Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/6baysT2Int8izqQYu_QqSFfcTKk.roa
File:                     6baysT2Int8izqQYu_QqSFfcTKk.roa (raw, json)
Hash identifier:          cnPpWhHU+QjUZXsaiBErIu5HjPSbabSTfsZcoknypLY=
Subject key identifier:   E9:B6:B2:B1:3D:88:9E:DF:22:CE:A4:18:BB:F4:2A:48:57:DC:4C:A9
Certificate issuer:       /CN=e15136feff3574ef9b2262de59b06a21908fab3e
Certificate serial:       018CC3B6774D7D3D600032CBD8904EF5FCE0
Authority key identifier: E1:51:36:FE:FF:35:74:EF:9B:22:62:DE:59:B0:6A:21:90:8F:AB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/6baysT2Int8izqQYu_QqSFfcTKk.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204533
IP address blocks:        185.248.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:77:4d:7d:3d:60:00:32:cb:d8:90:4e:f5:fc:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15136feff3574ef9b2262de59b06a21908fab3e
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9b6b2b13d889edf22cea418bbf42a4857dc4ca9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2a:0a:54:da:e4:80:12:b3:dd:68:2c:52:3e:
                    46:56:2e:d0:c1:fa:48:1d:91:2b:e9:ff:42:00:79:
                    fa:dd:13:76:6b:cd:1c:e6:fd:13:e2:b3:f3:df:8c:
                    7c:9e:ec:fc:79:38:51:e7:27:f0:75:5b:7c:96:54:
                    52:0a:77:2b:cc:42:ce:b9:cc:cc:84:74:ae:67:3f:
                    47:cd:8e:c2:c4:fe:da:ef:d1:96:52:e7:2f:6d:43:
                    e3:b3:c2:38:4e:db:30:53:06:06:ce:86:ee:3e:41:
                    5e:28:1c:97:f6:65:fa:a0:83:04:67:9b:17:d0:e4:
                    f9:45:3a:44:15:ec:02:2e:56:3e:02:ec:2f:c7:17:
                    b0:63:e9:aa:7e:4e:3f:ba:0b:1f:78:cb:97:76:83:
                    5f:c7:9c:8d:a3:65:56:d3:83:23:d0:2e:69:a6:d3:
                    06:dd:fb:20:24:cd:b5:29:21:68:d5:06:ce:a6:57:
                    7f:e4:e5:54:96:86:4a:7e:35:df:6d:59:f8:c3:fd:
                    f9:ab:49:5c:0c:c6:d4:b1:08:e0:2c:0d:1f:3c:1a:
                    ab:94:06:e4:9e:9b:92:a0:12:b5:8a:51:15:24:76:
                    2d:fa:7c:88:08:43:df:1e:90:0c:21:30:d9:2f:87:
                    73:81:48:c4:2f:76:08:f4:ca:ee:37:23:ed:06:df:
                    10:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:B6:B2:B1:3D:88:9E:DF:22:CE:A4:18:BB:F4:2A:48:57:DC:4C:A9
            X509v3 Authority Key Identifier:
                keyid:E1:51:36:FE:FF:35:74:EF:9B:22:62:DE:59:B0:6A:21:90:8F:AB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/6baysT2Int8izqQYu_QqSFfcTKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:93:be:93:59:da:73:90:f2:ef:af:65:95:3a:49:03:9d:6e:
         9f:23:5c:19:13:ec:2a:83:ce:c2:0e:92:97:5d:67:e9:1b:b9:
         a9:30:ff:b6:2c:d2:6d:c2:09:93:d4:ef:58:d4:d5:04:85:3f:
         f1:83:6e:1b:ae:dc:b9:c2:83:6e:8b:c7:8d:f2:5d:90:82:96:
         50:76:23:1d:b6:9f:5c:5f:bf:e0:14:c7:c8:32:41:86:8f:53:
         8a:98:db:4a:0f:e0:41:bc:87:1b:79:08:fe:e7:57:c8:0a:54:
         64:8d:a4:6b:41:2b:70:9e:4e:28:82:d4:0e:8b:58:16:64:d6:
         f1:83:1a:23:b9:41:b4:b2:37:7f:22:47:ff:d6:1e:07:56:ac:
         f4:43:90:70:88:c4:d9:af:f7:2f:e0:ac:62:79:2c:23:4f:83:
         ca:e3:74:a0:08:ba:3a:b9:23:0d:91:7a:95:eb:35:9f:6c:a9:
         1a:5e:27:27:13:63:45:54:37:e3:3a:ac:6d:15:3e:ad:62:55:
         05:10:8d:f7:5e:b0:82:c6:da:9a:0b:70:88:10:1f:ad:06:48:
         20:a3:49:88:19:92:e7:d1:3a:61:73:01:ad:c2:71:7e:0d:c7:
         86:39:8d:47:3d:e4:67:8f:15:e2:c9:51:77:7b:51:80:8b:ac:
         cd:b5:56:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtndNfT1gADLL2JBO9fzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTEzNmZlZmYzNTc0ZWY5YjIyNjJkZTU5YjA2YTIxOTA4
ZmFiM2UwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWI2YjJiMTNkODg5ZWRmMjJjZWE0MThiYmY0MmE0ODU3ZGM0Y2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCoKVNrkgBKz3WgsUj5GVi7QwfpI
HZEr6f9CAHn63RN2a80c5v0T4rPz34x8nuz8eThR5yfwdVt8llRSCncrzELOuczM
hHSuZz9HzY7CxP7a79GWUucvbUPjs8I4TtswUwYGzobuPkFeKByX9mX6oIMEZ5sX
0OT5RTpEFewCLlY+AuwvxxewY+mqfk4/ugsfeMuXdoNfx5yNo2VW04Mj0C5pptMG
3fsgJM21KSFo1QbOpld/5OVUloZKfjXfbVn4w/35q0lcDMbUsQjgLA0fPBqrlAbk
npuSoBK1ilEVJHYt+nyICEPfHpAMITDZL4dzgUjEL3YI9MruNyPtBt8QFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOm2srE9iJ7fIs6kGLv0KkhX3EypMB8GA1UdIwQY
MBaAFOFRNv7/NXTvmyJi3lmwaiGQj6s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZFMl92ODFkTy1iSW1MZVdiQnFJWkNQcXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xZTA5YTYtNjk1Yi00MDJlLTliZmMt
MDQxMzEyMjQyZmYzLzEvNmJheXNUMkludDhpenFRWXVfUXFTRmZjVEtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xZTA5YTYtNjk1Yi00MDJlLTliZmMtMDQxMzEyMjQyZmYz
LzEvNFZFMl92ODFkTy1iSW1MZVdiQnFJWkNQcXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufggMA0G
CSqGSIb3DQEBCwUAA4IBAQCgk76TWdpzkPLvr2WVOkkDnW6fI1wZE+wqg87CDpKX
XWfpG7mpMP+2LNJtwgmT1O9Y1NUEhT/xg24brty5woNui8eN8l2QgpZQdiMdtp9c
X7/gFMfIMkGGj1OKmNtKD+BBvIcbeQj+51fIClRkjaRrQStwnk4ogtQOi1gWZNbx
gxojuUG0sjd/Ikf/1h4HVqz0Q5BwiMTZr/cv4KxieSwjT4PK43SgCLo6uSMNkXqV
6zWfbKkaXicnE2NFVDfjOqxtFT6tYlUFEI33XrCCxtqaC3CIEB+tBkggo0mIGZLn
0TphcwGtwnF+DceGOY1HPeRnjxXiyVF3e1GAi6zNtVZI
-----END CERTIFICATE-----