Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/OPpKb5ykcXvr2dR3-oAIilutUqg.roa
File:                     OPpKb5ykcXvr2dR3-oAIilutUqg.roa (raw, json)
Hash identifier:          ZQX74oT0uhvYBIu81pDao4YLjXrB68MifDjwXZGPBew=
Subject key identifier:   38:FA:4A:6F:9C:A4:71:7B:EB:D9:D4:77:FA:80:08:8A:5B:AD:52:A8
Certificate issuer:       /CN=6ba3186597742a926cd26504e1ed76f8543fdb26
Certificate serial:       018D0D615E8581878F4BE5EC8886EAEBA98B
Authority key identifier: 6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/OPpKb5ykcXvr2dR3-oAIilutUqg.roa
Signing time:             Mon 15 Jan 2024 13:48:21 +0000
ROA not before:           Mon 15 Jan 2024 13:48:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204175
IP address blocks:        185.219.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:61:5e:85:81:87:8f:4b:e5:ec:88:86:ea:eb:a9:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ba3186597742a926cd26504e1ed76f8543fdb26
        Validity
            Not Before: Jan 15 13:48:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38fa4a6f9ca4717bebd9d477fa80088a5bad52a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e8:d5:6b:a8:a8:01:ac:4e:59:ab:45:b9:03:
                    47:ee:ad:a7:ff:24:bf:72:6a:70:04:a2:97:73:82:
                    83:5c:1a:41:bb:c1:f1:55:10:ad:53:2b:19:0a:b3:
                    78:17:bc:a6:37:ee:59:09:77:98:e4:a9:11:72:59:
                    6f:75:26:c8:01:17:e1:64:08:4b:9e:6e:5c:3d:fb:
                    b5:28:bf:b9:85:fd:fd:a5:e6:2a:47:c7:f8:62:8b:
                    f8:f7:1d:20:65:f3:dc:44:b9:10:af:70:1a:ab:13:
                    3d:95:88:be:6c:fd:6c:80:b4:87:c0:71:98:fb:f5:
                    32:42:11:85:97:80:3f:1b:01:32:c9:e1:1e:5c:de:
                    39:2a:c4:44:e0:12:5c:e5:92:ba:f4:41:96:f8:80:
                    e5:b6:74:39:12:cf:a7:4f:dc:53:58:aa:d3:69:f9:
                    4e:24:91:44:34:4d:ec:b7:bd:31:2d:67:eb:2c:69:
                    a3:8f:3d:25:54:65:67:34:8b:57:b3:24:34:b5:1b:
                    fc:ff:53:70:e9:3a:0c:5a:90:f1:d5:4a:18:c0:2f:
                    cc:44:1c:22:1e:98:c3:45:3f:e4:03:c4:08:54:6c:
                    b9:7b:20:44:23:1d:a0:10:d1:b5:bf:be:c4:f6:9c:
                    38:a3:ec:36:29:cf:0b:3b:3e:fb:e6:61:78:31:d5:
                    52:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:FA:4A:6F:9C:A4:71:7B:EB:D9:D4:77:FA:80:08:8A:5B:AD:52:A8
            X509v3 Authority Key Identifier:
                keyid:6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/OPpKb5ykcXvr2dR3-oAIilutUqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:81:b4:66:d2:fc:f6:db:7b:87:0b:20:d8:d9:48:3b:be:c8:
         83:80:14:17:c7:79:b1:24:2b:90:f4:4c:2a:8a:61:17:38:8f:
         4f:60:d3:d6:92:94:fa:c2:42:92:d8:73:fa:7b:0f:db:f2:d7:
         28:f7:2d:3e:53:e8:e9:1d:11:d0:a8:af:e4:6c:d3:2f:ea:7a:
         3c:c1:7a:9f:d7:cd:d0:1e:35:ff:13:95:da:3f:b2:27:28:5b:
         31:12:d6:11:e2:12:4b:f9:83:88:16:57:9f:e0:c8:d9:48:41:
         f4:21:cd:76:d2:2a:c5:92:f5:0f:a9:4f:1b:53:90:27:40:62:
         27:c6:50:4a:1c:f8:04:12:64:98:86:90:c7:6e:99:61:56:76:
         5f:bb:6c:45:2a:7b:08:55:32:53:66:37:22:91:a4:c6:3a:01:
         2d:4e:4b:1b:7a:03:14:eb:ee:4f:a2:27:49:34:28:19:09:e8:
         d4:c0:04:14:17:93:96:6b:b4:d8:1c:6f:b5:19:5f:86:1f:94:
         80:57:67:40:d0:52:36:f1:bb:7f:a2:94:df:8b:78:4e:1a:29:
         12:13:c0:c6:65:41:b7:04:3d:72:c9:b1:41:4f:00:13:7b:53:
         ab:85:aa:e0:ac:c7:08:1b:04:ac:2c:44:af:50:af:75:b4:b7:
         09:c9:88:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0NYV6FgYePS+XsiIbq66mLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYTMxODY1OTc3NDJhOTI2Y2QyNjUwNGUxZWQ3NmY4NTQz
ZmRiMjYwHhcNMjQwMTE1MTM0ODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGZhNGE2ZjljYTQ3MTdiZWJkOWQ0NzdmYTgwMDg4YTViYWQ1MmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+jVa6ioAaxOWatFuQNH7q2n/yS/
cmpwBKKXc4KDXBpBu8HxVRCtUysZCrN4F7ymN+5ZCXeY5KkRcllvdSbIARfhZAhL
nm5cPfu1KL+5hf39peYqR8f4Yov49x0gZfPcRLkQr3AaqxM9lYi+bP1sgLSHwHGY
+/UyQhGFl4A/GwEyyeEeXN45KsRE4BJc5ZK69EGW+IDltnQ5Es+nT9xTWKrTaflO
JJFENE3st70xLWfrLGmjjz0lVGVnNItXsyQ0tRv8/1Nw6ToMWpDx1UoYwC/MRBwi
HpjDRT/kA8QIVGy5eyBEIx2gENG1v77E9pw4o+w2Kc8LOz775mF4MdVS/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDj6Sm+cpHF769nUd/qACIpbrVKoMB8GA1UdIwQY
MBaAFGujGGWXdCqSbNJlBOHtdvhUP9smMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2Mt
YmMwMDdmMmRhYzI0LzEvT1BwS2I1eWtjWHZyMmRSMy1vQUlpbHV0VXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2MtYmMwMDdmMmRhYzI0
LzEvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudvbMA0G
CSqGSIb3DQEBCwUAA4IBAQBfgbRm0vz223uHCyDY2Ug7vsiDgBQXx3mxJCuQ9Ewq
imEXOI9PYNPWkpT6wkKS2HP6ew/b8tco9y0+U+jpHRHQqK/kbNMv6no8wXqf183Q
HjX/E5XaP7InKFsxEtYR4hJL+YOIFlef4MjZSEH0Ic120irFkvUPqU8bU5AnQGIn
xlBKHPgEEmSYhpDHbplhVnZfu2xFKnsIVTJTZjcikaTGOgEtTksbegMU6+5PoidJ
NCgZCejUwAQUF5OWa7TYHG+1GV+GH5SAV2dA0FI28bt/opTfi3hOGikSE8DGZUG3
BD1yybFBTwATe1OrhargrMcIGwSsLESvUK91tLcJyYgE
-----END CERTIFICATE-----