Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/6VZncbWpWcsTAGJq_VZyd_b7S14.roa
File:                     6VZncbWpWcsTAGJq_VZyd_b7S14.roa (raw, json)
Hash identifier:          qBwjvXiaft2xm0DCRFkFsS1H5cMXCELN0iORHV4uhMk=
Subject key identifier:   E9:56:67:71:B5:A9:59:CB:13:00:62:6A:FD:56:72:77:F6:FB:4B:5E
Certificate issuer:       /CN=d0f6b8436f6634cd31d7097ce242a549935b18d7
Certificate serial:       018CC49373750501AC4907671B952D9059BC
Authority key identifier: D0:F6:B8:43:6F:66:34:CD:31:D7:09:7C:E2:42:A5:49:93:5B:18:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Pa4Q29mNM0x1wl84kKlSZNbGNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/6VZncbWpWcsTAGJq_VZyd_b7S14.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59989
IP address blocks:        185.89.84.0/24 maxlen: 24
                          185.89.85.0/24 maxlen: 24
                          185.89.84.0/22 maxlen: 22
                          185.89.87.0/24 maxlen: 24
                          185.89.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/0Pa4Q29mNM0x1wl84kKlSZNbGNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/0Pa4Q29mNM0x1wl84kKlSZNbGNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Pa4Q29mNM0x1wl84kKlSZNbGNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 22:03:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:73:75:05:01:ac:49:07:67:1b:95:2d:90:59:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0f6b8436f6634cd31d7097ce242a549935b18d7
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9566771b5a959cb1300626afd567277f6fb4b5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:a6:07:de:36:a1:0c:fa:8b:02:ee:ec:6d:47:
                    5e:39:84:78:57:c5:21:38:29:3e:c4:a9:38:57:d7:
                    6b:06:4a:de:dc:23:e3:50:fe:6b:87:a3:e3:f5:ed:
                    b7:77:eb:af:ad:3c:b8:41:f9:ca:12:e8:90:bd:28:
                    64:04:f4:d8:f8:f1:1c:e7:ec:20:92:88:a5:d5:d2:
                    d4:37:3e:d0:f6:f9:7c:7a:99:e3:bc:38:2d:a5:5a:
                    12:91:78:3e:6e:04:ee:89:37:5c:37:b1:61:42:26:
                    62:4d:8f:60:cf:be:0b:9b:9b:49:28:8a:56:2a:9f:
                    16:e7:cb:8b:ec:6b:66:fd:a9:72:72:3f:cc:08:d0:
                    63:f4:a9:fa:c4:2c:22:92:b6:d6:6f:18:da:ad:bd:
                    55:dd:55:52:ce:8e:30:d8:40:0b:d9:71:4b:f6:b7:
                    ac:f0:15:27:73:33:f1:f9:65:e6:1b:84:58:2d:23:
                    a9:e2:93:77:88:c3:b2:38:80:31:25:58:d8:f2:fb:
                    23:a5:54:9b:83:dc:29:78:08:75:f1:be:dc:0b:cf:
                    7b:8e:48:c8:ca:e8:a7:c5:0a:3d:66:c4:89:69:56:
                    79:59:e2:ad:c5:8c:00:fd:88:7c:d1:8a:39:f3:98:
                    48:d0:5f:87:11:54:eb:f1:64:5a:d7:18:22:5d:a0:
                    54:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:56:67:71:B5:A9:59:CB:13:00:62:6A:FD:56:72:77:F6:FB:4B:5E
            X509v3 Authority Key Identifier:
                keyid:D0:F6:B8:43:6F:66:34:CD:31:D7:09:7C:E2:42:A5:49:93:5B:18:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Pa4Q29mNM0x1wl84kKlSZNbGNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/6VZncbWpWcsTAGJq_VZyd_b7S14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/514a42-0be8-45e8-a7f0-55da8ec36014/1/0Pa4Q29mNM0x1wl84kKlSZNbGNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:99:6d:6b:b6:e1:31:6f:9e:a9:da:00:79:1b:02:a0:9b:22:
         ff:3c:f2:c1:2b:4a:19:4b:4a:08:68:42:ac:a0:8f:5e:6c:b7:
         dd:b2:77:35:3f:e3:d0:bb:35:6b:eb:d0:26:54:6a:96:c0:11:
         ea:b6:db:4f:c0:4c:71:ab:e3:4b:c1:47:66:80:6e:46:98:cf:
         cd:b4:3e:f4:0e:71:d1:a6:04:b9:95:32:7b:db:53:ae:36:93:
         43:6f:f6:56:23:d0:c3:03:fb:e4:3e:85:48:ae:cd:49:a4:0f:
         9f:ea:83:60:e1:a2:6e:05:0f:21:1c:ee:4e:77:d3:13:de:e8:
         e5:a7:8e:16:c0:db:2f:d0:cc:7f:04:60:39:89:40:71:cf:78:
         6d:65:d5:a3:b5:38:2e:96:6c:e6:4b:20:ed:46:04:cc:d2:21:
         a6:29:c9:e8:91:8b:b5:dd:34:8d:98:d4:cc:46:c2:22:e1:a1:
         b4:7c:c7:aa:92:d7:6c:ce:26:50:6b:fc:0a:e6:09:c8:58:76:
         3d:fc:05:ee:8c:ba:70:ad:7a:cb:f8:8c:ca:57:d6:ee:74:bc:
         46:f2:88:11:97:04:fb:ce:26:38:d8:18:dd:41:4d:8b:40:41:
         4a:8d:7a:6d:0b:90:31:bb:d8:1b:75:6d:27:45:bb:a7:63:a2:
         e5:65:df:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3N1BQGsSQdnG5UtkFm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZjZiODQzNmY2NjM0Y2QzMWQ3MDk3Y2UyNDJhNTQ5OTM1
YjE4ZDcwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTU2Njc3MWI1YTk1OWNiMTMwMDYyNmFmZDU2NzI3N2Y2ZmI0YjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6YH3jahDPqLAu7sbUdeOYR4V8Uh
OCk+xKk4V9drBkre3CPjUP5rh6Pj9e23d+uvrTy4QfnKEuiQvShkBPTY+PEc5+wg
koil1dLUNz7Q9vl8epnjvDgtpVoSkXg+bgTuiTdcN7FhQiZiTY9gz74Lm5tJKIpW
Kp8W58uL7Gtm/alycj/MCNBj9Kn6xCwikrbWbxjarb1V3VVSzo4w2EAL2XFL9res
8BUnczPx+WXmG4RYLSOp4pN3iMOyOIAxJVjY8vsjpVSbg9wpeAh18b7cC897jkjI
yuinxQo9ZsSJaVZ5WeKtxYwA/Yh80Yo585hI0F+HEVTr8WRa1xgiXaBUbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOlWZ3G1qVnLEwBiav1Wcnf2+0teMB8GA1UdIwQY
MBaAFND2uENvZjTNMdcJfOJCpUmTWxjXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFBhNFEyOW1OTTB4MXdsODRrS2xTWk5iR05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC81MTRhNDItMGJlOC00NWU4LWE3ZjAt
NTVkYThlYzM2MDE0LzEvNlZabmNiV3BXY3NUQUdKcV9WWnlkX2I3UzE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC81MTRhNDItMGJlOC00NWU4LWE3ZjAtNTVkYThlYzM2MDE0
LzEvMFBhNFEyOW1OTTB4MXdsODRrS2xTWk5iR05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVlUMA0G
CSqGSIb3DQEBCwUAA4IBAQCQmW1rtuExb56p2gB5GwKgmyL/PPLBK0oZS0oIaEKs
oI9ebLfdsnc1P+PQuzVr69AmVGqWwBHqtttPwExxq+NLwUdmgG5GmM/NtD70DnHR
pgS5lTJ721OuNpNDb/ZWI9DDA/vkPoVIrs1JpA+f6oNg4aJuBQ8hHO5Od9MT3ujl
p44WwNsv0Mx/BGA5iUBxz3htZdWjtTgulmzmSyDtRgTM0iGmKcnokYu13TSNmNTM
RsIi4aG0fMeqktdsziZQa/wK5gnIWHY9/AXujLpwrXrL+IzKV9budLxG8ogRlwT7
ziY42BjdQU2LQEFKjXptC5Axu9gbdW0nRbunY6LlZd8B
-----END CERTIFICATE-----