Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/8e4e68-bd2a-4dc2-aae6-a0560ac82ba7/1/N6FbEhrmlwrPH0a-lL0_2pklkCs.roa
File:                     N6FbEhrmlwrPH0a-lL0_2pklkCs.roa (raw, json)
Hash identifier:          9Jb307uMw7xAEOullrKFrMlSAqQ1S6RUYWgoKFYGXFU=
Subject key identifier:   37:A1:5B:12:1A:E6:97:0A:CF:1F:46:BE:94:BD:3F:DA:99:25:90:2B
Certificate issuer:       /CN=1c6c48cccce321ec18702957b396381a1f1a0410
Certificate serial:       018CC6B7E8237C1927B5FC13ED2F1869C2F9
Authority key identifier: 1C:6C:48:CC:CC:E3:21:EC:18:70:29:57:B3:96:38:1A:1F:1A:04:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HGxIzMzjIewYcClXs5Y4Gh8aBBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/8e4e68-bd2a-4dc2-aae6-a0560ac82ba7/1/N6FbEhrmlwrPH0a-lL0_2pklkCs.roa
Signing time:             Mon 01 Jan 2024 20:29:50 +0000
ROA not before:           Mon 01 Jan 2024 20:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198826
IP address blocks:        185.253.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/8e4e68-bd2a-4dc2-aae6-a0560ac82ba7/1/HGxIzMzjIewYcClXs5Y4Gh8aBBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/8e4e68-bd2a-4dc2-aae6-a0560ac82ba7/1/HGxIzMzjIewYcClXs5Y4Gh8aBBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HGxIzMzjIewYcClXs5Y4Gh8aBBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:e8:23:7c:19:27:b5:fc:13:ed:2f:18:69:c2:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c6c48cccce321ec18702957b396381a1f1a0410
        Validity
            Not Before: Jan  1 20:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37a15b121ae6970acf1f46be94bd3fda9925902b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d7:2b:7c:9d:b9:97:07:44:82:8f:b0:af:fb:
                    5a:42:b8:b1:00:3e:16:ad:07:08:92:55:91:e2:a9:
                    45:04:67:1a:4d:c0:19:29:48:ee:0c:33:78:d9:89:
                    a4:e0:fd:fc:fd:b5:cc:97:6e:65:86:31:71:07:e5:
                    32:ca:4e:18:2c:e5:d1:25:3e:f1:b0:8d:ef:17:5e:
                    4d:ec:7a:8d:54:d8:34:a3:00:bd:c4:b8:72:fa:0d:
                    63:91:4d:a5:0c:d4:43:38:77:aa:42:9d:e4:d5:80:
                    c6:0d:04:c1:7a:88:48:6c:34:27:b9:f6:85:11:7f:
                    15:00:b3:4c:15:f7:c6:b0:7a:ea:98:eb:49:bc:cc:
                    c1:ad:37:eb:48:0e:0c:c4:bf:0d:b8:cc:89:b7:14:
                    e1:a1:a0:8a:1e:a1:66:1a:38:23:2c:6f:6f:f7:e0:
                    a1:9d:cf:fa:14:7d:40:70:3b:34:0b:78:b7:f8:d5:
                    e8:0a:ac:15:80:73:d5:27:a7:3e:76:1a:34:bd:55:
                    86:8b:72:42:08:f8:a8:22:f0:41:09:20:80:a8:0d:
                    ef:d5:f4:32:3e:34:de:03:cc:a0:65:5f:dc:7a:c8:
                    4a:6a:4d:ea:9a:b7:a4:2f:03:3a:2c:42:db:e0:e2:
                    fa:a7:31:e2:e7:ca:12:55:ef:d9:53:15:4d:60:9c:
                    47:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:A1:5B:12:1A:E6:97:0A:CF:1F:46:BE:94:BD:3F:DA:99:25:90:2B
            X509v3 Authority Key Identifier:
                keyid:1C:6C:48:CC:CC:E3:21:EC:18:70:29:57:B3:96:38:1A:1F:1A:04:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HGxIzMzjIewYcClXs5Y4Gh8aBBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8e4e68-bd2a-4dc2-aae6-a0560ac82ba7/1/N6FbEhrmlwrPH0a-lL0_2pklkCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8e4e68-bd2a-4dc2-aae6-a0560ac82ba7/1/HGxIzMzjIewYcClXs5Y4Gh8aBBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:ed:61:7c:a7:59:39:d4:50:89:ad:0e:3b:b6:1e:b1:bd:04:
         32:74:26:53:46:0d:25:40:92:af:d5:d5:68:33:7a:da:ae:4d:
         b5:54:53:5c:50:27:8f:68:46:d9:81:3c:5f:a7:ad:17:d9:c0:
         98:be:7f:28:2b:b9:c9:d4:60:19:1e:2b:92:2d:7a:35:4d:64:
         d9:9e:95:92:cc:4f:c4:f0:a1:6e:29:2e:6a:b3:d5:dc:b7:cf:
         87:b1:39:29:0f:ef:d5:e7:64:4c:30:13:20:ad:bc:46:c6:de:
         a2:87:89:c1:fd:8b:79:99:ec:fd:3e:d7:ed:9a:af:9e:67:de:
         fc:42:4c:d8:45:64:56:ce:d5:d9:10:8e:19:0d:79:b0:5c:c2:
         32:95:0b:0e:fc:ae:db:b3:a5:0e:3d:f8:dd:19:4b:1e:87:bf:
         63:74:87:49:86:95:31:c5:e8:0d:1b:c8:98:02:72:70:0e:69:
         2e:eb:8f:74:2c:61:10:82:ff:66:58:d0:2a:88:8b:58:e5:bf:
         3c:34:26:1a:48:01:ca:f5:a8:c1:c1:a4:46:f3:11:a0:92:21:
         4b:60:50:74:e5:7b:da:80:02:74:ed:d9:04:6c:2f:ad:76:31:
         dd:d8:80:3a:75:a6:ad:2f:3f:53:e8:8f:84:f8:37:b3:ca:48:
         93:30:f1:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt+gjfBkntfwT7S8YacL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNmM0OGNjY2NlMzIxZWMxODcwMjk1N2IzOTYzODFhMWYx
YTA0MTAwHhcNMjQwMTAxMjAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2ExNWIxMjFhZTY5NzBhY2YxZjQ2YmU5NGJkM2ZkYTk5MjU5MDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9crfJ25lwdEgo+wr/taQrixAD4W
rQcIklWR4qlFBGcaTcAZKUjuDDN42Ymk4P38/bXMl25lhjFxB+Uyyk4YLOXRJT7x
sI3vF15N7HqNVNg0owC9xLhy+g1jkU2lDNRDOHeqQp3k1YDGDQTBeohIbDQnufaF
EX8VALNMFffGsHrqmOtJvMzBrTfrSA4MxL8NuMyJtxThoaCKHqFmGjgjLG9v9+Ch
nc/6FH1AcDs0C3i3+NXoCqwVgHPVJ6c+dho0vVWGi3JCCPioIvBBCSCAqA3v1fQy
PjTeA8ygZV/ceshKak3qmrekLwM6LELb4OL6pzHi58oSVe/ZUxVNYJxHlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDehWxIa5pcKzx9GvpS9P9qZJZArMB8GA1UdIwQY
MBaAFBxsSMzM4yHsGHApV7OWOBofGgQQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEd4SXpNempJZXdZY0NsWHM1WTRHaDhhQkJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS84ZTRlNjgtYmQyYS00ZGMyLWFhZTYt
YTA1NjBhYzgyYmE3LzEvTjZGYkVocm1sd3JQSDBhLWxMMF8ycGtsa0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS84ZTRlNjgtYmQyYS00ZGMyLWFhZTYtYTA1NjBhYzgyYmE3
LzEvSEd4SXpNempJZXdZY0NsWHM1WTRHaDhhQkJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf2KMA0G
CSqGSIb3DQEBCwUAA4IBAQDL7WF8p1k51FCJrQ47th6xvQQydCZTRg0lQJKv1dVo
M3rark21VFNcUCePaEbZgTxfp60X2cCYvn8oK7nJ1GAZHiuSLXo1TWTZnpWSzE/E
8KFuKS5qs9Xct8+HsTkpD+/V52RMMBMgrbxGxt6ih4nB/Yt5mez9Ptftmq+eZ978
QkzYRWRWztXZEI4ZDXmwXMIylQsO/K7bs6UOPfjdGUseh79jdIdJhpUxxegNG8iY
AnJwDmku6490LGEQgv9mWNAqiItY5b88NCYaSAHK9ajBwaRG8xGgkiFLYFB05Xva
gAJ07dkEbC+tdjHd2IA6daatLz9T6I+E+DezykiTMPHt
-----END CERTIFICATE-----