Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/064794-2c36-43d6-b800-739d62669f91/1/6J3EI5tOKFWKwEsXAX4U4ySUe3Q.roa
File:                     6J3EI5tOKFWKwEsXAX4U4ySUe3Q.roa (raw, json)
Hash identifier:          z2X9cdwDZwkkaz62bf66tQnCbfmdu3awlBFzIam8kUU=
Subject key identifier:   E8:9D:C4:23:9B:4E:28:55:8A:C0:4B:17:01:7E:14:E3:24:94:7B:74
Certificate issuer:       /CN=db1da321843f9fad138e6115d85bee8a920b8e1d
Certificate serial:       018CC26D2517C3DF7F086963B1DCE24A611E
Authority key identifier: DB:1D:A3:21:84:3F:9F:AD:13:8E:61:15:D8:5B:EE:8A:92:0B:8E:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x2jIYQ_n60TjmEV2FvuipILjh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/064794-2c36-43d6-b800-739d62669f91/1/6J3EI5tOKFWKwEsXAX4U4ySUe3Q.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24603
IP address blocks:        45.152.100.0/22 maxlen: 24
                          185.105.80.0/22 maxlen: 24
                          193.108.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/064794-2c36-43d6-b800-739d62669f91/1/2x2jIYQ_n60TjmEV2FvuipILjh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/064794-2c36-43d6-b800-739d62669f91/1/2x2jIYQ_n60TjmEV2FvuipILjh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x2jIYQ_n60TjmEV2FvuipILjh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:25:17:c3:df:7f:08:69:63:b1:dc:e2:4a:61:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1da321843f9fad138e6115d85bee8a920b8e1d
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e89dc4239b4e28558ac04b17017e14e324947b74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:96:1d:14:44:6a:c3:79:04:84:c4:3f:1b:41:
                    02:03:87:ce:16:54:4e:06:cd:e7:34:47:d9:a7:07:
                    6c:4b:ba:1b:15:7c:09:5e:71:dd:1c:74:a0:83:fa:
                    ef:6b:77:39:4e:9f:56:d0:4e:21:59:f6:57:b3:16:
                    1c:5b:2d:0e:fa:c2:38:f6:64:bc:9d:8a:21:96:65:
                    e6:43:10:b9:87:9e:3a:b1:5b:13:fd:f9:49:fd:2f:
                    23:a1:d7:e7:c0:f6:71:cc:e4:7d:72:82:19:fd:9d:
                    a8:f2:3b:b6:00:40:d8:e7:98:0f:38:bf:2b:c9:a3:
                    1a:c3:d5:72:d7:dc:61:60:ee:d9:ea:df:98:24:d5:
                    30:31:27:9e:38:ec:85:08:8d:35:01:b5:d2:34:12:
                    e5:b5:7b:25:1b:c1:81:ef:e7:cc:6a:79:12:7f:c7:
                    bf:c5:70:b2:9f:7a:13:ce:6a:31:6b:94:b1:33:83:
                    0c:f8:6c:a0:19:08:28:c3:be:e0:3a:bb:71:e0:9f:
                    ee:9a:91:05:b2:41:fc:c4:98:a6:09:93:64:e3:d7:
                    e2:4d:51:2c:fd:97:f9:68:f7:da:da:68:fa:30:e8:
                    17:04:0f:2a:fe:3c:8b:c9:98:82:c0:b7:d0:95:85:
                    98:da:68:30:9d:74:47:72:37:9e:63:fc:0d:f3:15:
                    23:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:9D:C4:23:9B:4E:28:55:8A:C0:4B:17:01:7E:14:E3:24:94:7B:74
            X509v3 Authority Key Identifier:
                keyid:DB:1D:A3:21:84:3F:9F:AD:13:8E:61:15:D8:5B:EE:8A:92:0B:8E:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x2jIYQ_n60TjmEV2FvuipILjh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/064794-2c36-43d6-b800-739d62669f91/1/6J3EI5tOKFWKwEsXAX4U4ySUe3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/064794-2c36-43d6-b800-739d62669f91/1/2x2jIYQ_n60TjmEV2FvuipILjh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.100.0/22
                  185.105.80.0/22
                  193.108.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:cb:11:a2:2b:9b:8e:c0:8b:9d:bd:9f:90:18:39:99:ab:47:
         b3:12:de:c4:91:45:23:d8:1f:ff:81:d3:2a:9b:90:9f:8d:c7:
         30:cf:4d:5d:8e:81:d4:3c:f8:ff:59:89:aa:6d:d2:76:cf:62:
         eb:d3:07:b8:67:d4:41:87:61:d8:a0:e6:7b:f6:d4:38:af:4f:
         31:5f:84:bb:15:88:75:92:75:7d:3e:70:6e:c6:69:12:35:fd:
         dc:94:38:09:81:43:3c:d3:70:b3:9c:0b:79:03:82:fb:56:11:
         42:82:6b:b9:02:1b:dc:f3:eb:b7:ef:67:5d:49:59:2c:7f:99:
         0b:69:a1:58:28:64:fe:eb:2a:86:07:f4:e1:28:df:16:9d:ed:
         c5:54:14:8a:ba:77:32:5d:50:e1:42:64:c4:d7:70:c9:c4:7b:
         b9:6b:07:f2:05:a4:6c:54:82:6a:eb:71:0b:d7:f0:cc:10:7e:
         c7:94:43:9a:20:e5:1c:79:83:d3:ad:34:69:e6:43:e9:a3:9f:
         75:89:f6:4f:a4:ce:40:c3:59:50:e6:f4:fe:f0:16:fe:62:94:
         88:c1:50:b0:af:66:83:7f:23:bb:14:94:83:29:bc:9b:11:f0:
         30:d5:43:ed:5e:6a:87:5c:34:c8:7a:0b:3d:70:44:8b:2d:ec:
         e6:51:be:1f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbSUXw99/CGljsdziSmEeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWRhMzIxODQzZjlmYWQxMzhlNjExNWQ4NWJlZThhOTIw
YjhlMWQwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODlkYzQyMzliNGUyODU1OGFjMDRiMTcwMTdlMTRlMzI0OTQ3Yjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5YdFERqw3kEhMQ/G0ECA4fOFlRO
Bs3nNEfZpwdsS7obFXwJXnHdHHSgg/rva3c5Tp9W0E4hWfZXsxYcWy0O+sI49mS8
nYohlmXmQxC5h546sVsT/flJ/S8jodfnwPZxzOR9coIZ/Z2o8ju2AEDY55gPOL8r
yaMaw9Vy19xhYO7Z6t+YJNUwMSeeOOyFCI01AbXSNBLltXslG8GB7+fMankSf8e/
xXCyn3oTzmoxa5SxM4MM+GygGQgow77gOrtx4J/umpEFskH8xJimCZNk49fiTVEs
/Zf5aPfa2mj6MOgXBA8q/jyLyZiCwLfQlYWY2mgwnXRHcjeeY/wN8xUjtQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOidxCObTihVisBLFwF+FOMklHt0MB8GA1UdIwQY
MBaAFNsdoyGEP5+tE45hFdhb7oqSC44dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngyaklZUV9uNjBUam1FVjJGdnVpcElMamgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8wNjQ3OTQtMmMzNi00M2Q2LWI4MDAt
NzM5ZDYyNjY5ZjkxLzEvNkozRUk1dE9LRldLd0VzWEFYNFU0eVNVZTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8wNjQ3OTQtMmMzNi00M2Q2LWI4MDAtNzM5ZDYyNjY5Zjkx
LzEvMngyaklZUV9uNjBUam1FVjJGdnVpcElMamgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZhkAwQC
uWlQAwQAwWyzMA0GCSqGSIb3DQEBCwUAA4IBAQCMyxGiK5uOwIudvZ+QGDmZq0ez
Et7EkUUj2B//gdMqm5Cfjccwz01djoHUPPj/WYmqbdJ2z2Lr0we4Z9RBh2HYoOZ7
9tQ4r08xX4S7FYh1knV9PnBuxmkSNf3clDgJgUM803CznAt5A4L7VhFCgmu5Ahvc
8+u372ddSVksf5kLaaFYKGT+6yqGB/ThKN8Wne3FVBSKuncyXVDhQmTE13DJxHu5
awfyBaRsVIJq63EL1/DMEH7HlEOaIOUceYPTrTRp5kPpo591ifZPpM5Aw1lQ5vT+
8Bb+YpSIwVCwr2aDfyO7FJSDKbybEfAw1UPtXmqHXDTIegs9cESLLezmUb4f
-----END CERTIFICATE-----