Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/a0TwfQ9Qx5cy3vHubsSqyVNmLxs.roa
File:                     a0TwfQ9Qx5cy3vHubsSqyVNmLxs.roa (raw, json)
Hash identifier:          eduZF2bHGInEREs+mvxIxWphMLdio9fFjK83ggHCwp4=
Subject key identifier:   6B:44:F0:7D:0F:50:C7:97:32:DE:F1:EE:6E:C4:AA:C9:53:66:2F:1B
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       018CC8DEECCD102635184E5CBA3699F44737
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/a0TwfQ9Qx5cy3vHubsSqyVNmLxs.roa
Signing time:             Tue 02 Jan 2024 06:31:41 +0000
ROA not before:           Tue 02 Jan 2024 06:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205513
IP address blocks:        185.190.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ec:cd:10:26:35:18:4e:5c:ba:36:99:f4:47:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 06:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b44f07d0f50c79732def1ee6ec4aac953662f1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:2e:35:87:c2:8d:c8:bd:e8:06:d7:ba:7c:23:
                    6e:1c:af:d4:a4:d0:f9:7d:4b:3a:c5:ff:93:04:5b:
                    b4:ba:0e:2c:30:2a:71:2c:f7:11:2c:19:c3:76:a6:
                    c9:aa:a2:04:d5:a7:42:87:6d:9f:52:cb:4d:b4:5d:
                    0e:f5:9a:9b:90:44:d4:e4:92:3e:1d:49:ce:cd:0a:
                    97:7b:c7:87:0f:b5:bd:3e:16:dd:6f:6c:f8:3c:0b:
                    27:c0:77:e3:74:bf:6b:d3:cb:9a:19:2a:64:1a:29:
                    64:33:56:6a:80:28:ea:76:fd:2f:b9:fd:f0:e4:cf:
                    b0:e2:09:f1:03:dc:3a:8c:39:2a:7c:de:a4:dc:f1:
                    8c:ea:4e:16:17:64:d9:c9:a0:40:f3:78:b5:a4:bc:
                    c1:73:94:ef:ea:2e:3d:04:ab:63:ad:9b:2c:dd:8d:
                    97:ec:7c:7f:a1:e2:c0:d0:92:cd:ec:4e:4f:5a:ae:
                    e8:e3:2c:e8:63:73:38:e1:0f:5f:1e:cc:7f:5a:21:
                    86:56:e1:33:77:a2:04:15:63:d4:16:d1:fc:0b:96:
                    25:ad:86:36:c2:99:07:5e:45:51:82:e9:43:6e:35:
                    f9:f9:c4:14:60:86:4a:e0:c5:77:9f:e9:93:81:ba:
                    be:57:7d:35:3a:d0:06:d9:18:fd:77:58:f7:75:e0:
                    36:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:44:F0:7D:0F:50:C7:97:32:DE:F1:EE:6E:C4:AA:C9:53:66:2F:1B
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/a0TwfQ9Qx5cy3vHubsSqyVNmLxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:54:6e:4e:5f:27:f3:f3:b1:58:4e:ad:a6:ca:3a:ad:f6:67:
         57:e6:78:49:05:0f:f8:18:8e:b5:f0:fc:92:dd:7d:e5:75:c3:
         ae:6e:e3:28:6d:68:a1:2c:3b:70:a7:ea:77:43:17:7e:93:5d:
         99:aa:f6:7b:ee:02:37:12:d2:fc:43:e1:8f:b0:40:5a:8c:63:
         b0:c9:d3:af:b2:1e:a2:1f:ce:fb:71:ce:49:34:64:16:50:bd:
         07:e4:25:8d:14:69:cb:b1:b2:a9:66:22:95:09:7b:24:ab:df:
         b4:ae:d8:e7:4b:29:cf:8f:e8:1c:6d:9e:be:b0:3b:98:0e:15:
         d9:62:cb:1b:2a:16:c2:bf:eb:de:58:d6:b3:ad:ef:de:d2:de:
         3a:f2:e5:87:18:07:77:c0:9c:0a:87:62:0f:af:f7:44:fc:43:
         bb:d7:7a:f5:13:66:dc:8e:64:5e:a7:72:44:e7:85:7d:61:fb:
         a4:5d:65:94:32:63:7b:f6:45:0a:69:c3:f7:5c:7b:f7:8f:fd:
         64:a7:7c:81:b7:c9:b6:30:14:8c:4b:9c:84:69:0d:bc:bb:7e:
         cd:70:7e:30:f3:f2:74:5d:5b:c9:a7:75:c1:e9:24:ef:f7:80:
         63:96:89:71:ef:0e:dc:ed:fa:a8:65:42:e7:36:1a:fc:12:4f:
         ba:f4:7a:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3uzNECY1GE5cujaZ9Ec3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjQwMTAyMDYzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjQ0ZjA3ZDBmNTBjNzk3MzJkZWYxZWU2ZWM0YWFjOTUzNjYyZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2i41h8KNyL3oBte6fCNuHK/UpND5
fUs6xf+TBFu0ug4sMCpxLPcRLBnDdqbJqqIE1adCh22fUstNtF0O9ZqbkETU5JI+
HUnOzQqXe8eHD7W9Phbdb2z4PAsnwHfjdL9r08uaGSpkGilkM1ZqgCjqdv0vuf3w
5M+w4gnxA9w6jDkqfN6k3PGM6k4WF2TZyaBA83i1pLzBc5Tv6i49BKtjrZss3Y2X
7Hx/oeLA0JLN7E5PWq7o4yzoY3M44Q9fHsx/WiGGVuEzd6IEFWPUFtH8C5YlrYY2
wpkHXkVRgulDbjX5+cQUYIZK4MV3n+mTgbq+V301OtAG2Rj9d1j3deA29QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtE8H0PUMeXMt7x7m7EqslTZi8bMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvYTBUd2ZROVF4NWN5M3ZIdWJzU3F5Vk5tTHhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub6XMA0G
CSqGSIb3DQEBCwUAA4IBAQCfVG5OXyfz87FYTq2myjqt9mdX5nhJBQ/4GI618PyS
3X3ldcOubuMobWihLDtwp+p3Qxd+k12ZqvZ77gI3EtL8Q+GPsEBajGOwydOvsh6i
H877cc5JNGQWUL0H5CWNFGnLsbKpZiKVCXskq9+0rtjnSynPj+gcbZ6+sDuYDhXZ
YssbKhbCv+veWNazre/e0t468uWHGAd3wJwKh2IPr/dE/EO713r1E2bcjmRep3JE
54V9YfukXWWUMmN79kUKacP3XHv3j/1kp3yBt8m2MBSMS5yEaQ28u37NcH4w8/J0
XVvJp3XB6STv94Bjlolx7w7c7fqoZULnNhr8Ek+69HqF
-----END CERTIFICATE-----