Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/af15eb-7a4d-4b0e-bebb-e9bede00c6af/1/6BtmlVaDH1V4i8ojs8RLnDocnqw.roa
File:                     6BtmlVaDH1V4i8ojs8RLnDocnqw.roa (raw, json)
Hash identifier:          a+Oz4QhPTz99vKZtbSitHgmQEwUYeaApMKWe60MLdIw=
Subject key identifier:   E8:1B:66:95:56:83:1F:55:78:8B:CA:23:B3:C4:4B:9C:3A:1C:9E:AC
Certificate issuer:       /CN=9d7bb004201fd05b49d1221fce4759ea70bec684
Certificate serial:       018CC9BC5189E6CDA35D33C87041408ABB0F
Authority key identifier: 9D:7B:B0:04:20:1F:D0:5B:49:D1:22:1F:CE:47:59:EA:70:BE:C6:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nXuwBCAf0FtJ0SIfzkdZ6nC-xoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/af15eb-7a4d-4b0e-bebb-e9bede00c6af/1/6BtmlVaDH1V4i8ojs8RLnDocnqw.roa
Signing time:             Tue 02 Jan 2024 10:33:31 +0000
ROA not before:           Tue 02 Jan 2024 10:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44842
IP address blocks:        185.86.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/af15eb-7a4d-4b0e-bebb-e9bede00c6af/1/nXuwBCAf0FtJ0SIfzkdZ6nC-xoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/af15eb-7a4d-4b0e-bebb-e9bede00c6af/1/nXuwBCAf0FtJ0SIfzkdZ6nC-xoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nXuwBCAf0FtJ0SIfzkdZ6nC-xoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:51:89:e6:cd:a3:5d:33:c8:70:41:40:8a:bb:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d7bb004201fd05b49d1221fce4759ea70bec684
        Validity
            Not Before: Jan  2 10:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e81b669556831f55788bca23b3c44b9c3a1c9eac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:67:c5:3f:f8:5f:f1:41:de:d8:18:fb:37:dd:
                    cc:36:0d:b4:dc:37:9a:8f:10:e0:48:47:b6:9a:9f:
                    5f:2d:3f:f8:96:9f:5c:8c:1d:ff:ca:58:3a:84:d7:
                    97:f2:c5:02:cf:18:80:c4:e0:6c:31:fa:41:77:ab:
                    f3:9d:67:d1:30:46:03:a5:7d:1a:a3:71:58:c4:b6:
                    3b:9e:a1:0c:95:d6:6e:de:4f:8f:00:1b:97:ce:60:
                    b8:c1:c0:c5:ee:02:70:86:22:79:f7:eb:0f:95:df:
                    fa:d0:c0:09:e6:85:16:e8:28:57:1f:60:31:ea:d6:
                    9b:ae:e6:14:6c:0f:ea:15:9a:64:ed:31:67:56:0a:
                    c5:09:2d:b0:f5:f6:53:9f:19:9a:53:3d:df:d1:90:
                    5c:27:62:55:e0:ed:62:42:e3:a8:1e:7a:d0:54:87:
                    5c:84:ea:cc:a9:b9:5b:0c:a2:fb:25:08:67:de:19:
                    49:c9:6f:59:86:fe:9f:af:83:25:68:b7:ed:3b:20:
                    cc:53:b9:f4:f1:7b:7d:1a:cc:50:ae:2e:b8:30:95:
                    73:b9:ed:66:0f:e4:9e:8a:d5:06:c6:ab:cc:77:82:
                    77:2a:cd:d7:ee:c9:dd:bb:66:27:a3:14:b1:1f:fd:
                    6b:e8:d5:b9:ab:ca:3f:5c:77:f5:fc:c7:89:33:f4:
                    dc:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:1B:66:95:56:83:1F:55:78:8B:CA:23:B3:C4:4B:9C:3A:1C:9E:AC
            X509v3 Authority Key Identifier:
                keyid:9D:7B:B0:04:20:1F:D0:5B:49:D1:22:1F:CE:47:59:EA:70:BE:C6:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nXuwBCAf0FtJ0SIfzkdZ6nC-xoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/af15eb-7a4d-4b0e-bebb-e9bede00c6af/1/6BtmlVaDH1V4i8ojs8RLnDocnqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/af15eb-7a4d-4b0e-bebb-e9bede00c6af/1/nXuwBCAf0FtJ0SIfzkdZ6nC-xoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:ea:0c:6e:1b:07:54:f0:b7:21:0d:6e:85:fb:5f:17:36:65:
         fc:cf:6a:97:bc:0a:c1:36:49:3e:d3:2f:53:fc:51:6e:e4:80:
         46:7c:07:1c:41:2d:f0:67:1c:60:7a:01:a2:8b:b5:04:3b:73:
         b0:96:1a:29:ec:9f:d6:a7:4a:f0:bc:6d:35:3b:26:1d:96:b3:
         8c:5b:1d:71:b0:63:5b:f6:bd:0b:fc:2d:d5:4d:3f:cb:a2:81:
         1f:14:c1:2a:08:31:9a:37:e5:d6:b6:d6:c3:62:00:fe:7e:ba:
         4e:9c:04:30:48:12:90:f2:a4:74:80:b4:2b:16:82:a2:f8:04:
         a1:05:55:31:39:d4:aa:06:26:7e:65:77:58:5a:0d:f0:a3:67:
         dc:f0:16:b3:46:7a:ff:d8:a0:8c:84:34:4c:16:c3:f1:69:8e:
         64:02:58:93:c2:74:e2:ee:67:38:e0:b4:77:e8:91:5a:1c:d0:
         ff:49:44:79:8e:23:f4:41:a9:ba:16:ab:46:10:df:86:51:4b:
         63:d0:04:41:53:c7:8a:e7:6c:c4:22:01:78:34:1f:89:e9:89:
         b1:30:d2:e7:d1:ad:d1:1c:fe:c2:f9:f8:ae:ab:14:a4:bd:1d:
         b5:8a:9e:8c:49:5c:37:23:62:5e:e5:94:f7:8d:ff:c8:69:06:
         20:ee:88:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFGJ5s2jXTPIcEFAirsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkN2JiMDA0MjAxZmQwNWI0OWQxMjIxZmNlNDc1OWVhNzBi
ZWM2ODQwHhcNMjQwMTAyMTAzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODFiNjY5NTU2ODMxZjU1Nzg4YmNhMjNiM2M0NGI5YzNhMWM5ZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22fFP/hf8UHe2Bj7N93MNg203Dea
jxDgSEe2mp9fLT/4lp9cjB3/ylg6hNeX8sUCzxiAxOBsMfpBd6vznWfRMEYDpX0a
o3FYxLY7nqEMldZu3k+PABuXzmC4wcDF7gJwhiJ59+sPld/60MAJ5oUW6ChXH2Ax
6tabruYUbA/qFZpk7TFnVgrFCS2w9fZTnxmaUz3f0ZBcJ2JV4O1iQuOoHnrQVIdc
hOrMqblbDKL7JQhn3hlJyW9Zhv6fr4MlaLftOyDMU7n08Xt9GsxQri64MJVzue1m
D+SeitUGxqvMd4J3Ks3X7sndu2YnoxSxH/1r6NW5q8o/XHf1/MeJM/TcOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOgbZpVWgx9VeIvKI7PES5w6HJ6sMB8GA1UdIwQY
MBaAFJ17sAQgH9BbSdEiH85HWepwvsaEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblh1d0JDQWYwRnRKMFNJZnprZFo2bkMteG9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9hZjE1ZWItN2E0ZC00YjBlLWJlYmIt
ZTliZWRlMDBjNmFmLzEvNkJ0bWxWYURIMVY0aThvanM4UkxuRG9jbnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9hZjE1ZWItN2E0ZC00YjBlLWJlYmItZTliZWRlMDBjNmFm
LzEvblh1d0JDQWYwRnRKMFNJZnprZFo2bkMteG9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVYwMA0G
CSqGSIb3DQEBCwUAA4IBAQCI6gxuGwdU8LchDW6F+18XNmX8z2qXvArBNkk+0y9T
/FFu5IBGfAccQS3wZxxgegGii7UEO3Owlhop7J/Wp0rwvG01OyYdlrOMWx1xsGNb
9r0L/C3VTT/LooEfFMEqCDGaN+XWttbDYgD+frpOnAQwSBKQ8qR0gLQrFoKi+ASh
BVUxOdSqBiZ+ZXdYWg3wo2fc8BazRnr/2KCMhDRMFsPxaY5kAliTwnTi7mc44LR3
6JFaHND/SUR5jiP0Qam6FqtGEN+GUUtj0ARBU8eK52zEIgF4NB+J6YmxMNLn0a3R
HP7C+fiuqxSkvR21ip6MSVw3I2Je5ZT3jf/IaQYg7ogj
-----END CERTIFICATE-----