:cf:27:61:22:24:d9:8f:
         d9:65:67:db:18:6f:cc:41:31:4d:d9:dc:a7:ca:9f:02:6a:b8:
         34:bd:1e:94:5e:51:51:39:fa:43:a4:6b:49:8a:ea:b2:9b:98:
         3d:c4:6b:3d:1a:a1:70:dd:f8:fa:56:94:45:c0:49:67:79:d4:
         04:25:44:bf:0b:32:d1:5e:76:21:e7:dd:e0:0b:96:21:15:4d:
         81:56:24:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtywndtpdIKI03UMpzz0zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmFmYzM0MjViMTA2YjEwMTA2ZmY3MmNiMjEwOGU2NzYwNzdhOGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaQketfffwhduaRgImQgOsr8wola
yYEJFVAqt+cBuLfXJN7rVSJQU7tnSdcVttFunRgVSX2korhw1ZMPeMAV/obRxVxU
RnLOkuNWYVwAMwWuUPkXqF0uiBmkkG+V2FOrtoqp25O1Z8IO8LHCz4d65cVUYMiQ
ZCrQw/gGQrvw6jSdrNMXSUwZDnOuqoJwHvWdUqt96TgTIP7FzDott1qoHUkcS0V/
DlYIMVV5PZrJKKHxNk9IkbyoXPXx2Ucx1lLIErmnV2JudXq5UZfn56kalsbG2KJ8
/IMK2NflUXWAx6+DuDxOwLDn60DoeAOplcQlF2aGgBt9ksuO5t6rnnweEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFuvw0JbEGsQEG/3LLIQjmdgd6ikMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvVzZfRFFsc1FheEFRYl9jc3NoQ09aMkIzcUtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQB1OqgAwQB
2ad0MA0GCSqGSIb3DQEBCwUAA4IBAQCKdqhrDrr+Z+VLeQGkt5yN9OrmEQ1PxqbZ
qkZEHX6Sw+NcaYrlL1F5Gv8RTy9cVavXsa6xi/qYdkDeTLCIYpk/CmCYsKGyq+9V
hjQRDlKkT3TCMR+hzzYTo+LEhTrVLw5qnA/ChSNntYXg2rUe8OBqCeB6A0gZ9HlX
xYf76cOgZ4Y92+tIJvx0dShAy11iDVVi6J7CjQSWdXzf9IGbee/Bxg/OC8LKvksv
CBIDmM8nYSIk2Y/ZZWfbGG/MQTFN2dynyp8Carg0vR6UXlFROfpDpGtJiuqym5g9
xGs9GqFw3fj6VpRFwElnedQEJUS/CzLRXnYh593gC5YhFU2BViRz
-----END CERTIFICATE-----