Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/N6PpGCu6laFG-H_3UKhnAa0-eRc.roa
File:                     N6PpGCu6laFG-H_3UKhnAa0-eRc.roa (raw, json)
Hash identifier:          MkfgLgxpx/vAa9cNlObuA6Yzwm0xpd8V8RCa3JMbkdM=
Subject key identifier:   37:A3:E9:18:2B:BA:95:A1:46:F8:7F:F7:50:A8:67:01:AD:3E:79:17
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB61432CBB8537F000D0DE46D9201C
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/N6PpGCu6laFG-H_3UKhnAa0-eRc.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39113
IP address blocks:        185.191.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:61:43:2c:bb:85:37:f0:00:d0:de:46:d9:20:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37a3e9182bba95a146f87ff750a86701ad3e7917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:54:bd:59:45:a3:cb:e7:e7:7b:e2:af:d1:d4:
                    8a:a8:93:e8:cd:fc:a5:a8:67:39:64:2d:6f:e7:61:
                    1d:cc:7b:1f:38:2c:22:2a:04:76:ea:3a:b9:30:99:
                    5d:9c:42:bb:15:7f:79:db:41:29:b9:dc:77:89:d7:
                    37:eb:e8:d5:de:63:a9:d9:cf:2d:4f:82:0d:31:db:
                    6b:73:26:ed:d3:3e:f7:63:41:40:72:e9:5a:b2:77:
                    ff:ec:e3:97:1b:2d:d9:78:ec:84:30:22:d2:13:d1:
                    fe:7c:a0:26:e4:66:eb:6f:22:e0:95:a4:5e:ee:8f:
                    b0:03:e0:d7:7d:0b:b9:9c:2f:9e:e7:9c:0b:82:9a:
                    ce:14:27:06:d5:b4:fb:35:bb:ad:12:78:92:2b:ba:
                    a0:2a:2e:04:8c:1e:ea:69:c6:26:8a:4a:aa:81:99:
                    a7:db:a2:6c:40:b8:a2:bf:5a:2e:6d:2d:ef:84:1f:
                    9c:7d:03:40:3d:6f:27:a9:2d:87:85:ec:74:59:02:
                    68:38:1f:b2:94:28:bb:ec:d4:e6:77:e5:2e:42:2c:
                    34:7b:65:54:9c:c5:35:6c:e0:77:92:ac:53:af:88:
                    c4:d6:1e:92:c5:99:8f:49:bd:b9:34:72:c6:28:4d:
                    0f:ac:7a:ce:c6:f2:3a:20:14:80:67:6a:a4:a0:4c:
                    d3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:A3:E9:18:2B:BA:95:A1:46:F8:7F:F7:50:A8:67:01:AD:3E:79:17
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/N6PpGCu6laFG-H_3UKhnAa0-eRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:57:e7:28:4a:eb:d0:a4:cd:ba:ca:a1:80:8a:91:bd:3d:fc:
         d2:1e:23:e9:3f:95:1e:57:0d:b5:ce:44:8d:45:01:a7:81:b4:
         24:20:2f:31:31:61:94:35:e7:88:d2:87:61:f0:4c:4f:2b:de:
         0c:4e:28:e1:0f:80:a7:e7:e1:38:54:60:78:a2:be:92:0d:4a:
         1c:dc:7e:58:c6:41:b2:ea:89:ed:b0:b3:64:a3:8f:da:25:11:
         6d:f5:53:4e:43:45:29:f5:f8:35:b6:b1:5c:50:39:98:88:9d:
         11:6f:54:96:00:2a:79:3e:e4:83:d8:f4:24:e2:1a:05:94:b2:
         31:ad:cb:78:d8:ac:f8:3b:43:c7:ba:18:d6:2e:b4:76:33:57:
         29:9a:5b:3d:51:af:84:19:a9:76:73:47:09:bb:16:54:67:7f:
         b8:1e:6c:2f:4a:93:2c:b3:c9:84:48:0a:6c:07:56:f8:33:87:
         6e:c5:44:8d:b5:b6:56:8c:09:6a:91:6c:59:48:cd:49:c5:1f:
         80:88:15:39:61:01:7c:f8:4a:ef:2b:02:45:de:9c:b4:93:c7:
         a5:f8:dd:8b:a2:ad:46:9b:e5:29:16:8d:7b:dd:54:92:bc:58:
         30:e1:f5:4a:34:d4:2c:4e:fc:43:c6:65:83:c4:e0:55:0d:79:
         2f:35:fc:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22FDLLuFN/AA0N5G2SAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2EzZTkxODJiYmE5NWExNDZmODdmZjc1MGE4NjcwMWFkM2U3OTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVS9WUWjy+fne+Kv0dSKqJPozfyl
qGc5ZC1v52EdzHsfOCwiKgR26jq5MJldnEK7FX9520Epudx3idc36+jV3mOp2c8t
T4INMdtrcybt0z73Y0FAculasnf/7OOXGy3ZeOyEMCLSE9H+fKAm5GbrbyLglaRe
7o+wA+DXfQu5nC+e55wLgprOFCcG1bT7NbutEniSK7qgKi4EjB7qacYmikqqgZmn
26JsQLiiv1oubS3vhB+cfQNAPW8nqS2Hhex0WQJoOB+ylCi77NTmd+UuQiw0e2VU
nMU1bOB3kqxTr4jE1h6SxZmPSb25NHLGKE0PrHrOxvI6IBSAZ2qkoEzT8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDej6RgrupWhRvh/91CoZwGtPnkXMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvTjZQcEdDdTZsYUZHLUhfM1VLaG5BYTAtZVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub+PMA0G
CSqGSIb3DQEBCwUAA4IBAQA3V+coSuvQpM26yqGAipG9PfzSHiPpP5UeVw21zkSN
RQGngbQkIC8xMWGUNeeI0odh8ExPK94MTijhD4Cn5+E4VGB4or6SDUoc3H5YxkGy
6ontsLNko4/aJRFt9VNOQ0Up9fg1trFcUDmYiJ0Rb1SWACp5PuSD2PQk4hoFlLIx
rct42Kz4O0PHuhjWLrR2M1cpmls9Ua+EGal2c0cJuxZUZ3+4HmwvSpMss8mESAps
B1b4M4duxUSNtbZWjAlqkWxZSM1JxR+AiBU5YQF8+ErvKwJF3py0k8el+N2Loq1G
m+UpFo173VSSvFgw4fVKNNQsTvxDxmWDxOBVDXkvNfz6
-----END CERTIFICATE-----