Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/29Ki8ArkRJ1mC6t9JP1BO9qf_oA.roa
File:                     29Ki8ArkRJ1mC6t9JP1BO9qf_oA.roa (raw, json)
Hash identifier:          C4SIxHKXKvIvIV9sKiOgoGHo010eQgTyGjH1i0ezxaQ=
Subject key identifier:   DB:D2:A2:F0:0A:E4:44:9D:66:0B:AB:7D:24:FD:41:3B:DA:9F:FE:80
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1ED06146CE1AFA08654E8834212B
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/29Ki8ArkRJ1mC6t9JP1BO9qf_oA.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199437
IP address blocks:        188.21.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1e:d0:61:46:ce:1a:fa:08:65:4e:88:34:21:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbd2a2f00ae4449d660bab7d24fd413bda9ffe80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:4e:fd:f2:41:74:de:3a:d1:e9:ef:de:82:51:
                    d4:76:25:75:6e:02:78:33:e7:e2:17:37:bd:65:3b:
                    d7:28:a2:33:db:f9:c2:8c:32:fd:df:a4:df:4c:a2:
                    5e:e8:37:b5:dc:7e:58:4e:f8:55:2a:8a:83:75:24:
                    92:77:d0:82:bc:d4:29:5c:9e:b4:91:d6:5f:3e:92:
                    7c:6f:59:06:35:0c:48:a6:5f:b5:e2:f0:8b:7d:7e:
                    9a:90:b9:7a:5c:17:dc:04:bc:79:c3:6e:eb:23:3b:
                    fd:93:65:a2:00:b8:93:f0:f6:74:17:ab:5f:c6:ee:
                    c8:99:fe:f9:b6:7a:10:32:f3:16:6c:e6:ac:6e:ec:
                    ef:a2:54:4b:80:ad:b7:df:07:66:51:cc:59:79:97:
                    87:57:d0:88:78:5d:d5:cf:90:de:c0:47:43:93:31:
                    db:2e:01:41:27:b6:d6:47:01:11:d0:f3:16:34:60:
                    14:73:54:66:84:d9:be:7e:c7:46:c4:7c:86:ce:8d:
                    2b:c7:f9:67:17:8a:46:36:95:24:04:c5:00:d8:8b:
                    86:d2:99:5b:45:d2:c7:73:21:fb:bb:45:60:d5:d6:
                    82:b1:97:16:16:bf:68:d8:82:67:2f:d1:9f:7d:f4:
                    89:4d:4e:50:83:c9:c2:7e:6e:18:23:8c:ea:14:18:
                    33:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D2:A2:F0:0A:E4:44:9D:66:0B:AB:7D:24:FD:41:3B:DA:9F:FE:80
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/29Ki8ArkRJ1mC6t9JP1BO9qf_oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.21.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:e6:7a:b7:c3:0c:41:a8:ad:e4:d9:13:1c:e6:b2:d2:38:27:
         93:ce:6d:96:d0:5f:77:2f:c2:d4:38:db:c7:5a:25:06:9c:76:
         4a:94:2b:bd:72:2c:ed:f1:aa:23:a4:63:8d:d6:1c:9e:2f:ca:
         21:1c:f0:02:7e:3e:7e:bb:98:c7:2a:40:80:53:88:1f:bb:ca:
         1a:eb:c4:d9:88:66:c9:14:79:cd:38:bf:da:be:aa:9f:5f:f7:
         36:6e:ac:60:5f:40:8d:37:06:84:bd:6f:bd:98:79:a2:f6:ef:
         aa:6b:4d:68:6b:9e:6b:7d:fc:fd:f2:fa:97:d9:d6:f7:2e:71:
         c1:dd:53:1c:40:0e:69:58:10:ca:4c:28:3e:d5:d4:9d:f8:e6:
         fa:4f:e6:32:f1:9b:00:0c:09:40:7f:3a:b9:62:f4:82:a0:b3:
         56:b9:f1:f8:54:30:5a:01:bb:3f:b8:7c:0b:b9:cc:33:f1:09:
         9f:44:cf:e6:51:8f:f3:92:ae:f8:c5:02:fa:4f:d1:d5:c4:4b:
         fb:b9:1c:a0:aa:ce:44:f9:28:80:d5:0a:68:86:68:1d:ff:01:
         d7:9a:47:31:ec:bf:02:10:4c:06:a1:02:07:9a:67:8a:f8:48:
         eb:d3:24:4c:a3:ce:52:fa:97:4f:0b:29:78:12:f1:e1:11:fc:
         4f:eb:09:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3B7QYUbOGvoIZU6INCErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQyYTJmMDBhZTQ0NDlkNjYwYmFiN2QyNGZkNDEzYmRhOWZmZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0798kF03jrR6e/eglHUdiV1bgJ4
M+fiFze9ZTvXKKIz2/nCjDL936TfTKJe6De13H5YTvhVKoqDdSSSd9CCvNQpXJ60
kdZfPpJ8b1kGNQxIpl+14vCLfX6akLl6XBfcBLx5w27rIzv9k2WiALiT8PZ0F6tf
xu7Imf75tnoQMvMWbOasbuzvolRLgK233wdmUcxZeZeHV9CIeF3Vz5DewEdDkzHb
LgFBJ7bWRwER0PMWNGAUc1RmhNm+fsdGxHyGzo0rx/lnF4pGNpUkBMUA2IuG0plb
RdLHcyH7u0Vg1daCsZcWFr9o2IJnL9GfffSJTU5Qg8nCfm4YI4zqFBgznwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvSovAK5ESdZgurfST9QTvan/6AMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvMjlLaThBcmtSSjFtQzZ0OUpQMUJPOXFmX29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvBUGMA0G
CSqGSIb3DQEBCwUAA4IBAQCT5nq3wwxBqK3k2RMc5rLSOCeTzm2W0F93L8LUONvH
WiUGnHZKlCu9cizt8aojpGON1hyeL8ohHPACfj5+u5jHKkCAU4gfu8oa68TZiGbJ
FHnNOL/avqqfX/c2bqxgX0CNNwaEvW+9mHmi9u+qa01oa55rffz98vqX2db3LnHB
3VMcQA5pWBDKTCg+1dSd+Ob6T+Yy8ZsADAlAfzq5YvSCoLNWufH4VDBaAbs/uHwL
ucwz8QmfRM/mUY/zkq74xQL6T9HVxEv7uRygqs5E+SiA1Qpohmgd/wHXmkcx7L8C
EEwGoQIHmmeK+Ejr0yRMo85S+pdPCyl4EvHhEfxP6wkR
-----END CERTIFICATE-----