Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/B6CK-DX22tNH_yd2gZVQ8LmYR1I.roa
File:                     B6CK-DX22tNH_yd2gZVQ8LmYR1I.roa (raw, json)
Hash identifier:          3+KeApSRwZdm3jzebkMlXFh6gAoBMIeIV1fOf9OXTts=
Subject key identifier:   07:A0:8A:F8:35:F6:DA:D3:47:FF:27:76:81:95:50:F0:B9:98:47:52
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79548392007D0F482C524484D726F5D
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/B6CK-DX22tNH_yd2gZVQ8LmYR1I.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39016
IP address blocks:        188.241.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:48:39:20:07:d0:f4:82:c5:24:48:4d:72:6f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07a08af835f6dad347ff2776819550f0b9984752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:5f:98:c6:d5:c0:9d:96:8d:b5:f3:45:ca:bc:
                    59:e6:fc:ce:c6:aa:ee:e5:3a:3f:89:29:d0:35:a6:
                    ef:bb:74:0b:a1:c8:5d:14:f8:2b:a4:9d:48:98:cc:
                    87:db:ce:4d:16:cc:0e:fa:27:70:f8:d3:73:e7:12:
                    d5:5a:72:19:15:db:d5:5c:ba:b4:5a:75:a0:65:fa:
                    ed:6f:94:8b:85:43:04:f6:15:ff:58:3f:55:7c:52:
                    fa:52:66:28:2e:56:12:1c:56:12:26:79:66:1c:2b:
                    70:8f:01:76:df:36:c1:e2:df:92:f5:01:db:3b:a1:
                    01:22:0d:20:43:8e:a7:e0:e9:30:f2:3e:dc:06:2a:
                    f0:9a:68:a8:d7:ed:6b:76:1d:3b:b9:db:75:b6:15:
                    61:fb:94:2f:ff:d7:9c:5c:c7:bc:46:5b:11:7a:f4:
                    65:b1:be:2d:c0:14:7f:fd:89:71:77:6a:a8:0d:4e:
                    0d:21:e9:d3:78:e4:6f:fb:84:83:75:6a:31:cf:35:
                    08:db:ad:44:4b:a3:24:ea:08:ea:d3:e5:0c:b5:63:
                    69:80:6a:d1:62:28:9c:56:4c:ae:e2:b2:3c:8a:67:
                    1f:9e:ff:a4:0c:60:3e:52:82:5d:55:ab:c0:20:41:
                    b4:c1:00:d0:96:5f:e5:b2:c1:cd:84:e0:00:62:66:
                    8e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A0:8A:F8:35:F6:DA:D3:47:FF:27:76:81:95:50:F0:B9:98:47:52
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/B6CK-DX22tNH_yd2gZVQ8LmYR1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e3:51:08:ae:de:a0:de:71:1b:9d:d9:9d:15:67:6e:e4:9a:70:
         ea:99:eb:b3:b1:6e:a2:89:29:03:7f:f8:5e:99:bb:6c:05:a1:
         58:15:35:65:ad:15:80:1f:3b:2d:5f:e9:d1:7b:4b:ed:97:ca:
         2c:d8:f8:bb:99:3a:4f:08:31:dc:01:2d:c6:13:9c:6a:0d:d8:
         b1:1d:9c:26:0c:d7:f0:fa:7a:8e:67:f8:16:ba:2c:80:2e:a7:
         c6:88:53:0b:66:af:35:22:de:63:20:6a:96:b6:e8:3a:6f:f2:
         2b:b1:26:df:87:2e:65:6b:5f:99:52:b7:bc:ea:6f:f6:0a:2f:
         f9:7a:7c:bb:06:7c:f6:b8:2c:b6:7c:38:84:b4:88:0a:fa:5b:
         84:5c:fb:a2:b3:8f:f4:77:89:98:b7:2a:44:3c:ab:8a:29:7c:
         67:32:9b:1f:1a:a1:97:72:3c:43:cf:5f:d6:a4:f2:28:7c:c1:
         95:50:0b:ba:48:c0:67:68:28:a7:c2:a2:bb:2c:4f:dc:ac:a1:
         07:2d:de:ee:09:d6:5b:64:c6:de:d4:3a:74:61:2a:4b:62:f9:
         a2:7f:d6:ad:a5:51:c5:9b:80:89:7e:17:ec:7d:99:6a:7c:60:
         fa:5f:99:7e:48:c9:2a:2d:aa:08:92:70:27:ad:2c:62:59:40:
         c6:fd:c2:ba
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUg5IAfQ9ILFJEhNcm9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2EwOGFmODM1ZjZkYWQzNDdmZjI3NzY4MTk1NTBmMGI5OTg0NzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgl+YxtXAnZaNtfNFyrxZ5vzOxqru
5To/iSnQNabvu3QLochdFPgrpJ1ImMyH285NFswO+idw+NNz5xLVWnIZFdvVXLq0
WnWgZfrtb5SLhUME9hX/WD9VfFL6UmYoLlYSHFYSJnlmHCtwjwF23zbB4t+S9QHb
O6EBIg0gQ46n4Okw8j7cBirwmmio1+1rdh07udt1thVh+5Qv/9ecXMe8RlsRevRl
sb4twBR//Ylxd2qoDU4NIenTeORv+4SDdWoxzzUI261ES6Mk6gjq0+UMtWNpgGrR
YiicVkyu4rI8imcfnv+kDGA+UoJdVavAIEG0wQDQll/lssHNhOAAYmaOOwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAegivg19trTR/8ndoGVUPC5mEdSMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0I2Q0stRFgyMnROSF95ZDJnWlZROExtWVIxSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC88X8w
DQYJKoZIhvcNAQELBQADggEBAONRCK7eoN5xG53ZnRVnbuSacOqZ67OxbqKJKQN/
+F6Zu2wFoVgVNWWtFYAfOy1f6dF7S+2XyizY+LuZOk8IMdwBLcYTnGoN2LEdnCYM
1/D6eo5n+Ba6LIAup8aIUwtmrzUi3mMgapa26Dpv8iuxJt+HLmVrX5lSt7zqb/YK
L/l6fLsGfPa4LLZ8OIS0iAr6W4Rc+6Kzj/R3iZi3KkQ8q4opfGcymx8aoZdyPEPP
X9ak8ih8wZVQC7pIwGdoKKfCorssT9ysoQct3u4J1ltkxt7UOnRhKkti+aJ/1q2l
UcWbgIl+F+x9mWp8YPpfmX5IySotqgiScCetLGJZQMb9wro=
-----END CERTIFICATE-----