Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/a28dde-8ed6-4d3d-9ba0-6d615f3e14f5/1/6Ukxw3h2SXCan6rWSAdDcA5gV-k.roa
File:                     6Ukxw3h2SXCan6rWSAdDcA5gV-k.roa (raw, json)
Hash identifier:          bSxoJBsBqJ0RNbIIdnYr9ufF0yJGiAVo1+O2gW7R9RM=
Subject key identifier:   E9:49:31:C3:78:76:49:70:9A:9F:AA:D6:48:07:43:70:0E:60:57:E9
Certificate issuer:       /CN=ed6b53ca307043427ef4eac89c77c1ba13f6f02e
Certificate serial:       018CC56ED972FF8509F4D0FB1167C4E6E8F5
Authority key identifier: ED:6B:53:CA:30:70:43:42:7E:F4:EA:C8:9C:77:C1:BA:13:F6:F0:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7WtTyjBwQ0J-9OrInHfBuhP28C4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/a28dde-8ed6-4d3d-9ba0-6d615f3e14f5/1/6Ukxw3h2SXCan6rWSAdDcA5gV-k.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208839
IP address blocks:        45.13.140.0/22 maxlen: 22
                          2a0e:ed00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/a28dde-8ed6-4d3d-9ba0-6d615f3e14f5/1/7WtTyjBwQ0J-9OrInHfBuhP28C4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/a28dde-8ed6-4d3d-9ba0-6d615f3e14f5/1/7WtTyjBwQ0J-9OrInHfBuhP28C4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7WtTyjBwQ0J-9OrInHfBuhP28C4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d9:72:ff:85:09:f4:d0:fb:11:67:c4:e6:e8:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6b53ca307043427ef4eac89c77c1ba13f6f02e
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e94931c3787649709a9faad6480743700e6057e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4f:2b:b3:82:4c:08:b9:5d:f0:1a:97:1f:7e:
                    5d:b1:77:c2:9f:8c:d6:01:a3:07:77:38:2a:aa:a9:
                    e8:bc:d0:ea:2d:55:92:34:23:d0:7e:e3:75:5e:b4:
                    23:b5:9f:57:6c:52:dd:d3:fa:fe:45:1d:28:96:24:
                    dc:80:88:42:58:fb:a1:2b:21:3b:d0:d7:1e:1c:f0:
                    64:cc:a1:e2:be:2a:83:5b:df:93:af:58:74:b9:fd:
                    f6:db:99:dc:64:a7:36:82:80:5a:07:c3:2d:3e:ef:
                    b9:bb:c3:59:46:83:5a:49:c9:e9:9f:7d:72:6a:66:
                    66:c8:76:07:77:7e:3f:f1:08:82:10:cf:59:c4:f0:
                    4b:fc:57:3f:8a:db:53:01:b2:10:0c:cb:31:4c:b4:
                    08:6d:86:c0:30:41:fb:67:ca:d7:57:dd:e7:75:b1:
                    a6:16:96:01:7c:13:d6:63:f6:6f:4f:06:f9:8b:d8:
                    c3:58:ba:3c:a4:dc:d1:0b:6e:20:1a:0f:07:0b:f5:
                    76:b1:18:b8:a9:21:66:80:0d:3d:c6:59:3d:76:47:
                    91:b7:f7:b4:71:37:01:33:73:99:d5:2f:ca:fa:bf:
                    75:60:fd:ed:05:78:32:be:1c:2b:83:34:4e:b3:cd:
                    8c:86:cb:7c:92:08:56:d5:c0:70:7c:e6:e5:b0:5c:
                    ab:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:49:31:C3:78:76:49:70:9A:9F:AA:D6:48:07:43:70:0E:60:57:E9
            X509v3 Authority Key Identifier:
                keyid:ED:6B:53:CA:30:70:43:42:7E:F4:EA:C8:9C:77:C1:BA:13:F6:F0:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7WtTyjBwQ0J-9OrInHfBuhP28C4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a28dde-8ed6-4d3d-9ba0-6d615f3e14f5/1/6Ukxw3h2SXCan6rWSAdDcA5gV-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a28dde-8ed6-4d3d-9ba0-6d615f3e14f5/1/7WtTyjBwQ0J-9OrInHfBuhP28C4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.140.0/22
                IPv6:
                  2a0e:ed00::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:d7:c4:14:50:2d:5c:ef:10:39:af:5c:1d:39:a4:dd:ff:0a:
         d0:22:5d:eb:cb:0f:4a:e1:3c:ca:5c:b3:f3:b5:44:9c:bc:ca:
         e8:2d:be:be:e1:90:c7:90:25:9c:36:6b:f8:28:48:2b:d5:d8:
         1f:d6:ec:2e:f6:f4:2e:85:2a:4d:40:ee:48:59:e5:d6:64:ea:
         68:ac:29:b7:36:1e:0c:6c:79:71:f9:e5:10:8d:8e:fc:40:ab:
         83:f7:f3:25:00:70:d6:00:c8:36:a8:14:1b:74:33:ce:a8:e4:
         aa:b8:fb:36:ab:05:3f:98:cf:af:74:9f:69:10:03:b3:14:c3:
         97:46:49:98:93:09:6c:1b:96:7c:32:94:08:12:9e:2f:f6:95:
         fe:fa:b5:3c:4b:36:f5:49:07:cb:84:d9:d1:cb:e3:93:31:ab:
         f2:8b:89:17:b4:ab:f3:d0:1e:bb:ab:87:3d:14:7e:fa:88:79:
         c2:90:df:a6:53:f3:36:05:7e:75:c7:3c:9f:b4:1b:dc:17:c6:
         47:37:04:00:1b:e5:ce:ed:54:0b:fc:60:52:5b:8a:fe:9b:28:
         c3:3f:4b:c3:61:ff:56:73:b6:48:a6:20:f8:3e:90:10:08:e3:
         fe:95:1d:10:54:03:45:bb:84:82:97:23:91:5e:ce:a8:3e:08:
         8a:c7:e8:de
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbtly/4UJ9ND7EWfE5uj1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmI1M2NhMzA3MDQzNDI3ZWY0ZWFjODljNzdjMWJhMTNm
NmYwMmUwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTQ5MzFjMzc4NzY0OTcwOWE5ZmFhZDY0ODA3NDM3MDBlNjA1N2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqU8rs4JMCLld8BqXH35dsXfCn4zW
AaMHdzgqqqnovNDqLVWSNCPQfuN1XrQjtZ9XbFLd0/r+RR0oliTcgIhCWPuhKyE7
0NceHPBkzKHiviqDW9+Tr1h0uf3225ncZKc2goBaB8MtPu+5u8NZRoNaScnpn31y
amZmyHYHd34/8QiCEM9ZxPBL/Fc/ittTAbIQDMsxTLQIbYbAMEH7Z8rXV93ndbGm
FpYBfBPWY/ZvTwb5i9jDWLo8pNzRC24gGg8HC/V2sRi4qSFmgA09xlk9dkeRt/e0
cTcBM3OZ1S/K+r91YP3tBXgyvhwrgzROs82Mhst8kghW1cBwfOblsFyrYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOlJMcN4dklwmp+q1kgHQ3AOYFfpMB8GA1UdIwQY
MBaAFO1rU8owcENCfvTqyJx3wboT9vAuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1d0VHlqQndRMEotOU9ySW5IZkJ1aFAyOEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9hMjhkZGUtOGVkNi00ZDNkLTliYTAt
NmQ2MTVmM2UxNGY1LzEvNlVreHczaDJTWENhbjZyV1NBZERjQTVnVi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9hMjhkZGUtOGVkNi00ZDNkLTliYTAtNmQ2MTVmM2UxNGY1
LzEvN1d0VHlqQndRMEotOU9ySW5IZkJ1aFAyOEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQ2MMA0E
AgACMAcDBQMqDu0AMA0GCSqGSIb3DQEBCwUAA4IBAQBI18QUUC1c7xA5r1wdOaTd
/wrQIl3ryw9K4TzKXLPztUScvMroLb6+4ZDHkCWcNmv4KEgr1dgf1uwu9vQuhSpN
QO5IWeXWZOporCm3Nh4MbHlx+eUQjY78QKuD9/MlAHDWAMg2qBQbdDPOqOSquPs2
qwU/mM+vdJ9pEAOzFMOXRkmYkwlsG5Z8MpQIEp4v9pX++rU8Szb1SQfLhNnRy+OT
Mavyi4kXtKvz0B67q4c9FH76iHnCkN+mU/M2BX51xzyftBvcF8ZHNwQAG+XO7VQL
/GBSW4r+myjDP0vDYf9Wc7ZIpiD4PpAQCOP+lR0QVANFu4SClyORXs6oPgiKx+je
-----END CERTIFICATE-----