Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/KfJG6UDlNmdfbd4cgrrjUEgUEhE.roa
File:                     KfJG6UDlNmdfbd4cgrrjUEgUEhE.roa (raw, json)
Hash identifier:          QRIC7/ZIvUD/C27X6h7f5+sNHrFCE5tZfvVqKBYQ0c8=
Subject key identifier:   29:F2:46:E9:40:E5:36:67:5F:6D:DE:1C:82:BA:E3:50:48:14:12:11
Certificate issuer:       /CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
Certificate serial:       018CC2DB46636C1FF2A32B8473BEA657191D
Authority key identifier: DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/KfJG6UDlNmdfbd4cgrrjUEgUEhE.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203020
IP address blocks:        185.246.172.0/22 maxlen: 32
                          46.232.208.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:46:63:6c:1f:f2:a3:2b:84:73:be:a6:57:19:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29f246e940e536675f6dde1c82bae35048141211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:cb:a6:f4:8e:01:b5:42:97:0f:72:48:5d:95:
                    33:57:b9:f0:ef:ff:ab:f1:9d:4b:a7:c6:6f:0c:52:
                    43:90:2b:70:e4:5e:f5:d2:2b:77:60:e5:90:46:41:
                    66:10:da:eb:3c:20:29:85:fa:50:27:a6:0b:35:c0:
                    44:85:08:dd:f4:0d:60:4c:dd:7b:d4:bd:08:d5:22:
                    d3:6b:dd:58:b8:3a:3f:ee:59:7e:0b:82:2b:dd:7b:
                    b5:e3:e4:2f:9f:80:0c:18:59:3d:56:15:13:25:ac:
                    31:9d:96:5f:6a:20:e6:48:18:a9:b2:81:23:a8:e2:
                    b8:01:f6:cc:04:23:91:e8:24:80:96:2b:fb:67:88:
                    a9:20:61:fd:2e:fe:19:bd:92:83:66:a8:06:b3:45:
                    a4:c0:ab:2b:5a:a6:0c:ae:6d:1f:13:7e:5e:00:23:
                    f7:d0:10:b2:d9:3d:98:49:da:4d:b5:50:f1:c2:58:
                    58:1c:4c:37:9d:c6:c4:0b:a3:0f:34:ca:e3:82:81:
                    4c:45:c3:a8:43:76:ae:41:54:d6:be:14:85:75:34:
                    4b:50:81:e5:25:83:56:41:48:dd:f3:4a:81:ad:22:
                    02:9c:dc:91:f1:b2:b6:b9:6b:dc:ca:8d:1b:ae:7a:
                    5a:3a:5f:d2:ca:25:b2:cb:c0:5a:3b:7d:cb:d9:aa:
                    39:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F2:46:E9:40:E5:36:67:5F:6D:DE:1C:82:BA:E3:50:48:14:12:11
            X509v3 Authority Key Identifier:
                keyid:DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/KfJG6UDlNmdfbd4cgrrjUEgUEhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.208.0/23
                  185.246.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:d2:df:32:a0:59:d9:f1:98:be:04:61:21:fc:86:9d:04:82:
         78:f6:0f:0c:50:38:82:f6:85:88:16:ca:94:56:a8:eb:28:97:
         28:08:38:e3:41:91:49:ba:46:93:3e:15:a8:3d:af:4c:9a:50:
         32:8e:db:2c:d6:86:9e:13:58:fb:c2:51:02:63:55:0c:b6:40:
         7e:b2:97:38:a7:38:d8:90:6c:99:eb:10:3c:66:0b:a0:fd:56:
         2b:07:a2:87:4c:74:1a:c1:6e:6c:87:79:76:6a:57:32:f6:bc:
         c0:cf:34:5a:d4:00:03:f7:83:7a:88:88:28:62:dc:15:af:a4:
         60:d0:cd:ff:03:bc:f7:c9:e1:7c:4e:72:91:16:d0:ae:20:3e:
         e2:3a:e6:bb:d0:f3:a3:a2:4c:85:9d:54:86:7b:41:22:32:28:
         db:12:0f:ee:40:e9:24:a7:e0:28:8a:88:d7:8c:14:e3:d7:57:
         84:db:af:23:78:ae:f0:e9:6e:62:c7:e8:8f:6d:d9:e3:eb:86:
         f1:bf:c9:32:8b:8e:1c:92:82:f4:36:5a:ab:cc:f7:48:1d:e1:
         ff:a5:b9:b1:71:a8:45:5b:3f:b4:15:2a:da:13:2e:a3:cd:68:
         cf:94:dc:d0:37:30:54:3a:0d:64:6a:fa:4b:8f:61:c6:85:99:
         15:1a:40:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC20ZjbB/yoyuEc76mVxkdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOGY5NjFjNmVmYmI3ZjljZTc0MjE3YjFkNWRiYjU0ZTk4
MWM2ZjIwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWYyNDZlOTQwZTUzNjY3NWY2ZGRlMWM4MmJhZTM1MDQ4MTQxMjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsum9I4BtUKXD3JIXZUzV7nw7/+r
8Z1Lp8ZvDFJDkCtw5F710it3YOWQRkFmENrrPCAphfpQJ6YLNcBEhQjd9A1gTN17
1L0I1SLTa91YuDo/7ll+C4Ir3Xu14+Qvn4AMGFk9VhUTJawxnZZfaiDmSBipsoEj
qOK4AfbMBCOR6CSAliv7Z4ipIGH9Lv4ZvZKDZqgGs0WkwKsrWqYMrm0fE35eACP3
0BCy2T2YSdpNtVDxwlhYHEw3ncbEC6MPNMrjgoFMRcOoQ3auQVTWvhSFdTRLUIHl
JYNWQUjd80qBrSICnNyR8bK2uWvcyo0brnpaOl/SyiWyy8BaO33L2ao5eQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCnyRulA5TZnX23eHIK641BIFBIRMB8GA1UdIwQY
MBaAFN+Plhxu+7f5znQhex1du1TpgcbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMt
MjdmMmJjMTYyYTA3LzEvS2ZKRzZVRGxObWRmYmQ0Y2dycmpVRWdVRWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMtMjdmMmJjMTYyYTA3
LzEvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLujQAwQC
ufasMA0GCSqGSIb3DQEBCwUAA4IBAQBn0t8yoFnZ8Zi+BGEh/IadBIJ49g8MUDiC
9oWIFsqUVqjrKJcoCDjjQZFJukaTPhWoPa9MmlAyjtss1oaeE1j7wlECY1UMtkB+
spc4pzjYkGyZ6xA8Zgug/VYrB6KHTHQawW5sh3l2alcy9rzAzzRa1AAD94N6iIgo
YtwVr6Rg0M3/A7z3yeF8TnKRFtCuID7iOua70POjokyFnVSGe0EiMijbEg/uQOkk
p+AoiojXjBTj11eE268jeK7w6W5ix+iPbdnj64bxv8kyi44ckoL0NlqrzPdIHeH/
pbmxcahFWz+0FSraEy6jzWjPlNzQNzBUOg1kavpLj2HGhZkVGkDV
-----END CERTIFICATE-----