Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/6mJxGcyT7z_KyN5zFuFx1Dqi-K4.roa
File:                     6mJxGcyT7z_KyN5zFuFx1Dqi-K4.roa (raw, json)
Hash identifier:          a4Kd2Wv8k2T0uKHd1Gxo2+3BjivIs2eXWrUyosrrpBY=
Subject key identifier:   EA:62:71:19:CC:93:EF:3F:CA:C8:DE:73:16:E1:71:D4:3A:A2:F8:AE
Certificate issuer:       /CN=9aeecb353f1cdc5fd3a9d54a8873531efd285c46
Certificate serial:       018CC50099C37BF53BE77B2B66442D07F855
Authority key identifier: 9A:EE:CB:35:3F:1C:DC:5F:D3:A9:D5:4A:88:73:53:1E:FD:28:5C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/6mJxGcyT7z_KyN5zFuFx1Dqi-K4.roa
Signing time:             Mon 01 Jan 2024 12:30:00 +0000
ROA not before:           Mon 01 Jan 2024 12:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        195.96.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:99:c3:7b:f5:3b:e7:7b:2b:66:44:2d:07:f8:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aeecb353f1cdc5fd3a9d54a8873531efd285c46
        Validity
            Not Before: Jan  1 12:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea627119cc93ef3fcac8de7316e171d43aa2f8ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e0:8e:6b:ee:ea:30:4c:a4:bd:c7:8c:a0:ea:
                    1b:fd:06:5b:42:bf:ee:48:f8:ec:99:ef:37:c2:af:
                    1d:5e:1e:ce:8c:71:fa:11:92:40:70:31:b9:af:87:
                    30:14:62:90:78:a5:75:ad:6b:b2:85:71:5a:65:ca:
                    e6:7e:80:20:b0:ba:c4:23:6a:13:25:db:83:6f:cf:
                    20:27:65:39:45:e5:20:46:75:67:af:a2:d8:83:26:
                    23:6a:b5:af:9b:86:fb:f6:1a:ef:15:00:0c:50:f5:
                    0a:d3:b3:1c:ad:8c:0f:a2:f2:66:cf:8c:9e:bb:e9:
                    45:3d:96:69:ff:07:7b:e5:f4:03:7d:73:0b:43:a5:
                    79:e2:cb:1d:3c:89:2f:a7:b0:25:8e:63:e2:a4:06:
                    9a:e2:90:e8:eb:c3:28:14:6c:d3:8d:89:0a:12:36:
                    14:d1:f7:f5:4f:1e:de:49:57:ce:94:63:72:66:c8:
                    d6:f8:da:f9:d0:ac:cf:5d:18:ff:50:11:ae:37:99:
                    c2:3c:61:eb:88:5c:97:f2:49:a6:69:d0:23:0f:40:
                    c9:55:95:0e:c8:21:ae:48:3c:d1:d7:fa:08:85:6a:
                    2c:1c:9b:20:40:0a:c0:d7:f5:24:77:54:87:30:68:
                    54:21:b2:a5:28:c8:7e:aa:91:d5:ee:a5:99:9b:d5:
                    31:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:62:71:19:CC:93:EF:3F:CA:C8:DE:73:16:E1:71:D4:3A:A2:F8:AE
            X509v3 Authority Key Identifier:
                keyid:9A:EE:CB:35:3F:1C:DC:5F:D3:A9:D5:4A:88:73:53:1E:FD:28:5C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/6mJxGcyT7z_KyN5zFuFx1Dqi-K4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:01:2d:da:d5:02:1a:2f:19:c0:4c:e2:9b:20:e0:66:af:87:
         78:2b:b0:55:1a:fe:fc:89:6f:5b:96:49:70:85:33:e6:db:fb:
         26:56:ac:ca:0c:f2:d7:55:a4:34:75:20:f3:2e:28:26:c8:6d:
         e4:01:d4:30:f2:44:cf:4a:f3:2f:8e:16:bc:29:0d:88:7f:e2:
         e1:20:63:a1:c5:d3:9e:bd:88:ea:d4:a9:32:93:7d:70:9b:7e:
         a9:03:41:22:e9:1f:eb:6b:68:b7:06:d2:e8:55:ec:0b:0e:90:
         c9:9e:19:ad:cf:f9:f7:40:3e:a4:3b:38:eb:29:99:db:f1:48:
         60:6b:52:2e:02:fa:a9:14:46:00:eb:89:c0:dd:b6:56:2c:75:
         0a:82:57:1a:6d:ea:2c:fc:3f:b3:56:13:8b:fc:7a:fd:ff:00:
         ca:21:4a:c1:92:7a:35:e5:ee:d8:e1:17:b1:a3:66:16:5b:53:
         4d:4a:86:4c:12:31:a0:fe:84:a6:0e:5d:35:d8:a9:30:54:6a:
         92:a7:bc:9b:94:99:b2:c2:13:16:f3:15:04:20:50:86:1a:49:
         78:42:2f:17:10:83:ee:81:ae:34:b3:fc:79:ad:c1:d7:61:00:
         36:e4:b4:f6:5b:9e:a3:69:33:28:06:eb:d5:69:c9:0c:75:1a:
         ac:1f:45:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJnDe/U753srZkQtB/hVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWVjYjM1M2YxY2RjNWZkM2E5ZDU0YTg4NzM1MzFlZmQy
ODVjNDYwHhcNMjQwMTAxMTIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTYyNzExOWNjOTNlZjNmY2FjOGRlNzMxNmUxNzFkNDNhYTJmOGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOCOa+7qMEykvceMoOob/QZbQr/u
SPjsme83wq8dXh7OjHH6EZJAcDG5r4cwFGKQeKV1rWuyhXFaZcrmfoAgsLrEI2oT
JduDb88gJ2U5ReUgRnVnr6LYgyYjarWvm4b79hrvFQAMUPUK07McrYwPovJmz4ye
u+lFPZZp/wd75fQDfXMLQ6V54ssdPIkvp7AljmPipAaa4pDo68MoFGzTjYkKEjYU
0ff1Tx7eSVfOlGNyZsjW+Nr50KzPXRj/UBGuN5nCPGHriFyX8kmmadAjD0DJVZUO
yCGuSDzR1/oIhWosHJsgQArA1/Ukd1SHMGhUIbKlKMh+qpHV7qWZm9UxLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpicRnMk+8/ysjecxbhcdQ6oviuMB8GA1UdIwQY
MBaAFJruyzU/HNxf06nVSohzUx79KFxGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU3TE5UOGMzRl9UcWRWS2lITlRIdjBvWEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8xNTg2M2ItNzg3Zi00MDg0LWI3ZjYt
NTk0NDk2MGUzMWNmLzEvNm1KeEdjeVQ3el9LeU41ekZ1RngxRHFpLUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8xNTg2M2ItNzg3Zi00MDg0LWI3ZjYtNTk0NDk2MGUzMWNm
LzEvbXU3TE5UOGMzRl9UcWRWS2lITlRIdjBvWEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CKMA0G
CSqGSIb3DQEBCwUAA4IBAQAEAS3a1QIaLxnATOKbIOBmr4d4K7BVGv78iW9blklw
hTPm2/smVqzKDPLXVaQ0dSDzLigmyG3kAdQw8kTPSvMvjha8KQ2If+LhIGOhxdOe
vYjq1Kkyk31wm36pA0Ei6R/ra2i3BtLoVewLDpDJnhmtz/n3QD6kOzjrKZnb8Uhg
a1IuAvqpFEYA64nA3bZWLHUKglcabeos/D+zVhOL/Hr9/wDKIUrBkno15e7Y4Rex
o2YWW1NNSoZMEjGg/oSmDl012KkwVGqSp7yblJmywhMW8xUEIFCGGkl4Qi8XEIPu
ga40s/x5rcHXYQA25LT2W56jaTMoBuvVackMdRqsH0V1
-----END CERTIFICATE-----