Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/Po9z6F8EN7evZEh_gqKvVT3Fb-g.roa
File:                     Po9z6F8EN7evZEh_gqKvVT3Fb-g.roa (raw, json)
Hash identifier:          gwIFzxhBT64J+H38Ti9vHJEwO0I/0SMVApJsBnRDV5Y=
Subject key identifier:   3E:8F:73:E8:5F:04:37:B7:AF:64:48:7F:82:A2:AF:55:3D:C5:6F:E8
Certificate issuer:       /CN=21c1672dbbbf7165a6a83b3227a7119f0d31e8ee
Certificate serial:       018CC9BBB733D95DCBCBD5B37E0FD97CB0C6
Authority key identifier: 21:C1:67:2D:BB:BF:71:65:A6:A8:3B:32:27:A7:11:9F:0D:31:E8:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/Po9z6F8EN7evZEh_gqKvVT3Fb-g.roa
Signing time:             Tue 02 Jan 2024 10:32:51 +0000
ROA not before:           Tue 02 Jan 2024 10:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16371
IP address blocks:        185.25.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b7:33:d9:5d:cb:cb:d5:b3:7e:0f:d9:7c:b0:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21c1672dbbbf7165a6a83b3227a7119f0d31e8ee
        Validity
            Not Before: Jan  2 10:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e8f73e85f0437b7af64487f82a2af553dc56fe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2c:61:f8:6d:bf:d7:8d:9c:b6:57:f6:50:75:
                    ba:44:f4:f6:5b:44:96:7c:46:43:20:6e:63:9e:55:
                    70:15:d6:7e:6d:9f:62:3c:7e:c8:dc:97:96:ec:03:
                    95:ef:91:9d:ff:23:c7:b6:64:79:83:19:44:51:b6:
                    fa:47:2c:ab:83:2c:e8:7b:a6:7f:6c:61:8e:cf:13:
                    84:46:a2:f8:85:73:1f:61:38:d6:37:b2:28:59:4f:
                    58:b9:fe:40:f4:ab:c7:9b:c2:0e:28:3f:3a:72:fb:
                    6e:67:26:bb:76:cc:45:dc:c8:93:24:20:fd:33:ed:
                    a1:ae:c2:66:49:de:50:17:b7:93:27:56:66:37:31:
                    a6:2e:6d:d8:f1:71:4c:67:6c:a5:e2:a8:4b:30:5a:
                    92:52:8a:43:55:e7:74:61:0f:5a:e9:c2:2b:14:fe:
                    0b:99:d4:0e:29:a7:ea:37:ce:93:17:42:ad:d7:34:
                    05:d3:6d:63:eb:26:30:47:42:32:1f:36:01:7a:83:
                    01:81:05:cb:57:6d:ee:69:73:15:a5:78:27:21:01:
                    3e:10:ee:54:8e:11:8e:85:46:23:06:50:d8:af:44:
                    c5:2b:bb:dd:4d:0d:db:5a:29:74:a9:67:b4:a4:07:
                    cb:5b:3c:92:85:ee:f6:6e:41:f4:a4:b7:3f:6d:0c:
                    06:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8F:73:E8:5F:04:37:B7:AF:64:48:7F:82:A2:AF:55:3D:C5:6F:E8
            X509v3 Authority Key Identifier:
                keyid:21:C1:67:2D:BB:BF:71:65:A6:A8:3B:32:27:A7:11:9F:0D:31:E8:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/Po9z6F8EN7evZEh_gqKvVT3Fb-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:3b:96:9c:d5:5f:76:ba:a0:47:7e:f8:eb:ba:d6:ad:13:67:
         2d:52:c9:99:40:5c:8c:4a:68:7b:f0:1b:d7:97:d6:00:c3:33:
         83:f9:d9:b5:2b:43:b3:5c:b0:ce:71:1f:ae:6e:90:45:49:28:
         11:47:30:91:a9:12:1f:1e:74:2e:e4:cc:5a:a2:4a:15:67:0b:
         a5:96:3a:45:b5:cd:dd:58:85:fb:ab:24:1d:87:62:8d:a5:4a:
         61:39:d9:0d:a6:66:e2:ef:cc:63:4b:55:c9:8c:80:1b:69:a8:
         c0:a6:19:96:d8:12:a6:7a:da:3d:27:4d:8b:b8:00:a6:5f:96:
         95:97:b7:ba:39:51:77:5a:6f:1a:4c:d8:87:85:7e:f7:ca:cc:
         bb:17:e1:6e:46:46:55:fd:69:1d:7b:ce:68:c0:94:82:68:8a:
         9c:1d:63:ce:c2:19:f3:f1:88:98:e9:5c:3d:78:a0:e1:58:80:
         09:29:54:f5:28:cc:8a:c5:96:7b:c3:05:33:31:40:24:8f:51:
         c8:e8:83:09:d3:19:fe:a0:81:d8:06:b7:b5:be:cd:90:a9:00:
         77:c2:ec:e1:af:66:fb:af:9c:32:71:de:7d:86:c8:31:27:0d:
         bf:74:f0:18:55:7a:6e:11:77:87:90:98:5b:0f:02:b4:85:79:
         b2:10:e5:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu7cz2V3Ly9Wzfg/ZfLDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYzE2NzJkYmJiZjcxNjVhNmE4M2IzMjI3YTcxMTlmMGQz
MWU4ZWUwHhcNMjQwMTAyMTAzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZThmNzNlODVmMDQzN2I3YWY2NDQ4N2Y4MmEyYWY1NTNkYzU2ZmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqixh+G2/142ctlf2UHW6RPT2W0SW
fEZDIG5jnlVwFdZ+bZ9iPH7I3JeW7AOV75Gd/yPHtmR5gxlEUbb6Ryyrgyzoe6Z/
bGGOzxOERqL4hXMfYTjWN7IoWU9Yuf5A9KvHm8IOKD86cvtuZya7dsxF3MiTJCD9
M+2hrsJmSd5QF7eTJ1ZmNzGmLm3Y8XFMZ2yl4qhLMFqSUopDVed0YQ9a6cIrFP4L
mdQOKafqN86TF0Kt1zQF021j6yYwR0IyHzYBeoMBgQXLV23uaXMVpXgnIQE+EO5U
jhGOhUYjBlDYr0TFK7vdTQ3bWil0qWe0pAfLWzyShe72bkH0pLc/bQwGZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6Pc+hfBDe3r2RIf4Kir1U9xW/oMB8GA1UdIwQY
MBaAFCHBZy27v3Flpqg7MienEZ8NMejuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNGbkxidV9jV1dtcURzeUo2Y1JudzB4Nk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jMDVkNGMtOTZkMy00YjU3LWFlMzQt
MzQ3N2M3ZmNkNGQ5LzEvUG85ejZGOEVON2V2WkVoX2dxS3ZWVDNGYi1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jMDVkNGMtOTZkMy00YjU3LWFlMzQtMzQ3N2M3ZmNkNGQ5
LzEvSWNGbkxidV9jV1dtcURzeUo2Y1JudzB4Nk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRlwMA0G
CSqGSIb3DQEBCwUAA4IBAQA8O5ac1V92uqBHfvjrutatE2ctUsmZQFyMSmh78BvX
l9YAwzOD+dm1K0OzXLDOcR+ubpBFSSgRRzCRqRIfHnQu5MxaokoVZwulljpFtc3d
WIX7qyQdh2KNpUphOdkNpmbi78xjS1XJjIAbaajAphmW2BKmeto9J02LuACmX5aV
l7e6OVF3Wm8aTNiHhX73ysy7F+FuRkZV/Wkde85owJSCaIqcHWPOwhnz8YiY6Vw9
eKDhWIAJKVT1KMyKxZZ7wwUzMUAkj1HI6IMJ0xn+oIHYBre1vs2QqQB3wuzhr2b7
r5wycd59hsgxJw2/dPAYVXpuEXeHkJhbDwK0hXmyEOW2
-----END CERTIFICATE-----