Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/wJ6E61UUxko3OM9gLLXbhoW_uPM.roa
File:                     wJ6E61UUxko3OM9gLLXbhoW_uPM.roa (raw, json)
Hash identifier:          IZ0xraEA4TdnarEtCEhYw+uralZRAwNvch1dsyrZ+Mw=
Subject key identifier:   C0:9E:84:EB:55:14:C6:4A:37:38:CF:60:2C:B5:DB:86:85:BF:B8:F3
Certificate issuer:       /CN=72c6460b4fb1ef46bc7457ff0cf463bdc4e03fa9
Certificate serial:       018CC8DE50CC0B61F06C730BFDA95DFFBFB1
Authority key identifier: 72:C6:46:0B:4F:B1:EF:46:BC:74:57:FF:0C:F4:63:BD:C4:E0:3F:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csZGC0-x70a8dFf_DPRjvcTgP6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/wJ6E61UUxko3OM9gLLXbhoW_uPM.roa
Signing time:             Tue 02 Jan 2024 06:31:01 +0000
ROA not before:           Tue 02 Jan 2024 06:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42956
IP address blocks:        185.81.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/csZGC0-x70a8dFf_DPRjvcTgP6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/csZGC0-x70a8dFf_DPRjvcTgP6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csZGC0-x70a8dFf_DPRjvcTgP6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:50:cc:0b:61:f0:6c:73:0b:fd:a9:5d:ff:bf:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72c6460b4fb1ef46bc7457ff0cf463bdc4e03fa9
        Validity
            Not Before: Jan  2 06:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c09e84eb5514c64a3738cf602cb5db8685bfb8f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:43:8a:8a:b0:73:ce:87:4b:4c:70:91:21:59:
                    1f:e4:f6:57:d5:8d:e4:8f:74:c4:9a:c4:d6:ba:c0:
                    0c:26:14:07:de:03:0a:df:52:c2:67:f3:3e:9b:d3:
                    26:6a:fb:33:d4:57:5e:14:6a:27:0c:46:dc:78:7a:
                    da:0f:9e:f1:86:8a:f8:93:aa:de:9b:9a:00:06:0e:
                    c3:01:0e:0f:18:0b:ad:0c:8d:2d:da:ca:96:ac:7f:
                    27:fa:ba:63:24:f5:64:b4:e0:31:f8:4c:54:ab:f1:
                    c6:c4:c9:bf:88:33:f2:ab:d6:6a:5c:ad:9c:d8:27:
                    2f:c7:6b:53:9e:0e:88:2b:b7:cb:54:8d:cb:a7:6e:
                    60:ce:44:a8:7c:12:1a:be:58:c7:29:0c:b5:bb:37:
                    96:0b:ab:c7:32:dd:25:dd:5c:99:ec:47:18:8d:32:
                    19:00:d4:97:d8:9b:a7:70:20:79:7b:72:78:61:38:
                    11:ec:4d:7b:0a:ce:48:54:71:65:78:21:bc:9d:e8:
                    07:ee:80:77:df:62:06:54:de:a9:0d:08:21:52:dd:
                    31:9d:55:05:95:26:ce:6b:e3:e9:67:a9:ee:c6:8b:
                    c6:8d:89:8c:c8:2a:6c:73:4c:df:d9:49:cd:c9:51:
                    a9:42:d1:01:65:b5:48:3f:45:7f:8a:79:fd:23:25:
                    a4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:9E:84:EB:55:14:C6:4A:37:38:CF:60:2C:B5:DB:86:85:BF:B8:F3
            X509v3 Authority Key Identifier:
                keyid:72:C6:46:0B:4F:B1:EF:46:BC:74:57:FF:0C:F4:63:BD:C4:E0:3F:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csZGC0-x70a8dFf_DPRjvcTgP6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/wJ6E61UUxko3OM9gLLXbhoW_uPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/csZGC0-x70a8dFf_DPRjvcTgP6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:5e:06:e1:c8:bd:13:9a:3b:b5:74:3c:72:66:bf:f8:d0:2f:
         fb:dc:d1:f7:ff:c8:72:aa:4f:80:3b:5b:23:29:db:04:6c:25:
         08:aa:90:b4:57:90:9f:99:93:fd:ca:fc:16:b1:ce:bd:52:85:
         2d:0a:6a:fa:2f:dd:a7:f4:b8:3c:4b:48:b1:a1:fa:40:95:ac:
         15:9b:ef:3d:d4:33:a2:2e:84:e8:86:e1:43:8e:8e:9c:f8:8c:
         69:48:7e:7e:20:8f:90:bf:3a:bd:1e:55:bd:f0:b3:9a:01:b9:
         f4:12:f9:fa:43:7b:06:c2:bb:e5:a2:4a:14:1a:d9:b2:56:80:
         c7:6a:ca:17:d0:01:23:95:34:7b:db:bc:2f:aa:9d:b9:8e:95:
         f3:a5:f9:96:3e:a2:b6:ab:62:cb:3d:b6:b5:01:e6:13:5e:8a:
         fc:36:dd:fd:77:fd:6f:22:cc:b7:5d:a1:20:34:f2:0f:b3:05:
         56:83:5b:a8:c9:86:93:ca:b0:42:f9:c3:b7:28:1a:26:94:00:
         8f:e2:e9:5f:f4:cb:4a:de:08:ea:8a:ba:5b:8e:67:28:01:97:
         6d:81:df:31:48:3f:08:fb:a2:d1:de:26:88:49:f5:26:ac:fb:
         bb:c0:18:a5:05:8c:42:69:72:72:26:6f:96:0c:06:04:42:b1:
         60:31:37:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3lDMC2HwbHML/ald/7+xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYzY0NjBiNGZiMWVmNDZiYzc0NTdmZjBjZjQ2M2JkYzRl
MDNmYTkwHhcNMjQwMTAyMDYzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDllODRlYjU1MTRjNjRhMzczOGNmNjAyY2I1ZGI4Njg1YmZiOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkOKirBzzodLTHCRIVkf5PZX1Y3k
j3TEmsTWusAMJhQH3gMK31LCZ/M+m9Mmavsz1FdeFGonDEbceHraD57xhor4k6re
m5oABg7DAQ4PGAutDI0t2sqWrH8n+rpjJPVktOAx+ExUq/HGxMm/iDPyq9ZqXK2c
2Ccvx2tTng6IK7fLVI3Lp25gzkSofBIavljHKQy1uzeWC6vHMt0l3VyZ7EcYjTIZ
ANSX2JuncCB5e3J4YTgR7E17Cs5IVHFleCG8negH7oB332IGVN6pDQghUt0xnVUF
lSbOa+PpZ6nuxovGjYmMyCpsc0zf2UnNyVGpQtEBZbVIP0V/inn9IyWk5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCehOtVFMZKNzjPYCy124aFv7jzMB8GA1UdIwQY
MBaAFHLGRgtPse9GvHRX/wz0Y73E4D+pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NaR0MwLXg3MGE4ZEZmX0RQUmp2Y1RnUDZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hNWNlN2UtN2QxZC00OGVmLThmMzYt
MGI3NDBhMzZhOGVlLzEvd0o2RTYxVVV4a28zT005Z0xMWGJob1dfdVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hNWNlN2UtN2QxZC00OGVmLThmMzYtMGI3NDBhMzZhOGVl
LzEvY3NaR0MwLXg3MGE4ZEZmX0RQUmp2Y1RnUDZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVF6MA0G
CSqGSIb3DQEBCwUAA4IBAQAzXgbhyL0Tmju1dDxyZr/40C/73NH3/8hyqk+AO1sj
KdsEbCUIqpC0V5CfmZP9yvwWsc69UoUtCmr6L92n9Lg8S0ixofpAlawVm+891DOi
LoTohuFDjo6c+IxpSH5+II+Qvzq9HlW98LOaAbn0Evn6Q3sGwrvlokoUGtmyVoDH
asoX0AEjlTR727wvqp25jpXzpfmWPqK2q2LLPba1AeYTXor8Nt39d/1vIsy3XaEg
NPIPswVWg1uoyYaTyrBC+cO3KBomlACP4ulf9MtK3gjqirpbjmcoAZdtgd8xSD8I
+6LR3iaISfUmrPu7wBilBYxCaXJyJm+WDAYEQrFgMTe8
-----END CERTIFICATE-----