Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/ed5e15-4f14-49e6-a6dd-45351f9dbb52/1/BH6S_ueubQZhHx8tBmX3J-sOky8.roa
File:                     BH6S_ueubQZhHx8tBmX3J-sOky8.roa (raw, json)
Hash identifier:          UXz7iqpOhAz9T51zaoIcHBTKtLJyV7Cpch6mcJ0MFdc=
Subject key identifier:   04:7E:92:FE:E7:AE:6D:06:61:1F:1F:2D:06:65:F7:27:EB:0E:93:2F
Certificate issuer:       /CN=fd6369271b6d13a6aedcaa23ebb29e29b796a46b
Certificate serial:       018CC3B71CC18BE46E41AE69061CD9ABEBFA
Authority key identifier: FD:63:69:27:1B:6D:13:A6:AE:DC:AA:23:EB:B2:9E:29:B7:96:A4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_WNpJxttE6au3Koj67KeKbeWpGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/ed5e15-4f14-49e6-a6dd-45351f9dbb52/1/BH6S_ueubQZhHx8tBmX3J-sOky8.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        194.55.3.0/24 maxlen: 24
                          194.55.2.0/24 maxlen: 24
                          194.55.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/ed5e15-4f14-49e6-a6dd-45351f9dbb52/1/_WNpJxttE6au3Koj67KeKbeWpGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/ed5e15-4f14-49e6-a6dd-45351f9dbb52/1/_WNpJxttE6au3Koj67KeKbeWpGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_WNpJxttE6au3Koj67KeKbeWpGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1c:c1:8b:e4:6e:41:ae:69:06:1c:d9:ab:eb:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd6369271b6d13a6aedcaa23ebb29e29b796a46b
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=047e92fee7ae6d06611f1f2d0665f727eb0e932f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:0d:b2:d1:38:93:2e:f6:c5:6d:02:50:d4:56:
                    3a:b7:ab:07:87:b0:cb:aa:98:af:50:fa:88:f6:43:
                    eb:12:79:0c:2a:e0:fc:d1:0e:e2:63:57:24:f3:fb:
                    ee:95:bd:dc:33:61:0e:3c:4c:cc:93:27:df:de:d4:
                    85:b7:4f:8a:6b:f5:d7:49:75:7a:df:4a:70:65:be:
                    5d:d9:43:54:e3:7b:e3:0a:5c:9f:be:62:d4:52:81:
                    e0:a8:4d:af:37:a2:b9:f8:a6:b7:92:9f:37:d0:f1:
                    7b:b6:02:65:0b:1a:7d:e9:6e:0f:16:db:ad:37:ea:
                    34:73:77:1c:b7:82:69:97:82:97:5c:7f:85:04:47:
                    5f:e3:b8:3f:74:e5:fd:6e:1f:61:91:6b:66:cb:5f:
                    df:83:19:22:e7:02:5b:e4:fa:62:0c:92:ab:a9:36:
                    39:b2:49:1c:3a:a3:36:37:0e:b9:e5:be:25:f8:bf:
                    07:f9:49:b7:75:f9:32:59:dd:0e:22:35:9c:9b:d3:
                    7f:a9:38:48:32:af:f1:89:5c:61:b0:df:34:dd:26:
                    7d:0a:b9:19:b1:63:ad:c3:d6:46:c5:2e:3c:f9:21:
                    c0:20:2b:a3:50:70:ec:b1:fd:ab:a1:b7:71:b2:01:
                    36:da:c0:8f:fd:e0:e5:73:b2:c6:62:6d:d4:ff:e9:
                    17:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:7E:92:FE:E7:AE:6D:06:61:1F:1F:2D:06:65:F7:27:EB:0E:93:2F
            X509v3 Authority Key Identifier:
                keyid:FD:63:69:27:1B:6D:13:A6:AE:DC:AA:23:EB:B2:9E:29:B7:96:A4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_WNpJxttE6au3Koj67KeKbeWpGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ed5e15-4f14-49e6-a6dd-45351f9dbb52/1/BH6S_ueubQZhHx8tBmX3J-sOky8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ed5e15-4f14-49e6-a6dd-45351f9dbb52/1/_WNpJxttE6au3Koj67KeKbeWpGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:43:f7:57:24:0b:38:53:29:b5:6c:06:93:76:d1:e7:e3:33:
         1d:af:3f:c4:f2:2d:de:08:55:af:b8:8e:7f:23:cc:ab:38:dd:
         1e:94:ec:93:d0:dd:c0:df:90:28:ec:a3:9c:ce:68:2f:83:db:
         47:ad:76:74:8c:6d:ac:fc:64:c9:2c:43:87:b8:73:b3:a4:59:
         f1:50:3f:3b:60:9e:f9:b9:3e:65:47:33:16:d9:7b:a4:04:6a:
         43:92:7c:11:c5:f0:17:f3:b2:45:88:f4:6c:ef:66:c6:63:ff:
         5a:a6:39:cc:d7:22:61:2c:6b:2c:b4:57:e6:09:cd:4d:8b:0c:
         8b:50:07:56:2c:17:f1:47:fd:ec:a7:59:60:83:5f:53:e9:66:
         9b:48:1a:35:f4:a1:a5:dc:f4:f3:7d:59:54:a8:f1:81:68:0c:
         7b:37:5e:26:b9:28:5b:f0:ba:fc:04:65:cb:5e:d2:ae:3b:ed:
         4a:7d:6b:78:d2:49:e6:3c:27:d7:13:dc:c2:8d:4b:42:d5:33:
         ea:48:1a:60:7d:03:34:f1:d9:75:ac:bd:65:a7:e9:25:ff:9f:
         01:e9:29:16:68:4d:25:8a:db:2c:34:11:e5:de:aa:87:3c:c6:
         52:bc:cc:5f:3e:1b:f9:ce:6d:cd:ce:2f:4c:7a:c7:6a:6a:e3:
         09:96:87:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxzBi+RuQa5pBhzZq+v6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNjM2OTI3MWI2ZDEzYTZhZWRjYWEyM2ViYjI5ZTI5Yjc5
NmE0NmIwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDdlOTJmZWU3YWU2ZDA2NjExZjFmMmQwNjY1ZjcyN2ViMGU5MzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgA2y0TiTLvbFbQJQ1FY6t6sHh7DL
qpivUPqI9kPrEnkMKuD80Q7iY1ck8/vulb3cM2EOPEzMkyff3tSFt0+Ka/XXSXV6
30pwZb5d2UNU43vjClyfvmLUUoHgqE2vN6K5+Ka3kp830PF7tgJlCxp96W4PFtut
N+o0c3cct4Jpl4KXXH+FBEdf47g/dOX9bh9hkWtmy1/fgxki5wJb5PpiDJKrqTY5
skkcOqM2Nw655b4l+L8H+Um3dfkyWd0OIjWcm9N/qThIMq/xiVxhsN803SZ9CrkZ
sWOtw9ZGxS48+SHAICujUHDssf2robdxsgE22sCP/eDlc7LGYm3U/+kXywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAR+kv7nrm0GYR8fLQZl9yfrDpMvMB8GA1UdIwQY
MBaAFP1jaScbbROmrtyqI+uynim3lqRrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1dOcEp4dHRFNmF1M0tvajY3S2VLYmVXcEdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9lZDVlMTUtNGYxNC00OWU2LWE2ZGQt
NDUzNTFmOWRiYjUyLzEvQkg2U191ZXViUVpoSHg4dEJtWDNKLXNPa3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9lZDVlMTUtNGYxNC00OWU2LWE2ZGQtNDUzNTFmOWRiYjUy
LzEvX1dOcEp4dHRFNmF1M0tvajY3S2VLYmVXcEdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwjcCMA0G
CSqGSIb3DQEBCwUAA4IBAQCcQ/dXJAs4Uym1bAaTdtHn4zMdrz/E8i3eCFWvuI5/
I8yrON0elOyT0N3A35Ao7KOczmgvg9tHrXZ0jG2s/GTJLEOHuHOzpFnxUD87YJ75
uT5lRzMW2XukBGpDknwRxfAX87JFiPRs72bGY/9apjnM1yJhLGsstFfmCc1NiwyL
UAdWLBfxR/3sp1lgg19T6WabSBo19KGl3PTzfVlUqPGBaAx7N14muShb8Lr8BGXL
XtKuO+1KfWt40knmPCfXE9zCjUtC1TPqSBpgfQM08dl1rL1lp+kl/58B6SkWaE0l
itssNBHl3qqHPMZSvMxfPhv5zm3Nzi9MesdqauMJloe8
-----END CERTIFICATE-----