Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/35be04-d5b7-44aa-ade4-13401d1f22d2/1/bcW0EoeX7-Of9clGC00O3N70dqk.roa
File:                     bcW0EoeX7-Of9clGC00O3N70dqk.roa (raw, json)
Hash identifier:          HYqxRKhOyMF81Mf2C2f854WllrwLqMMxNiK1yIzEIsg=
Subject key identifier:   6D:C5:B4:12:87:97:EF:E3:9F:F5:C9:46:0B:4D:0E:DC:DE:F4:76:A9
Certificate issuer:       /CN=ae4a29c6138e2d93d54a36328b94cb1f8a382a6b
Certificate serial:       018CCA2B74B7C0019F708E8C93F6FAF41166
Authority key identifier: AE:4A:29:C6:13:8E:2D:93:D5:4A:36:32:8B:94:CB:1F:8A:38:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rkopxhOOLZPVSjYyi5TLH4o4Kms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/35be04-d5b7-44aa-ade4-13401d1f22d2/1/bcW0EoeX7-Of9clGC00O3N70dqk.roa
Signing time:             Tue 02 Jan 2024 12:34:54 +0000
ROA not before:           Tue 02 Jan 2024 12:34:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202611
IP address blocks:        185.32.184.0/23 maxlen: 24
                          2a0b:1440::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/35be04-d5b7-44aa-ade4-13401d1f22d2/1/rkopxhOOLZPVSjYyi5TLH4o4Kms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/35be04-d5b7-44aa-ade4-13401d1f22d2/1/rkopxhOOLZPVSjYyi5TLH4o4Kms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rkopxhOOLZPVSjYyi5TLH4o4Kms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:74:b7:c0:01:9f:70:8e:8c:93:f6:fa:f4:11:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae4a29c6138e2d93d54a36328b94cb1f8a382a6b
        Validity
            Not Before: Jan  2 12:34:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dc5b4128797efe39ff5c9460b4d0edcdef476a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a1:0d:b4:f0:75:d9:3e:a0:dc:aa:bb:18:54:
                    4b:c6:c0:9d:07:31:63:99:1b:e6:80:78:97:f6:9e:
                    aa:50:5c:f2:7a:e8:24:c9:c3:fe:2d:7d:c2:1c:25:
                    76:f4:98:cb:d8:06:a7:85:3a:a2:a2:b1:7b:2d:8a:
                    d9:fd:b9:24:57:29:4f:24:d7:c5:0e:62:a8:a6:33:
                    fe:25:11:e7:f5:02:b9:dc:2e:d3:dd:66:fd:3e:b8:
                    a7:da:11:ff:2d:36:ef:6d:20:4a:f6:e2:01:03:86:
                    ad:1b:09:b8:10:5d:d9:e4:a7:a2:83:52:65:82:85:
                    44:5f:43:51:f7:98:c9:dc:d4:9e:7c:60:db:03:12:
                    ec:af:db:3b:e1:81:6c:ee:e7:37:87:c4:20:ad:ff:
                    dd:67:55:1f:9b:6d:81:6a:a1:c1:f8:48:ed:dc:09:
                    fb:62:54:c7:4e:2b:36:d3:50:fe:b4:b0:9c:e7:3f:
                    e7:84:a0:00:07:c8:1d:00:cb:24:a1:eb:c1:cd:cc:
                    06:7f:b1:82:42:a4:f5:88:86:36:4b:23:ec:37:6c:
                    f5:35:b2:6a:61:ac:64:d8:bb:33:5f:2d:08:69:e2:
                    b4:74:12:b5:d8:41:0c:f1:a8:88:b3:50:70:c2:08:
                    39:33:7e:84:98:ca:90:31:70:2a:a4:1a:bd:c2:c2:
                    0f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:C5:B4:12:87:97:EF:E3:9F:F5:C9:46:0B:4D:0E:DC:DE:F4:76:A9
            X509v3 Authority Key Identifier:
                keyid:AE:4A:29:C6:13:8E:2D:93:D5:4A:36:32:8B:94:CB:1F:8A:38:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rkopxhOOLZPVSjYyi5TLH4o4Kms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/35be04-d5b7-44aa-ade4-13401d1f22d2/1/bcW0EoeX7-Of9clGC00O3N70dqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/35be04-d5b7-44aa-ade4-13401d1f22d2/1/rkopxhOOLZPVSjYyi5TLH4o4Kms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.184.0/23
                IPv6:
                  2a0b:1440::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:51:69:87:ed:21:3a:45:c0:5a:30:86:39:ad:a3:3d:7c:9e:
         6e:69:39:cf:9d:ca:48:03:ef:db:78:0a:55:19:19:05:0d:9b:
         1a:9f:0c:f7:56:8d:8e:f1:ba:4a:71:d3:bb:6b:dd:d0:64:fd:
         11:6f:ab:e1:7f:9f:12:96:87:61:5d:17:bc:cb:44:99:5d:3b:
         7d:5c:53:37:7e:77:b9:76:12:ba:b8:9a:76:68:a0:e8:29:d6:
         99:e7:2b:c4:e1:1c:c3:1d:16:b0:19:b4:e8:80:a0:6a:bc:13:
         ae:1b:f6:e9:1d:8e:a2:0a:fc:0d:81:c8:6d:ff:fb:71:04:dd:
         67:b6:3d:1f:05:5a:65:22:8e:b8:0c:f4:e7:69:f8:06:59:bf:
         e2:55:bd:66:ff:4e:7b:1f:57:27:79:aa:94:cb:ea:8f:00:20:
         ef:5e:8c:cb:9e:d8:84:fc:92:96:6a:2f:b9:cb:36:c1:d4:67:
         4a:72:b0:9a:19:17:fe:20:29:d5:3e:6e:57:14:8a:e6:59:df:
         62:ec:92:8a:1c:96:69:1b:93:99:df:9a:de:49:50:9f:3e:b0:
         78:e8:7b:65:d1:ab:91:3a:eb:20:76:41:11:fd:59:99:d1:37:
         36:07:c7:57:c4:b8:d8:02:a8:30:2f:6c:1c:d6:50:96:f9:36:
         9e:0d:79:c9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKK3S3wAGfcI6Mk/b69BFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNGEyOWM2MTM4ZTJkOTNkNTRhMzYzMjhiOTRjYjFmOGEz
ODJhNmIwHhcNMjQwMTAyMTIzNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGM1YjQxMjg3OTdlZmUzOWZmNWM5NDYwYjRkMGVkY2RlZjQ3NmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaENtPB12T6g3Kq7GFRLxsCdBzFj
mRvmgHiX9p6qUFzyeugkycP+LX3CHCV29JjL2AanhTqiorF7LYrZ/bkkVylPJNfF
DmKopjP+JRHn9QK53C7T3Wb9Prin2hH/LTbvbSBK9uIBA4atGwm4EF3Z5Keig1Jl
goVEX0NR95jJ3NSefGDbAxLsr9s74YFs7uc3h8Qgrf/dZ1Ufm22BaqHB+Ejt3An7
YlTHTis201D+tLCc5z/nhKAAB8gdAMskoevBzcwGf7GCQqT1iIY2SyPsN2z1NbJq
Yaxk2LszXy0IaeK0dBK12EEM8aiIs1Bwwgg5M36EmMqQMXAqpBq9wsIPOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG3FtBKHl+/jn/XJRgtNDtze9HapMB8GA1UdIwQY
MBaAFK5KKcYTji2T1Uo2MouUyx+KOCprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmtvcHhoT09MWlBWU2pZeWk1VExING80S21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zNWJlMDQtZDViNy00NGFhLWFkZTQt
MTM0MDFkMWYyMmQyLzEvYmNXMEVvZVg3LU9mOWNsR0MwME8zTjcwZHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zNWJlMDQtZDViNy00NGFhLWFkZTQtMTM0MDFkMWYyMmQy
LzEvcmtvcHhoT09MWlBWU2pZeWk1VExING80S21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuSC4MA0E
AgACMAcDBQAqCxRAMA0GCSqGSIb3DQEBCwUAA4IBAQAZUWmH7SE6RcBaMIY5raM9
fJ5uaTnPncpIA+/beApVGRkFDZsanwz3Vo2O8bpKcdO7a93QZP0Rb6vhf58Slodh
XRe8y0SZXTt9XFM3fne5dhK6uJp2aKDoKdaZ5yvE4RzDHRawGbTogKBqvBOuG/bp
HY6iCvwNgcht//txBN1ntj0fBVplIo64DPTnafgGWb/iVb1m/057H1cneaqUy+qP
ACDvXozLntiE/JKWai+5yzbB1GdKcrCaGRf+ICnVPm5XFIrmWd9i7JKKHJZpG5OZ
35reSVCfPrB46Htl0auROusgdkER/VmZ0Tc2B8dXxLjYAqgwL2wc1lCW+TaeDXnJ
-----END CERTIFICATE-----