Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/e177f7-6348-4744-ad9c-76189bd4a040/1/6up0o_DtvgqEyRxW8OoCecyMgZs.roa
File:                     6up0o_DtvgqEyRxW8OoCecyMgZs.roa (raw, json)
Hash identifier:          HkIiP5PdfwePCBPMzJWy7XVe1zmaSuodk+WZWOuAD7k=
Subject key identifier:   EA:EA:74:A3:F0:ED:BE:0A:84:C9:1C:56:F0:EA:02:79:CC:8C:81:9B
Certificate issuer:       /CN=e86360db81f505c5e9a9b5ad10a81c64f4a85bd2
Certificate serial:       018CC6B781C1BA048F7327B35F8E70A18B9E
Authority key identifier: E8:63:60:DB:81:F5:05:C5:E9:A9:B5:AD:10:A8:1C:64:F4:A8:5B:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6GNg24H1BcXpqbWtEKgcZPSoW9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/e177f7-6348-4744-ad9c-76189bd4a040/1/6up0o_DtvgqEyRxW8OoCecyMgZs.roa
Signing time:             Mon 01 Jan 2024 20:29:24 +0000
ROA not before:           Mon 01 Jan 2024 20:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202382
IP address blocks:        194.62.200.0/22 maxlen: 24
                          185.152.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/e177f7-6348-4744-ad9c-76189bd4a040/1/6GNg24H1BcXpqbWtEKgcZPSoW9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/e177f7-6348-4744-ad9c-76189bd4a040/1/6GNg24H1BcXpqbWtEKgcZPSoW9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6GNg24H1BcXpqbWtEKgcZPSoW9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:81:c1:ba:04:8f:73:27:b3:5f:8e:70:a1:8b:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e86360db81f505c5e9a9b5ad10a81c64f4a85bd2
        Validity
            Not Before: Jan  1 20:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eaea74a3f0edbe0a84c91c56f0ea0279cc8c819b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:00:63:66:d8:ec:16:3f:b9:09:21:33:55:5f:
                    a4:16:bd:25:e8:90:0b:4f:1f:6d:2c:34:40:5b:1f:
                    83:b1:10:3a:44:e8:36:01:53:be:c7:4e:8d:bc:4c:
                    c3:80:a4:22:f1:ed:ea:c3:f2:98:41:db:a8:9f:22:
                    e6:9a:29:64:6f:21:f6:c7:32:c8:dd:d1:51:db:dd:
                    37:be:57:90:9c:80:b8:3a:42:b5:dd:cc:f0:e5:7a:
                    df:fb:de:4a:cf:dd:9b:13:55:bf:15:28:6a:c4:64:
                    ab:8f:30:8c:96:56:87:ac:73:80:06:47:65:78:a8:
                    40:8a:fb:02:8a:a8:fe:94:eb:ab:00:f5:67:d0:6c:
                    c2:32:0a:3b:70:69:40:c6:c5:7d:0c:54:8d:8e:04:
                    c5:1c:89:c2:ec:9c:a9:32:d3:44:09:cd:31:e1:e7:
                    4c:39:3e:82:31:fd:14:15:5a:3c:47:59:30:b8:fe:
                    54:53:0e:35:01:22:63:db:36:0b:a2:3c:55:5c:62:
                    ee:ad:08:e7:9a:fd:0a:85:ae:42:0f:36:85:dd:2d:
                    83:a6:85:e6:44:87:b9:93:e5:d8:7b:ca:b3:e9:53:
                    74:94:b6:d8:57:ed:d3:d6:96:15:61:16:5d:db:ed:
                    1f:01:84:1b:50:c0:f1:29:fc:2b:22:ea:83:fe:c2:
                    15:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:EA:74:A3:F0:ED:BE:0A:84:C9:1C:56:F0:EA:02:79:CC:8C:81:9B
            X509v3 Authority Key Identifier:
                keyid:E8:63:60:DB:81:F5:05:C5:E9:A9:B5:AD:10:A8:1C:64:F4:A8:5B:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6GNg24H1BcXpqbWtEKgcZPSoW9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/e177f7-6348-4744-ad9c-76189bd4a040/1/6up0o_DtvgqEyRxW8OoCecyMgZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/e177f7-6348-4744-ad9c-76189bd4a040/1/6GNg24H1BcXpqbWtEKgcZPSoW9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.252.0/22
                  194.62.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:8e:47:d2:19:40:09:78:4d:53:1e:63:bb:26:67:b4:f5:6d:
         8b:54:26:3b:0f:e8:75:43:0d:d8:af:74:1c:cf:56:85:15:e1:
         4a:72:30:e4:8a:96:f0:45:00:7f:e4:5b:10:a1:3c:bb:04:bc:
         42:ee:5c:70:b3:ee:38:b3:2f:b8:d2:36:6c:a0:21:11:14:4b:
         4f:95:8d:bc:3f:db:fd:41:22:34:ba:c1:54:71:99:38:a8:51:
         0d:44:75:8b:86:39:30:66:03:b3:9e:1e:cb:51:0c:a6:3c:65:
         18:c8:1d:ad:68:df:48:0f:9d:3e:12:c2:61:ae:eb:ff:8a:ad:
         aa:07:3c:4e:87:d3:a0:a7:46:c2:79:bc:5b:aa:cb:17:88:ee:
         37:6e:22:f8:53:83:8c:6f:a0:91:2e:fd:ef:56:68:7c:5a:3a:
         ad:57:a7:3b:ff:bc:6c:ff:a1:30:e5:71:51:a9:85:ee:6a:e5:
         90:12:bf:a1:af:26:aa:b8:ef:09:94:d8:9e:b1:b8:d4:58:8a:
         a1:7f:8a:32:a8:1a:21:04:34:1f:bf:55:03:f8:bb:77:0d:1c:
         ff:f0:a8:cf:5c:c1:a2:45:1d:1e:98:24:20:52:ee:7f:64:03:
         47:a2:83:ff:6b:73:2b:7a:79:5a:81:4e:86:18:fe:c9:5d:0f:
         71:1f:02:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt4HBugSPcyezX45woYueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NjM2MGRiODFmNTA1YzVlOWE5YjVhZDEwYTgxYzY0ZjRh
ODViZDIwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWVhNzRhM2YwZWRiZTBhODRjOTFjNTZmMGVhMDI3OWNjOGM4MTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gBjZtjsFj+5CSEzVV+kFr0l6JAL
Tx9tLDRAWx+DsRA6ROg2AVO+x06NvEzDgKQi8e3qw/KYQduonyLmmilkbyH2xzLI
3dFR2903vleQnIC4OkK13czw5Xrf+95Kz92bE1W/FShqxGSrjzCMllaHrHOABkdl
eKhAivsCiqj+lOurAPVn0GzCMgo7cGlAxsV9DFSNjgTFHInC7JypMtNECc0x4edM
OT6CMf0UFVo8R1kwuP5UUw41ASJj2zYLojxVXGLurQjnmv0Kha5CDzaF3S2DpoXm
RIe5k+XYe8qz6VN0lLbYV+3T1pYVYRZd2+0fAYQbUMDxKfwrIuqD/sIVYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOrqdKPw7b4KhMkcVvDqAnnMjIGbMB8GA1UdIwQY
MBaAFOhjYNuB9QXF6am1rRCoHGT0qFvSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkdOZzI0SDFCY1hwcWJXdEVLZ2NaUFNvVzlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9lMTc3ZjctNjM0OC00NzQ0LWFkOWMt
NzYxODliZDRhMDQwLzEvNnVwMG9fRHR2Z3FFeVJ4VzhPb0NlY3lNZ1pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9lMTc3ZjctNjM0OC00NzQ0LWFkOWMtNzYxODliZDRhMDQw
LzEvNkdOZzI0SDFCY1hwcWJXdEVLZ2NaUFNvVzlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZj8AwQC
wj7IMA0GCSqGSIb3DQEBCwUAA4IBAQCjjkfSGUAJeE1THmO7Jme09W2LVCY7D+h1
Qw3Yr3Qcz1aFFeFKcjDkipbwRQB/5FsQoTy7BLxC7lxws+44sy+40jZsoCERFEtP
lY28P9v9QSI0usFUcZk4qFENRHWLhjkwZgOznh7LUQymPGUYyB2taN9ID50+EsJh
ruv/iq2qBzxOh9Ogp0bCebxbqssXiO43biL4U4OMb6CRLv3vVmh8WjqtV6c7/7xs
/6Ew5XFRqYXuauWQEr+hryaquO8JlNiesbjUWIqhf4oyqBohBDQfv1UD+Lt3DRz/
8KjPXMGiRR0emCQgUu5/ZANHooP/a3MrenlagU6GGP7JXQ9xHwLR
-----END CERTIFICATE-----