Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/aL4nJN9PPGKxsFsQ0vICblhJsRs.roa
File:                     aL4nJN9PPGKxsFsQ0vICblhJsRs.roa (raw, json)
Hash identifier:          Z3A73uR4k4x7GkOnpRIDXQMebGCrBLzHMZWZbzcZcL8=
Subject key identifier:   68:BE:27:24:DF:4F:3C:62:B1:B0:5B:10:D2:F2:02:6E:58:49:B1:1B
Certificate issuer:       /CN=932e8078ea420afc1a78bf922a9a2f274679c8a8
Certificate serial:       018CC348A73C5B286BC4F9D389512F0483CE
Authority key identifier: 93:2E:80:78:EA:42:0A:FC:1A:78:BF:92:2A:9A:2F:27:46:79:C8:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/aL4nJN9PPGKxsFsQ0vICblhJsRs.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35657
IP address blocks:        185.231.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a7:3c:5b:28:6b:c4:f9:d3:89:51:2f:04:83:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=932e8078ea420afc1a78bf922a9a2f274679c8a8
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68be2724df4f3c62b1b05b10d2f2026e5849b11b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d2:b0:25:80:3b:e5:8b:be:a1:81:57:1b:c1:
                    df:2f:bd:05:38:2e:5e:7a:1e:94:a3:a4:9f:54:9e:
                    f3:3a:8f:aa:f0:95:28:a8:de:ca:17:2a:53:4d:f8:
                    0e:68:62:4d:f7:c5:2e:8a:a1:4a:3f:db:f2:17:a4:
                    25:70:8c:55:5e:b9:42:de:c0:47:98:d5:82:2e:c5:
                    81:98:ea:6c:51:bb:4b:22:aa:20:45:85:9a:5b:c2:
                    f0:22:6c:87:ca:82:ff:fe:d3:bb:9f:93:df:93:08:
                    83:30:b0:99:13:58:91:90:d6:05:8a:b1:4b:18:40:
                    f6:5b:74:b2:bb:f0:81:07:91:bf:6c:2e:02:dc:00:
                    b7:0d:3c:4b:c9:78:7a:f3:c3:d0:ce:cd:bf:fb:55:
                    1f:70:09:01:a4:77:54:9f:6c:3f:f0:2b:b2:63:39:
                    f0:80:e5:9d:5f:03:28:e6:17:33:b4:12:c0:f0:62:
                    4a:b6:d3:df:30:88:5e:83:46:b0:36:a2:79:08:79:
                    2f:88:7c:02:9e:d2:7b:85:10:89:dc:cd:cf:53:08:
                    1f:eb:c7:47:a9:29:92:36:76:31:19:ed:df:ed:c7:
                    b2:bb:6e:2b:78:72:9e:71:b9:00:f7:07:5e:33:4f:
                    11:88:58:8e:fb:64:73:b9:9f:06:b4:20:d3:cf:90:
                    4e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:BE:27:24:DF:4F:3C:62:B1:B0:5B:10:D2:F2:02:6E:58:49:B1:1B
            X509v3 Authority Key Identifier:
                keyid:93:2E:80:78:EA:42:0A:FC:1A:78:BF:92:2A:9A:2F:27:46:79:C8:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/aL4nJN9PPGKxsFsQ0vICblhJsRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:7f:1a:6c:23:82:f4:35:e9:11:01:9b:35:d8:86:01:bc:34:
         ef:36:8b:f9:5c:c1:9a:24:af:67:df:1c:37:f0:ca:86:2c:ca:
         c5:f8:d7:54:8b:b0:1a:ac:65:ea:ee:34:9b:33:38:f9:80:4a:
         bf:d4:ca:ee:6c:8a:57:b6:91:47:09:b6:2a:8e:62:3e:63:0f:
         97:a5:e1:c3:33:f7:90:28:65:ea:46:b0:8e:8c:10:c0:8e:ef:
         8b:7a:4e:d8:74:78:9c:3a:36:06:b1:bb:fc:c8:17:00:ab:2a:
         48:a2:d8:b9:11:21:51:02:35:23:bd:18:cb:fd:c2:99:8d:fb:
         a5:c3:b1:b2:68:d0:fb:52:7d:4a:d6:7a:29:ef:e6:cc:ca:6c:
         64:52:99:5f:00:a4:84:6b:4f:57:c4:97:6e:5d:3b:1a:7b:ca:
         e2:9e:01:a7:d2:62:be:68:27:af:99:b1:88:79:48:f0:8f:57:
         dd:4d:24:27:c6:30:17:85:8e:33:fb:b1:f9:5f:60:a5:ab:a0:
         55:2d:c8:c2:23:5c:a6:36:be:93:b3:e1:ab:dd:47:39:4c:50:
         79:97:43:b0:2b:7b:ab:83:e4:0c:74:1f:17:75:26:34:91:a0:
         67:b1:a7:c5:d4:26:dc:4e:4b:0e:d8:8a:c0:95:5c:9d:7a:20:
         b2:f4:90:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKc8WyhrxPnTiVEvBIPOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMmU4MDc4ZWE0MjBhZmMxYTc4YmY5MjJhOWEyZjI3NDY3
OWM4YTgwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGJlMjcyNGRmNGYzYzYyYjFiMDViMTBkMmYyMDI2ZTU4NDliMTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdKwJYA75Yu+oYFXG8HfL70FOC5e
eh6Uo6SfVJ7zOo+q8JUoqN7KFypTTfgOaGJN98UuiqFKP9vyF6QlcIxVXrlC3sBH
mNWCLsWBmOpsUbtLIqogRYWaW8LwImyHyoL//tO7n5PfkwiDMLCZE1iRkNYFirFL
GED2W3Syu/CBB5G/bC4C3AC3DTxLyXh688PQzs2/+1UfcAkBpHdUn2w/8CuyYznw
gOWdXwMo5hcztBLA8GJKttPfMIheg0awNqJ5CHkviHwCntJ7hRCJ3M3PUwgf68dH
qSmSNnYxGe3f7ceyu24reHKecbkA9wdeM08RiFiO+2RzuZ8GtCDTz5BOUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGi+JyTfTzxisbBbENLyAm5YSbEbMB8GA1UdIwQY
MBaAFJMugHjqQgr8Gni/kiqaLydGecioMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3k2QWVPcENDdndhZUwtU0twb3ZKMFo1eUtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81ZWVjZjMtNjM3Zi00NTBjLTg0ODkt
MzRiYTA3MzhhMzQxLzEvYUw0bkpOOVBQR0t4c0ZzUTB2SUNibGhKc1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81ZWVjZjMtNjM3Zi00NTBjLTg0ODktMzRiYTA3MzhhMzQx
LzEva3k2QWVPcENDdndhZUwtU0twb3ZKMFo1eUtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuecGMA0G
CSqGSIb3DQEBCwUAA4IBAQAqfxpsI4L0NekRAZs12IYBvDTvNov5XMGaJK9n3xw3
8MqGLMrF+NdUi7AarGXq7jSbMzj5gEq/1MrubIpXtpFHCbYqjmI+Yw+XpeHDM/eQ
KGXqRrCOjBDAju+Lek7YdHicOjYGsbv8yBcAqypIoti5ESFRAjUjvRjL/cKZjful
w7GyaND7Un1K1nop7+bMymxkUplfAKSEa09XxJduXTsae8ringGn0mK+aCevmbGI
eUjwj1fdTSQnxjAXhY4z+7H5X2Clq6BVLcjCI1ymNr6Ts+Gr3Uc5TFB5l0OwK3ur
g+QMdB8XdSY0kaBnsafF1CbcTksO2IrAlVydeiCy9JDy
-----END CERTIFICATE-----