Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/6rOvG-QDiRaqayPbCCbNKvjVBf4.roa
File:                     6rOvG-QDiRaqayPbCCbNKvjVBf4.roa (raw, json)
Hash identifier:          DkpjblNYZ1cxvXK1J4G5wwqAQ4Zy+8Uy8eSjfyWbcts=
Subject key identifier:   EA:B3:AF:1B:E4:03:89:16:AA:6B:23:DB:08:26:CD:2A:F8:D5:05:FE
Certificate issuer:       /CN=416532420a21e42b8ad30da24ebf4347de95ef35
Certificate serial:       018F382F530C71D0079EC91A9BC7055D2B69
Authority key identifier: 41:65:32:42:0A:21:E4:2B:8A:D3:0D:A2:4E:BF:43:47:DE:95:EF:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QWUyQgoh5CuK0w2iTr9DR96V7zU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/6rOvG-QDiRaqayPbCCbNKvjVBf4.roa
Signing time:             Thu 02 May 2024 07:22:56 +0000
ROA not before:           Thu 02 May 2024 07:22:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207645
IP address blocks:        45.137.18.0/24 maxlen: 24
                          194.120.133.0/24 maxlen: 24
                          2a0d:b100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/QWUyQgoh5CuK0w2iTr9DR96V7zU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/QWUyQgoh5CuK0w2iTr9DR96V7zU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QWUyQgoh5CuK0w2iTr9DR96V7zU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:2f:53:0c:71:d0:07:9e:c9:1a:9b:c7:05:5d:2b:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=416532420a21e42b8ad30da24ebf4347de95ef35
        Validity
            Not Before: May  2 07:22:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eab3af1be4038916aa6b23db0826cd2af8d505fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:aa:b0:72:21:58:58:14:df:55:75:81:98:43:
                    8f:27:36:86:2f:92:fc:80:dc:f0:e6:6b:0b:d0:0e:
                    9d:28:b8:02:49:80:a3:3c:8d:09:91:ab:22:5a:d2:
                    53:67:74:71:91:e5:e2:ee:dc:df:1b:0b:cb:14:b1:
                    09:d0:55:c8:ef:e1:b1:36:60:30:b1:02:21:40:c6:
                    c7:ca:b7:85:e1:dc:41:42:a3:44:e1:81:ef:f0:e4:
                    fd:d8:43:8d:07:94:68:29:3a:dd:03:6c:29:d4:9d:
                    0f:fd:4c:76:3e:0e:e6:e1:69:08:b0:74:99:83:1e:
                    b6:62:cb:2a:00:4d:57:89:85:16:1c:6e:e7:ed:30:
                    fa:c1:90:8d:05:ae:ec:db:df:bc:95:dd:dc:5c:09:
                    e9:ac:8b:a2:34:93:8e:d0:24:16:0f:ff:e8:6c:e7:
                    2b:e4:54:fd:a6:5b:22:56:75:a7:dd:17:d4:07:63:
                    55:47:cd:82:0a:08:ec:45:09:a7:d1:b8:ea:59:8a:
                    b1:67:14:58:1d:a7:13:75:a7:67:16:7c:de:b5:67:
                    7f:27:a8:fb:db:b5:9d:a2:c3:b7:51:ee:e8:7f:35:
                    fb:b1:65:5c:24:41:43:67:c0:c7:22:cd:7c:7f:c2:
                    a4:cf:65:78:36:5c:0d:27:13:16:fe:73:74:5b:89:
                    65:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:B3:AF:1B:E4:03:89:16:AA:6B:23:DB:08:26:CD:2A:F8:D5:05:FE
            X509v3 Authority Key Identifier:
                keyid:41:65:32:42:0A:21:E4:2B:8A:D3:0D:A2:4E:BF:43:47:DE:95:EF:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QWUyQgoh5CuK0w2iTr9DR96V7zU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/6rOvG-QDiRaqayPbCCbNKvjVBf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/QWUyQgoh5CuK0w2iTr9DR96V7zU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.18.0/24
                  194.120.133.0/24
                IPv6:
                  2a0d:b100::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:34:51:38:e7:cc:e5:70:fe:bf:0e:e9:74:40:6b:ef:ef:2f:
         ee:93:2e:5f:1b:d1:0e:5c:66:f9:24:5e:1f:ea:78:c4:6e:20:
         4c:3b:59:c1:b2:c9:1d:b2:cd:31:b4:04:9a:07:66:30:73:18:
         95:1f:d6:be:22:6f:1a:97:44:f0:f0:0e:cc:ba:0d:33:a1:1e:
         d9:12:9d:d6:02:bb:5b:26:62:c9:a3:e1:09:7b:a3:6e:f0:a7:
         03:8b:0b:d8:b0:91:fa:2f:06:18:60:e4:87:a4:12:0d:b7:66:
         2d:48:38:d7:eb:90:66:40:93:f4:90:ff:6a:f1:ea:ab:db:51:
         02:2b:4f:02:bb:b0:44:83:25:4a:8a:4f:23:07:a7:f8:a1:9d:
         79:d5:3e:a9:98:f9:cd:c5:82:0e:c6:97:35:a3:f6:50:15:62:
         2c:e9:30:4c:52:20:03:72:60:29:a6:3a:5a:3e:d0:40:8a:11:
         0f:71:df:d3:38:0a:4d:ba:9a:e6:a6:8a:78:db:c2:9c:f8:6e:
         01:84:d6:9c:4c:94:97:dc:50:59:0e:3e:21:b1:1c:98:d1:9f:
         9b:8d:83:fb:d6:52:25:d1:88:14:5d:bf:54:aa:f4:7c:bf:36:
         75:93:e9:38:41:fc:75:e8:19:73:91:96:4c:58:ab:80:eb:41:
         ae:9c:0d:9c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY84L1MMcdAHnskam8cFXStpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNjUzMjQyMGEyMWU0MmI4YWQzMGRhMjRlYmY0MzQ3ZGU5
NWVmMzUwHhcNMjQwNTAyMDcyMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWIzYWYxYmU0MDM4OTE2YWE2YjIzZGIwODI2Y2QyYWY4ZDUwNWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaqwciFYWBTfVXWBmEOPJzaGL5L8
gNzw5msL0A6dKLgCSYCjPI0JkasiWtJTZ3RxkeXi7tzfGwvLFLEJ0FXI7+GxNmAw
sQIhQMbHyreF4dxBQqNE4YHv8OT92EONB5RoKTrdA2wp1J0P/Ux2Pg7m4WkIsHSZ
gx62YssqAE1XiYUWHG7n7TD6wZCNBa7s29+8ld3cXAnprIuiNJOO0CQWD//obOcr
5FT9plsiVnWn3RfUB2NVR82CCgjsRQmn0bjqWYqxZxRYHacTdadnFnzetWd/J6j7
27WdosO3Ue7ofzX7sWVcJEFDZ8DHIs18f8Kkz2V4NlwNJxMW/nN0W4llFQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOqzrxvkA4kWqmsj2wgmzSr41QX+MB8GA1UdIwQY
MBaAFEFlMkIKIeQritMNok6/Q0fele81MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVdVeVFnb2g1Q3VLMHcyaVRyOURSOTZWN3pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80ZjRiMjAtNTEzNi00MjBiLWI1MTYt
YjZkNjRhMDAzZDllLzEvNnJPdkctUURpUmFxYXlQYkNDYk5LdmpWQmY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80ZjRiMjAtNTEzNi00MjBiLWI1MTYtYjZkNjRhMDAzZDll
LzEvUVdVeVFnb2g1Q3VLMHcyaVRyOURSOTZWN3pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALYkSAwQA
wniFMA0EAgACMAcDBQMqDbEAMA0GCSqGSIb3DQEBCwUAA4IBAQCXNFE458zlcP6/
Dul0QGvv7y/uky5fG9EOXGb5JF4f6njEbiBMO1nBsskdss0xtASaB2YwcxiVH9a+
Im8al0Tw8A7Mug0zoR7ZEp3WArtbJmLJo+EJe6Nu8KcDiwvYsJH6LwYYYOSHpBIN
t2YtSDjX65BmQJP0kP9q8eqr21ECK08Cu7BEgyVKik8jB6f4oZ151T6pmPnNxYIO
xpc1o/ZQFWIs6TBMUiADcmAppjpaPtBAihEPcd/TOApNuprmpop428Kc+G4BhNac
TJSX3FBZDj4hsRyY0Z+bjYP71lIl0YgUXb9UqvR8vzZ1k+k4Qfx16BlzkZZMWKuA
60GunA2c
-----END CERTIFICATE-----