Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/6eM8-2F9vQoJbxGw5IcYcs9sfXQ.roa
File:                     6eM8-2F9vQoJbxGw5IcYcs9sfXQ.roa (raw, json)
Hash identifier:          3BR/5GtSs881nrEofnh0BcIZaw3nXw8inMB5Hpf5omU=
Subject key identifier:   E9:E3:3C:FB:61:7D:BD:0A:09:6F:11:B0:E4:87:18:72:CF:6C:7D:74
Certificate issuer:       /CN=d9ad18f4c36067220f4d833cbc78a10f94eb0888
Certificate serial:       018CC80168D13C8A1C6A9E1CF69935612264
Authority key identifier: D9:AD:18:F4:C3:60:67:22:0F:4D:83:3C:BC:78:A1:0F:94:EB:08:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/6eM8-2F9vQoJbxGw5IcYcs9sfXQ.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        185.72.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:68:d1:3c:8a:1c:6a:9e:1c:f6:99:35:61:22:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ad18f4c36067220f4d833cbc78a10f94eb0888
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9e33cfb617dbd0a096f11b0e4871872cf6c7d74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:14:ed:fb:8b:df:7a:5f:ae:00:bc:39:92:7b:
                    99:03:e5:fd:cd:e0:da:04:ee:e7:f9:b0:38:2f:1c:
                    00:e8:65:f0:35:e8:61:ac:f4:30:c2:af:3f:46:d6:
                    e1:55:e2:a4:4a:d7:b0:4d:4f:97:2c:b3:52:56:ce:
                    7c:1c:70:06:23:3e:ce:b7:30:57:e5:fd:97:30:c1:
                    ca:15:33:94:09:09:02:1d:41:a6:1e:4c:0a:28:38:
                    c7:e6:2e:00:0b:4a:a3:0f:91:37:05:d5:fa:bf:cc:
                    5f:45:67:72:11:68:6b:c5:04:e2:34:41:fb:14:00:
                    df:43:fd:81:c0:c1:0f:89:aa:30:07:9b:a4:de:9e:
                    d5:12:c2:07:3a:25:e2:4b:e0:4d:0d:53:a3:da:e7:
                    df:01:e5:5f:ef:b1:8e:9c:5b:cc:71:9a:f0:2a:a8:
                    f2:c7:fd:9a:ab:2c:f5:6f:4f:7e:d2:5b:1a:bb:1e:
                    ff:47:f8:cc:30:62:9a:80:0d:bc:ec:14:76:72:26:
                    b5:60:4f:01:08:69:8a:ae:d1:9e:7b:6e:00:fd:01:
                    e3:8b:fa:a3:33:a6:11:b2:70:6b:ad:a8:d8:08:cb:
                    69:b3:c2:bf:dd:5b:88:83:24:2c:59:64:ae:bf:73:
                    e8:4f:dd:e7:17:99:57:37:92:89:25:e8:60:27:eb:
                    08:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:E3:3C:FB:61:7D:BD:0A:09:6F:11:B0:E4:87:18:72:CF:6C:7D:74
            X509v3 Authority Key Identifier:
                keyid:D9:AD:18:F4:C3:60:67:22:0F:4D:83:3C:BC:78:A1:0F:94:EB:08:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/6eM8-2F9vQoJbxGw5IcYcs9sfXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:24:7d:45:fe:d5:00:a5:99:dd:84:6b:f6:2f:be:cf:81:72:
         24:58:3a:2f:22:60:c1:cd:b2:ab:a6:fc:9b:8f:d7:9d:d8:8c:
         18:93:d9:7e:7a:07:df:7a:22:7d:4c:d2:f9:bf:5f:fe:e9:0e:
         ba:04:9b:0e:17:e6:78:4c:ee:31:72:ea:80:d0:6d:80:e0:62:
         1c:ad:c9:66:15:de:c1:f1:85:b4:f3:69:2d:04:2b:56:9c:18:
         5a:cb:66:b9:7f:35:25:89:53:22:d7:4c:76:58:30:a6:61:4c:
         1f:9d:e4:47:de:47:f3:2e:fa:37:08:a6:e5:a2:2a:e4:18:53:
         48:af:d4:27:07:00:27:21:7b:cc:9f:e4:d3:09:2e:2d:a1:31:
         64:c7:b6:90:70:09:aa:4e:ad:b7:1d:36:e1:1b:06:be:b3:2b:
         0e:d2:68:66:11:36:bb:57:83:20:cc:2d:a9:9c:f0:46:42:00:
         8f:aa:4f:48:6f:da:7c:fa:55:d2:6d:12:18:8d:5c:72:0d:16:
         3c:42:c9:4e:4f:a0:6e:f1:f5:17:58:c9:ff:0d:af:a8:fb:9a:
         a8:e9:06:82:1c:7c:5b:ab:f8:73:25:af:96:8c:46:d8:86:55:
         9d:97:d8:22:08:fc:34:c2:e2:3e:74:f2:5c:8c:59:b1:54:3b:
         ce:3d:ac:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWjRPIocap4c9pk1YSJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YWQxOGY0YzM2MDY3MjIwZjRkODMzY2JjNzhhMTBmOTRl
YjA4ODgwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWUzM2NmYjYxN2RiZDBhMDk2ZjExYjBlNDg3MTg3MmNmNmM3ZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxTt+4vfel+uALw5knuZA+X9zeDa
BO7n+bA4LxwA6GXwNehhrPQwwq8/RtbhVeKkStewTU+XLLNSVs58HHAGIz7OtzBX
5f2XMMHKFTOUCQkCHUGmHkwKKDjH5i4AC0qjD5E3BdX6v8xfRWdyEWhrxQTiNEH7
FADfQ/2BwMEPiaowB5uk3p7VEsIHOiXiS+BNDVOj2uffAeVf77GOnFvMcZrwKqjy
x/2aqyz1b09+0lsaux7/R/jMMGKagA287BR2cia1YE8BCGmKrtGee24A/QHji/qj
M6YRsnBrrajYCMtps8K/3VuIgyQsWWSuv3PoT93nF5lXN5KJJehgJ+sImwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnjPPthfb0KCW8RsOSHGHLPbH10MB8GA1UdIwQY
MBaAFNmtGPTDYGciD02DPLx4oQ+U6wiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmEwWTlNTmdaeUlQVFlNOHZIaWhENVRyQ0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kMzUxYmYtNzFjZS00ODU3LTllNTAt
YzI2NDczODVlNzI3LzEvNmVNOC0yRjl2UW9KYnhHdzVJY1ljczlzZlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kMzUxYmYtNzFjZS00ODU3LTllNTAtYzI2NDczODVlNzI3
LzEvMmEwWTlNTmdaeUlQVFlNOHZIaWhENVRyQ0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUgxMA0G
CSqGSIb3DQEBCwUAA4IBAQDMJH1F/tUApZndhGv2L77PgXIkWDovImDBzbKrpvyb
j9ed2IwYk9l+egffeiJ9TNL5v1/+6Q66BJsOF+Z4TO4xcuqA0G2A4GIcrclmFd7B
8YW082ktBCtWnBhay2a5fzUliVMi10x2WDCmYUwfneRH3kfzLvo3CKbloirkGFNI
r9QnBwAnIXvMn+TTCS4toTFkx7aQcAmqTq23HTbhGwa+sysO0mhmETa7V4MgzC2p
nPBGQgCPqk9Ib9p8+lXSbRIYjVxyDRY8QslOT6Bu8fUXWMn/Da+o+5qo6QaCHHxb
q/hzJa+WjEbYhlWdl9giCPw0wuI+dPJcjFmxVDvOPaxV
-----END CERTIFICATE-----