Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/6U-9G8JfoY-ynETnaduiGmIXmCc.roa
File:                     6U-9G8JfoY-ynETnaduiGmIXmCc.roa (raw, json)
Hash identifier:          cPH7sXAxCFL5dDBOwoSZQrjrUpI2ArsIc2UErcil5Vs=
Subject key identifier:   E9:4F:BD:1B:C2:5F:A1:8F:B2:9C:44:E7:69:DB:A2:1A:62:17:98:27
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAD6F9CE8D8907753CD662A1428EA7
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/6U-9G8JfoY-ynETnaduiGmIXmCc.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212941
IP address blocks:        178.239.240.0/20 maxlen: 24
                          185.67.96.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d6:f9:ce:8d:89:07:75:3c:d6:62:a1:42:8e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e94fbd1bc25fa18fb29c44e769dba21a62179827
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:14:0f:0d:15:bf:e4:7a:5a:c4:38:b9:1f:da:
                    8b:bb:56:bb:55:1f:dc:95:c7:f0:5c:9f:b0:a0:a1:
                    6c:48:b2:2b:60:f4:34:68:a3:23:e3:cc:6c:cc:db:
                    30:d7:e1:27:52:6c:3d:8d:dc:d6:8c:6f:b3:29:02:
                    2d:44:9f:cf:21:a8:51:b8:9c:b1:87:29:80:37:8e:
                    5d:9d:62:11:5a:69:32:66:ba:50:4c:2d:49:af:5b:
                    23:a8:0c:52:33:fc:c5:72:ae:cf:5b:ab:d7:4c:02:
                    53:9a:cd:68:99:49:44:68:85:4f:94:8d:b0:25:f4:
                    6a:fc:77:78:e7:32:cf:79:81:1f:e1:30:57:20:d3:
                    48:f7:1c:23:29:aa:bc:c5:8c:5e:6c:78:a8:67:ea:
                    36:d3:51:4f:61:e8:d8:7b:d2:f0:fd:ab:95:7a:8f:
                    e7:d8:75:f7:a4:87:50:68:00:a6:bb:56:1b:55:c7:
                    52:6b:db:4e:74:ea:7e:22:be:83:b7:5c:02:30:d4:
                    ed:f2:db:91:39:83:80:c7:80:de:99:2c:91:c7:fc:
                    4d:20:4c:f4:7f:a5:49:13:be:6a:1e:d7:4b:8a:b7:
                    d3:97:31:bb:b4:8a:6a:c3:11:bc:58:3f:0c:ee:5c:
                    00:9d:86:93:6a:b3:7a:02:11:db:82:be:ec:81:8e:
                    6f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:4F:BD:1B:C2:5F:A1:8F:B2:9C:44:E7:69:DB:A2:1A:62:17:98:27
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/6U-9G8JfoY-ynETnaduiGmIXmCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.240.0/20
                  185.67.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:69:fd:69:1e:21:6c:4e:4f:9e:8d:90:4f:f2:56:46:40:20:
         bd:fd:bb:71:b3:a8:43:f6:d0:c1:7c:94:89:e3:a1:c7:42:97:
         cf:e4:d5:c6:43:1d:05:c5:d1:35:ef:45:e6:5d:cf:9d:73:8a:
         21:2e:1b:05:be:f7:b1:76:7a:b6:0b:03:b3:0e:ee:2c:fb:34:
         23:2c:23:33:94:7e:46:96:83:f3:93:5a:c5:bf:c2:12:58:48:
         80:9e:d2:0e:06:ba:c1:3e:01:af:5a:7a:fa:a0:1a:06:3e:b6:
         8e:e5:44:2c:5d:e0:5b:a6:ae:0b:f0:59:f6:2d:16:f4:5e:b5:
         3b:2c:1e:53:28:1d:7b:ac:e8:cd:b3:21:b3:e8:a0:88:ea:85:
         35:11:18:48:1b:59:cb:9e:49:db:96:9e:36:42:92:a8:4d:97:
         01:e7:f3:8b:87:18:28:fe:8e:d0:aa:a8:3a:c8:82:14:c0:20:
         da:cd:20:4b:d9:5d:7a:d7:7d:f9:b1:f1:40:bb:ca:0d:6e:0c:
         de:1d:33:53:a2:0b:71:15:4e:46:0d:42:39:5e:66:ea:d1:58:
         ed:97:55:15:63:a1:2b:78:01:b5:a6:f2:d7:a5:a7:b6:26:4f:
         4f:2f:0b:28:96:8a:42:62:99:6c:d4:ca:f1:e7:ce:56:68:a6:
         06:d6:2b:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2tb5zo2JB3U81mKhQo6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTRmYmQxYmMyNWZhMThmYjI5YzQ0ZTc2OWRiYTIxYTYyMTc5ODI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhQPDRW/5HpaxDi5H9qLu1a7VR/c
lcfwXJ+woKFsSLIrYPQ0aKMj48xszNsw1+EnUmw9jdzWjG+zKQItRJ/PIahRuJyx
hymAN45dnWIRWmkyZrpQTC1Jr1sjqAxSM/zFcq7PW6vXTAJTms1omUlEaIVPlI2w
JfRq/Hd45zLPeYEf4TBXINNI9xwjKaq8xYxebHioZ+o201FPYejYe9Lw/auVeo/n
2HX3pIdQaACmu1YbVcdSa9tOdOp+Ir6Dt1wCMNTt8tuROYOAx4DemSyRx/xNIEz0
f6VJE75qHtdLirfTlzG7tIpqwxG8WD8M7lwAnYaTarN6AhHbgr7sgY5vPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOlPvRvCX6GPspxE52nbohpiF5gnMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvNlUtOUc4SmZvWS15bkVUbmFkdWlHbUlYbUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEsu/wAwQC
uUNgMA0GCSqGSIb3DQEBCwUAA4IBAQBXaf1pHiFsTk+ejZBP8lZGQCC9/btxs6hD
9tDBfJSJ46HHQpfP5NXGQx0FxdE170XmXc+dc4ohLhsFvvexdnq2CwOzDu4s+zQj
LCMzlH5GloPzk1rFv8ISWEiAntIOBrrBPgGvWnr6oBoGPraO5UQsXeBbpq4L8Fn2
LRb0XrU7LB5TKB17rOjNsyGz6KCI6oU1ERhIG1nLnknblp42QpKoTZcB5/OLhxgo
/o7Qqqg6yIIUwCDazSBL2V161335sfFAu8oNbgzeHTNTogtxFU5GDUI5Xmbq0Vjt
l1UVY6EreAG1pvLXpae2Jk9PLwsolopCYpls1Mrx585WaKYG1isR
-----END CERTIFICATE-----