Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/6DqkVvakqIMvyb0NWDM8IKT7pvE.roa
File:                     6DqkVvakqIMvyb0NWDM8IKT7pvE.roa (raw, json)
Hash identifier:          ooUxWNs5fUlNBMxCqZRm4WJSZRraTG6z4uUZVgPUlUk=
Subject key identifier:   E8:3A:A4:56:F6:A4:A8:83:2F:C9:BD:0D:58:33:3C:20:A4:FB:A6:F1
Certificate issuer:       /CN=3694fcc6bf6a8740fa7814641fd9d6ec8d862e5f
Certificate serial:       019113EE37D2F14C5D432142A8D942EE09C6
Authority key identifier: 36:94:FC:C6:BF:6A:87:40:FA:78:14:64:1F:D9:D6:EC:8D:86:2E:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/6DqkVvakqIMvyb0NWDM8IKT7pvE.roa
Signing time:             Fri 02 Aug 2024 16:31:04 +0000
ROA not before:           Fri 02 Aug 2024 16:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     268581
IP address blocks:        185.194.204.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:13:ee:37:d2:f1:4c:5d:43:21:42:a8:d9:42:ee:09:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3694fcc6bf6a8740fa7814641fd9d6ec8d862e5f
        Validity
            Not Before: Aug  2 16:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e83aa456f6a4a8832fc9bd0d58333c20a4fba6f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:55:e4:52:d8:8d:f4:63:4d:72:ae:37:c2:40:
                    b3:9a:de:f4:0a:7c:d0:ac:d1:c9:a4:58:e8:3c:d8:
                    03:19:33:20:ac:83:47:26:86:7b:bd:b8:44:bd:17:
                    ea:8a:22:9e:d4:c1:eb:4e:4d:7c:57:d0:6b:a0:71:
                    fc:6e:af:fe:d0:02:48:60:fe:87:ad:e1:95:a4:ee:
                    0a:46:0d:19:f5:86:79:ec:72:2a:fe:71:08:9b:32:
                    6d:95:59:9b:09:ea:8d:80:47:e9:c6:7e:32:ec:61:
                    cb:e8:4e:50:ff:1d:a9:ba:ca:bf:d4:a7:c4:bd:f3:
                    4e:cd:2e:87:44:7d:06:c2:6f:10:ce:e0:f0:d1:69:
                    42:ba:6c:28:1b:d4:09:9f:8b:d3:0f:ae:77:9b:b9:
                    26:6a:66:9b:da:d9:18:44:00:39:68:7e:b2:a3:c4:
                    9c:fc:49:46:84:f9:b5:4a:cc:84:2e:63:cc:1d:c2:
                    ca:5e:ec:96:ff:e9:e0:e6:bc:3f:98:ec:89:80:9a:
                    1d:19:ff:f7:5a:d0:fa:ad:20:a5:83:a0:fa:85:4c:
                    83:42:c8:57:61:82:5e:27:fc:c4:e7:84:94:c0:11:
                    56:06:f2:0f:a4:f7:6f:89:64:ef:f3:6a:2c:68:06:
                    43:d3:ac:3b:07:5d:97:20:ff:3a:98:5d:5a:00:e9:
                    81:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:3A:A4:56:F6:A4:A8:83:2F:C9:BD:0D:58:33:3C:20:A4:FB:A6:F1
            X509v3 Authority Key Identifier:
                keyid:36:94:FC:C6:BF:6A:87:40:FA:78:14:64:1F:D9:D6:EC:8D:86:2E:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/6DqkVvakqIMvyb0NWDM8IKT7pvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c5:8b:6d:76:a7:a5:5f:cc:3b:68:c7:24:9b:da:48:6e:d1:dd:
         02:5b:10:e1:d2:ee:72:38:42:2d:cb:cc:18:da:ac:fb:e4:58:
         ad:c6:36:6a:81:b0:41:8e:ee:29:67:e9:86:a4:cc:c7:19:21:
         fe:1b:17:75:8b:72:24:c9:a5:1a:af:ee:45:1f:9b:f8:61:c2:
         9b:d9:01:67:67:d3:a8:7d:4d:02:e2:6b:b3:14:8e:5d:5f:c9:
         c8:f8:49:04:0c:4c:3a:e6:70:5a:82:a6:44:bd:f3:41:ae:4e:
         27:4b:88:9c:35:22:9c:12:40:44:99:92:93:da:8f:6f:79:3f:
         4d:00:d7:27:d2:83:64:7d:50:93:c6:44:67:3d:01:49:82:2d:
         f9:41:01:5f:c9:11:ae:12:30:94:a7:ab:9f:0d:58:9c:76:3d:
         e8:24:c4:b1:66:7b:87:10:eb:56:4c:04:f5:93:ae:ac:16:de:
         7f:60:d4:6f:5a:bc:dd:fa:a7:06:6f:d2:3c:14:88:31:36:b5:
         dd:8d:89:e1:b8:2a:04:ef:0c:ba:e1:61:49:1a:e5:5d:f9:1a:
         ac:8f:b4:fe:d1:40:40:7f:3d:c6:42:eb:76:72:84:72:a3:de:
         7c:eb:2c:06:67:d7:8e:eb:ac:28:ee:a7:34:2e:09:04:5f:a8:
         b2:16:53:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZET7jfS8UxdQyFCqNlC7gnGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTRmY2M2YmY2YTg3NDBmYTc4MTQ2NDFmZDlkNmVjOGQ4
NjJlNWYwHhcNMjQwODAyMTYzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODNhYTQ1NmY2YTRhODgzMmZjOWJkMGQ1ODMzM2MyMGE0ZmJhNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFXkUtiN9GNNcq43wkCzmt70CnzQ
rNHJpFjoPNgDGTMgrINHJoZ7vbhEvRfqiiKe1MHrTk18V9BroHH8bq/+0AJIYP6H
reGVpO4KRg0Z9YZ57HIq/nEImzJtlVmbCeqNgEfpxn4y7GHL6E5Q/x2pusq/1KfE
vfNOzS6HRH0Gwm8QzuDw0WlCumwoG9QJn4vTD653m7kmamab2tkYRAA5aH6yo8Sc
/ElGhPm1SsyELmPMHcLKXuyW/+ng5rw/mOyJgJodGf/3WtD6rSClg6D6hUyDQshX
YYJeJ/zE54SUwBFWBvIPpPdviWTv82osaAZD06w7B12XIP86mF1aAOmBFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOg6pFb2pKiDL8m9DVgzPCCk+6bxMB8GA1UdIwQY
MBaAFDaU/Ma/aodA+ngUZB/Z1uyNhi5fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBUOHhyOXFoMEQ2ZUJSa0g5blc3STJHTGw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9hOGRkOWUtNzFmMi00Zjc3LWI1NzUt
MGQzZmNlNDI5YmRlLzEvNkRxa1Z2YWtxSU12eWIwTldETThJS1Q3cHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9hOGRkOWUtNzFmMi00Zjc3LWI1NzUtMGQzZmNlNDI5YmRl
LzEvTnBUOHhyOXFoMEQ2ZUJSa0g5blc3STJHTGw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucLMMA0G
CSqGSIb3DQEBCwUAA4IBAQDFi212p6VfzDtoxySb2khu0d0CWxDh0u5yOEIty8wY
2qz75FitxjZqgbBBju4pZ+mGpMzHGSH+Gxd1i3IkyaUar+5FH5v4YcKb2QFnZ9Oo
fU0C4muzFI5dX8nI+EkEDEw65nBagqZEvfNBrk4nS4icNSKcEkBEmZKT2o9veT9N
ANcn0oNkfVCTxkRnPQFJgi35QQFfyRGuEjCUp6ufDVicdj3oJMSxZnuHEOtWTAT1
k66sFt5/YNRvWrzd+qcGb9I8FIgxNrXdjYnhuCoE7wy64WFJGuVd+Rqsj7T+0UBA
fz3GQut2coRyo9586ywGZ9eO66wo7qc0LgkEX6iyFlOc
-----END CERTIFICATE-----