Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/6EN7AbdSG8zpzcD9i3mdmic13EM.roa
File:                     6EN7AbdSG8zpzcD9i3mdmic13EM.roa (raw, json)
Hash identifier:          1is8M0MH2CejT8NGK4w/0MEJEZNKSDvY5aFEvukp5XY=
Subject key identifier:   E8:43:7B:01:B7:52:1B:CC:E9:CD:C0:FD:8B:79:9D:9A:27:35:DC:43
Certificate issuer:       /CN=3dc410e3f09bea6abc9dd8c6ff4185651b0ab867
Certificate serial:       018CC3B6890B29FEE191ACC5FCE9AA0B962A
Authority key identifier: 3D:C4:10:E3:F0:9B:EA:6A:BC:9D:D8:C6:FF:41:85:65:1B:0A:B8:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/6EN7AbdSG8zpzcD9i3mdmic13EM.roa
Signing time:             Mon 01 Jan 2024 06:29:28 +0000
ROA not before:           Mon 01 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        193.149.8.0/21 maxlen: 21
                          134.30.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:89:0b:29:fe:e1:91:ac:c5:fc:e9:aa:0b:96:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3dc410e3f09bea6abc9dd8c6ff4185651b0ab867
        Validity
            Not Before: Jan  1 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8437b01b7521bcce9cdc0fd8b799d9a2735dc43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:38:54:06:47:19:58:0d:49:9f:05:36:a3:e3:
                    55:b4:5c:14:01:d3:10:8d:1b:99:ca:01:3f:6e:e0:
                    21:2c:a7:ca:38:9c:09:bc:c3:03:5c:fb:a9:90:13:
                    16:d9:19:3e:55:1e:b6:44:b2:0d:94:2f:1a:0f:a6:
                    a2:c3:c6:e8:65:0e:73:2a:34:09:d4:ce:96:3e:ee:
                    a8:da:11:a8:39:b5:76:4f:7d:76:59:0c:66:52:0f:
                    18:f1:d1:21:b0:74:e3:1d:2e:cf:1e:16:6c:1b:74:
                    e9:31:a5:70:f6:2d:a9:e6:fb:06:55:1c:3d:1a:f5:
                    8d:69:e4:37:9d:a0:76:4b:a5:79:d2:38:73:73:08:
                    53:60:2d:c7:b0:ce:5b:01:91:39:7f:4f:cf:83:9c:
                    7b:d2:39:32:d0:8d:b2:99:50:f5:91:e2:64:2d:fe:
                    76:7b:ca:90:7e:26:7d:9e:a4:78:c3:b9:86:a2:3d:
                    c3:5d:ef:6e:a2:ae:4b:06:3d:02:c5:bf:93:ec:68:
                    bd:8b:5d:4a:24:28:69:da:9f:f0:54:b6:13:2f:b2:
                    24:60:8d:d0:c8:35:f7:5c:a7:ae:9d:48:a6:a7:8d:
                    94:4f:d2:4a:c1:2e:9f:23:21:d2:40:f3:63:e8:36:
                    57:e0:3b:6e:d1:51:c4:d5:24:00:41:54:90:87:c0:
                    a5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:43:7B:01:B7:52:1B:CC:E9:CD:C0:FD:8B:79:9D:9A:27:35:DC:43
            X509v3 Authority Key Identifier:
                keyid:3D:C4:10:E3:F0:9B:EA:6A:BC:9D:D8:C6:FF:41:85:65:1B:0A:B8:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/6EN7AbdSG8zpzcD9i3mdmic13EM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.30.0.0/16
                  193.149.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         97:51:04:4b:63:f8:d9:e1:0f:98:b0:27:44:76:ee:83:41:73:
         20:ea:f0:e9:7e:8a:b6:ab:5a:e0:12:e0:9c:ff:f8:a5:82:72:
         81:1b:4d:47:01:59:41:73:7d:8e:00:f8:69:2f:8c:56:e5:d6:
         81:70:5a:df:8b:0d:03:5a:fe:14:10:a0:e8:13:73:57:94:1a:
         1e:d5:2e:2e:80:48:d2:5a:b5:6b:18:b5:b2:05:33:0c:f8:c2:
         22:fb:21:99:d7:1e:4f:e9:f8:37:bb:e9:a2:df:ab:c0:cd:ab:
         17:d5:b1:1e:89:c0:38:8a:a9:49:9d:00:4a:92:0d:a9:9b:7d:
         be:65:4f:d5:34:81:3b:b1:1a:a8:61:da:d6:94:61:9f:9e:23:
         2c:2e:04:1f:fc:73:79:60:b4:4a:57:ab:fc:5a:52:fb:54:31:
         73:1e:ef:04:6b:dc:ec:ae:0b:ac:a4:c1:c0:a5:08:da:e5:a4:
         00:83:df:5d:7a:24:05:76:c8:23:04:79:e4:f1:9a:6f:4d:0a:
         ea:39:50:cb:9b:7e:93:43:8a:96:73:17:b0:79:0f:c2:a5:0c:
         3f:e4:a2:eb:41:28:82:04:73:05:53:94:42:bb:39:1b:3a:5a:
         9d:38:b6:2b:00:24:d4:a3:8b:1f:2d:e5:e6:60:a0:c3:48:3c:
         27:05:ee:1a
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzDtokLKf7hkazF/OmqC5YqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYzQxMGUzZjA5YmVhNmFiYzlkZDhjNmZmNDE4NTY1MWIw
YWI4NjcwHhcNMjQwMTAxMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODQzN2IwMWI3NTIxYmNjZTljZGMwZmQ4Yjc5OWQ5YTI3MzVkYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjhUBkcZWA1JnwU2o+NVtFwUAdMQ
jRuZygE/buAhLKfKOJwJvMMDXPupkBMW2Rk+VR62RLINlC8aD6aiw8boZQ5zKjQJ
1M6WPu6o2hGoObV2T312WQxmUg8Y8dEhsHTjHS7PHhZsG3TpMaVw9i2p5vsGVRw9
GvWNaeQ3naB2S6V50jhzcwhTYC3HsM5bAZE5f0/Pg5x70jky0I2ymVD1keJkLf52
e8qQfiZ9nqR4w7mGoj3DXe9uoq5LBj0Cxb+T7Gi9i11KJChp2p/wVLYTL7IkYI3Q
yDX3XKeunUimp42UT9JKwS6fIyHSQPNj6DZX4Dtu0VHE1SQAQVSQh8Cl9wIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFOhDewG3UhvM6c3A/Yt5nZonNdxDMB8GA1UdIwQY
MBaAFD3EEOPwm+pqvJ3Yxv9BhWUbCrhnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGNRUTRfQ2I2bXE4bmRqR18wR0ZaUnNLdUdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8wNDI5NTEtNTRkOC00NjljLWJiYTEt
YTY1NDZjZDlkYTk0LzEvNkVON0FiZFNHOHpwemNEOWkzbWRtaWMxM0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8wNDI5NTEtNTRkOC00NjljLWJiYTEtYTY1NDZjZDlkYTk0
LzEvUGNRUTRfQ2I2bXE4bmRqR18wR0ZaUnNLdUdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAhh4DBAPB
lQgwDQYJKoZIhvcNAQELBQADggEBAJdRBEtj+NnhD5iwJ0R27oNBcyDq8Ol+irar
WuAS4Jz/+KWCcoEbTUcBWUFzfY4A+GkvjFbl1oFwWt+LDQNa/hQQoOgTc1eUGh7V
Li6ASNJatWsYtbIFMwz4wiL7IZnXHk/p+De76aLfq8DNqxfVsR6JwDiKqUmdAEqS
Dambfb5lT9U0gTuxGqhh2taUYZ+eIywuBB/8c3lgtEpXq/xaUvtUMXMe7wRr3Oyu
C6ykwcClCNrlpACD3116JAV2yCMEeeTxmm9NCuo5UMubfpNDipZzF7B5D8KlDD/k
outBKIIEcwVTlEK7ORs6Wp04tisAJNSjix8t5eZgoMNIPCcF7ho=
-----END CERTIFICATE-----