Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/a6Fmf5eNTqWzZznrSBJuXZPiCfA.roa
File:                     a6Fmf5eNTqWzZznrSBJuXZPiCfA.roa (raw, json)
Hash identifier:          qGx/xqEE5Heighm7EqZ+aaX2wpEdMq0LP4C3DapYdTk=
Subject key identifier:   6B:A1:66:7F:97:8D:4E:A5:B3:67:39:EB:48:12:6E:5D:93:E2:09:F0
Certificate issuer:       /CN=028fdf719d47a10033451a83384a6db68dbd5b0f
Certificate serial:       018CC94C7D0E58B518285F3C3791FCC2EA21
Authority key identifier: 02:8F:DF:71:9D:47:A1:00:33:45:1A:83:38:4A:6D:B6:8D:BD:5B:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ao_fcZ1HoQAzRRqDOEptto29Ww8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/a6Fmf5eNTqWzZznrSBJuXZPiCfA.roa
Signing time:             Tue 02 Jan 2024 08:31:22 +0000
ROA not before:           Tue 02 Jan 2024 08:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6735
IP address blocks:        194.113.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/Ao_fcZ1HoQAzRRqDOEptto29Ww8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/Ao_fcZ1HoQAzRRqDOEptto29Ww8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ao_fcZ1HoQAzRRqDOEptto29Ww8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:7d:0e:58:b5:18:28:5f:3c:37:91:fc:c2:ea:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=028fdf719d47a10033451a83384a6db68dbd5b0f
        Validity
            Not Before: Jan  2 08:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ba1667f978d4ea5b36739eb48126e5d93e209f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e0:25:6e:c0:9f:bd:f6:d2:82:f3:8d:0e:cf:
                    83:5a:58:d2:26:de:e7:54:a8:2f:ce:9d:bf:19:28:
                    1e:ed:26:78:11:48:21:2d:f3:eb:3c:5f:93:0d:55:
                    91:e9:d3:29:61:f0:88:bb:23:66:00:97:ad:0d:82:
                    b0:bc:23:8f:02:3f:84:9d:40:ae:19:4f:31:95:7e:
                    ae:ef:ae:fc:cb:2a:66:a8:c7:87:4d:85:75:e4:b9:
                    6b:a1:de:e7:dc:10:cf:75:d5:f3:69:c5:09:38:fb:
                    41:14:3d:e2:4b:25:6d:1e:73:52:ed:9e:c9:84:de:
                    3f:c8:ad:83:41:e9:89:5a:73:16:ec:01:58:0c:d7:
                    f5:3d:c0:71:71:ed:f3:63:26:3d:93:fb:8a:2b:bd:
                    b9:40:2b:84:7f:61:7a:35:98:28:71:8f:a6:db:b4:
                    53:b3:db:3a:ac:33:97:38:8a:08:e6:12:d4:7f:57:
                    15:ae:9e:9d:be:a5:f2:19:ae:02:bb:bc:c7:b2:9e:
                    26:fb:28:29:af:0c:25:7a:7e:04:1d:19:76:9a:1a:
                    44:89:4d:d8:dc:54:59:2c:a7:07:11:02:d6:35:e7:
                    47:51:d1:54:f5:86:4f:f1:91:2e:52:75:38:03:e1:
                    09:e3:60:42:98:24:8b:12:24:30:d5:6d:f0:67:f0:
                    94:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:A1:66:7F:97:8D:4E:A5:B3:67:39:EB:48:12:6E:5D:93:E2:09:F0
            X509v3 Authority Key Identifier:
                keyid:02:8F:DF:71:9D:47:A1:00:33:45:1A:83:38:4A:6D:B6:8D:BD:5B:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ao_fcZ1HoQAzRRqDOEptto29Ww8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/a6Fmf5eNTqWzZznrSBJuXZPiCfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/Ao_fcZ1HoQAzRRqDOEptto29Ww8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:cb:4b:9b:63:e4:07:33:3d:a1:b5:f4:7b:30:43:16:ac:f9:
         4e:0c:f8:66:f0:38:55:3f:74:5b:99:20:0d:a1:0c:4d:14:9a:
         ac:4a:99:55:51:97:9c:7c:f3:c4:ce:3e:54:8b:22:73:e1:11:
         45:c5:4c:34:40:d4:2e:19:5f:a0:c0:0b:57:d6:07:fc:75:b3:
         c1:6a:02:e8:48:c1:50:fc:7e:49:47:eb:c3:ca:60:4e:4f:2b:
         e4:d6:9a:39:8c:d1:af:e4:48:10:19:1e:c2:a0:4d:bd:c9:64:
         f0:59:5e:07:c0:7e:28:3a:f9:a6:ea:67:73:35:7e:18:f1:28:
         fd:ef:22:44:97:13:a6:69:62:85:cb:c1:3b:12:7a:6e:03:37:
         ea:a8:ce:aa:77:bd:b9:68:79:d0:c5:cb:b5:c6:cf:02:4d:80:
         63:c7:5e:59:66:29:36:5e:78:fa:2f:6d:90:22:29:13:47:be:
         7a:75:ed:00:07:22:1d:7b:69:03:23:b8:58:5f:cc:cf:ec:fa:
         36:16:eb:3c:a3:d0:78:26:18:f6:77:14:eb:1e:d7:63:b0:b9:
         00:95:92:79:91:1d:d0:cc:76:fc:fd:84:7c:1a:6b:44:12:02:
         0d:9a:b3:f2:0c:dc:ab:5b:ba:7b:87:be:c0:31:3c:7f:09:a3:
         ab:6c:19:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTH0OWLUYKF88N5H8wuohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyOGZkZjcxOWQ0N2ExMDAzMzQ1MWE4MzM4NGE2ZGI2OGRi
ZDViMGYwHhcNMjQwMTAyMDgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmExNjY3Zjk3OGQ0ZWE1YjM2NzM5ZWI0ODEyNmU1ZDkzZTIwOWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuAlbsCfvfbSgvONDs+DWljSJt7n
VKgvzp2/GSge7SZ4EUghLfPrPF+TDVWR6dMpYfCIuyNmAJetDYKwvCOPAj+EnUCu
GU8xlX6u7678yypmqMeHTYV15Llrod7n3BDPddXzacUJOPtBFD3iSyVtHnNS7Z7J
hN4/yK2DQemJWnMW7AFYDNf1PcBxce3zYyY9k/uKK725QCuEf2F6NZgocY+m27RT
s9s6rDOXOIoI5hLUf1cVrp6dvqXyGa4Cu7zHsp4m+ygprwwlen4EHRl2mhpEiU3Y
3FRZLKcHEQLWNedHUdFU9YZP8ZEuUnU4A+EJ42BCmCSLEiQw1W3wZ/CUbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuhZn+XjU6ls2c560gSbl2T4gnwMB8GA1UdIwQY
MBaAFAKP33GdR6EAM0UagzhKbbaNvVsPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW9fZmNaMUhvUUF6UlJxRE9FcHR0bzI5V3c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9kNDlkNTItNTBiMS00OTQ4LWIxZjct
MDU1YTljYWQ4ZGY3LzEvYTZGbWY1ZU5UcVd6WnpuclNCSnVYWlBpQ2ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9kNDlkNTItNTBiMS00OTQ4LWIxZjctMDU1YTljYWQ4ZGY3
LzEvQW9fZmNaMUhvUUF6UlJxRE9FcHR0bzI5V3c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnF1MA0G
CSqGSIb3DQEBCwUAA4IBAQBAy0ubY+QHMz2htfR7MEMWrPlODPhm8DhVP3RbmSAN
oQxNFJqsSplVUZecfPPEzj5UiyJz4RFFxUw0QNQuGV+gwAtX1gf8dbPBagLoSMFQ
/H5JR+vDymBOTyvk1po5jNGv5EgQGR7CoE29yWTwWV4HwH4oOvmm6mdzNX4Y8Sj9
7yJElxOmaWKFy8E7EnpuAzfqqM6qd725aHnQxcu1xs8CTYBjx15ZZik2Xnj6L22Q
IikTR756de0AByIde2kDI7hYX8zP7Po2Fus8o9B4Jhj2dxTrHtdjsLkAlZJ5kR3Q
zHb8/YR8GmtEEgINmrPyDNyrW7p7h77AMTx/CaOrbBl2
-----END CERTIFICATE-----