Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/91023c-2147-49b9-b267-62d4a1f1a50c/1/6Pd25QvIETeUiRX2VbZ2mMp2iA4.roa
File:                     6Pd25QvIETeUiRX2VbZ2mMp2iA4.roa (raw, json)
Hash identifier:          qeMq1pp4qncSr1PigOtZRyZAi6wHKWKW0FgoRAT88Mw=
Subject key identifier:   E8:F7:76:E5:0B:C8:11:37:94:89:15:F6:55:B6:76:98:CA:76:88:0E
Certificate issuer:       /CN=cb2a49fba149e1a1b13139bd01601c86cd2958a5
Certificate serial:       018CC3B71B558836A09C9BFE9517272DC35B
Authority key identifier: CB:2A:49:FB:A1:49:E1:A1:B1:31:39:BD:01:60:1C:86:CD:29:58:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yypJ-6FJ4aGxMTm9AWAchs0pWKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/91023c-2147-49b9-b267-62d4a1f1a50c/1/6Pd25QvIETeUiRX2VbZ2mMp2iA4.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208729
IP address blocks:        185.75.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/91023c-2147-49b9-b267-62d4a1f1a50c/1/yypJ-6FJ4aGxMTm9AWAchs0pWKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/91023c-2147-49b9-b267-62d4a1f1a50c/1/yypJ-6FJ4aGxMTm9AWAchs0pWKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yypJ-6FJ4aGxMTm9AWAchs0pWKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1b:55:88:36:a0:9c:9b:fe:95:17:27:2d:c3:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb2a49fba149e1a1b13139bd01601c86cd2958a5
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8f776e50bc81137948915f655b67698ca76880e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f3:44:77:49:52:6a:03:df:37:95:de:b7:41:
                    29:8c:49:1f:81:ba:40:5b:4c:97:bb:8c:e3:ca:b8:
                    4f:16:24:8e:bb:24:40:b3:ed:09:9d:fd:86:de:03:
                    bb:85:2d:2c:78:e4:33:26:ec:7b:1e:4f:a8:c1:ca:
                    8e:c8:2b:1d:16:de:35:45:15:1e:2f:24:b3:70:c8:
                    7a:36:46:da:2c:2e:3f:2d:7e:d1:f7:7e:57:f9:f9:
                    e5:ae:ba:49:89:f6:1d:75:2d:0d:c5:c4:73:c5:cd:
                    46:a4:e8:dd:dc:56:dd:bb:19:c1:49:fe:8d:07:fa:
                    20:e0:38:0c:4a:73:11:c3:6e:07:71:4d:e5:a7:ae:
                    19:5f:e8:e3:91:99:25:ce:b4:bc:48:42:2f:36:fb:
                    c9:0e:bf:8a:a0:bc:c2:21:b0:bc:48:25:bc:2c:cd:
                    e1:57:12:5d:db:32:0a:6b:d7:f6:d3:84:3e:be:f8:
                    88:87:0d:49:e6:6b:c0:4b:a8:2a:64:85:f0:1a:d5:
                    f6:4a:f6:4f:eb:00:cf:36:76:01:c3:0a:d4:3d:9a:
                    cc:dd:bc:27:e7:af:18:12:91:49:0a:03:c8:e0:66:
                    d0:85:89:ca:c9:c4:ac:5c:59:ae:6e:cb:ad:ee:21:
                    19:5b:99:aa:64:28:cb:59:19:47:78:45:4f:2c:75:
                    ea:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:F7:76:E5:0B:C8:11:37:94:89:15:F6:55:B6:76:98:CA:76:88:0E
            X509v3 Authority Key Identifier:
                keyid:CB:2A:49:FB:A1:49:E1:A1:B1:31:39:BD:01:60:1C:86:CD:29:58:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yypJ-6FJ4aGxMTm9AWAchs0pWKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/91023c-2147-49b9-b267-62d4a1f1a50c/1/6Pd25QvIETeUiRX2VbZ2mMp2iA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/91023c-2147-49b9-b267-62d4a1f1a50c/1/yypJ-6FJ4aGxMTm9AWAchs0pWKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:35:38:b1:67:a3:92:99:73:c3:f3:41:cf:f2:2d:b6:af:9d:
         99:94:7a:7e:2d:64:e4:29:7e:88:69:36:4c:cb:ea:73:f6:b2:
         1f:0a:0b:74:b4:56:63:37:c9:fc:c8:4f:6b:35:e8:d5:db:95:
         fa:2b:d5:a9:47:4d:87:55:d6:50:74:b2:bc:87:42:a5:97:47:
         5a:0b:eb:43:01:78:a5:f4:95:ab:8e:04:09:6d:71:d4:75:a7:
         84:31:c2:ae:66:30:62:2d:bb:a8:b7:6a:6c:d4:61:22:68:13:
         d3:3e:a8:18:b3:52:8c:5b:4e:62:d4:60:4a:7c:ee:4e:9c:65:
         98:80:aa:51:b7:74:6b:53:91:b0:26:04:2d:a4:dd:49:18:e5:
         58:af:62:57:b6:91:4a:f7:b3:b9:51:6b:c1:7f:3c:5f:88:c4:
         f9:e5:ee:a5:19:e2:2c:15:ea:de:4c:19:d2:2c:56:4d:60:7f:
         92:c6:31:88:f4:08:88:8f:8b:3a:b7:2a:d4:a1:c7:f9:6f:20:
         d2:5c:56:eb:ca:cc:7b:98:b1:97:fc:63:70:c6:ca:83:c3:12:
         54:0e:24:7b:92:15:e4:a1:b0:ee:fe:86:9f:ad:18:b8:b2:87:
         e1:3e:b2:a8:c9:bd:71:5c:6d:8d:b6:4f:18:8f:57:7b:da:7b:
         2b:4f:7e:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxtViDagnJv+lRcnLcNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMmE0OWZiYTE0OWUxYTFiMTMxMzliZDAxNjAxYzg2Y2Qy
OTU4YTUwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGY3NzZlNTBiYzgxMTM3OTQ4OTE1ZjY1NWI2NzY5OGNhNzY4ODBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvNEd0lSagPfN5Xet0EpjEkfgbpA
W0yXu4zjyrhPFiSOuyRAs+0Jnf2G3gO7hS0seOQzJux7Hk+owcqOyCsdFt41RRUe
LySzcMh6NkbaLC4/LX7R935X+fnlrrpJifYddS0NxcRzxc1GpOjd3FbduxnBSf6N
B/og4DgMSnMRw24HcU3lp64ZX+jjkZklzrS8SEIvNvvJDr+KoLzCIbC8SCW8LM3h
VxJd2zIKa9f204Q+vviIhw1J5mvAS6gqZIXwGtX2SvZP6wDPNnYBwwrUPZrM3bwn
568YEpFJCgPI4GbQhYnKycSsXFmubsut7iEZW5mqZCjLWRlHeEVPLHXq4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOj3duULyBE3lIkV9lW2dpjKdogOMB8GA1UdIwQY
MBaAFMsqSfuhSeGhsTE5vQFgHIbNKVilMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlwSi02Rko0YUd4TVRtOUFXQWNoczBwV0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC85MTAyM2MtMjE0Ny00OWI5LWIyNjct
NjJkNGExZjFhNTBjLzEvNlBkMjVRdklFVGVVaVJYMlZiWjJtTXAyaUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC85MTAyM2MtMjE0Ny00OWI5LWIyNjctNjJkNGExZjFhNTBj
LzEveXlwSi02Rko0YUd4TVRtOUFXQWNoczBwV0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUtUMA0G
CSqGSIb3DQEBCwUAA4IBAQBINTixZ6OSmXPD80HP8i22r52ZlHp+LWTkKX6IaTZM
y+pz9rIfCgt0tFZjN8n8yE9rNejV25X6K9WpR02HVdZQdLK8h0Kll0daC+tDAXil
9JWrjgQJbXHUdaeEMcKuZjBiLbuot2ps1GEiaBPTPqgYs1KMW05i1GBKfO5OnGWY
gKpRt3RrU5GwJgQtpN1JGOVYr2JXtpFK97O5UWvBfzxfiMT55e6lGeIsFereTBnS
LFZNYH+SxjGI9AiIj4s6tyrUocf5byDSXFbrysx7mLGX/GNwxsqDwxJUDiR7khXk
obDu/oafrRi4sofhPrKoyb1xXG2Ntk8Yj1d72nsrT36P
-----END CERTIFICATE-----