Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/698efb-c6b4-4d2c-9368-7cec2d5345b4/1/ahyawC6Xq_LSpM8Pb2vTXWj1dG0.roa
File:                     ahyawC6Xq_LSpM8Pb2vTXWj1dG0.roa (raw, json)
Hash identifier:          Z6FsKfyPimiL1PQR4PDEwwsIeT5XbJ9YlswgqXBenoA=
Subject key identifier:   6A:1C:9A:C0:2E:97:AB:F2:D2:A4:CF:0F:6F:6B:D3:5D:68:F5:74:6D
Certificate issuer:       /CN=b2d7f999838aa163bf344fc69917bb60d12fdfc3
Certificate serial:       018CC50134BFBE0F059C6F0FE28E4A2CE3C6
Authority key identifier: B2:D7:F9:99:83:8A:A1:63:BF:34:4F:C6:99:17:BB:60:D1:2F:DF:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/stf5mYOKoWO_NE_GmRe7YNEv38M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/698efb-c6b4-4d2c-9368-7cec2d5345b4/1/ahyawC6Xq_LSpM8Pb2vTXWj1dG0.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206343
IP address blocks:        185.137.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/698efb-c6b4-4d2c-9368-7cec2d5345b4/1/stf5mYOKoWO_NE_GmRe7YNEv38M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/698efb-c6b4-4d2c-9368-7cec2d5345b4/1/stf5mYOKoWO_NE_GmRe7YNEv38M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/stf5mYOKoWO_NE_GmRe7YNEv38M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:34:bf:be:0f:05:9c:6f:0f:e2:8e:4a:2c:e3:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2d7f999838aa163bf344fc69917bb60d12fdfc3
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a1c9ac02e97abf2d2a4cf0f6f6bd35d68f5746d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:52:4a:22:3d:94:7d:d5:e3:a1:3b:7b:dc:ef:
                    59:a8:8b:2a:50:c4:19:bc:73:6a:e9:e0:0e:99:af:
                    ea:ba:e6:1e:cb:76:dc:91:0e:02:5f:a3:a6:e8:6d:
                    9a:aa:97:8a:d7:fd:a5:e8:01:5d:f4:2f:a7:74:94:
                    42:f5:7d:77:49:f6:4a:66:5d:91:02:43:1f:26:ae:
                    47:dd:69:ab:c2:12:cc:b5:f3:dd:a3:c6:f0:fb:9f:
                    48:80:67:fd:70:52:9d:3c:ba:45:d2:53:38:ab:b5:
                    02:ab:66:e1:8c:ed:ec:5e:b9:73:66:d3:f4:78:63:
                    06:f0:84:d9:a3:10:4c:b0:c4:56:dc:41:32:8e:fe:
                    90:85:46:a8:7b:40:ef:29:63:db:2e:f4:cf:47:d5:
                    75:8b:8a:5f:b1:c2:3e:a5:6a:4b:fc:db:11:6b:80:
                    7d:33:73:4f:cb:9a:6e:a5:26:e7:be:58:f4:c4:bf:
                    cf:39:67:08:a8:c8:be:00:4d:c4:8a:f4:e2:f6:cb:
                    f5:7b:5e:d9:cd:eb:87:ff:87:96:ee:02:6f:61:4d:
                    bf:af:45:2f:27:9a:cf:1d:69:be:22:13:d6:9c:1c:
                    e7:fd:da:9a:6d:c6:e9:3c:9a:b2:c8:67:e2:8d:85:
                    bd:83:9f:9b:b8:66:7d:90:1c:33:c9:b4:64:c9:48:
                    28:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:1C:9A:C0:2E:97:AB:F2:D2:A4:CF:0F:6F:6B:D3:5D:68:F5:74:6D
            X509v3 Authority Key Identifier:
                keyid:B2:D7:F9:99:83:8A:A1:63:BF:34:4F:C6:99:17:BB:60:D1:2F:DF:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/stf5mYOKoWO_NE_GmRe7YNEv38M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/698efb-c6b4-4d2c-9368-7cec2d5345b4/1/ahyawC6Xq_LSpM8Pb2vTXWj1dG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/698efb-c6b4-4d2c-9368-7cec2d5345b4/1/stf5mYOKoWO_NE_GmRe7YNEv38M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:05:3a:14:73:49:66:f3:bf:30:cf:0f:1e:75:24:48:c2:32:
         2d:b5:c9:8f:64:15:e6:f5:40:24:a7:88:8f:d8:21:a1:c7:3a:
         01:c9:7d:f4:16:ee:0b:3f:95:32:19:74:91:25:71:f7:68:c3:
         73:2e:0f:65:e7:cc:9b:21:63:87:00:02:ad:13:c1:a6:b5:4f:
         a5:57:c5:f3:49:e1:2e:60:30:78:ec:c2:0d:31:a4:ff:a1:96:
         09:b8:b4:7f:75:a7:15:7c:4a:74:85:2f:e0:80:1c:7f:9f:6b:
         1f:df:91:a8:01:7c:20:5c:9c:b4:16:93:dc:4a:58:95:7a:9b:
         fb:22:cc:51:e3:af:e2:7b:b8:71:d5:2f:5f:9d:e4:1a:3e:23:
         9f:44:21:45:da:55:e2:b2:eb:80:e7:c8:2b:12:c8:6d:e0:45:
         49:e0:5b:a4:da:b9:36:b4:dd:c0:56:c4:c9:6d:5b:28:74:87:
         e9:21:bd:65:d8:86:26:1b:5d:8d:1f:99:07:38:f1:16:28:58:
         45:98:a4:e1:85:bb:a4:27:e3:8f:1d:dd:44:82:af:7f:81:09:
         80:38:8c:71:93:d0:0a:70:44:a7:e4:20:14:9e:d2:46:b7:22:
         dc:51:7c:89:6f:1e:eb:7f:a8:61:8b:be:cc:1a:5b:bf:2e:59:
         87:e9:df:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATS/vg8FnG8P4o5KLOPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZDdmOTk5ODM4YWExNjNiZjM0NGZjNjk5MTdiYjYwZDEy
ZmRmYzMwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTFjOWFjMDJlOTdhYmYyZDJhNGNmMGY2ZjZiZDM1ZDY4ZjU3NDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VJKIj2UfdXjoTt73O9ZqIsqUMQZ
vHNq6eAOma/quuYey3bckQ4CX6Om6G2aqpeK1/2l6AFd9C+ndJRC9X13SfZKZl2R
AkMfJq5H3WmrwhLMtfPdo8bw+59IgGf9cFKdPLpF0lM4q7UCq2bhjO3sXrlzZtP0
eGMG8ITZoxBMsMRW3EEyjv6QhUaoe0DvKWPbLvTPR9V1i4pfscI+pWpL/NsRa4B9
M3NPy5pupSbnvlj0xL/POWcIqMi+AE3EivTi9sv1e17ZzeuH/4eW7gJvYU2/r0Uv
J5rPHWm+IhPWnBzn/dqabcbpPJqyyGfijYW9g5+buGZ9kBwzybRkyUgoRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGocmsAul6vy0qTPD29r011o9XRtMB8GA1UdIwQY
MBaAFLLX+ZmDiqFjvzRPxpkXu2DRL9/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3RmNW1ZT0tvV09fTkVfR21SZTdZTkV2MzhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My82OThlZmItYzZiNC00ZDJjLTkzNjgt
N2NlYzJkNTM0NWI0LzEvYWh5YXdDNlhxX0xTcE04UGIydlRYV2oxZEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My82OThlZmItYzZiNC00ZDJjLTkzNjgtN2NlYzJkNTM0NWI0
LzEvc3RmNW1ZT0tvV09fTkVfR21SZTdZTkV2MzhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYmeMA0G
CSqGSIb3DQEBCwUAA4IBAQCLBToUc0lm878wzw8edSRIwjIttcmPZBXm9UAkp4iP
2CGhxzoByX30Fu4LP5UyGXSRJXH3aMNzLg9l58ybIWOHAAKtE8GmtU+lV8XzSeEu
YDB47MINMaT/oZYJuLR/dacVfEp0hS/ggBx/n2sf35GoAXwgXJy0FpPcSliVepv7
IsxR46/ie7hx1S9fneQaPiOfRCFF2lXisuuA58grEsht4EVJ4Fuk2rk2tN3AVsTJ
bVsodIfpIb1l2IYmG12NH5kHOPEWKFhFmKThhbukJ+OPHd1Egq9/gQmAOIxxk9AK
cESn5CAUntJGtyLcUXyJbx7rf6hhi77MGlu/LlmH6d89
-----END CERTIFICATE-----