Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/c6ia2iFL7Zt6oVmiYJQ9U4qB8cQ.roa
File:                     c6ia2iFL7Zt6oVmiYJQ9U4qB8cQ.roa (raw, json)
Hash identifier:          8q2b6ZA1IVhLzu27q2etWFpye27ilB7/sw6WEw6ddoA=
Subject key identifier:   73:A8:9A:DA:21:4B:ED:9B:7A:A1:59:A2:60:94:3D:53:8A:81:F1:C4
Certificate issuer:       /CN=10af800ce95bfbb1f473b0b5f9f7b93175930e89
Certificate serial:       018CC726F878D339711347FB5DC88F71929D
Authority key identifier: 10:AF:80:0C:E9:5B:FB:B1:F4:73:B0:B5:F9:F7:B9:31:75:93:0E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EK-ADOlb-7H0c7C1-fe5MXWTDok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/c6ia2iFL7Zt6oVmiYJQ9U4qB8cQ.roa
Signing time:             Mon 01 Jan 2024 22:31:08 +0000
ROA not before:           Mon 01 Jan 2024 22:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24971
IP address blocks:        185.32.160.0/22 maxlen: 24
                          2a00:a5a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/EK-ADOlb-7H0c7C1-fe5MXWTDok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/EK-ADOlb-7H0c7C1-fe5MXWTDok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EK-ADOlb-7H0c7C1-fe5MXWTDok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f8:78:d3:39:71:13:47:fb:5d:c8:8f:71:92:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10af800ce95bfbb1f473b0b5f9f7b93175930e89
        Validity
            Not Before: Jan  1 22:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73a89ada214bed9b7aa159a260943d538a81f1c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f7:02:8f:42:80:d2:7f:56:3a:7b:26:db:3e:
                    42:ff:71:a7:85:90:89:40:b7:0d:00:9d:6b:bc:31:
                    95:07:eb:4f:04:ef:37:1e:89:e9:9f:07:66:88:54:
                    d5:00:f6:d6:21:07:9a:44:3d:fe:7a:d2:2d:b3:68:
                    ae:6e:cb:0b:c6:0c:1e:0d:85:8f:b4:55:e5:67:7a:
                    38:58:96:ca:c8:89:3a:30:c8:4d:2e:20:4e:ad:97:
                    1c:22:ea:87:81:a4:94:f8:56:a1:07:80:72:e3:25:
                    f6:d1:d6:46:2a:e7:f9:a6:2d:6a:c1:f7:f2:36:70:
                    d7:99:b7:1e:09:28:53:95:c5:40:37:5e:80:94:1e:
                    89:95:1b:7a:ce:7c:fc:02:46:8f:91:46:b5:b0:b0:
                    30:5f:81:bf:12:e1:e1:ab:80:e2:67:f9:81:90:b1:
                    26:78:45:1c:d8:ae:b1:0b:f9:16:c3:48:4a:b6:f9:
                    4a:8e:17:d2:b2:6a:fe:91:24:0a:63:ce:85:82:42:
                    31:7a:54:27:07:45:c4:de:56:64:e2:77:2f:c8:13:
                    09:7d:53:72:9c:72:29:7b:55:0a:20:99:b7:cf:fc:
                    c8:40:c3:36:bb:2f:07:1d:75:39:6b:7b:48:eb:f1:
                    f9:37:98:6a:d5:44:97:3b:de:81:6a:28:57:df:f4:
                    55:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:A8:9A:DA:21:4B:ED:9B:7A:A1:59:A2:60:94:3D:53:8A:81:F1:C4
            X509v3 Authority Key Identifier:
                keyid:10:AF:80:0C:E9:5B:FB:B1:F4:73:B0:B5:F9:F7:B9:31:75:93:0E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EK-ADOlb-7H0c7C1-fe5MXWTDok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/c6ia2iFL7Zt6oVmiYJQ9U4qB8cQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/EK-ADOlb-7H0c7C1-fe5MXWTDok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.160.0/22
                IPv6:
                  2a00:a5a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:fb:1f:15:fa:df:ba:1b:b3:f3:b5:3a:0d:b6:af:d3:53:42:
         7b:28:70:f0:9b:1f:bc:80:12:ea:af:4a:0e:3e:e6:23:4c:f1:
         77:77:58:0d:7a:71:24:04:62:78:84:d5:40:06:37:d0:47:a1:
         e1:07:78:59:57:e3:83:e9:a5:8b:86:0e:60:85:2b:52:5f:c4:
         a9:8f:ad:a8:bc:1e:3a:45:b4:f5:b2:69:2d:c0:1f:b6:c4:f0:
         b0:7b:80:80:6f:a9:a0:81:06:36:7d:d0:8f:ab:d6:72:d9:2a:
         10:96:ea:65:54:13:d2:9a:61:25:ed:c4:33:88:9f:ec:06:59:
         dd:68:a7:81:91:aa:d5:2a:a7:46:bc:eb:72:bc:01:55:ad:2b:
         c5:c8:bf:ef:6f:f0:c3:8b:00:1d:9d:70:2e:ec:5b:20:e5:58:
         b5:04:65:d0:fb:a0:d5:f1:a5:59:5e:21:34:5c:9d:2f:e8:16:
         50:ac:7d:ea:c7:fc:19:0e:11:fb:74:0a:be:93:ce:ea:c4:59:
         94:8d:1c:63:be:dd:a4:62:e9:cd:5f:69:c3:44:51:88:53:dc:
         25:ee:69:33:ef:eb:65:dd:ec:72:ee:81:a5:fa:b5:8a:64:3e:
         06:dd:5a:47:11:9f:0b:0d:3b:70:a7:e1:03:16:3c:99:2f:c6:
         ed:51:64:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJvh40zlxE0f7XciPcZKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYWY4MDBjZTk1YmZiYjFmNDczYjBiNWY5ZjdiOTMxNzU5
MzBlODkwHhcNMjQwMTAxMjIzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2E4OWFkYTIxNGJlZDliN2FhMTU5YTI2MDk0M2Q1MzhhODFmMWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfcCj0KA0n9WOnsm2z5C/3GnhZCJ
QLcNAJ1rvDGVB+tPBO83HonpnwdmiFTVAPbWIQeaRD3+etIts2iubssLxgweDYWP
tFXlZ3o4WJbKyIk6MMhNLiBOrZccIuqHgaSU+FahB4By4yX20dZGKuf5pi1qwffy
NnDXmbceCShTlcVAN16AlB6JlRt6znz8AkaPkUa1sLAwX4G/EuHhq4DiZ/mBkLEm
eEUc2K6xC/kWw0hKtvlKjhfSsmr+kSQKY86FgkIxelQnB0XE3lZk4ncvyBMJfVNy
nHIpe1UKIJm3z/zIQMM2uy8HHXU5a3tI6/H5N5hq1USXO96BaihX3/RVHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHOomtohS+2beqFZomCUPVOKgfHEMB8GA1UdIwQY
MBaAFBCvgAzpW/ux9HOwtfn3uTF1kw6JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUstQURPbGItN0gwYzdDMS1mZTVNWFdURG9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85YTc4ZTYtM2JmNy00MmI2LThjYmYt
MTE5OTQyZjNkN2E3LzEvYzZpYTJpRkw3WnQ2b1ZtaVlKUTlVNHFCOGNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85YTc4ZTYtM2JmNy00MmI2LThjYmYtMTE5OTQyZjNkN2E3
LzEvRUstQURPbGItN0gwYzdDMS1mZTVNWFdURG9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSCgMA0E
AgACMAcDBQAqAKWgMA0GCSqGSIb3DQEBCwUAA4IBAQCW+x8V+t+6G7PztToNtq/T
U0J7KHDwmx+8gBLqr0oOPuYjTPF3d1gNenEkBGJ4hNVABjfQR6HhB3hZV+OD6aWL
hg5ghStSX8Spj62ovB46RbT1smktwB+2xPCwe4CAb6mggQY2fdCPq9Zy2SoQlupl
VBPSmmEl7cQziJ/sBlndaKeBkarVKqdGvOtyvAFVrSvFyL/vb/DDiwAdnXAu7Fsg
5Vi1BGXQ+6DV8aVZXiE0XJ0v6BZQrH3qx/wZDhH7dAq+k87qxFmUjRxjvt2kYunN
X2nDRFGIU9wl7mkz7+tl3exy7oGl+rWKZD4G3VpHEZ8LDTtwp+EDFjyZL8btUWT9
-----END CERTIFICATE-----