Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/6dH0aE9YoHnrvcV-_qXTHANBCjM.roa
File:                     6dH0aE9YoHnrvcV-_qXTHANBCjM.roa (raw, json)
Hash identifier:          89x/KKCo2rh2fmFNV7EDs2EqIkiY6nCibMJTVDs+JVw=
Subject key identifier:   E9:D1:F4:68:4F:58:A0:79:EB:BD:C5:7E:FE:A5:D3:1C:03:41:0A:33
Certificate issuer:       /CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
Certificate serial:       0190A2C0FA491C3055D09AAAE030BC5DD8FD
Authority key identifier: 7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/6dH0aE9YoHnrvcV-_qXTHANBCjM.roa
Signing time:             Thu 11 Jul 2024 17:04:34 +0000
ROA not before:           Thu 11 Jul 2024 17:04:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.198.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a2:c0:fa:49:1c:30:55:d0:9a:aa:e0:30:bc:5d:d8:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
        Validity
            Not Before: Jul 11 17:04:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9d1f4684f58a079ebbdc57efea5d31c03410a33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:fb:69:82:70:13:4e:46:27:33:15:66:a4:71:
                    21:dc:d5:cd:aa:8d:f4:b8:b2:10:f7:a4:a6:96:e7:
                    f3:d2:61:b1:fd:0c:c1:9f:43:67:21:f6:c9:d0:d1:
                    e7:c5:9d:4f:66:4e:04:31:7b:47:3c:ca:f0:f0:ca:
                    ef:20:f2:e8:7a:82:49:fe:8a:f6:83:98:38:31:93:
                    ff:41:13:13:fe:10:22:2f:b0:41:a4:ed:55:69:ba:
                    0d:1e:0b:57:67:84:97:ef:e0:e2:e1:dc:ba:20:8a:
                    6a:f6:2f:c3:3f:f9:7e:46:97:59:c9:16:55:ac:81:
                    f7:66:9c:30:6a:28:c2:1f:03:a2:42:3c:36:b7:c2:
                    dd:f7:b5:80:ff:10:f5:47:90:a7:57:14:86:af:7d:
                    8d:13:24:e1:b9:22:21:1c:f6:02:ee:85:e7:2a:5e:
                    3d:e0:31:55:17:22:da:8a:7e:82:6a:64:fd:b9:fe:
                    1a:94:39:61:e6:60:c8:64:bc:49:33:0b:36:f8:58:
                    c8:a1:26:e5:34:81:b5:56:e7:f4:6e:7d:6d:48:44:
                    68:56:1c:37:25:ca:d8:c9:1a:f8:a5:55:13:e3:5f:
                    52:f7:f1:4b:c8:76:5c:2f:b9:b4:20:2f:cd:29:ad:
                    73:ed:f1:da:57:10:9f:e1:72:e0:6c:bf:21:7f:00:
                    0f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:D1:F4:68:4F:58:A0:79:EB:BD:C5:7E:FE:A5:D3:1C:03:41:0A:33
            X509v3 Authority Key Identifier:
                keyid:7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/6dH0aE9YoHnrvcV-_qXTHANBCjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:f5:db:81:22:7c:98:b3:81:dc:0a:77:18:f6:e5:60:89:af:
         3d:a6:0d:8a:ed:40:bb:c4:06:93:c6:16:80:1a:e5:48:d4:eb:
         bc:a9:ff:f5:e7:ba:af:35:a2:f3:75:77:64:87:9a:55:97:86:
         f0:f1:32:4f:8e:61:65:80:a4:75:25:2b:50:f8:ee:63:09:9c:
         17:00:ce:20:0a:03:99:40:10:0c:6f:25:90:df:43:68:9d:29:
         f1:82:01:30:7c:b3:20:c1:e4:cf:f3:e7:8b:21:2d:00:6b:92:
         87:7c:19:84:cf:55:c2:b8:85:e0:af:da:0a:a6:cb:18:1c:5c:
         b3:b5:ae:8c:98:b2:5e:19:aa:aa:92:cd:18:5b:89:c5:82:ca:
         72:de:f3:04:9e:18:0c:2e:a3:5e:dc:b2:19:13:2d:48:04:ac:
         e6:f5:ff:3a:55:22:46:a3:29:dc:13:fb:7b:19:05:f9:92:cd:
         e9:08:82:26:9f:aa:f3:37:8d:47:b9:06:66:fc:5f:19:be:5f:
         fb:6a:af:c4:d5:2d:b7:ff:db:3e:ef:be:c6:ad:eb:90:96:90:
         88:40:c3:95:6d:8b:8b:97:a0:eb:b8:80:bb:ca:3c:6d:ca:01:
         91:6e:72:e0:53:27:f2:9b:dd:26:d8:be:69:23:54:42:fc:b2:
         14:da:30:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCiwPpJHDBV0Jqq4DC8Xdj9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTY0M2JiMzk5YzZkODdhZGM0YzdjYmE1ZDJiNzJmYmQw
MGQwNDYwHhcNMjQwNzExMTcwNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWQxZjQ2ODRmNThhMDc5ZWJiZGM1N2VmZWE1ZDMxYzAzNDEwYTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PtpgnATTkYnMxVmpHEh3NXNqo30
uLIQ96Smlufz0mGx/QzBn0NnIfbJ0NHnxZ1PZk4EMXtHPMrw8MrvIPLoeoJJ/or2
g5g4MZP/QRMT/hAiL7BBpO1VaboNHgtXZ4SX7+Di4dy6IIpq9i/DP/l+RpdZyRZV
rIH3ZpwwaijCHwOiQjw2t8Ld97WA/xD1R5CnVxSGr32NEyThuSIhHPYC7oXnKl49
4DFVFyLain6CamT9uf4alDlh5mDIZLxJMws2+FjIoSblNIG1Vuf0bn1tSERoVhw3
JcrYyRr4pVUT419S9/FLyHZcL7m0IC/NKa1z7fHaVxCf4XLgbL8hfwAP4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnR9GhPWKB5673Ffv6l0xwDQQozMB8GA1UdIwQY
MBaAFHymQ7s5nG2HrcTHy6XSty+9ANBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMt
NDRlYTY0NzIxYzllLzEvNmRIMGFFOVlvSG5ydmNWLV9xWFRIQU5CQ2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMtNDRlYTY0NzIxYzll
LzEvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucYkMA0G
CSqGSIb3DQEBCwUAA4IBAQBm9duBInyYs4HcCncY9uVgia89pg2K7UC7xAaTxhaA
GuVI1Ou8qf/157qvNaLzdXdkh5pVl4bw8TJPjmFlgKR1JStQ+O5jCZwXAM4gCgOZ
QBAMbyWQ30NonSnxggEwfLMgweTP8+eLIS0Aa5KHfBmEz1XCuIXgr9oKpssYHFyz
ta6MmLJeGaqqks0YW4nFgspy3vMEnhgMLqNe3LIZEy1IBKzm9f86VSJGoyncE/t7
GQX5ks3pCIImn6rzN41HuQZm/F8Zvl/7aq/E1S23/9s+777GreuQlpCIQMOVbYuL
l6DruIC7yjxtygGRbnLgUyfym90m2L5pI1RC/LIU2jDF
-----END CERTIFICATE-----