Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/103fc9-2cbf-40bf-9625-18762500fe25/1/6suDv7lDtaUmRAvwfvUVAPU3u80.roa
File:                     6suDv7lDtaUmRAvwfvUVAPU3u80.roa (raw, json)
Hash identifier:          b3TM5yoCuHsTel6ogjDgrvahMlNTdlRAFLegKb4Ldqw=
Subject key identifier:   EA:CB:83:BF:B9:43:B5:A5:26:44:0B:F0:7E:F5:15:00:F5:37:BB:CD
Certificate issuer:       /CN=463eddb91b538f83e8aedf5565c960df0b107ea2
Certificate serial:       018CC3490AA606FC56FD502BA9CB33638543
Authority key identifier: 46:3E:DD:B9:1B:53:8F:83:E8:AE:DF:55:65:C9:60:DF:0B:10:7E:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rj7duRtTj4Port9VZclg3wsQfqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/103fc9-2cbf-40bf-9625-18762500fe25/1/6suDv7lDtaUmRAvwfvUVAPU3u80.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204204
IP address blocks:        185.142.17.0/24 maxlen: 24
                          185.142.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/103fc9-2cbf-40bf-9625-18762500fe25/1/Rj7duRtTj4Port9VZclg3wsQfqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/103fc9-2cbf-40bf-9625-18762500fe25/1/Rj7duRtTj4Port9VZclg3wsQfqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rj7duRtTj4Port9VZclg3wsQfqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0a:a6:06:fc:56:fd:50:2b:a9:cb:33:63:85:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=463eddb91b538f83e8aedf5565c960df0b107ea2
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eacb83bfb943b5a526440bf07ef51500f537bbcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5b:04:eb:0e:a5:a6:7c:d5:98:a5:6f:3f:69:
                    2c:2d:80:a0:ea:39:f6:be:5a:70:8e:be:d4:f5:79:
                    a9:f5:be:77:e3:1b:73:fe:11:38:20:6f:ce:66:1b:
                    a2:cd:23:21:01:c9:f8:a9:5d:71:57:8e:49:ac:83:
                    c9:f5:25:85:6d:7b:c8:51:5f:52:37:6f:0b:03:81:
                    72:44:ad:bd:af:30:0d:7c:0c:87:19:af:d8:94:83:
                    30:97:81:2d:5e:64:35:f6:1e:8b:30:fe:fc:b2:7b:
                    e3:2d:30:76:62:ef:71:9e:79:f8:ac:d1:a5:28:fb:
                    ae:2f:b5:90:1c:a6:79:17:04:4f:ea:5f:c1:15:89:
                    69:6b:37:50:11:b6:eb:eb:bf:56:24:2d:5f:58:27:
                    33:21:09:d7:a2:fa:4b:8d:f7:83:43:fc:e1:80:e6:
                    d5:54:c7:5e:86:e2:fa:06:89:57:36:50:db:2c:2a:
                    c7:b6:b3:4c:78:bf:e4:93:f2:63:cc:ea:39:cc:d2:
                    b2:63:9d:54:81:fc:fe:07:fe:4c:26:a0:07:8f:15:
                    fd:59:3d:74:7b:e0:0e:37:ab:42:83:c3:b7:6d:97:
                    da:09:25:3d:f4:ba:0e:16:a1:f8:c8:68:b0:b0:8f:
                    66:ec:a2:66:72:b0:19:d5:38:40:2f:2d:cc:b2:b7:
                    66:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:CB:83:BF:B9:43:B5:A5:26:44:0B:F0:7E:F5:15:00:F5:37:BB:CD
            X509v3 Authority Key Identifier:
                keyid:46:3E:DD:B9:1B:53:8F:83:E8:AE:DF:55:65:C9:60:DF:0B:10:7E:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rj7duRtTj4Port9VZclg3wsQfqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/103fc9-2cbf-40bf-9625-18762500fe25/1/6suDv7lDtaUmRAvwfvUVAPU3u80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/103fc9-2cbf-40bf-9625-18762500fe25/1/Rj7duRtTj4Port9VZclg3wsQfqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.17.0-185.142.18.255

    Signature Algorithm: sha256WithRSAEncryption
         27:9e:a9:c9:7a:91:5c:27:52:e6:2d:c2:3f:a4:1f:6b:ff:7c:
         95:41:2a:38:56:a1:2f:ec:50:e1:32:ba:77:ea:1c:b0:9a:5c:
         e6:e0:f3:b1:cf:7f:ad:6e:25:04:5d:cb:05:6c:3e:0f:e2:6a:
         48:4e:22:cb:17:80:f8:79:ea:4e:84:ab:d2:fe:cf:b6:68:63:
         6e:54:e7:d6:19:f1:b4:43:85:8c:e6:ff:f9:00:13:38:62:20:
         f4:c0:b7:13:63:47:82:48:14:a3:7c:2c:4e:6b:2e:70:da:82:
         87:85:07:51:71:0b:ad:f9:7b:55:a7:9b:eb:a6:bc:2b:01:79:
         20:13:a9:56:f1:af:94:30:f1:fe:e5:9e:34:4a:5b:b1:a5:fe:
         33:7a:ee:92:dc:d2:96:6a:51:cb:4e:e3:d5:96:24:2c:58:7e:
         80:c1:74:26:95:06:fe:67:fb:1a:83:51:a6:7d:59:48:e1:35:
         09:a2:17:bb:f9:fc:07:a0:3b:1f:86:77:5e:4f:6b:d2:72:6b:
         12:bb:64:5c:dc:68:3d:20:00:1d:0d:e4:74:d2:53:d2:d3:86:
         b3:b1:92:03:28:c7:48:f2:17:53:4b:19:ca:fd:97:34:78:ba:
         66:2f:53:f6:f0:39:33:67:ea:99:d5:fd:57:40:e5:8e:a7:4f:
         f9:ca:ad:bd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSQqmBvxW/VArqcszY4VDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2M2VkZGI5MWI1MzhmODNlOGFlZGY1NTY1Yzk2MGRmMGIx
MDdlYTIwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWNiODNiZmI5NDNiNWE1MjY0NDBiZjA3ZWY1MTUwMGY1MzdiYmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFsE6w6lpnzVmKVvP2ksLYCg6jn2
vlpwjr7U9Xmp9b534xtz/hE4IG/OZhuizSMhAcn4qV1xV45JrIPJ9SWFbXvIUV9S
N28LA4FyRK29rzANfAyHGa/YlIMwl4EtXmQ19h6LMP78snvjLTB2Yu9xnnn4rNGl
KPuuL7WQHKZ5FwRP6l/BFYlpazdQEbbr679WJC1fWCczIQnXovpLjfeDQ/zhgObV
VMdehuL6BolXNlDbLCrHtrNMeL/kk/JjzOo5zNKyY51Ugfz+B/5MJqAHjxX9WT10
e+AON6tCg8O3bZfaCSU99LoOFqH4yGiwsI9m7KJmcrAZ1ThALy3MsrdmwQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOrLg7+5Q7WlJkQL8H71FQD1N7vNMB8GA1UdIwQY
MBaAFEY+3bkbU4+D6K7fVWXJYN8LEH6iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmo3ZHVSdFRqNFBvcnQ5VlpjbGczd3NRZnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMDNmYzktMmNiZi00MGJmLTk2MjUt
MTg3NjI1MDBmZTI1LzEvNnN1RHY3bER0YVVtUkF2d2Z2VVZBUFUzdTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMDNmYzktMmNiZi00MGJmLTk2MjUtMTg3NjI1MDBmZTI1
LzEvUmo3ZHVSdFRqNFBvcnQ5VlpjbGczd3NRZnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5jhED
BAC5jhIwDQYJKoZIhvcNAQELBQADggEBACeeqcl6kVwnUuYtwj+kH2v/fJVBKjhW
oS/sUOEyunfqHLCaXObg87HPf61uJQRdywVsPg/iakhOIssXgPh56k6Eq9L+z7Zo
Y25U59YZ8bRDhYzm//kAEzhiIPTAtxNjR4JIFKN8LE5rLnDagoeFB1FxC635e1Wn
m+umvCsBeSATqVbxr5Qw8f7lnjRKW7Gl/jN67pLc0pZqUctO49WWJCxYfoDBdCaV
Bv5n+xqDUaZ9WUjhNQmiF7v5/AegOx+Gd15Pa9JyaxK7ZFzcaD0gAB0N5HTSU9LT
hrOxkgMox0jyF1NLGcr9lzR4umYvU/bwOTNn6pnV/VdA5Y6nT/nKrb0=
-----END CERTIFICATE-----