Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/mShmo_W6HwOVfRB9AY5LNAbBfho.roa
File:                     mShmo_W6HwOVfRB9AY5LNAbBfho.roa (raw, json)
Hash identifier:          6BJcHM6l3PuBUi+3plKY0AbWfl02EmVTYEtLpT66zmM=
Subject key identifier:   99:28:66:A3:F5:BA:1F:03:95:7D:10:7D:01:8E:4B:34:06:C1:7E:1A
Certificate issuer:       /CN=6a8b5a374f146d7b6a6dc7d316e8ebb12deea670
Certificate serial:       0195905DA020AF5A7E2CAD723304B8ECE5D6
Authority key identifier: 6A:8B:5A:37:4F:14:6D:7B:6A:6D:C7:D3:16:E8:EB:B1:2D:EE:A6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aotaN08UbXtqbcfTFujrsS3upnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/mShmo_W6HwOVfRB9AY5LNAbBfho.roa
Signing time:             Thu 13 Mar 2025 16:36:49 +0000
ROA not before:           Thu 13 Mar 2025 16:36:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211440
IP address blocks:        185.80.90.0/24 maxlen: 24
                          185.102.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/aotaN08UbXtqbcfTFujrsS3upnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/aotaN08UbXtqbcfTFujrsS3upnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aotaN08UbXtqbcfTFujrsS3upnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:90:5d:a0:20:af:5a:7e:2c:ad:72:33:04:b8:ec:e5:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a8b5a374f146d7b6a6dc7d316e8ebb12deea670
        Validity
            Not Before: Mar 13 16:36:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=992866a3f5ba1f03957d107d018e4b3406c17e1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:52:56:b2:66:2d:bc:34:d2:97:00:c6:ee:36:
                    fd:f7:0d:bb:14:8c:3b:7d:82:a7:d4:de:40:8c:31:
                    f6:e9:71:22:58:7b:fb:1c:b8:6b:82:0e:48:da:f1:
                    9e:b7:44:05:a0:7d:ac:5b:58:ea:04:a5:a2:be:50:
                    e1:6e:8e:76:e2:84:4a:fd:b6:2a:b1:0c:25:3e:ff:
                    1d:b5:a1:b9:14:c1:f1:a9:b1:43:d2:58:93:83:35:
                    b6:68:b4:cc:a8:7e:8c:a2:a0:36:04:76:4b:4d:69:
                    9d:e5:32:28:40:05:a6:fa:c4:72:e6:aa:8d:72:f2:
                    ae:ac:86:0e:ae:3f:67:4c:c4:93:e8:38:85:7d:70:
                    84:3c:b5:99:43:7d:78:23:ff:a2:9d:8f:26:15:75:
                    8e:1c:0f:59:65:d7:a4:6d:04:a0:bb:a4:19:17:3f:
                    0f:5d:a6:ba:21:61:e0:61:c7:97:22:62:0a:4b:d4:
                    be:56:d2:ba:75:93:d5:c5:57:54:0e:b2:d8:31:1f:
                    72:f3:a7:d3:e5:1a:f6:7f:9a:b8:ef:6a:ed:11:c0:
                    89:04:0b:3d:d9:46:aa:fc:ae:01:4e:e5:36:64:86:
                    bc:d2:10:bc:2b:15:83:87:f2:0e:86:d8:1e:23:95:
                    29:5a:42:bb:6c:ea:9f:57:ce:61:1c:26:4e:00:b5:
                    19:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:28:66:A3:F5:BA:1F:03:95:7D:10:7D:01:8E:4B:34:06:C1:7E:1A
            X509v3 Authority Key Identifier:
                keyid:6A:8B:5A:37:4F:14:6D:7B:6A:6D:C7:D3:16:E8:EB:B1:2D:EE:A6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aotaN08UbXtqbcfTFujrsS3upnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/mShmo_W6HwOVfRB9AY5LNAbBfho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/aotaN08UbXtqbcfTFujrsS3upnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.90.0/24
                  185.102.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:d8:14:a8:fd:ba:ba:35:ec:37:90:8c:11:ab:88:bf:07:ed:
         ea:15:2e:5c:68:91:b3:45:90:fd:29:c2:db:65:21:6b:d3:44:
         4c:8b:4f:00:55:9e:c2:a5:86:cd:2a:1d:b7:3a:72:6b:58:46:
         b0:a6:68:d0:b6:51:c0:1c:b1:b6:1e:63:c1:81:93:87:0b:ff:
         28:6f:12:26:41:e6:19:bb:4a:45:76:a4:1e:ed:06:60:bd:ed:
         1b:8f:8c:58:49:e6:5d:a6:cf:7b:52:53:61:f8:32:cb:f8:6d:
         a7:c2:5e:9b:d8:b4:a4:25:f8:f7:65:d0:75:68:5b:47:9e:aa:
         e1:0a:26:aa:37:84:93:5c:4c:31:60:6c:bb:b5:0b:65:be:5d:
         00:2b:58:a8:f8:0f:1e:10:64:d7:39:30:85:ca:29:aa:84:9c:
         51:af:8a:31:22:f1:55:9d:e7:86:61:0a:ee:0c:24:c5:86:76:
         57:3b:1a:c0:72:b7:27:59:cc:91:5c:fe:d6:c4:13:b0:f8:25:
         8d:a6:22:7b:06:97:84:2d:91:01:d7:2d:c8:52:0d:a9:96:85:
         4f:05:78:82:7d:12:79:d8:dd:12:66:7d:23:93:81:71:76:4f:
         a2:8a:fe:e6:eb:82:40:f9:ca:0b:df:29:76:ff:3a:4c:87:46:
         4f:95:19:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWQXaAgr1p+LK1yMwS47OXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOGI1YTM3NGYxNDZkN2I2YTZkYzdkMzE2ZThlYmIxMmRl
ZWE2NzAwHhcNMjUwMzEzMTYzNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTI4NjZhM2Y1YmExZjAzOTU3ZDEwN2QwMThlNGIzNDA2YzE3ZTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1JWsmYtvDTSlwDG7jb99w27FIw7
fYKn1N5AjDH26XEiWHv7HLhrgg5I2vGet0QFoH2sW1jqBKWivlDhbo524oRK/bYq
sQwlPv8dtaG5FMHxqbFD0liTgzW2aLTMqH6MoqA2BHZLTWmd5TIoQAWm+sRy5qqN
cvKurIYOrj9nTMST6DiFfXCEPLWZQ314I/+inY8mFXWOHA9ZZdekbQSgu6QZFz8P
Xaa6IWHgYceXImIKS9S+VtK6dZPVxVdUDrLYMR9y86fT5Rr2f5q472rtEcCJBAs9
2Uaq/K4BTuU2ZIa80hC8KxWDh/IOhtgeI5UpWkK7bOqfV85hHCZOALUZUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJkoZqP1uh8DlX0QfQGOSzQGwX4aMB8GA1UdIwQY
MBaAFGqLWjdPFG17am3H0xbo67Et7qZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW90YU4wOFViWHRxYmNmVEZ1anJzUzN1cG5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mNmM4NjItYWY4Yi00M2YzLTk4YWQt
NDQyNDFmZWMxYTlmLzEvbVNobW9fVzZId09WZlJCOUFZNUxOQWJCZmhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mNmM4NjItYWY4Yi00M2YzLTk4YWQtNDQyNDFmZWMxYTlm
LzEvYW90YU4wOFViWHRxYmNmVEZ1anJzUzN1cG5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVBaAwQA
uWZWMA0GCSqGSIb3DQEBCwUAA4IBAQBu2BSo/bq6New3kIwRq4i/B+3qFS5caJGz
RZD9KcLbZSFr00RMi08AVZ7CpYbNKh23OnJrWEawpmjQtlHAHLG2HmPBgZOHC/8o
bxImQeYZu0pFdqQe7QZgve0bj4xYSeZdps97UlNh+DLL+G2nwl6b2LSkJfj3ZdB1
aFtHnqrhCiaqN4STXEwxYGy7tQtlvl0AK1io+A8eEGTXOTCFyimqhJxRr4oxIvFV
neeGYQruDCTFhnZXOxrAcrcnWcyRXP7WxBOw+CWNpiJ7BpeELZEB1y3IUg2ploVP
BXiCfRJ52N0SZn0jk4Fxdk+iiv7m64JA+coL3yl2/zpMh0ZPlRlx
-----END CERTIFICATE-----