Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/6rwwiGbLIJDok9TfYMhaWm1XGvU.roa
File:                     6rwwiGbLIJDok9TfYMhaWm1XGvU.roa (raw, json)
Hash identifier:          T68Lp2VOVEfaPNSgCcpJ6ODW2x/i7puZsKbsEdSClnM=
Subject key identifier:   EA:BC:30:88:66:CB:20:90:E8:93:D4:DF:60:C8:5A:5A:6D:57:1A:F5
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BAA1D5EFAF2FBD991C24A79010DF6C
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/6rwwiGbLIJDok9TfYMhaWm1XGvU.roa
Signing time:             Tue 02 Jan 2024 10:31:40 +0000
ROA not before:           Tue 02 Jan 2024 10:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        178.253.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:a1:d5:ef:af:2f:bd:99:1c:24:a7:90:10:df:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eabc308866cb2090e893d4df60c85a5a6d571af5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:1a:ff:c2:ec:db:bd:47:d2:b0:11:c1:22:62:
                    fb:98:67:be:c9:2d:8d:63:dc:c3:f4:23:ad:ad:67:
                    13:25:fa:45:46:41:ae:a2:fb:5b:9a:68:9f:ea:d3:
                    a3:c1:c7:22:54:58:59:f5:2e:c8:58:19:1e:a4:68:
                    0a:14:a0:5a:1b:b1:08:0b:04:f6:1d:70:8e:ab:83:
                    a2:21:96:71:69:b6:d3:5b:7f:01:d7:14:b0:2e:08:
                    4f:be:8c:61:14:cd:56:a4:b9:2b:a0:10:6f:51:24:
                    6f:2d:72:f4:31:a5:9e:bb:30:16:e3:54:54:d3:65:
                    69:85:77:0c:58:81:fd:1f:7b:d4:f5:64:e7:90:a2:
                    e0:86:3d:3a:c4:35:25:4a:25:d8:b0:a4:a2:e5:0f:
                    86:a3:2f:8b:35:a8:49:69:4c:f4:cd:ce:bb:2f:ca:
                    05:9c:fa:78:07:39:1f:a9:cc:47:77:01:a6:16:6b:
                    f6:3f:79:f5:80:95:62:d3:8c:9d:02:62:c3:56:d3:
                    27:8c:20:c1:62:03:6d:e7:a6:bb:52:9f:8a:ad:f1:
                    58:3a:6f:4f:a9:5e:13:e7:58:75:1d:8b:13:6e:95:
                    99:23:58:ee:49:18:42:05:04:29:0b:92:7b:7c:f4:
                    73:4a:00:40:1a:65:a0:69:d4:1e:01:ac:02:86:54:
                    51:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:BC:30:88:66:CB:20:90:E8:93:D4:DF:60:C8:5A:5A:6D:57:1A:F5
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/6rwwiGbLIJDok9TfYMhaWm1XGvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:d2:06:cb:b8:ca:05:ec:21:6c:d4:a7:e2:5e:f5:a0:28:91:
         75:ba:e4:c7:01:58:a8:39:91:34:30:2d:b4:f1:e0:1e:6f:0d:
         5a:ef:80:ec:b0:eb:04:6f:71:47:dc:25:b1:b3:e7:68:0d:b8:
         27:b8:8d:f4:8c:87:89:c7:1b:4d:52:32:00:50:d1:b4:78:1b:
         c8:df:3e:04:b9:cd:7f:65:99:61:77:c0:2a:f7:64:2f:e3:ec:
         e7:7f:bc:58:24:43:fc:01:18:b5:69:11:bd:25:91:a1:17:c7:
         43:31:a9:f8:a4:f8:9f:1c:b0:d6:04:15:4d:f4:25:fb:1e:87:
         0f:1a:de:1d:8f:33:3f:67:99:7b:95:6c:f9:40:c8:a8:bf:e3:
         06:9f:d9:86:bb:20:1f:61:2a:06:d4:15:96:c9:be:4f:45:ee:
         ac:93:fa:fc:88:43:79:91:b5:51:43:4b:16:60:cb:92:03:dc:
         f9:bd:23:0e:c1:ca:e9:b5:1c:d9:c5:5d:33:d2:c9:60:de:b3:
         e9:45:1a:c8:93:02:c6:ef:14:b3:0c:bc:85:85:63:f6:37:b3:
         2a:e0:e8:d4:fb:a1:98:e1:59:d5:4a:ec:c4:d4:7b:6f:b6:cd:
         06:a7:ba:54:d5:b7:60:d8:56:3b:cd:cc:17:a6:c8:da:c3:e1:
         41:91:de:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuqHV768vvZkcJKeQEN9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWJjMzA4ODY2Y2IyMDkwZTg5M2Q0ZGY2MGM4NWE1YTZkNTcxYWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8hr/wuzbvUfSsBHBImL7mGe+yS2N
Y9zD9COtrWcTJfpFRkGuovtbmmif6tOjwcciVFhZ9S7IWBkepGgKFKBaG7EICwT2
HXCOq4OiIZZxabbTW38B1xSwLghPvoxhFM1WpLkroBBvUSRvLXL0MaWeuzAW41RU
02VphXcMWIH9H3vU9WTnkKLghj06xDUlSiXYsKSi5Q+Goy+LNahJaUz0zc67L8oF
nPp4BzkfqcxHdwGmFmv2P3n1gJVi04ydAmLDVtMnjCDBYgNt56a7Up+KrfFYOm9P
qV4T51h1HYsTbpWZI1juSRhCBQQpC5J7fPRzSgBAGmWgadQeAawChlRRYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOq8MIhmyyCQ6JPU32DIWlptVxr1MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvNnJ3d2lHYkxJSkRvazlUZllNaGFXbTFYR3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0hMA0G
CSqGSIb3DQEBCwUAA4IBAQBp0gbLuMoF7CFs1KfiXvWgKJF1uuTHAVioOZE0MC20
8eAebw1a74DssOsEb3FH3CWxs+doDbgnuI30jIeJxxtNUjIAUNG0eBvI3z4Euc1/
ZZlhd8Aq92Qv4+znf7xYJEP8ARi1aRG9JZGhF8dDMan4pPifHLDWBBVN9CX7HocP
Gt4djzM/Z5l7lWz5QMiov+MGn9mGuyAfYSoG1BWWyb5PRe6sk/r8iEN5kbVRQ0sW
YMuSA9z5vSMOwcrptRzZxV0z0slg3rPpRRrIkwLG7xSzDLyFhWP2N7Mq4OjU+6GY
4VnVSuzE1Htvts0Gp7pU1bdg2FY7zcwXpsjaw+FBkd5F
-----END CERTIFICATE-----