Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/4a9e5b-aa40-4dc2-8ded-a276ed0ba1bc/1/1-z6qpkZ91wHtaazV0s8jY2sJksI.roa
File:                     1-z6qpkZ91wHtaazV0s8jY2sJksI.roa (raw, json)
Hash identifier:          noBCUtEuDOtYyEyGcYwR5dFe27DLwyP/XGo5mi0zsbY=
Subject key identifier:   FB:3E:AA:A6:46:7D:D7:01:ED:69:AC:D5:D2:CF:23:63:6B:09:92:C2
Certificate issuer:       /CN=e9f4510444a17add7327146152943495ababb968
Certificate serial:       0190353660D9D746E9CA3C90F548025AE05A
Authority key identifier: E9:F4:51:04:44:A1:7A:DD:73:27:14:61:52:94:34:95:AB:AB:B9:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6fRRBEShet1zJxRhUpQ0lauruWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/4a9e5b-aa40-4dc2-8ded-a276ed0ba1bc/1/1-z6qpkZ91wHtaazV0s8jY2sJksI.roa
Signing time:             Thu 20 Jun 2024 10:34:34 +0000
ROA not before:           Thu 20 Jun 2024 10:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8758
IP address blocks:        185.168.143.0/24 maxlen: 24
                          2a0d:ec00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/4a9e5b-aa40-4dc2-8ded-a276ed0ba1bc/1/6fRRBEShet1zJxRhUpQ0lauruWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/4a9e5b-aa40-4dc2-8ded-a276ed0ba1bc/1/6fRRBEShet1zJxRhUpQ0lauruWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6fRRBEShet1zJxRhUpQ0lauruWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 13:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:35:36:60:d9:d7:46:e9:ca:3c:90:f5:48:02:5a:e0:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9f4510444a17add7327146152943495ababb968
        Validity
            Not Before: Jun 20 10:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb3eaaa6467dd701ed69acd5d2cf23636b0992c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c9:ff:b4:81:70:e0:6a:f9:0f:3f:3a:1c:4f:
                    83:83:a2:fa:c4:7e:ef:c8:4e:65:ff:8c:d4:30:d3:
                    75:72:27:85:f5:81:14:f0:6a:47:9d:b7:6f:57:a3:
                    b6:a1:84:a1:be:57:45:28:b3:cd:a2:f0:4a:c7:f5:
                    70:3f:b3:cf:27:b9:2e:6c:96:27:5c:b7:e4:c5:d9:
                    39:20:e4:c6:de:bf:a9:fa:23:60:a1:ab:ef:44:ee:
                    b9:e2:bf:1b:b2:e3:18:64:8e:74:e7:7f:c2:4a:44:
                    68:2a:49:55:2c:2e:19:64:a0:a7:98:2a:e9:5a:a4:
                    0b:40:ec:c4:d4:81:e9:b3:31:cc:c3:89:9b:83:e5:
                    93:4a:9f:3d:3b:40:f4:75:1b:89:d1:42:af:a6:1d:
                    8e:97:40:1c:19:09:b5:4f:22:e5:d2:5a:e2:c6:23:
                    27:78:76:0c:52:08:cb:a1:7f:38:31:56:5c:59:4d:
                    24:a6:a5:21:a7:33:a5:58:01:bc:34:52:ba:14:1d:
                    4b:81:4f:72:0a:8e:78:f7:7a:3f:59:d8:87:15:44:
                    22:ed:b0:f3:b9:98:70:b6:51:38:21:9d:08:52:7a:
                    d4:48:86:9d:45:05:c3:d9:ef:aa:fb:cc:5f:4d:c4:
                    d1:d2:d9:90:42:6e:66:ed:5d:1f:3b:54:c3:bf:3f:
                    db:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:3E:AA:A6:46:7D:D7:01:ED:69:AC:D5:D2:CF:23:63:6B:09:92:C2
            X509v3 Authority Key Identifier:
                keyid:E9:F4:51:04:44:A1:7A:DD:73:27:14:61:52:94:34:95:AB:AB:B9:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6fRRBEShet1zJxRhUpQ0lauruWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4a9e5b-aa40-4dc2-8ded-a276ed0ba1bc/1/1-z6qpkZ91wHtaazV0s8jY2sJksI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4a9e5b-aa40-4dc2-8ded-a276ed0ba1bc/1/6fRRBEShet1zJxRhUpQ0lauruWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.143.0/24
                IPv6:
                  2a0d:ec00::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:97:af:4d:21:36:42:99:a4:b2:25:25:de:7c:32:19:c9:a1:
         34:5e:ff:7b:2a:70:a2:d9:4c:07:1a:aa:68:54:28:2a:ad:39:
         de:fb:a7:a7:e4:79:78:79:99:59:72:87:4a:92:28:3e:b0:73:
         b7:83:ad:25:13:cd:1c:86:59:1e:e4:26:7d:8b:29:c5:05:10:
         46:21:80:ae:83:f3:99:32:55:16:22:23:2d:9b:13:8d:fd:5e:
         83:ba:91:82:87:36:dc:95:5c:93:b3:e5:a3:93:2a:72:2d:f5:
         60:fd:7f:3a:96:14:5b:20:f3:59:7a:c1:46:e1:9c:ab:de:6d:
         3b:7d:71:c9:53:9a:c5:7f:dd:c5:86:94:c0:de:cb:14:88:ff:
         97:2e:96:c1:2d:9a:ae:d7:40:b4:83:02:e2:5b:1b:8c:e7:e7:
         6d:ad:b4:83:de:19:2a:a8:d1:ed:9e:51:05:04:7f:1f:f4:ff:
         34:95:b1:94:cd:8b:9f:84:f6:0c:3b:0c:33:dc:90:51:e0:dc:
         ab:5d:de:18:b1:2c:dc:6c:26:9c:79:6a:01:6f:30:7a:98:cb:
         25:07:79:d7:80:28:5b:a5:88:63:3d:e4:dc:26:9c:5f:b7:cf:
         62:8e:c8:c0:4b:d5:a8:9d:15:17:5f:63:73:5d:03:71:44:48:
         23:12:d8:ca
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZA1NmDZ10bpyjyQ9UgCWuBaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZjQ1MTA0NDRhMTdhZGQ3MzI3MTQ2MTUyOTQzNDk1YWJh
YmI5NjgwHhcNMjQwNjIwMTAzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjNlYWFhNjQ2N2RkNzAxZWQ2OWFjZDVkMmNmMjM2MzZiMDk5MmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08n/tIFw4Gr5Dz86HE+Dg6L6xH7v
yE5l/4zUMNN1cieF9YEU8GpHnbdvV6O2oYShvldFKLPNovBKx/VwP7PPJ7kubJYn
XLfkxdk5IOTG3r+p+iNgoavvRO654r8bsuMYZI5053/CSkRoKklVLC4ZZKCnmCrp
WqQLQOzE1IHpszHMw4mbg+WTSp89O0D0dRuJ0UKvph2Ol0AcGQm1TyLl0lrixiMn
eHYMUgjLoX84MVZcWU0kpqUhpzOlWAG8NFK6FB1LgU9yCo5493o/WdiHFUQi7bDz
uZhwtlE4IZ0IUnrUSIadRQXD2e+q+8xfTcTR0tmQQm5m7V0fO1TDvz/bmQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPs+qqZGfdcB7Wms1dLPI2NrCZLCMB8GA1UdIwQY
MBaAFOn0UQREoXrdcycUYVKUNJWrq7loMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmZSUkJFU2hldDF6SnhSaFVwUTBsYXVydVdnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC80YTllNWItYWE0MC00ZGMyLThkZWQt
YTI3NmVkMGJhMWJjLzEvMS16NnFwa1o5MXdIdGFhelYwczhqWTJzSmtzSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTAvNGE5ZTViLWFhNDAtNGRjMi04ZGVkLWEyNzZlZDBiYTFi
Yy8xLzZmUlJCRVNoZXQxekp4UmhVcFEwbGF1cnVXZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEALmojzAN
BAIAAjAHAwUDKg3sADANBgkqhkiG9w0BAQsFAAOCAQEAE5evTSE2QpmksiUl3nwy
GcmhNF7/eypwotlMBxqqaFQoKq053vunp+R5eHmZWXKHSpIoPrBzt4OtJRPNHIZZ
HuQmfYspxQUQRiGAroPzmTJVFiIjLZsTjf1eg7qRgoc23JVck7Plo5Mqci31YP1/
OpYUWyDzWXrBRuGcq95tO31xyVOaxX/dxYaUwN7LFIj/ly6WwS2artdAtIMC4lsb
jOfnba20g94ZKqjR7Z5RBQR/H/T/NJWxlM2Ln4T2DDsMM9yQUeDcq13eGLEs3Gwm
nHlqAW8wepjLJQd514AoW6WIYz3k3CacX7fPYo7IwEvVqJ0VF19jc10DcURIIxLY
yg==
-----END CERTIFICATE-----