Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/6FUrV_v_YnwGGlV_0tc9Dda5rI8.roa
File:                     6FUrV_v_YnwGGlV_0tc9Dda5rI8.roa (raw, json)
Hash identifier:          vJ0sIfgiW1A46sxgP07tjYXyB/eEmlRpE28+XXdjLsk=
Subject key identifier:   E8:55:2B:57:FB:FF:62:7C:06:1A:55:7F:D2:D7:3D:0D:D6:B9:AC:8F
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A4ED8F4916F989F1C6B71D29F8502
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/6FUrV_v_YnwGGlV_0tc9Dda5rI8.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48550
IP address blocks:        185.133.210.0/24 maxlen: 24
                          2a06:e880::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4e:d8:f4:91:6f:98:9f:1c:6b:71:d2:9f:85:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8552b57fbff627c061a557fd2d73d0dd6b9ac8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f5:02:6f:83:83:5c:4e:6d:cd:74:62:b0:16:
                    fd:5a:fa:9e:9b:b5:24:40:78:08:6e:cf:df:79:1c:
                    0c:97:5c:6c:e1:1c:8c:2f:25:80:f3:59:d7:9e:a0:
                    49:c7:82:32:88:b3:7a:58:de:46:c0:1c:c1:47:82:
                    9e:07:7f:af:66:87:0e:d6:0f:3a:00:a0:37:74:30:
                    3e:f4:ec:2a:a9:d2:bf:98:9c:4d:36:98:69:15:a9:
                    3f:21:d1:5f:35:a1:c9:f0:f6:cc:5f:e9:27:2a:69:
                    47:13:43:01:13:57:2d:9a:2f:bf:c7:ae:a6:98:61:
                    74:d5:f7:8b:f8:63:41:2d:29:69:6a:67:2d:ed:0e:
                    62:91:6f:9b:37:3e:72:74:df:6a:32:58:cc:8d:cc:
                    41:85:7c:8f:60:b2:98:e0:15:ca:a8:12:68:9e:4a:
                    44:c2:7d:a9:3f:b8:ad:10:4b:c6:fa:7b:fa:f1:b5:
                    4e:7a:94:e3:2e:ef:70:65:31:d5:18:3f:42:56:06:
                    3a:06:a6:87:02:a4:e3:64:36:53:0e:b2:d1:f9:f8:
                    44:07:8d:4a:45:37:98:70:1f:b1:3f:b4:87:91:9e:
                    ee:e6:f2:5e:67:34:d6:5f:0d:17:29:e9:d0:ff:84:
                    40:66:4a:1f:71:9a:9b:83:5c:5c:2f:4e:cd:76:9e:
                    af:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:55:2B:57:FB:FF:62:7C:06:1A:55:7F:D2:D7:3D:0D:D6:B9:AC:8F
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/6FUrV_v_YnwGGlV_0tc9Dda5rI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.210.0/24
                IPv6:
                  2a06:e880::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:f9:2c:a2:0b:a0:e3:74:8a:ef:45:e4:00:8f:39:0e:90:33:
         4f:28:bb:da:93:75:e4:9f:a4:a2:d4:02:19:61:84:58:c8:84:
         00:41:95:a9:24:bd:97:5b:00:db:c8:a6:d3:5d:6c:3c:61:d6:
         29:7a:d1:24:eb:68:b2:2e:60:df:c8:ba:1a:5b:99:fe:eb:16:
         b9:8b:27:e6:1a:66:c8:a7:32:8e:d7:7e:92:59:2c:ca:e5:d6:
         90:16:4b:76:ea:d8:a7:3b:0c:cc:84:18:20:99:d3:3c:ab:60:
         e4:a9:d8:86:1d:82:59:60:38:18:5d:d1:b8:2a:8c:d5:f8:63:
         de:b9:e3:b0:5a:ce:ef:55:03:43:1b:d5:99:85:0c:17:5c:57:
         b0:2f:09:f6:c0:b0:97:04:11:49:32:a8:d6:65:c6:86:0e:f5:
         b7:a1:2c:7f:41:4a:8b:c1:ce:ca:e6:20:0d:c8:42:52:e6:d4:
         3d:a2:8f:f9:db:b0:19:3b:cc:5a:cf:7b:66:2b:9a:61:68:94:
         bd:36:92:79:df:71:dd:82:e9:5f:af:4d:5d:7b:ba:00:37:27:
         99:c6:f7:a7:38:e0:83:9d:11:6f:52:fc:45:2d:0b:ce:30:05:
         a0:be:d0:aa:17:ed:64:03:a2:14:e7:2d:b0:69:ec:c6:67:74:
         19:f7:36:4d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKk7Y9JFvmJ8ca3HSn4UCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODU1MmI1N2ZiZmY2MjdjMDYxYTU1N2ZkMmQ3M2QwZGQ2YjlhYzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfUCb4ODXE5tzXRisBb9Wvqem7Uk
QHgIbs/feRwMl1xs4RyMLyWA81nXnqBJx4IyiLN6WN5GwBzBR4KeB3+vZocO1g86
AKA3dDA+9OwqqdK/mJxNNphpFak/IdFfNaHJ8PbMX+knKmlHE0MBE1ctmi+/x66m
mGF01feL+GNBLSlpamct7Q5ikW+bNz5ydN9qMljMjcxBhXyPYLKY4BXKqBJonkpE
wn2pP7itEEvG+nv68bVOepTjLu9wZTHVGD9CVgY6BqaHAqTjZDZTDrLR+fhEB41K
RTeYcB+xP7SHkZ7u5vJeZzTWXw0XKenQ/4RAZkofcZqbg1xcL07Ndp6voQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOhVK1f7/2J8BhpVf9LXPQ3WuayPMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvNkZVclZfdl9ZbndHR2xWXzB0YzlEZGE1ckk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYXSMA0E
AgACMAcDBQAqBuiAMA0GCSqGSIb3DQEBCwUAA4IBAQDA+SyiC6DjdIrvReQAjzkO
kDNPKLvak3Xkn6Si1AIZYYRYyIQAQZWpJL2XWwDbyKbTXWw8YdYpetEk62iyLmDf
yLoaW5n+6xa5iyfmGmbIpzKO136SWSzK5daQFkt26tinOwzMhBggmdM8q2DkqdiG
HYJZYDgYXdG4KozV+GPeueOwWs7vVQNDG9WZhQwXXFewLwn2wLCXBBFJMqjWZcaG
DvW3oSx/QUqLwc7K5iANyEJS5tQ9oo/527AZO8xaz3tmK5phaJS9NpJ533Hdgulf
r01de7oANyeZxvenOOCDnRFvUvxFLQvOMAWgvtCqF+1kA6IU5y2waezGZ3QZ9zZN
-----END CERTIFICATE-----