Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/6yWD4fv6uDGojDamE7ZsY2KQKYI.roa
File:                     6yWD4fv6uDGojDamE7ZsY2KQKYI.roa (raw, json)
Hash identifier:          +E/Z6k9s3ffK3My3smxQyKT8bZ+LdrSqBIsH/G8NSms=
Subject key identifier:   EB:25:83:E1:FB:FA:B8:31:A8:8C:36:A6:13:B6:6C:63:62:90:29:82
Certificate issuer:       /CN=4721bf48e401660ee9611b35c04b5d1d1f3fabfa
Certificate serial:       01907CD0D318B78B90102AAA59DEE1722F38
Authority key identifier: 47:21:BF:48:E4:01:66:0E:E9:61:1B:35:C0:4B:5D:1D:1F:3F:AB:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/6yWD4fv6uDGojDamE7ZsY2KQKYI.roa
Signing time:             Thu 04 Jul 2024 08:16:18 +0000
ROA not before:           Thu 04 Jul 2024 08:16:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203350
IP address blocks:        185.18.223.0/24 maxlen: 24
                          2a05:4240::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7c:d0:d3:18:b7:8b:90:10:2a:aa:59:de:e1:72:2f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4721bf48e401660ee9611b35c04b5d1d1f3fabfa
        Validity
            Not Before: Jul  4 08:16:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb2583e1fbfab831a88c36a613b66c6362902982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:77:35:ab:7c:f6:2b:8e:07:1e:8b:04:7f:3d:
                    a6:18:3a:57:0b:dc:f2:a4:89:39:01:1d:17:eb:8d:
                    9a:fe:6b:d3:d1:e4:91:0d:0c:94:e5:45:82:af:f7:
                    b0:06:4f:df:1e:ae:93:c5:4f:17:ed:59:6c:86:a9:
                    be:59:56:a5:88:c0:c1:9f:ce:53:0b:10:67:f1:ee:
                    73:3e:f0:e3:cb:34:38:e8:18:ad:46:f4:d8:ac:29:
                    ba:96:6d:2e:e2:74:b2:fb:97:96:cb:d5:a5:2b:b9:
                    98:70:9d:4b:e8:ce:8b:06:06:15:6f:32:b9:3f:34:
                    31:fc:45:cf:0e:a4:3d:cd:b0:4a:48:56:5d:10:ed:
                    5a:05:cc:b8:0f:4c:ac:59:b2:d5:51:ae:78:e5:19:
                    29:5e:76:8b:42:3c:71:5f:3e:d0:55:f4:a8:a9:43:
                    0b:b5:0f:25:c4:d7:ec:25:9d:a8:4b:2b:0a:55:35:
                    5b:c0:8e:32:cb:13:75:48:ff:21:02:14:3a:8c:f0:
                    c9:ed:1c:ec:41:2f:24:ee:ab:d5:98:4d:37:f6:17:
                    80:84:c4:67:2d:51:6e:39:4c:cf:1f:cb:29:75:05:
                    12:1d:90:da:76:3c:b7:13:f9:bb:7c:69:eb:af:b0:
                    bd:aa:f1:f4:12:4a:ab:fa:a8:d8:5b:65:48:64:1b:
                    fc:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:25:83:E1:FB:FA:B8:31:A8:8C:36:A6:13:B6:6C:63:62:90:29:82
            X509v3 Authority Key Identifier:
                keyid:47:21:BF:48:E4:01:66:0E:E9:61:1B:35:C0:4B:5D:1D:1F:3F:AB:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/6yWD4fv6uDGojDamE7ZsY2KQKYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.223.0/24
                IPv6:
                  2a05:4240::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:d9:f9:f8:8e:24:98:96:e3:8f:63:a6:6f:e1:a0:4d:da:85:
         5d:8e:2e:6c:9c:fe:25:5a:72:82:20:8c:46:b3:3d:27:48:8f:
         c9:1b:f8:bf:99:4e:99:c4:cd:aa:08:a1:2a:38:28:6f:db:c1:
         b9:c0:3d:a5:73:36:39:10:97:48:61:21:6b:ab:6b:53:d0:eb:
         e1:16:13:86:7c:97:5a:a9:44:60:2e:3c:26:2a:9f:d1:3e:f6:
         71:6e:22:28:d4:35:0a:97:5b:54:5f:12:d8:96:79:f4:c2:4d:
         3c:12:45:b1:ab:0b:84:3b:f6:0c:5d:fc:f0:5d:1d:1c:75:31:
         4c:83:d1:90:5f:22:f1:dc:7d:46:66:e9:ac:94:9c:32:f1:77:
         d8:b0:2a:25:5c:75:5f:4f:98:4d:28:4c:d2:da:73:b7:fa:a9:
         cc:d4:53:d8:7e:89:0f:c8:73:b2:a7:ab:a5:cc:86:cc:53:0b:
         0a:96:80:d5:15:b0:84:ce:67:2d:81:ee:78:b6:20:14:86:f2:
         f7:03:16:ba:f7:67:41:5b:d9:c1:9a:70:ce:28:68:0c:1b:2f:
         8f:b3:ce:ce:19:05:58:75:0f:48:b9:92:cf:96:a3:73:2e:21:
         5d:0f:4f:2f:73:e9:58:39:df:74:3a:15:b8:24:b1:d9:dd:3b:
         83:dc:b7:76
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZB80NMYt4uQECqqWd7hci84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjFiZjQ4ZTQwMTY2MGVlOTYxMWIzNWMwNGI1ZDFkMWYz
ZmFiZmEwHhcNMjQwNzA0MDgxNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjI1ODNlMWZiZmFiODMxYTg4YzM2YTYxM2I2NmM2MzYyOTAyOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHc1q3z2K44HHosEfz2mGDpXC9zy
pIk5AR0X642a/mvT0eSRDQyU5UWCr/ewBk/fHq6TxU8X7Vlshqm+WValiMDBn85T
CxBn8e5zPvDjyzQ46BitRvTYrCm6lm0u4nSy+5eWy9WlK7mYcJ1L6M6LBgYVbzK5
PzQx/EXPDqQ9zbBKSFZdEO1aBcy4D0ysWbLVUa545RkpXnaLQjxxXz7QVfSoqUML
tQ8lxNfsJZ2oSysKVTVbwI4yyxN1SP8hAhQ6jPDJ7RzsQS8k7qvVmE039heAhMRn
LVFuOUzPH8spdQUSHZDadjy3E/m7fGnrr7C9qvH0Ekqr+qjYW2VIZBv8owIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOslg+H7+rgxqIw2phO2bGNikCmCMB8GA1UdIwQY
MBaAFEchv0jkAWYO6WEbNcBLXR0fP6v6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlHX1NPUUJaZzdwWVJzMXdFdGRIUjhfcV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9lNmJhODEtYjM4ZS00YmIzLWIwMDUt
NTZmZGU1ZTcxNWIxLzEvNnlXRDRmdjZ1REdvakRhbUU3WnNZMktRS1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9lNmJhODEtYjM4ZS00YmIzLWIwMDUtNTZmZGU1ZTcxNWIx
LzEvUnlHX1NPUUJaZzdwWVJzMXdFdGRIUjhfcV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRLfMA0E
AgACMAcDBQAqBUJAMA0GCSqGSIb3DQEBCwUAA4IBAQBy2fn4jiSYluOPY6Zv4aBN
2oVdji5snP4lWnKCIIxGsz0nSI/JG/i/mU6ZxM2qCKEqOChv28G5wD2lczY5EJdI
YSFrq2tT0OvhFhOGfJdaqURgLjwmKp/RPvZxbiIo1DUKl1tUXxLYlnn0wk08EkWx
qwuEO/YMXfzwXR0cdTFMg9GQXyLx3H1GZumslJwy8XfYsColXHVfT5hNKEzS2nO3
+qnM1FPYfokPyHOyp6ulzIbMUwsKloDVFbCEzmctge54tiAUhvL3Axa692dBW9nB
mnDOKGgMGy+Ps87OGQVYdQ9IuZLPlqNzLiFdD08vc+lYOd90OhW4JLHZ3TuD3Ld2
-----END CERTIFICATE-----