Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/i6_4q9334QpnD2WezF7Rmgf9j_k.roa
File:                     i6_4q9334QpnD2WezF7Rmgf9j_k.roa (raw, json)
Hash identifier:          amQ31RBnLuOUUB5vUxdaRbXOXykCOJuxRTWhVb6ARcg=
Subject key identifier:   8B:AF:F8:AB:DD:F7:E1:0A:67:0F:65:9E:CC:5E:D1:9A:07:FD:8F:F9
Certificate issuer:       /CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
Certificate serial:       018CC50017649865D9910034F0806377E551
Authority key identifier: 27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/i6_4q9334QpnD2WezF7Rmgf9j_k.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        185.129.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:17:64:98:65:d9:91:00:34:f0:80:63:77:e5:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8baff8abddf7e10a670f659ecc5ed19a07fd8ff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c7:de:90:60:95:93:32:0c:ed:b1:f9:ba:38:
                    cb:00:03:d1:bb:fe:29:b9:8e:fd:0f:e5:f1:d2:68:
                    ba:e5:0f:96:fd:df:bb:9f:3a:33:3e:64:a5:0f:62:
                    a7:d2:c6:d5:ed:33:72:1e:e3:ae:6a:ea:79:8c:09:
                    f6:42:9f:1c:26:58:80:e6:55:24:1c:27:76:1c:64:
                    c2:80:6f:ac:01:55:7c:a8:66:c5:0c:38:bb:44:e7:
                    a6:42:db:5e:9a:ba:6b:51:10:24:4f:18:a8:b2:e0:
                    0e:fe:a7:35:9b:9d:c5:e1:76:55:f0:03:51:95:95:
                    a9:df:34:fa:22:b3:e0:f6:dc:45:76:6b:fe:6c:32:
                    1e:62:38:95:21:94:7f:a6:ee:8e:16:54:a9:00:4e:
                    fd:df:ff:1a:69:cc:49:a6:4d:6a:1c:18:40:50:a0:
                    82:9b:c8:6c:4d:37:d8:32:ef:b4:94:46:ad:9e:cb:
                    c9:31:7d:61:42:16:ea:5b:6e:d6:c3:74:a2:b6:e3:
                    7f:57:e5:fb:01:f0:64:be:a0:56:79:80:5d:9d:c6:
                    ea:65:4a:d6:43:07:e3:38:5e:db:70:94:52:32:85:
                    fe:05:ab:b0:ba:39:26:62:71:89:9c:35:54:ee:df:
                    d0:40:40:b8:9d:b3:97:d8:ae:5f:05:ca:1d:e0:c9:
                    3a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:AF:F8:AB:DD:F7:E1:0A:67:0F:65:9E:CC:5E:D1:9A:07:FD:8F:F9
            X509v3 Authority Key Identifier:
                keyid:27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/i6_4q9334QpnD2WezF7Rmgf9j_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:52:88:0f:4f:ae:ea:d2:f8:60:b9:d8:73:f7:e3:42:49:44:
         62:c6:44:04:02:49:aa:1f:3a:e2:56:79:28:e9:26:12:58:1e:
         ca:d5:43:69:5c:fb:2f:fc:f6:75:dc:3f:29:83:59:6a:38:d7:
         47:60:f2:0b:73:32:ae:a2:1f:84:28:8e:04:9f:a8:22:14:1a:
         28:9c:66:70:b2:72:24:5b:ed:f5:71:ca:78:a0:7e:a5:ff:e0:
         88:9b:b7:f8:9a:b0:9d:5a:aa:8c:31:e1:67:c6:ac:09:52:18:
         63:e4:2c:f2:34:fb:06:89:90:a6:91:33:4c:1f:ca:7c:00:ad:
         4f:91:63:6d:c2:40:39:d4:0e:1e:e2:8f:7c:88:1d:9c:72:3b:
         d5:b0:55:f7:1d:55:87:5d:3b:cd:c6:6f:99:99:0a:df:14:3d:
         9a:07:7d:bc:33:df:dc:48:05:57:0f:f3:fc:a4:bc:e4:da:e0:
         ab:72:ac:f1:23:96:47:29:5f:53:2d:99:87:2e:76:9f:79:b4:
         c3:93:a9:a5:c8:f6:f6:2c:53:32:31:64:3f:3e:c4:b0:f5:51:
         4f:87:c8:52:65:f3:25:a8:6a:6c:95:f0:17:9d:92:34:d9:7f:
         c9:9d:8b:3b:79:a2:9b:d3:ae:ba:c9:f8:f4:ee:84:a2:00:66:
         6e:8d:fe:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABdkmGXZkQA08IBjd+VRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTY2OTU3OWIzY2U2MWVlOGVlN2Q2YWY3ZTMxNGIwZjcy
NjM2MWYwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmFmZjhhYmRkZjdlMTBhNjcwZjY1OWVjYzVlZDE5YTA3ZmQ4ZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMfekGCVkzIM7bH5ujjLAAPRu/4p
uY79D+Xx0mi65Q+W/d+7nzozPmSlD2Kn0sbV7TNyHuOuaup5jAn2Qp8cJliA5lUk
HCd2HGTCgG+sAVV8qGbFDDi7ROemQttemrprURAkTxiosuAO/qc1m53F4XZV8ANR
lZWp3zT6IrPg9txFdmv+bDIeYjiVIZR/pu6OFlSpAE793/8aacxJpk1qHBhAUKCC
m8hsTTfYMu+0lEatnsvJMX1hQhbqW27Ww3SituN/V+X7AfBkvqBWeYBdncbqZUrW
QwfjOF7bcJRSMoX+BauwujkmYnGJnDVU7t/QQEC4nbOX2K5fBcod4Mk6VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuv+Kvd9+EKZw9lnsxe0ZoH/Y/5MB8GA1UdIwQY
MBaAFCeWaVebPOYe6O59avfjFLD3JjYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEt
NGRlMWI1MjBhNTk0LzEvaTZfNHE5MzM0UXBuRDJXZXpGN1JtZ2Y5al9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEtNGRlMWI1MjBhNTk0
LzEvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYF5MA0G
CSqGSIb3DQEBCwUAA4IBAQAiUogPT67q0vhgudhz9+NCSURixkQEAkmqHzriVnko
6SYSWB7K1UNpXPsv/PZ13D8pg1lqONdHYPILczKuoh+EKI4En6giFBoonGZwsnIk
W+31ccp4oH6l/+CIm7f4mrCdWqqMMeFnxqwJUhhj5CzyNPsGiZCmkTNMH8p8AK1P
kWNtwkA51A4e4o98iB2ccjvVsFX3HVWHXTvNxm+ZmQrfFD2aB328M9/cSAVXD/P8
pLzk2uCrcqzxI5ZHKV9TLZmHLnafebTDk6mlyPb2LFMyMWQ/PsSw9VFPh8hSZfMl
qGpslfAXnZI02X/JnYs7eaKb0666yfj07oSiAGZujf4B
-----END CERTIFICATE-----