Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/6kR0y783iUwPfelync_sBfyVTtw.roa
File:                     6kR0y783iUwPfelync_sBfyVTtw.roa (raw, json)
Hash identifier:          nQbYJceJ1fXk9mTfIM1NG7mZwFODOmMdTrm/xj1qX8Y=
Subject key identifier:   EA:44:74:CB:BF:37:89:4C:0F:7D:E9:72:9D:CF:EC:05:FC:95:4E:DC
Certificate issuer:       /CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Certificate serial:       018CC94DAB6C1B0166730241CA3FF2F397A0
Authority key identifier: 30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/6kR0y783iUwPfelync_sBfyVTtw.roa
Signing time:             Tue 02 Jan 2024 08:32:39 +0000
ROA not before:           Tue 02 Jan 2024 08:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203984
IP address blocks:        185.145.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ab:6c:1b:01:66:73:02:41:ca:3f:f2:f3:97:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
        Validity
            Not Before: Jan  2 08:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea4474cbbf37894c0f7de9729dcfec05fc954edc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ff:05:09:07:2f:c5:58:ea:e3:d9:c1:63:a8:
                    52:a3:a7:08:06:8a:7e:ce:b0:1b:1c:cc:69:b9:52:
                    e9:4d:35:4c:fa:49:e0:8a:6b:e3:57:53:6b:93:a1:
                    32:98:b1:29:3a:ca:45:84:31:92:34:8d:2d:b5:4a:
                    2a:a5:93:b1:a6:fb:40:98:8f:c7:4b:e9:84:e7:a1:
                    7f:a3:64:78:6f:ee:ee:76:13:fb:52:af:bd:bb:ed:
                    c3:99:80:57:06:6c:e0:af:fd:57:77:79:dd:5c:ae:
                    0d:e9:ad:6b:12:51:ea:cf:a9:9b:3b:8e:77:b2:98:
                    b8:4b:41:f9:b9:19:4c:73:4f:4a:eb:9c:d6:96:7a:
                    5d:e6:a1:05:97:1c:d2:22:00:ac:fa:89:a7:32:14:
                    85:3d:c8:0f:04:3c:17:df:77:4a:c0:6a:fd:cf:92:
                    ba:3a:1a:4b:41:d7:ce:2a:3f:dc:7a:e4:74:d2:6a:
                    7a:dd:93:25:25:fb:1a:56:79:b4:ed:b6:f6:40:8a:
                    3e:7e:67:32:d4:28:10:f2:b8:75:4b:5d:84:5c:5b:
                    ed:fe:e9:b9:c9:7b:a7:ba:e3:c6:46:14:ed:be:35:
                    6d:4d:ce:80:bc:ad:87:49:c4:43:7d:28:47:af:9e:
                    52:f4:02:67:45:02:35:a2:d4:2d:9c:9b:fa:6f:3b:
                    17:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:44:74:CB:BF:37:89:4C:0F:7D:E9:72:9D:CF:EC:05:FC:95:4E:DC
            X509v3 Authority Key Identifier:
                keyid:30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/6kR0y783iUwPfelync_sBfyVTtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:99:be:a3:26:d9:2d:35:25:e4:54:e8:e3:a2:80:2e:fa:2e:
         df:05:27:b5:27:25:96:49:2d:67:54:d3:83:4a:ff:47:f7:e6:
         e6:25:e5:4b:87:4a:b8:34:0d:f5:d0:18:0a:08:00:54:47:e8:
         14:17:5f:96:9c:6d:84:10:ca:08:04:36:7d:6c:e4:08:1c:71:
         b0:37:b8:08:12:4a:cc:6e:1b:40:2f:22:99:7e:be:06:60:bf:
         4a:ec:01:63:71:61:a0:33:b8:61:a8:ff:7e:89:cc:77:e4:86:
         42:18:c7:e8:2f:fd:e8:9c:af:48:18:52:03:61:2e:43:ba:77:
         d4:85:b4:8e:64:26:8b:ad:9e:8d:ec:24:ff:16:50:cc:73:41:
         10:91:05:1f:c9:c5:b7:eb:f4:9f:41:9a:82:e6:66:fe:70:4e:
         da:74:47:a9:a3:33:06:2b:e3:74:dc:dd:2d:88:59:c6:f5:26:
         34:cf:60:68:e7:ac:bf:9d:50:28:d4:40:d4:aa:47:8f:8d:82:
         35:8c:f2:6f:b0:d2:0d:2b:fe:95:ee:ab:89:9c:4b:23:ca:20:
         68:d1:6b:d2:db:7c:48:56:23:b8:83:a0:14:04:92:97:cf:c6:
         ba:a3:c8:fe:86:97:1b:07:fe:1c:1e:f8:6d:46:bc:71:b0:b7:
         31:c1:51:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTatsGwFmcwJByj/y85egMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjFiYTYxMTFjOGYxZDNmMzdjMWI3YzFhNWVkNzM3NDAy
MTkyZjIwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQ0NzRjYmJmMzc4OTRjMGY3ZGU5NzI5ZGNmZWMwNWZjOTU0ZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/8FCQcvxVjq49nBY6hSo6cIBop+
zrAbHMxpuVLpTTVM+kngimvjV1Nrk6EymLEpOspFhDGSNI0ttUoqpZOxpvtAmI/H
S+mE56F/o2R4b+7udhP7Uq+9u+3DmYBXBmzgr/1Xd3ndXK4N6a1rElHqz6mbO453
spi4S0H5uRlMc09K65zWlnpd5qEFlxzSIgCs+omnMhSFPcgPBDwX33dKwGr9z5K6
OhpLQdfOKj/ceuR00mp63ZMlJfsaVnm07bb2QIo+fmcy1CgQ8rh1S12EXFvt/um5
yXunuuPGRhTtvjVtTc6AvK2HScRDfShHr55S9AJnRQI1otQtnJv6bzsXzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpEdMu/N4lMD33pcp3P7AX8lU7cMB8GA1UdIwQY
MBaAFDDxumERyPHT83wbfBpe1zdAIZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQt
YzMzMDE4NjMzZDMzLzEvNmtSMHk3ODNpVXdQZmVseW5jX3NCZnlWVHR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQtYzMzMDE4NjMzZDMz
LzEvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZFMMA0G
CSqGSIb3DQEBCwUAA4IBAQCLmb6jJtktNSXkVOjjooAu+i7fBSe1JyWWSS1nVNOD
Sv9H9+bmJeVLh0q4NA310BgKCABUR+gUF1+WnG2EEMoIBDZ9bOQIHHGwN7gIEkrM
bhtALyKZfr4GYL9K7AFjcWGgM7hhqP9+icx35IZCGMfoL/3onK9IGFIDYS5DunfU
hbSOZCaLrZ6N7CT/FlDMc0EQkQUfycW36/SfQZqC5mb+cE7adEepozMGK+N03N0t
iFnG9SY0z2Bo56y/nVAo1EDUqkePjYI1jPJvsNINK/6V7quJnEsjyiBo0WvS23xI
ViO4g6AUBJKXz8a6o8j+hpcbB/4cHvhtRrxxsLcxwVEp
-----END CERTIFICATE-----