Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/6oRsURxN5_UTb8CLDJ3qCBrzXZA.roa
File:                     6oRsURxN5_UTb8CLDJ3qCBrzXZA.roa (raw, json)
Hash identifier:          p6NKwlW2EZlxKZ4pE6OBdW9lzfkKHb+uzGSfcC76cwQ=
Subject key identifier:   EA:84:6C:51:1C:4D:E7:F5:13:6F:C0:8B:0C:9D:EA:08:1A:F3:5D:90
Certificate issuer:       /CN=de7c82b2276cbdf130ccad046b65feab2c27ed49
Certificate serial:       018CC26D439523BC8A5C99E03B07FC3C5791
Authority key identifier: DE:7C:82:B2:27:6C:BD:F1:30:CC:AD:04:6B:65:FE:AB:2C:27:ED:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3nyCsidsvfEwzK0Ea2X-qywn7Uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/6oRsURxN5_UTb8CLDJ3qCBrzXZA.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49423
IP address blocks:        176.118.185.0/24 maxlen: 24
                          2a0d:ca47:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/3nyCsidsvfEwzK0Ea2X-qywn7Uk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/3nyCsidsvfEwzK0Ea2X-qywn7Uk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3nyCsidsvfEwzK0Ea2X-qywn7Uk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:43:95:23:bc:8a:5c:99:e0:3b:07:fc:3c:57:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de7c82b2276cbdf130ccad046b65feab2c27ed49
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea846c511c4de7f5136fc08b0c9dea081af35d90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:14:44:c6:a4:2c:67:4e:94:83:d8:a6:81:50:
                    34:a8:c5:f1:41:0d:96:76:b0:b9:61:a3:9f:c4:31:
                    67:e5:95:aa:9e:d2:82:a7:bd:ea:fe:c2:1e:fe:b3:
                    a0:16:97:00:d0:26:68:d3:82:bd:ba:02:6f:50:35:
                    c8:6e:23:90:cb:2f:aa:7d:dd:8a:89:59:a2:7e:05:
                    f3:d0:ca:ad:c4:21:01:2a:7f:d5:f2:cb:e2:4b:5e:
                    24:64:32:1a:58:1a:f3:d1:ad:48:1c:f7:35:b7:57:
                    b9:52:31:a1:a9:01:1b:1e:98:f7:73:bd:cd:18:0e:
                    67:ba:1c:bb:88:bb:15:73:91:94:3f:a8:20:de:2a:
                    ea:7a:bb:7b:ed:1f:7c:f3:01:51:bd:f0:c0:28:a7:
                    ed:12:77:37:f8:5d:41:54:f7:ca:91:4b:7b:54:6f:
                    29:d9:0f:68:73:c9:a7:88:6b:aa:38:c7:54:07:99:
                    98:7d:37:9b:7c:7e:a8:d7:16:20:a1:07:87:e7:85:
                    3b:e7:9e:19:ba:f8:d5:40:59:6f:84:c4:ff:78:31:
                    c0:02:c8:2b:5d:81:64:d6:62:f8:a8:5c:22:3c:13:
                    7f:24:3e:e2:6a:46:59:31:e6:10:c1:b2:76:ae:e7:
                    94:41:27:32:48:a7:ae:ac:0b:b8:26:92:a3:51:c4:
                    98:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:84:6C:51:1C:4D:E7:F5:13:6F:C0:8B:0C:9D:EA:08:1A:F3:5D:90
            X509v3 Authority Key Identifier:
                keyid:DE:7C:82:B2:27:6C:BD:F1:30:CC:AD:04:6B:65:FE:AB:2C:27:ED:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3nyCsidsvfEwzK0Ea2X-qywn7Uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/6oRsURxN5_UTb8CLDJ3qCBrzXZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/3nyCsidsvfEwzK0Ea2X-qywn7Uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.185.0/24
                IPv6:
                  2a0d:ca47:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:eb:3e:7b:77:b8:12:3e:4e:ce:cc:fc:74:3c:73:05:42:6f:
         a2:b3:4c:01:9a:00:e0:8c:93:cf:15:88:22:b1:51:3d:96:d3:
         d9:1d:cd:85:a1:6b:73:bd:de:7e:c0:fe:f7:f6:14:83:c1:8f:
         2d:6e:10:c1:6d:36:c5:3d:2d:6e:3a:b5:22:06:50:11:45:89:
         c5:de:ac:61:95:d6:a2:c5:47:26:f3:3f:06:53:4b:12:ba:74:
         95:9c:53:45:da:57:00:c8:9e:24:f9:d0:97:ab:20:6d:5c:55:
         86:38:5b:f7:c7:f3:c3:73:83:5f:7d:b8:a0:12:fd:a3:cd:20:
         c3:1e:e6:e9:53:1d:9c:7d:86:0a:07:cb:f9:85:84:6f:43:bc:
         79:f1:30:2c:d6:65:81:74:0b:d1:8e:90:d9:54:96:2e:f9:41:
         d6:e2:a9:8e:bc:f9:da:24:4b:ae:53:83:eb:99:41:65:86:2e:
         1f:39:b4:7e:7e:0f:67:c2:00:04:a7:37:ee:e1:03:21:d7:e4:
         af:d8:5b:45:d2:57:8d:e9:42:b1:af:55:83:6c:ff:9b:9e:b1:
         39:c6:30:ed:75:a2:3c:a6:08:71:3d:17:82:7c:ad:c9:87:7d:
         2b:74:7a:06:c4:4d:e2:2c:17:10:96:6f:d1:61:75:a7:df:91:
         d0:7c:5e:75
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbUOVI7yKXJngOwf8PFeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlN2M4MmIyMjc2Y2JkZjEzMGNjYWQwNDZiNjVmZWFiMmMy
N2VkNDkwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTg0NmM1MTFjNGRlN2Y1MTM2ZmMwOGIwYzlkZWEwODFhZjM1ZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBRExqQsZ06Ug9imgVA0qMXxQQ2W
drC5YaOfxDFn5ZWqntKCp73q/sIe/rOgFpcA0CZo04K9ugJvUDXIbiOQyy+qfd2K
iVmifgXz0MqtxCEBKn/V8sviS14kZDIaWBrz0a1IHPc1t1e5UjGhqQEbHpj3c73N
GA5nuhy7iLsVc5GUP6gg3irqert77R988wFRvfDAKKftEnc3+F1BVPfKkUt7VG8p
2Q9oc8mniGuqOMdUB5mYfTebfH6o1xYgoQeH54U7554ZuvjVQFlvhMT/eDHAAsgr
XYFk1mL4qFwiPBN/JD7iakZZMeYQwbJ2rueUQScySKeurAu4JpKjUcSYGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOqEbFEcTef1E2/Aiwyd6gga812QMB8GA1UdIwQY
MBaAFN58grInbL3xMMytBGtl/qssJ+1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM255Q3NpZHN2ZkV3ekswRWEyWC1xeXduN1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi82ZmE1ZGYtZmI5Zi00YWU1LWJhODkt
N2ZhZjdjMWRlN2IwLzEvNm9Sc1VSeE41X1VUYjhDTERKM3FDQnJ6WFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi82ZmE1ZGYtZmI5Zi00YWU1LWJhODktN2ZhZjdjMWRlN2Iw
LzEvM255Q3NpZHN2ZkV3ekswRWEyWC1xeXduN1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsHa5MA8E
AgACMAkDBwAqDcpHAAIwDQYJKoZIhvcNAQELBQADggEBAIzrPnt3uBI+Ts7M/HQ8
cwVCb6KzTAGaAOCMk88ViCKxUT2W09kdzYWha3O93n7A/vf2FIPBjy1uEMFtNsU9
LW46tSIGUBFFicXerGGV1qLFRybzPwZTSxK6dJWcU0XaVwDIniT50JerIG1cVYY4
W/fH88Nzg199uKAS/aPNIMMe5ulTHZx9hgoHy/mFhG9DvHnxMCzWZYF0C9GOkNlU
li75QdbiqY68+dokS65Tg+uZQWWGLh85tH5+D2fCAASnN+7hAyHX5K/YW0XSV43p
QrGvVYNs/5uesTnGMO11ojymCHE9F4J8rcmHfSt0egbETeIsFxCWb9FhdaffkdB8
XnU=
-----END CERTIFICATE-----