Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/427456-4957-4d33-9c64-16f4057fac26/1/6tCvDW1GSIVgprhX6HhTULcMy6Q.roa
File:                     6tCvDW1GSIVgprhX6HhTULcMy6Q.roa (raw, json)
Hash identifier:          pAIHoijLv7wnwT5J8cVHdMDjPeAyZ9WSLixvLuABNxM=
Subject key identifier:   EA:D0:AF:0D:6D:46:48:85:60:A6:B8:57:E8:78:53:50:B7:0C:CB:A4
Certificate issuer:       /CN=1bcd9cd3160399c1e3c80cf074867a729f7dd4f9
Certificate serial:       018CC64A36C640A37E6696F11BB31BD7CFCB
Authority key identifier: 1B:CD:9C:D3:16:03:99:C1:E3:C8:0C:F0:74:86:7A:72:9F:7D:D4:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G82c0xYDmcHjyAzwdIZ6cp991Pk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/427456-4957-4d33-9c64-16f4057fac26/1/6tCvDW1GSIVgprhX6HhTULcMy6Q.roa
Signing time:             Mon 01 Jan 2024 18:30:01 +0000
ROA not before:           Mon 01 Jan 2024 18:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204760
IP address blocks:        194.56.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/427456-4957-4d33-9c64-16f4057fac26/1/G82c0xYDmcHjyAzwdIZ6cp991Pk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/427456-4957-4d33-9c64-16f4057fac26/1/G82c0xYDmcHjyAzwdIZ6cp991Pk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G82c0xYDmcHjyAzwdIZ6cp991Pk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:36:c6:40:a3:7e:66:96:f1:1b:b3:1b:d7:cf:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bcd9cd3160399c1e3c80cf074867a729f7dd4f9
        Validity
            Not Before: Jan  1 18:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ead0af0d6d46488560a6b857e8785350b70ccba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4f:43:bd:4b:6c:76:f7:b1:bc:bc:aa:35:9c:
                    03:b4:84:09:78:81:01:dd:ad:c3:c7:a1:49:66:bc:
                    31:7a:d3:c3:de:db:a3:6e:c9:a7:77:db:90:08:99:
                    64:e6:3f:7c:05:29:37:0f:8b:04:e6:3d:b3:b8:3c:
                    50:07:55:43:0b:d9:0f:ec:8b:8b:ff:25:74:e3:5c:
                    ca:e1:da:60:24:84:24:7d:00:11:e4:f9:42:63:dc:
                    c4:e4:b8:61:01:83:28:c7:36:8c:d5:d6:9c:7c:c5:
                    f4:d0:a0:53:9c:3c:5d:67:61:95:74:ca:09:ed:2b:
                    39:b1:97:ea:cb:e1:ad:1e:82:d3:f9:da:6c:4a:27:
                    d3:11:61:2a:ec:c7:28:48:29:16:fc:39:22:02:4d:
                    c5:b7:e2:75:a2:00:44:92:49:40:d1:cf:d9:34:5b:
                    1f:20:59:b2:20:5c:9b:89:dc:80:b2:11:7b:f7:f7:
                    f7:41:de:a2:3f:ef:f6:53:8a:47:38:9b:26:25:47:
                    86:22:0c:32:05:52:5c:2a:57:09:ff:97:81:9b:57:
                    d1:d8:ec:49:90:fa:b0:ba:fc:47:ff:80:54:c4:47:
                    a6:aa:2e:40:58:28:18:bb:cb:12:af:28:33:00:07:
                    e4:d0:4b:53:d8:7b:3b:60:2c:5a:d3:dc:4f:0a:f4:
                    e5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D0:AF:0D:6D:46:48:85:60:A6:B8:57:E8:78:53:50:B7:0C:CB:A4
            X509v3 Authority Key Identifier:
                keyid:1B:CD:9C:D3:16:03:99:C1:E3:C8:0C:F0:74:86:7A:72:9F:7D:D4:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G82c0xYDmcHjyAzwdIZ6cp991Pk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/427456-4957-4d33-9c64-16f4057fac26/1/6tCvDW1GSIVgprhX6HhTULcMy6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/427456-4957-4d33-9c64-16f4057fac26/1/G82c0xYDmcHjyAzwdIZ6cp991Pk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:e0:fd:dc:b7:2b:c7:90:59:d9:48:68:77:80:03:6b:3d:ba:
         c1:98:a1:7d:53:cf:af:fd:59:9c:22:e7:0d:c6:f3:18:7c:bf:
         07:0d:c9:10:ea:ee:b8:7c:9d:44:92:3c:2c:06:e7:f1:a7:85:
         62:d4:5d:aa:30:bd:f6:66:15:af:1a:91:37:16:3b:2c:94:48:
         e5:2a:48:69:74:a2:08:70:90:1e:c9:53:52:ef:61:13:05:fd:
         6f:32:e1:13:30:51:d6:f5:e3:1d:d3:a3:73:73:5f:9c:f6:6c:
         1b:81:0f:3a:51:93:48:ec:96:dc:84:8e:f2:16:d6:6c:9f:7e:
         88:ff:f3:ac:fe:7e:46:49:cb:9e:40:86:c3:6f:a2:33:93:81:
         83:48:66:04:b7:f1:3c:ec:6c:b9:32:4f:12:7f:aa:cf:17:65:
         fb:31:b1:18:3b:06:a4:f8:b8:3c:94:ee:b2:65:40:81:a7:95:
         55:26:a2:f2:ee:ec:38:27:38:f6:ad:d9:c1:a6:36:3a:cf:22:
         ad:ce:79:50:28:72:00:f2:8a:b3:3a:7e:b3:b7:7b:27:47:73:
         fc:80:a6:b8:0e:78:17:ea:e6:d7:76:90:25:2f:0a:61:10:0e:
         80:85:d5:52:cd:c9:12:73:ef:5a:14:43:20:80:82:94:d5:57:
         d4:8c:e1:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSjbGQKN+ZpbxG7Mb18/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiY2Q5Y2QzMTYwMzk5YzFlM2M4MGNmMDc0ODY3YTcyOWY3
ZGQ0ZjkwHhcNMjQwMTAxMTgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWQwYWYwZDZkNDY0ODg1NjBhNmI4NTdlODc4NTM1MGI3MGNjYmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoU9DvUtsdvexvLyqNZwDtIQJeIEB
3a3Dx6FJZrwxetPD3tujbsmnd9uQCJlk5j98BSk3D4sE5j2zuDxQB1VDC9kP7IuL
/yV041zK4dpgJIQkfQAR5PlCY9zE5LhhAYMoxzaM1dacfMX00KBTnDxdZ2GVdMoJ
7Ss5sZfqy+GtHoLT+dpsSifTEWEq7McoSCkW/DkiAk3Ft+J1ogBEkklA0c/ZNFsf
IFmyIFybidyAshF79/f3Qd6iP+/2U4pHOJsmJUeGIgwyBVJcKlcJ/5eBm1fR2OxJ
kPqwuvxH/4BUxEemqi5AWCgYu8sSrygzAAfk0EtT2Hs7YCxa09xPCvTlEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrQrw1tRkiFYKa4V+h4U1C3DMukMB8GA1UdIwQY
MBaAFBvNnNMWA5nB48gM8HSGenKffdT5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzgyYzB4WURtY0hqeUF6d2RJWjZjcDk5MVBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS80Mjc0NTYtNDk1Ny00ZDMzLTljNjQt
MTZmNDA1N2ZhYzI2LzEvNnRDdkRXMUdTSVZncHJoWDZIaFRVTGNNeTZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS80Mjc0NTYtNDk1Ny00ZDMzLTljNjQtMTZmNDA1N2ZhYzI2
LzEvRzgyYzB4WURtY0hqeUF6d2RJWjZjcDk5MVBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjhYMA0G
CSqGSIb3DQEBCwUAA4IBAQAp4P3ctyvHkFnZSGh3gANrPbrBmKF9U8+v/VmcIucN
xvMYfL8HDckQ6u64fJ1EkjwsBufxp4Vi1F2qML32ZhWvGpE3FjsslEjlKkhpdKII
cJAeyVNS72ETBf1vMuETMFHW9eMd06Nzc1+c9mwbgQ86UZNI7JbchI7yFtZsn36I
//Os/n5GScueQIbDb6Izk4GDSGYEt/E87Gy5Mk8Sf6rPF2X7MbEYOwak+Lg8lO6y
ZUCBp5VVJqLy7uw4Jzj2rdnBpjY6zyKtznlQKHIA8oqzOn6zt3snR3P8gKa4DngX
6ubXdpAlLwphEA6AhdVSzckSc+9aFEMggIKU1VfUjOHH
-----END CERTIFICATE-----