Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/xGTB59bWIq2FOsizUgIzb73X3lc.roa
File:                     xGTB59bWIq2FOsizUgIzb73X3lc.roa (raw, json)
Hash identifier:          2DvGaThSAv/jTZnfY012DIi160OYW0ZL7D66E+e1tDc=
Subject key identifier:   C4:64:C1:E7:D6:D6:22:AD:85:3A:C8:B3:52:02:33:6F:BD:D7:DE:57
Certificate issuer:       /CN=6fa86d1c1676a59a46acf37336192e985cff0e5b
Certificate serial:       018CC5DC2960BAFC446C6D41D91E93E74C89
Authority key identifier: 6F:A8:6D:1C:16:76:A5:9A:46:AC:F3:73:36:19:2E:98:5C:FF:0E:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/xGTB59bWIq2FOsizUgIzb73X3lc.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200187
IP address blocks:        80.94.82.0/24 maxlen: 24
                          185.35.144.0/22 maxlen: 22
                          2a04:4fe0::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:29:60:ba:fc:44:6c:6d:41:d9:1e:93:e7:4c:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa86d1c1676a59a46acf37336192e985cff0e5b
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c464c1e7d6d622ad853ac8b35202336fbdd7de57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f4:aa:7c:df:77:89:84:7d:ff:35:b7:e3:74:
                    40:9d:fc:28:67:65:0c:42:a5:d7:28:2d:9b:46:60:
                    7d:18:ba:b2:1a:7c:bc:3f:e2:03:70:67:b6:45:e3:
                    e0:ea:85:39:7c:83:67:59:cc:7b:28:27:66:2a:54:
                    5c:5c:98:ed:1e:f3:4e:d0:10:7d:09:f4:a2:ef:ac:
                    10:be:3c:0c:15:d3:f8:7f:fb:90:bc:ee:0e:88:1e:
                    1c:68:b9:38:af:a4:7b:18:1c:dd:b5:6a:df:dd:30:
                    3a:74:20:fd:5f:04:09:0f:e8:d9:e1:62:f7:a6:04:
                    75:90:26:1f:82:00:08:20:52:61:22:a2:e1:f8:e6:
                    ab:cb:c5:ae:ca:a0:27:a3:0e:33:29:ad:9a:a9:aa:
                    65:78:b8:3d:37:fe:88:30:48:61:d4:11:d4:4b:16:
                    32:96:b0:8d:56:d0:fb:3a:6b:d4:0f:41:6a:48:e3:
                    9f:37:6d:ee:8e:a5:e2:47:ba:e7:86:04:e3:2f:e7:
                    35:b4:45:13:6d:47:c3:46:2d:05:4d:5e:56:53:9a:
                    a8:9e:a4:56:e7:26:7e:29:09:db:9e:1e:61:48:73:
                    78:45:2d:7b:0b:e9:08:8e:ac:11:9b:2d:38:7d:32:
                    8a:16:b7:ac:e6:ee:84:88:0d:c4:96:0a:93:72:8b:
                    80:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:64:C1:E7:D6:D6:22:AD:85:3A:C8:B3:52:02:33:6F:BD:D7:DE:57
            X509v3 Authority Key Identifier:
                keyid:6F:A8:6D:1C:16:76:A5:9A:46:AC:F3:73:36:19:2E:98:5C:FF:0E:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/xGTB59bWIq2FOsizUgIzb73X3lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.94.82.0/24
                  185.35.144.0/22
                IPv6:
                  2a04:4fe0::/30

    Signature Algorithm: sha256WithRSAEncryption
         12:93:a0:27:0f:7d:42:14:7e:dd:15:82:30:66:ae:48:de:57:
         b4:1a:36:90:6f:d0:4c:e2:d3:3e:06:7d:af:c8:9b:14:f4:2f:
         43:d3:1e:f9:94:0c:e9:d0:a1:e9:e2:81:f1:9e:70:63:8a:ff:
         54:fe:26:dd:4c:57:6d:62:e6:3d:0e:45:0e:e1:77:4c:fe:2f:
         9a:55:20:18:df:0e:69:69:db:92:74:12:e7:de:8c:6d:4f:a3:
         f2:f6:bb:df:99:46:32:87:76:a4:6c:5b:78:a5:0a:3c:0c:b6:
         3f:93:65:69:dc:9e:e2:91:42:c6:1b:a6:4d:da:63:98:c1:a5:
         8d:34:11:3f:ba:87:a3:ba:57:fe:be:1c:2e:c8:08:bd:fa:c5:
         a7:03:eb:4b:3f:32:b1:da:70:f5:b1:44:86:30:e5:42:b7:57:
         f6:71:27:31:cd:74:b8:9f:0a:94:da:02:55:9a:c9:76:b3:8f:
         f9:ed:4e:73:f3:d5:0e:18:ae:2b:59:2c:d3:03:95:c5:14:eb:
         11:7f:36:33:d1:fe:52:4d:f6:5e:a3:35:f4:6c:a1:ab:1c:a4:
         7f:57:74:76:4e:87:96:0f:d4:be:dd:3e:f1:27:7f:c4:6d:1d:
         8c:de:59:2d:82:70:46:cb:ea:1a:74:20:c3:39:52:c5:c3:10:
         e1:98:3d:50
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF3ClguvxEbG1B2R6T50yJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTg2ZDFjMTY3NmE1OWE0NmFjZjM3MzM2MTkyZTk4NWNm
ZjBlNWIwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDY0YzFlN2Q2ZDYyMmFkODUzYWM4YjM1MjAyMzM2ZmJkZDdkZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfSqfN93iYR9/zW343RAnfwoZ2UM
QqXXKC2bRmB9GLqyGny8P+IDcGe2RePg6oU5fINnWcx7KCdmKlRcXJjtHvNO0BB9
CfSi76wQvjwMFdP4f/uQvO4OiB4caLk4r6R7GBzdtWrf3TA6dCD9XwQJD+jZ4WL3
pgR1kCYfggAIIFJhIqLh+Oary8WuyqAnow4zKa2aqapleLg9N/6IMEhh1BHUSxYy
lrCNVtD7OmvUD0FqSOOfN23ujqXiR7rnhgTjL+c1tEUTbUfDRi0FTV5WU5qonqRW
5yZ+KQnbnh5hSHN4RS17C+kIjqwRmy04fTKKFres5u6EiA3ElgqTcouAXwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMRkwefW1iKthTrIs1ICM2+9195XMB8GA1UdIwQY
MBaAFG+obRwWdqWaRqzzczYZLphc/w5bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZodEhCWjJwWnBHclBOek5oa3VtRnpfRGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hZmUzNzMtZTViYy00MDEwLThhZDYt
NmFhYjJiMWI5MjJjLzEveEdUQjU5YldJcTJGT3NpelVnSXpiNzNYM2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hZmUzNzMtZTViYy00MDEwLThhZDYtNmFhYjJiMWI5MjJj
LzEvYjZodEhCWjJwWnBHclBOek5oa3VtRnpfRGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAUF5SAwQC
uSOQMA0EAgACMAcDBQIqBE/gMA0GCSqGSIb3DQEBCwUAA4IBAQASk6AnD31CFH7d
FYIwZq5I3le0GjaQb9BM4tM+Bn2vyJsU9C9D0x75lAzp0KHp4oHxnnBjiv9U/ibd
TFdtYuY9DkUO4XdM/i+aVSAY3w5paduSdBLn3oxtT6Py9rvfmUYyh3akbFt4pQo8
DLY/k2Vp3J7ikULGG6ZN2mOYwaWNNBE/uoejulf+vhwuyAi9+sWnA+tLPzKx2nD1
sUSGMOVCt1f2cScxzXS4nwqU2gJVmsl2s4/57U5z89UOGK4rWSzTA5XFFOsRfzYz
0f5STfZeozX0bKGrHKR/V3R2ToeWD9S+3T7xJ3/EbR2M3lktgnBGy+oadCDDOVLF
wxDhmD1Q
-----END CERTIFICATE-----