Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/W6G3zr7twnCR9K_8bn9YjIq3Y5Y.roa
File:                     W6G3zr7twnCR9K_8bn9YjIq3Y5Y.roa (raw, json)
Hash identifier:          8IC9UP/QUsmPv7fidr7tuO0tx2wglosKmoR28Qot0Z8=
Subject key identifier:   5B:A1:B7:CE:BE:ED:C2:70:91:F4:AF:FC:6E:7F:58:8C:8A:B7:63:96
Certificate issuer:       /CN=77b8cf454b0962d16a4855808fd3abc15852bbd8
Certificate serial:       018CCA29033EB8856BD5D2FD92D7C9868BC5
Authority key identifier: 77:B8:CF:45:4B:09:62:D1:6A:48:55:80:8F:D3:AB:C1:58:52:BB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d7jPRUsJYtFqSFWAj9OrwVhSu9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/W6G3zr7twnCR9K_8bn9YjIq3Y5Y.roa
Signing time:             Tue 02 Jan 2024 12:32:14 +0000
ROA not before:           Tue 02 Jan 2024 12:32:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201980
IP address blocks:        185.56.4.0/22 maxlen: 24
                          2a02:4f20::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/d7jPRUsJYtFqSFWAj9OrwVhSu9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/d7jPRUsJYtFqSFWAj9OrwVhSu9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d7jPRUsJYtFqSFWAj9OrwVhSu9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:03:3e:b8:85:6b:d5:d2:fd:92:d7:c9:86:8b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77b8cf454b0962d16a4855808fd3abc15852bbd8
        Validity
            Not Before: Jan  2 12:32:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ba1b7cebeedc27091f4affc6e7f588c8ab76396
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:5f:56:d3:7d:7f:69:32:36:d1:86:57:50:ee:
                    2f:07:94:cc:08:ef:bf:32:50:c9:9a:f7:fc:fe:54:
                    e4:ab:67:2f:b2:0d:b7:d9:19:5b:68:89:f4:f4:52:
                    98:6a:57:dc:e0:67:19:80:01:af:d7:c8:5b:d9:82:
                    51:fd:ac:e8:40:c0:16:94:a1:e8:05:92:87:c0:d1:
                    16:4a:e5:fe:f1:6b:1c:7b:d4:37:54:3a:93:ba:77:
                    1d:fd:a2:c7:81:1b:ef:e1:be:5d:71:50:2f:59:cd:
                    6d:a6:5f:c1:93:59:14:0a:95:79:75:61:13:4f:f3:
                    d3:32:a1:83:ad:01:16:da:1c:0f:19:fc:43:2e:95:
                    57:5d:29:ee:a3:e2:2d:f2:8c:f3:4e:14:d6:95:47:
                    fb:fe:7f:7f:3c:2e:12:fb:1f:96:bc:21:ca:8a:ca:
                    4a:e3:d5:76:0d:e4:fd:c6:63:ad:2d:3c:72:c9:d7:
                    ac:73:9d:95:0b:cf:09:85:11:dc:31:89:1e:93:47:
                    c9:81:ba:d1:cd:ad:f9:a4:c0:5b:46:ab:fc:a9:47:
                    c7:92:04:c8:08:a1:d6:e2:28:12:4c:c7:61:79:a5:
                    43:7f:67:ed:dd:e7:bc:15:06:22:73:f9:74:58:58:
                    ff:6b:b9:35:9d:5c:6c:71:57:3a:fe:b7:99:93:66:
                    14:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:A1:B7:CE:BE:ED:C2:70:91:F4:AF:FC:6E:7F:58:8C:8A:B7:63:96
            X509v3 Authority Key Identifier:
                keyid:77:B8:CF:45:4B:09:62:D1:6A:48:55:80:8F:D3:AB:C1:58:52:BB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7jPRUsJYtFqSFWAj9OrwVhSu9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/W6G3zr7twnCR9K_8bn9YjIq3Y5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/d7jPRUsJYtFqSFWAj9OrwVhSu9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.4.0/22
                IPv6:
                  2a02:4f20::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:e2:63:92:eb:09:0c:c4:19:ca:a8:d1:c4:5b:13:eb:2a:42:
         b1:f2:45:db:14:43:b9:39:54:96:88:2a:9c:24:f1:7c:27:38:
         3e:78:4a:b6:af:25:9e:db:1a:42:21:fd:a5:ea:af:8f:d0:4e:
         9b:5e:3f:91:8a:fa:29:4d:84:f7:16:f1:fa:ea:0e:38:ff:9a:
         53:3e:1e:4e:f9:aa:d0:ea:3d:8e:a5:04:ec:7a:60:7b:6a:26:
         e8:d3:24:18:0b:69:18:9e:54:9f:90:5c:b5:b2:a7:e9:e3:7e:
         85:9b:ea:6e:56:94:3e:84:c9:01:f2:5b:d7:a2:a1:20:35:08:
         08:fe:8b:fb:81:61:e7:02:da:e9:7f:74:f3:8a:3f:7d:66:48:
         03:d9:bd:f7:e5:0d:21:c7:94:7d:07:6b:51:c5:bd:0b:8e:83:
         63:03:78:1c:93:4d:9f:de:3c:86:ed:f4:ae:8b:d6:e0:2f:52:
         87:6e:d1:99:28:19:25:81:a5:54:b2:87:e7:36:63:4b:b9:46:
         fb:52:ee:08:10:fc:18:81:65:82:58:c1:47:d0:a1:8f:9a:37:
         9a:89:63:e8:24:ad:8c:71:6f:1a:a9:7b:84:d9:e8:be:f6:84:
         61:36:c7:5a:c7:f6:ff:ff:ef:fa:6d:33:5b:ef:fc:04:d8:3e:
         81:51:09:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKQM+uIVr1dL9ktfJhovFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YjhjZjQ1NGIwOTYyZDE2YTQ4NTU4MDhmZDNhYmMxNTg1
MmJiZDgwHhcNMjQwMTAyMTIzMjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmExYjdjZWJlZWRjMjcwOTFmNGFmZmM2ZTdmNTg4YzhhYjc2Mzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkF9W031/aTI20YZXUO4vB5TMCO+/
MlDJmvf8/lTkq2cvsg232RlbaIn09FKYalfc4GcZgAGv18hb2YJR/azoQMAWlKHo
BZKHwNEWSuX+8Wsce9Q3VDqTuncd/aLHgRvv4b5dcVAvWc1tpl/Bk1kUCpV5dWET
T/PTMqGDrQEW2hwPGfxDLpVXXSnuo+It8ozzThTWlUf7/n9/PC4S+x+WvCHKispK
49V2DeT9xmOtLTxyydesc52VC88JhRHcMYkek0fJgbrRza35pMBbRqv8qUfHkgTI
CKHW4igSTMdheaVDf2ft3ee8FQYic/l0WFj/a7k1nVxscVc6/reZk2YU1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFuht86+7cJwkfSv/G5/WIyKt2OWMB8GA1UdIwQY
MBaAFHe4z0VLCWLRakhVgI/Tq8FYUrvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDdqUFJVc0pZdEZxU0ZXQWo5T3J3VmhTdTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jMTcxY2EtNGIxYi00MTg3LWJhNDYt
YTRmYzllMjQ1OGVjLzEvVzZHM3pyN3R3bkNSOUtfOGJuOVlqSXEzWTVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jMTcxY2EtNGIxYi00MTg3LWJhNDYtYTRmYzllMjQ1OGVj
LzEvZDdqUFJVc0pZdEZxU0ZXQWo5T3J3VmhTdTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTgEMA0E
AgACMAcDBQAqAk8gMA0GCSqGSIb3DQEBCwUAA4IBAQCd4mOS6wkMxBnKqNHEWxPr
KkKx8kXbFEO5OVSWiCqcJPF8Jzg+eEq2ryWe2xpCIf2l6q+P0E6bXj+RivopTYT3
FvH66g44/5pTPh5O+arQ6j2OpQTsemB7aibo0yQYC2kYnlSfkFy1sqfp436Fm+pu
VpQ+hMkB8lvXoqEgNQgI/ov7gWHnAtrpf3Tzij99ZkgD2b335Q0hx5R9B2tRxb0L
joNjA3gck02f3jyG7fSui9bgL1KHbtGZKBklgaVUsofnNmNLuUb7Uu4IEPwYgWWC
WMFH0KGPmjeaiWPoJK2McW8aqXuE2ei+9oRhNsdax/b//+/6bTNb7/wE2D6BUQm3
-----END CERTIFICATE-----