Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/6u6RLy_5PqEmcfjyrMHqhyJMEGA.roa
File:                     6u6RLy_5PqEmcfjyrMHqhyJMEGA.roa (raw, json)
Hash identifier:          exsWcdwGamrDnKH5ao2Y8Nsq4yGhf95bx0Moy1eIW6s=
Subject key identifier:   EA:EE:91:2F:2F:F9:3E:A1:26:71:F8:F2:AC:C1:EA:87:22:4C:10:60
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E725F6BF61E2CAC6DFE4879725FCC
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/6u6RLy_5PqEmcfjyrMHqhyJMEGA.roa
Signing time:             Tue 02 Jan 2024 08:33:30 +0000
ROA not before:           Tue 02 Jan 2024 08:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206382
IP address blocks:        45.88.172.0/23 maxlen: 23
                          45.88.174.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:72:5f:6b:f6:1e:2c:ac:6d:fe:48:79:72:5f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eaee912f2ff93ea12671f8f2acc1ea87224c1060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fd:cc:1b:05:3a:22:89:16:96:db:3e:6b:21:
                    7c:35:15:45:8f:e5:5f:bf:71:5f:98:6a:80:99:c6:
                    d3:a1:21:d3:23:9f:20:4a:91:73:51:78:6d:3a:10:
                    1e:e3:fb:a0:fd:5e:70:e5:b6:2a:98:b9:ff:c6:45:
                    fd:76:17:bd:e6:e9:49:73:81:f3:f9:90:df:21:44:
                    04:e4:0d:f7:79:06:cb:86:4a:c1:4a:e6:c5:10:95:
                    7a:0a:25:18:c9:3c:b8:0c:10:01:ce:44:ac:04:dc:
                    f1:dd:ac:da:a1:7e:54:b7:bf:eb:e4:bd:6d:31:79:
                    b4:53:23:0f:45:0e:1b:8d:13:f1:67:0b:6b:b9:8b:
                    d5:e1:c6:27:0b:04:0d:81:68:47:7a:3f:4d:65:b2:
                    09:02:f8:58:14:ba:c8:83:09:e2:51:a5:92:3c:c5:
                    27:f1:d7:ce:16:bc:88:cb:3f:db:77:03:23:33:00:
                    03:c0:f5:98:9b:56:a1:8b:99:32:e6:98:fa:e9:69:
                    f6:72:0d:8a:95:c7:50:5c:3d:46:76:5d:2d:04:da:
                    fe:74:c1:30:aa:cd:d4:a2:75:24:57:85:f6:0f:c8:
                    cb:da:e0:60:8f:bf:42:26:c1:a0:25:7c:d3:08:61:
                    11:f4:8d:85:84:8a:5d:7b:21:12:b0:cf:a4:16:74:
                    8f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:EE:91:2F:2F:F9:3E:A1:26:71:F8:F2:AC:C1:EA:87:22:4C:10:60
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/6u6RLy_5PqEmcfjyrMHqhyJMEGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c6:76:88:34:16:4b:68:cd:a4:42:b6:7d:ae:3e:cc:63:21:81:
         23:9c:aa:d1:9e:2a:3d:75:74:55:f8:3c:61:2e:6b:f0:9b:7d:
         81:4b:0f:27:51:6f:31:b0:32:be:ef:a7:ed:b8:7b:de:4c:0d:
         0a:27:3c:e3:d6:12:cf:bb:ba:a6:e1:b1:92:7d:1c:bc:ef:d6:
         f1:ae:e9:16:a5:e9:39:ca:9e:8e:de:65:9a:42:aa:41:75:16:
         7e:7a:12:3c:e8:bd:bb:0c:63:d8:ab:51:87:a6:da:13:74:66:
         0c:21:0b:f1:8f:7c:7f:9b:eb:ec:d3:02:46:5f:59:a1:53:84:
         a6:03:bb:12:cf:8e:14:7e:ba:e6:85:bd:1f:55:8f:75:7e:7b:
         79:36:7f:24:c9:8d:7c:52:6c:e0:c4:8b:7f:fc:23:7a:57:e4:
         b2:3d:eb:27:ea:1c:ac:d0:bd:44:13:4a:69:aa:92:7d:77:45:
         0a:eb:cb:ef:9e:c3:d8:a8:62:b9:a9:33:4a:20:e2:16:8e:e3:
         2f:8c:0a:47:08:df:a3:28:9b:cf:67:24:b1:23:b5:8e:c4:80:
         f8:ac:35:6e:ba:20:d5:b1:27:86:21:71:b4:9e:c2:fe:79:2c:
         f8:86:82:be:c3:46:0a:57:dc:51:09:c1:01:67:76:00:52:01:
         36:e4:cc:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTnJfa/YeLKxt/kh5cl/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWVlOTEyZjJmZjkzZWExMjY3MWY4ZjJhY2MxZWE4NzIyNGMxMDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/3MGwU6IokWlts+ayF8NRVFj+Vf
v3FfmGqAmcbToSHTI58gSpFzUXhtOhAe4/ug/V5w5bYqmLn/xkX9dhe95ulJc4Hz
+ZDfIUQE5A33eQbLhkrBSubFEJV6CiUYyTy4DBABzkSsBNzx3azaoX5Ut7/r5L1t
MXm0UyMPRQ4bjRPxZwtruYvV4cYnCwQNgWhHej9NZbIJAvhYFLrIgwniUaWSPMUn
8dfOFryIyz/bdwMjMwADwPWYm1ahi5ky5pj66Wn2cg2KlcdQXD1Gdl0tBNr+dMEw
qs3UonUkV4X2D8jL2uBgj79CJsGgJXzTCGER9I2FhIpdeyESsM+kFnSPGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrukS8v+T6hJnH48qzB6ociTBBgMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvNnU2Ukx5XzVQcUVtY2ZqeXJNSHFoeUpNRUdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVisMA0G
CSqGSIb3DQEBCwUAA4IBAQDGdog0FktozaRCtn2uPsxjIYEjnKrRnio9dXRV+Dxh
Lmvwm32BSw8nUW8xsDK+76ftuHveTA0KJzzj1hLPu7qm4bGSfRy879bxrukWpek5
yp6O3mWaQqpBdRZ+ehI86L27DGPYq1GHptoTdGYMIQvxj3x/m+vs0wJGX1mhU4Sm
A7sSz44Ufrrmhb0fVY91fnt5Nn8kyY18UmzgxIt//CN6V+SyPesn6hys0L1EE0pp
qpJ9d0UK68vvnsPYqGK5qTNKIOIWjuMvjApHCN+jKJvPZySxI7WOxID4rDVuuiDV
sSeGIXG0nsL+eSz4hoK+w0YKV9xRCcEBZ3YAUgE25MyY
-----END CERTIFICATE-----