Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/6ekLaxXWoNBbtYJfauAmFi6wuRw.roa
File:                     6ekLaxXWoNBbtYJfauAmFi6wuRw.roa (raw, json)
Hash identifier:          LXaj4O3msc0/r42Cy/ZBFKT/yHavUsx7ODbmTOrjYfw=
Subject key identifier:   E9:E9:0B:6B:15:D6:A0:D0:5B:B5:82:5F:6A:E0:26:16:2E:B0:B9:1C
Certificate issuer:       /CN=9ae7d661afca3d3370b8e634494d5246b83d585f
Certificate serial:       018CC5004CDC772D8F555C4DE35ABF0F4646
Authority key identifier: 9A:E7:D6:61:AF:CA:3D:33:70:B8:E6:34:49:4D:52:46:B8:3D:58:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mufWYa_KPTNwuOY0SU1SRrg9WF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/6ekLaxXWoNBbtYJfauAmFi6wuRw.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42336
IP address blocks:        89.45.84.0/22 maxlen: 24
                          185.39.228.0/22 maxlen: 24
                          2a01:4aa0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/mufWYa_KPTNwuOY0SU1SRrg9WF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/mufWYa_KPTNwuOY0SU1SRrg9WF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mufWYa_KPTNwuOY0SU1SRrg9WF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4c:dc:77:2d:8f:55:5c:4d:e3:5a:bf:0f:46:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ae7d661afca3d3370b8e634494d5246b83d585f
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9e90b6b15d6a0d05bb5825f6ae026162eb0b91c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7f:3c:c2:b1:3f:bd:9f:17:53:5a:48:81:c2:
                    df:28:ca:d0:eb:e3:2d:44:d6:0b:52:ea:14:98:5d:
                    07:7c:de:ef:68:90:bb:36:45:20:aa:75:eb:7e:37:
                    17:72:b4:15:1e:cf:d6:d6:4c:25:dd:83:64:f2:63:
                    2b:7d:07:3f:0c:2a:db:f3:8c:7c:78:2c:65:98:9e:
                    ee:f2:1e:05:8e:98:e0:de:b1:b8:22:e5:18:f8:06:
                    0b:46:3a:37:c6:32:e6:5f:aa:c4:99:7b:89:d7:e2:
                    8c:b2:7f:f0:57:c5:ae:9e:00:cc:32:dd:17:0f:4b:
                    75:6f:eb:92:d4:71:f5:18:a9:32:fa:1d:69:b2:2c:
                    4a:d9:c1:b5:e8:6b:12:96:ad:52:9f:58:d3:e7:32:
                    fb:3c:7f:0e:26:d9:fc:65:1b:e9:10:c8:cc:45:74:
                    d7:c9:f2:55:91:f7:40:d6:f0:37:4b:6f:c7:6d:db:
                    23:e9:ef:60:5a:47:58:55:51:58:82:62:13:95:75:
                    d6:82:f4:57:31:6b:cb:22:83:2c:11:58:b3:05:cc:
                    ee:fd:48:d2:09:7c:5f:c7:da:25:45:4d:0d:61:bd:
                    28:d4:91:8a:f4:29:2b:53:8a:0e:ca:57:8f:a4:f9:
                    c6:05:51:2f:38:7c:97:61:e2:be:81:91:43:8f:61:
                    71:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:E9:0B:6B:15:D6:A0:D0:5B:B5:82:5F:6A:E0:26:16:2E:B0:B9:1C
            X509v3 Authority Key Identifier:
                keyid:9A:E7:D6:61:AF:CA:3D:33:70:B8:E6:34:49:4D:52:46:B8:3D:58:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mufWYa_KPTNwuOY0SU1SRrg9WF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/6ekLaxXWoNBbtYJfauAmFi6wuRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/mufWYa_KPTNwuOY0SU1SRrg9WF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.84.0/22
                  185.39.228.0/22
                IPv6:
                  2a01:4aa0::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:6e:13:06:90:8f:c8:73:c3:55:d0:58:de:ed:7f:f7:ef:f1:
         f7:79:ee:04:36:59:65:00:d6:f5:60:d4:1a:2b:fb:ce:19:b6:
         46:28:b4:c7:a2:34:1c:e4:c4:82:4b:08:89:11:35:ae:77:f8:
         4d:e4:5a:1f:8e:6b:9c:42:18:ae:09:db:c9:b6:84:0c:b1:27:
         aa:10:d0:5b:7f:84:50:53:1a:25:1b:a2:3f:05:42:cd:0f:c3:
         37:7a:5f:41:ca:ae:99:35:1d:26:64:a1:a2:6c:e2:05:ed:8f:
         83:03:38:08:87:2e:70:39:6b:05:dc:a5:dc:36:ff:b2:52:70:
         da:9f:7e:ad:41:26:0a:57:2c:45:ce:6b:b3:f9:9d:b3:88:d6:
         ce:40:47:9e:f2:e4:0a:77:09:ef:53:64:cb:bf:13:bf:db:77:
         23:1f:36:74:1c:0a:6d:de:6f:af:96:e6:cd:1a:7b:db:16:3d:
         43:26:15:bb:75:b4:7c:fc:72:c6:30:8c:20:04:c3:42:33:9d:
         7c:83:e6:3d:07:c6:d5:5e:e0:eb:bc:16:72:b9:64:be:a3:20:
         e3:81:a0:8f:92:25:c8:83:51:fc:b9:4d:ac:47:0f:85:c4:64:
         fd:0c:b0:d4:51:c4:02:1a:c6:37:64:d5:48:37:97:99:f9:da:
         83:2f:ba:42
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAEzcdy2PVVxN41q/D0ZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZTdkNjYxYWZjYTNkMzM3MGI4ZTYzNDQ5NGQ1MjQ2Yjgz
ZDU4NWYwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWU5MGI2YjE1ZDZhMGQwNWJiNTgyNWY2YWUwMjYxNjJlYjBiOTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqH88wrE/vZ8XU1pIgcLfKMrQ6+Mt
RNYLUuoUmF0HfN7vaJC7NkUgqnXrfjcXcrQVHs/W1kwl3YNk8mMrfQc/DCrb84x8
eCxlmJ7u8h4Fjpjg3rG4IuUY+AYLRjo3xjLmX6rEmXuJ1+KMsn/wV8WungDMMt0X
D0t1b+uS1HH1GKky+h1psixK2cG16GsSlq1Sn1jT5zL7PH8OJtn8ZRvpEMjMRXTX
yfJVkfdA1vA3S2/Hbdsj6e9gWkdYVVFYgmITlXXWgvRXMWvLIoMsEVizBczu/UjS
CXxfx9olRU0NYb0o1JGK9CkrU4oOylePpPnGBVEvOHyXYeK+gZFDj2FxsQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOnpC2sV1qDQW7WCX2rgJhYusLkcMB8GA1UdIwQY
MBaAFJrn1mGvyj0zcLjmNElNUka4PVhfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXVmV1lhX0tQVE53dU9ZMFNVMVNScmc5V0Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lNDcwNWMtZTZkYS00MjJlLTg1OWMt
M2I2OGE0OWRjMDQyLzEvNmVrTGF4WFdvTkJidFlKZmF1QW1GaTZ3dVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lNDcwNWMtZTZkYS00MjJlLTg1OWMtM2I2OGE0OWRjMDQy
LzEvbXVmV1lhX0tQVE53dU9ZMFNVMVNScmc5V0Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCWS1UAwQC
uSfkMA0EAgACMAcDBQAqAUqgMA0GCSqGSIb3DQEBCwUAA4IBAQB0bhMGkI/Ic8NV
0Fje7X/37/H3ee4ENlllANb1YNQaK/vOGbZGKLTHojQc5MSCSwiJETWud/hN5Fof
jmucQhiuCdvJtoQMsSeqENBbf4RQUxolG6I/BULND8M3el9Byq6ZNR0mZKGibOIF
7Y+DAzgIhy5wOWsF3KXcNv+yUnDan36tQSYKVyxFzmuz+Z2ziNbOQEee8uQKdwnv
U2TLvxO/23cjHzZ0HApt3m+vlubNGnvbFj1DJhW7dbR8/HLGMIwgBMNCM518g+Y9
B8bVXuDrvBZyuWS+oyDjgaCPkiXIg1H8uU2sRw+FxGT9DLDUUcQCGsY3ZNVIN5eZ
+dqDL7pC
-----END CERTIFICATE-----