Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/528de1-8f68-4cb9-b6ce-ffaaa299af61/1/sOvDv3wCW5e2CqTqXxS4K4_flZY.roa
File:                     sOvDv3wCW5e2CqTqXxS4K4_flZY.roa (raw, json)
Hash identifier:          S7yS0c7GO1ELll/o8e5psNRgMd/YoRVZIaJ6BX8qYAk=
Subject key identifier:   B0:EB:C3:BF:7C:02:5B:97:B6:0A:A4:EA:5F:14:B8:2B:8F:DF:95:96
Certificate issuer:       /CN=6b34fa53d1d84dbabe698d5bbccaedf109d157ae
Certificate serial:       018CC3491DD21F8E8EFA925FE55B0EDD28BE
Authority key identifier: 6B:34:FA:53:D1:D8:4D:BA:BE:69:8D:5B:BC:CA:ED:F1:09:D1:57:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/azT6U9HYTbq-aY1bvMrt8QnRV64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/528de1-8f68-4cb9-b6ce-ffaaa299af61/1/sOvDv3wCW5e2CqTqXxS4K4_flZY.roa
Signing time:             Mon 01 Jan 2024 04:29:58 +0000
ROA not before:           Mon 01 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8762
IP address blocks:        147.95.200.0/24 maxlen: 24
                          147.95.0.0/16 maxlen: 16
                          147.95.128.0/20 maxlen: 20
                          147.95.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/528de1-8f68-4cb9-b6ce-ffaaa299af61/1/azT6U9HYTbq-aY1bvMrt8QnRV64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/528de1-8f68-4cb9-b6ce-ffaaa299af61/1/azT6U9HYTbq-aY1bvMrt8QnRV64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/azT6U9HYTbq-aY1bvMrt8QnRV64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1d:d2:1f:8e:8e:fa:92:5f:e5:5b:0e:dd:28:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b34fa53d1d84dbabe698d5bbccaedf109d157ae
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0ebc3bf7c025b97b60aa4ea5f14b82b8fdf9596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9e:be:ec:8b:68:c4:87:c4:55:81:f0:a9:a7:
                    17:cf:da:09:48:6a:68:74:c6:b2:cb:c8:24:a7:12:
                    26:4a:c5:00:ef:52:a2:23:96:f7:0d:51:3d:ee:84:
                    ef:a0:84:93:91:fe:8f:e2:c8:29:27:ef:79:6a:f6:
                    4d:e8:73:bb:cd:00:2b:d9:f2:fb:19:e8:12:29:51:
                    44:0f:db:da:41:89:2b:47:44:64:31:3e:72:e5:ce:
                    17:b6:09:29:57:a5:e0:a0:d6:6f:58:e9:82:d1:72:
                    be:b9:5c:c9:91:e2:2e:ee:b7:30:e6:f1:5e:ac:2b:
                    fe:e2:e3:a3:19:bb:af:6b:26:e9:58:80:70:ed:d7:
                    64:21:66:be:1c:a0:c3:eb:69:a4:cd:8e:41:53:30:
                    7c:57:5b:ea:72:4e:a8:97:17:e0:c5:cd:de:0d:5c:
                    b8:cf:ea:ce:a9:26:ce:f2:07:02:57:86:61:88:34:
                    90:f0:5c:9e:1e:05:e9:54:b0:c2:ec:65:d7:90:51:
                    39:2a:a0:67:d4:52:f4:98:70:1e:82:67:ec:bb:64:
                    51:f4:9a:0e:62:56:5b:fd:b1:e2:f9:79:4e:cf:8a:
                    c4:96:d6:b8:a8:e6:bc:89:59:58:95:35:46:54:04:
                    52:88:04:40:0c:8a:bc:0a:da:94:67:15:3d:14:52:
                    26:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:EB:C3:BF:7C:02:5B:97:B6:0A:A4:EA:5F:14:B8:2B:8F:DF:95:96
            X509v3 Authority Key Identifier:
                keyid:6B:34:FA:53:D1:D8:4D:BA:BE:69:8D:5B:BC:CA:ED:F1:09:D1:57:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/azT6U9HYTbq-aY1bvMrt8QnRV64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/528de1-8f68-4cb9-b6ce-ffaaa299af61/1/sOvDv3wCW5e2CqTqXxS4K4_flZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/528de1-8f68-4cb9-b6ce-ffaaa299af61/1/azT6U9HYTbq-aY1bvMrt8QnRV64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.95.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         22:3d:21:40:b4:be:61:aa:21:96:e2:61:4a:24:7a:1e:ed:e7:
         7f:1c:96:ec:30:c4:b0:ad:3c:5f:93:9e:ef:df:34:56:6a:c3:
         37:68:1b:60:d0:de:03:49:ee:2c:fc:f3:47:af:9a:fa:fa:97:
         fd:f6:ad:8a:b7:04:1b:9b:38:05:30:94:68:83:4a:b0:d9:a1:
         3f:37:7e:75:86:0c:f7:7d:6a:46:b7:e9:b5:53:a0:07:1c:0e:
         cd:30:cc:c0:e3:3c:79:9a:93:ab:c9:a4:7b:ee:99:3a:22:2f:
         5d:8c:c1:bc:32:16:ed:dc:1d:87:78:4d:36:ca:ae:35:f5:ba:
         da:55:37:65:8e:36:09:4b:79:79:97:1b:e9:eb:03:a3:71:da:
         55:c5:e2:51:ad:af:8c:80:95:d2:22:73:80:69:26:58:0b:42:
         bf:03:de:42:49:2e:d6:db:a3:4a:c6:1e:89:64:ec:ba:64:92:
         37:36:50:17:51:e3:8a:ad:cc:0e:4c:65:2a:21:63:a3:3c:a8:
         d7:85:23:30:82:c9:ce:7f:bf:78:b9:c8:6d:51:20:58:a0:ce:
         1d:16:16:0a:68:c6:78:3e:c0:7c:63:7c:6e:a6:fe:89:85:d0:
         b4:5a:6b:1d:a5:51:c8:6f:80:26:44:e3:15:ae:a6:42:39:d6:
         63:cb:7b:ce
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDSR3SH46O+pJf5VsO3Si+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMzRmYTUzZDFkODRkYmFiZTY5OGQ1YmJjY2FlZGYxMDlk
MTU3YWUwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGViYzNiZjdjMDI1Yjk3YjYwYWE0ZWE1ZjE0YjgyYjhmZGY5NTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk56+7ItoxIfEVYHwqacXz9oJSGpo
dMayy8gkpxImSsUA71KiI5b3DVE97oTvoISTkf6P4sgpJ+95avZN6HO7zQAr2fL7
GegSKVFED9vaQYkrR0RkMT5y5c4XtgkpV6XgoNZvWOmC0XK+uVzJkeIu7rcw5vFe
rCv+4uOjGbuvaybpWIBw7ddkIWa+HKDD62mkzY5BUzB8V1vqck6olxfgxc3eDVy4
z+rOqSbO8gcCV4ZhiDSQ8FyeHgXpVLDC7GXXkFE5KqBn1FL0mHAegmfsu2RR9JoO
YlZb/bHi+XlOz4rElta4qOa8iVlYlTVGVARSiARADIq8CtqUZxU9FFImGwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLDrw798AluXtgqk6l8UuCuP35WWMB8GA1UdIwQY
MBaAFGs0+lPR2E26vmmNW7zK7fEJ0VeuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXpUNlU5SFlUYnEtYVkxYnZNcnQ4UW5SVjY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi81MjhkZTEtOGY2OC00Y2I5LWI2Y2Ut
ZmZhYWEyOTlhZjYxLzEvc092RHYzd0NXNWUyQ3FUcVh4UzRLNF9mbFpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi81MjhkZTEtOGY2OC00Y2I5LWI2Y2UtZmZhYWEyOTlhZjYx
LzEvYXpUNlU5SFlUYnEtYVkxYnZNcnQ4UW5SVjY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk18wDQYJ
KoZIhvcNAQELBQADggEBACI9IUC0vmGqIZbiYUokeh7t538cluwwxLCtPF+Tnu/f
NFZqwzdoG2DQ3gNJ7iz880evmvr6l/32rYq3BBubOAUwlGiDSrDZoT83fnWGDPd9
aka36bVToAccDs0wzMDjPHmak6vJpHvumToiL12MwbwyFu3cHYd4TTbKrjX1utpV
N2WONglLeXmXG+nrA6Nx2lXF4lGtr4yAldIic4BpJlgLQr8D3kJJLtbbo0rGHolk
7Lpkkjc2UBdR44qtzA5MZSohY6M8qNeFIzCCyc5/v3i5yG1RIFigzh0WFgpoxng+
wHxjfG6m/omF0LRaax2lUchvgCZE4xWupkI51mPLe84=
-----END CERTIFICATE-----