Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/98e2bb-3f94-48bf-9d00-c32bfe14b817/1/6UmwpBkOZ_Qnql5_1r0Yb0eOwZ8.roa
File:                     6UmwpBkOZ_Qnql5_1r0Yb0eOwZ8.roa (raw, json)
Hash identifier:          y0oy7sZCxXcpjRTvQaWRbhHYd73bJ6fhkUm4pjCLnR8=
Subject key identifier:   E9:49:B0:A4:19:0E:67:F4:27:AA:5E:7F:D6:BD:18:6F:47:8E:C1:9F
Certificate issuer:       /CN=0414e9902b63fefabcc7d6887a4c8185cca0932f
Certificate serial:       018CC2DAC13DBAE8938EEACB7DC6ABB6A577
Authority key identifier: 04:14:E9:90:2B:63:FE:FA:BC:C7:D6:88:7A:4C:81:85:CC:A0:93:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BBTpkCtj_vq8x9aIekyBhcygky8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/98e2bb-3f94-48bf-9d00-c32bfe14b817/1/6UmwpBkOZ_Qnql5_1r0Yb0eOwZ8.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        185.190.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/98e2bb-3f94-48bf-9d00-c32bfe14b817/1/BBTpkCtj_vq8x9aIekyBhcygky8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/98e2bb-3f94-48bf-9d00-c32bfe14b817/1/BBTpkCtj_vq8x9aIekyBhcygky8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BBTpkCtj_vq8x9aIekyBhcygky8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c1:3d:ba:e8:93:8e:ea:cb:7d:c6:ab:b6:a5:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0414e9902b63fefabcc7d6887a4c8185cca0932f
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e949b0a4190e67f427aa5e7fd6bd186f478ec19f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e9:ed:21:e2:5d:a6:7c:94:30:2a:21:9e:fe:
                    6d:48:d0:82:a8:de:07:6c:c6:d9:68:99:a8:b9:c8:
                    38:a0:31:39:91:8c:02:a4:a3:c1:6d:75:db:2e:97:
                    81:5c:de:29:1b:0f:d9:1b:dc:95:ad:fa:2d:d7:31:
                    30:62:eb:c5:cd:fa:f5:e6:3a:2a:b0:47:e6:3c:26:
                    13:1e:44:57:42:24:61:40:99:b3:42:c5:01:07:56:
                    f4:c0:62:25:aa:3a:b0:89:ea:26:88:55:d8:41:0f:
                    69:ca:d3:51:7d:c9:10:80:68:84:67:2a:80:dc:e1:
                    d9:ba:1a:e8:e6:24:ab:97:21:ac:3a:db:16:c1:c4:
                    80:10:bb:06:a1:93:4b:f1:05:f5:22:78:f5:d4:28:
                    3e:4d:45:e0:34:f7:31:54:a3:c7:f3:7b:ba:55:63:
                    24:74:ae:98:b9:ca:cd:73:e9:df:ef:77:1e:41:a3:
                    7f:8e:90:38:89:d3:23:fc:76:94:33:a6:b5:97:45:
                    2e:69:f2:ce:28:c2:ce:15:d9:be:b3:d4:bb:dc:2c:
                    63:fa:88:87:e0:d4:3c:85:ad:d5:3f:93:ed:68:ed:
                    55:89:3d:47:ce:a4:e7:51:98:91:2a:a4:5b:d5:84:
                    fb:fb:c0:64:10:75:8e:8e:a0:37:84:d7:10:15:1b:
                    81:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:49:B0:A4:19:0E:67:F4:27:AA:5E:7F:D6:BD:18:6F:47:8E:C1:9F
            X509v3 Authority Key Identifier:
                keyid:04:14:E9:90:2B:63:FE:FA:BC:C7:D6:88:7A:4C:81:85:CC:A0:93:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BBTpkCtj_vq8x9aIekyBhcygky8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/98e2bb-3f94-48bf-9d00-c32bfe14b817/1/6UmwpBkOZ_Qnql5_1r0Yb0eOwZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/98e2bb-3f94-48bf-9d00-c32bfe14b817/1/BBTpkCtj_vq8x9aIekyBhcygky8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:dc:37:8f:7e:ce:a4:b6:b7:aa:0f:2c:81:73:d1:a7:26:d2:
         fe:af:fa:db:96:9d:aa:17:16:4f:e8:f3:bb:99:e9:e7:f9:41:
         03:53:18:d8:d3:8a:eb:a9:f2:16:7b:e2:23:02:cc:02:8b:1e:
         d9:e2:de:ff:f4:47:f8:a1:39:34:c5:19:40:bd:a6:35:a5:36:
         b5:9c:7e:5b:c0:5d:cc:ee:35:fb:58:e1:94:e8:b9:ad:49:d2:
         8c:e9:34:91:55:93:a4:48:59:80:7c:c8:cd:65:0c:3b:64:4b:
         50:c3:3b:e3:ba:57:c2:28:81:ad:9b:7e:2e:0e:7e:5d:f7:68:
         ce:c8:5d:71:7d:04:22:f9:af:31:11:60:d3:82:b3:9c:b9:54:
         f8:b6:5e:b9:30:83:f2:68:e4:85:82:15:ca:c4:1b:b4:1a:15:
         d0:35:de:7d:0a:be:c5:2d:08:f3:75:4e:f0:f2:2a:80:c1:af:
         fd:b2:19:1c:22:15:32:a6:5e:0a:c0:0c:03:c9:39:95:16:19:
         6a:e4:e9:b5:dd:e8:bd:56:a0:1d:fc:06:dd:57:e1:6b:ef:8b:
         a4:a5:00:a2:66:aa:33:0f:f5:da:ad:39:94:8a:b5:5e:86:83:
         28:85:c9:eb:d9:01:41:19:81:c3:bf:79:ba:5d:15:25:1d:02:
         bd:9a:e6:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sE9uuiTjurLfcartqV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MTRlOTkwMmI2M2ZlZmFiY2M3ZDY4ODdhNGM4MTg1Y2Nh
MDkzMmYwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTQ5YjBhNDE5MGU2N2Y0MjdhYTVlN2ZkNmJkMTg2ZjQ3OGVjMTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApentIeJdpnyUMCohnv5tSNCCqN4H
bMbZaJmoucg4oDE5kYwCpKPBbXXbLpeBXN4pGw/ZG9yVrfot1zEwYuvFzfr15joq
sEfmPCYTHkRXQiRhQJmzQsUBB1b0wGIlqjqwieomiFXYQQ9pytNRfckQgGiEZyqA
3OHZuhro5iSrlyGsOtsWwcSAELsGoZNL8QX1Inj11Cg+TUXgNPcxVKPH83u6VWMk
dK6YucrNc+nf73ceQaN/jpA4idMj/HaUM6a1l0UuafLOKMLOFdm+s9S73Cxj+oiH
4NQ8ha3VP5PtaO1ViT1HzqTnUZiRKqRb1YT7+8BkEHWOjqA3hNcQFRuBUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOlJsKQZDmf0J6pef9a9GG9HjsGfMB8GA1UdIwQY
MBaAFAQU6ZArY/76vMfWiHpMgYXMoJMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkJUcGtDdGpfdnE4eDlhSWVreUJoY3lna3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC85OGUyYmItM2Y5NC00OGJmLTlkMDAt
YzMyYmZlMTRiODE3LzEvNlVtd3BCa09aX1FucWw1XzFyMFliMGVPd1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC85OGUyYmItM2Y5NC00OGJmLTlkMDAtYzMyYmZlMTRiODE3
LzEvQkJUcGtDdGpfdnE4eDlhSWVreUJoY3lna3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub4nMA0G
CSqGSIb3DQEBCwUAA4IBAQAu3DePfs6ktreqDyyBc9GnJtL+r/rblp2qFxZP6PO7
menn+UEDUxjY04rrqfIWe+IjAswCix7Z4t7/9Ef4oTk0xRlAvaY1pTa1nH5bwF3M
7jX7WOGU6LmtSdKM6TSRVZOkSFmAfMjNZQw7ZEtQwzvjulfCKIGtm34uDn5d92jO
yF1xfQQi+a8xEWDTgrOcuVT4tl65MIPyaOSFghXKxBu0GhXQNd59Cr7FLQjzdU7w
8iqAwa/9shkcIhUypl4KwAwDyTmVFhlq5Om13ei9VqAd/AbdV+Fr74ukpQCiZqoz
D/XarTmUirVehoMohcnr2QFBGYHDv3m6XRUlHQK9muaB
-----END CERTIFICATE-----