Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/6KYERBRl5ekA-7sjOqzF05qJa5A.roa
File:                     6KYERBRl5ekA-7sjOqzF05qJa5A.roa (raw, json)
Hash identifier:          nDQLNcVbt7VFw1Xequ9PZpxUx2QrU9GV2wW34LaLUM0=
Subject key identifier:   E8:A6:04:44:14:65:E5:E9:00:FB:BB:23:3A:AC:C5:D3:9A:89:6B:90
Certificate issuer:       /CN=d9ad18f4c36067220f4d833cbc78a10f94eb0888
Certificate serial:       018CC80168571C81E98C0976AF05DDE4AFCE
Authority key identifier: D9:AD:18:F4:C3:60:67:22:0F:4D:83:3C:BC:78:A1:0F:94:EB:08:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/6KYERBRl5ekA-7sjOqzF05qJa5A.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208652
IP address blocks:        185.72.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 22:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:68:57:1c:81:e9:8c:09:76:af:05:dd:e4:af:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ad18f4c36067220f4d833cbc78a10f94eb0888
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8a604441465e5e900fbbb233aacc5d39a896b90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ad:c1:94:30:3d:a5:4a:66:7b:d3:46:42:3f:
                    d5:dd:49:be:5a:4f:ff:a4:92:81:fe:67:cd:9b:45:
                    49:2b:b0:30:1f:4e:54:72:3a:ce:75:3b:fb:1a:28:
                    49:6e:a3:23:b8:b2:4b:ce:e4:b1:06:5d:f4:45:79:
                    6b:eb:58:1b:08:d1:8a:e1:54:77:89:31:be:2b:99:
                    12:b4:bc:36:06:34:77:62:60:80:fe:e8:2d:51:25:
                    50:0b:ee:eb:69:90:b8:56:ce:25:c8:df:1b:b1:13:
                    6c:ce:e9:6c:96:14:b5:11:68:32:10:ce:82:c8:a7:
                    0a:3d:55:e2:2d:2e:81:86:87:ce:94:c9:7a:3e:b1:
                    d7:6f:18:0c:8f:7e:89:64:d5:e4:4a:a0:b5:7d:ab:
                    64:ba:76:bf:55:aa:ea:68:1c:63:5d:e0:ec:09:b9:
                    c5:13:69:e5:6b:e4:47:d2:88:a6:54:6a:f5:82:b9:
                    6e:bb:d5:be:e4:e9:bc:5d:0b:c9:15:b0:90:2d:41:
                    f2:be:13:f0:ed:9e:29:72:ec:44:ca:de:3a:cc:82:
                    55:30:a7:63:01:aa:34:f1:0b:3c:b9:6e:da:e9:ed:
                    31:9d:9d:69:43:b4:6d:1a:f7:fc:17:19:4e:ed:5d:
                    de:b0:66:d8:b3:44:fc:90:92:4f:10:c7:35:be:27:
                    ad:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A6:04:44:14:65:E5:E9:00:FB:BB:23:3A:AC:C5:D3:9A:89:6B:90
            X509v3 Authority Key Identifier:
                keyid:D9:AD:18:F4:C3:60:67:22:0F:4D:83:3C:BC:78:A1:0F:94:EB:08:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/6KYERBRl5ekA-7sjOqzF05qJa5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:45:be:04:34:e4:0d:e5:82:0d:6f:d7:60:02:cb:35:d8:92:
         17:a9:d2:98:42:c9:00:6e:2c:68:3d:7f:2d:0c:db:28:3a:8e:
         e1:33:c9:60:5d:99:7d:a1:b4:c2:86:9d:3c:c6:2b:3a:f1:48:
         69:75:12:62:50:ff:cf:66:a9:f6:45:4f:75:f8:98:40:c3:ae:
         73:3d:58:27:93:85:0c:7c:f9:6e:ba:c7:ed:d7:9f:46:e6:02:
         b9:24:59:52:82:da:75:c0:4f:11:66:dd:0f:17:f7:e8:57:4e:
         48:6f:a7:ee:71:5d:a6:86:2c:70:78:64:6e:05:16:93:5f:68:
         fb:7b:0a:76:7a:59:e4:39:7d:7d:64:62:78:39:f1:0e:20:de:
         c1:b6:23:3b:1c:33:63:b0:65:ac:71:73:b9:ba:63:a2:44:93:
         63:55:25:ba:76:0a:52:0c:81:b3:7e:da:bc:21:6f:de:96:4a:
         d3:ab:de:ca:9c:f1:d9:2c:ed:d9:ae:43:a7:ad:24:a8:69:f8:
         c2:f5:ab:31:95:8d:10:04:58:cd:c7:9a:16:08:bc:d5:c1:e7:
         c2:f1:12:b5:dd:49:3b:5a:da:55:96:8d:f1:72:bc:ca:08:c6:
         72:81:b7:28:ef:81:cc:65:8a:6c:5d:db:fe:cb:96:5b:26:fb:
         a1:2a:5a:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWhXHIHpjAl2rwXd5K/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YWQxOGY0YzM2MDY3MjIwZjRkODMzY2JjNzhhMTBmOTRl
YjA4ODgwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGE2MDQ0NDE0NjVlNWU5MDBmYmJiMjMzYWFjYzVkMzlhODk2YjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjq3BlDA9pUpme9NGQj/V3Um+Wk//
pJKB/mfNm0VJK7AwH05UcjrOdTv7GihJbqMjuLJLzuSxBl30RXlr61gbCNGK4VR3
iTG+K5kStLw2BjR3YmCA/ugtUSVQC+7raZC4Vs4lyN8bsRNszulslhS1EWgyEM6C
yKcKPVXiLS6BhofOlMl6PrHXbxgMj36JZNXkSqC1fatkuna/VarqaBxjXeDsCbnF
E2nla+RH0oimVGr1grluu9W+5Om8XQvJFbCQLUHyvhPw7Z4pcuxEyt46zIJVMKdj
Aao08Qs8uW7a6e0xnZ1pQ7RtGvf8FxlO7V3esGbYs0T8kJJPEMc1vietMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOimBEQUZeXpAPu7IzqsxdOaiWuQMB8GA1UdIwQY
MBaAFNmtGPTDYGciD02DPLx4oQ+U6wiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmEwWTlNTmdaeUlQVFlNOHZIaWhENVRyQ0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kMzUxYmYtNzFjZS00ODU3LTllNTAt
YzI2NDczODVlNzI3LzEvNktZRVJCUmw1ZWtBLTdzak9xekYwNXFKYTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kMzUxYmYtNzFjZS00ODU3LTllNTAtYzI2NDczODVlNzI3
LzEvMmEwWTlNTmdaeUlQVFlNOHZIaWhENVRyQ0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUgzMA0G
CSqGSIb3DQEBCwUAA4IBAQAIRb4ENOQN5YINb9dgAss12JIXqdKYQskAbixoPX8t
DNsoOo7hM8lgXZl9obTChp08xis68UhpdRJiUP/PZqn2RU91+JhAw65zPVgnk4UM
fPluusft159G5gK5JFlSgtp1wE8RZt0PF/foV05Ib6fucV2mhixweGRuBRaTX2j7
ewp2elnkOX19ZGJ4OfEOIN7BtiM7HDNjsGWscXO5umOiRJNjVSW6dgpSDIGzftq8
IW/elkrTq97KnPHZLO3ZrkOnrSSoafjC9asxlY0QBFjNx5oWCLzVwefC8RK13Uk7
WtpVlo3xcrzKCMZygbco74HMZYpsXdv+y5ZbJvuhKlos
-----END CERTIFICATE-----