Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/e6Obq5AhcKTv4U9MTvDByaJ3ca4.roa
File:                     e6Obq5AhcKTv4U9MTvDByaJ3ca4.roa (raw, json)
Hash identifier:          uD/pz+kM1mjQO/nbNGZrbX8NVQGAamlQ5kIb2UdjcSI=
Subject key identifier:   7B:A3:9B:AB:90:21:70:A4:EF:E1:4F:4C:4E:F0:C1:C9:A2:77:71:AE
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0190A6CA9C4380274E82310518650132814B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/e6Obq5AhcKTv4U9MTvDByaJ3ca4.roa
Signing time:             Fri 12 Jul 2024 11:53:34 +0000
ROA not before:           Fri 12 Jul 2024 11:53:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151872
IP address blocks:        185.214.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a6:ca:9c:43:80:27:4e:82:31:05:18:65:01:32:81:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul 12 11:53:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ba39bab902170a4efe14f4c4ef0c1c9a27771ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:72:c3:d2:01:31:04:35:b4:7f:6c:4d:5b:8b:
                    01:d5:d1:50:96:1b:15:c9:36:f1:a9:f7:98:8b:59:
                    f2:62:05:59:89:c1:c9:b8:19:44:f0:1d:3f:cc:1d:
                    81:35:40:fd:52:9a:30:22:ae:99:b8:58:ba:08:7e:
                    d7:64:cb:b8:75:4e:bc:83:6a:5b:ce:2f:6d:f1:8c:
                    2b:79:3b:17:56:d4:56:84:4d:ca:1d:84:da:60:c7:
                    ad:d1:93:6b:29:ca:f4:1d:7e:9b:23:74:40:f2:46:
                    7b:5b:4f:e7:7d:cd:ff:28:be:09:e2:04:2e:61:a7:
                    7a:be:3c:52:42:10:ba:f5:4d:eb:3c:84:60:19:02:
                    f3:fe:32:f0:82:19:7d:80:2c:64:05:89:25:41:7f:
                    03:35:f7:1e:6d:e4:1b:67:f3:27:a6:7b:81:4f:01:
                    73:15:1e:6a:59:48:7a:44:9f:a7:f3:ed:41:22:d1:
                    00:4d:b7:97:f1:2b:76:20:47:21:40:14:b2:01:ce:
                    5f:53:0b:83:b5:3e:88:86:0c:e4:a0:00:ce:88:a4:
                    2d:ad:12:01:0f:14:dc:23:99:8b:fe:09:07:6d:e2:
                    d0:3b:bb:77:09:64:eb:75:7b:fc:21:19:86:92:5f:
                    e1:6e:42:31:e1:0a:6d:18:a7:af:ce:ce:57:14:9c:
                    93:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A3:9B:AB:90:21:70:A4:EF:E1:4F:4C:4E:F0:C1:C9:A2:77:71:AE
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/e6Obq5AhcKTv4U9MTvDByaJ3ca4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:46:9f:a4:c4:9e:d9:a6:e3:38:21:1c:8d:fc:b2:8d:21:50:
         f3:70:d6:e6:e2:09:11:43:ba:21:dd:21:58:b7:45:0c:5a:be:
         70:84:f3:45:d6:5f:8b:6b:b8:f2:77:61:90:f3:e6:15:f0:32:
         70:3a:8d:50:6c:8a:2a:3c:38:77:5f:2b:f9:63:46:c2:7d:a2:
         05:81:5c:0f:7f:61:96:0e:98:71:ae:9e:9d:2d:34:d2:d1:d4:
         b1:43:cc:4e:bd:8b:eb:39:57:ec:a2:64:9c:43:23:08:09:a8:
         1d:47:ff:18:f9:e8:eb:16:09:f2:e6:b1:0f:75:c5:a0:d8:29:
         e6:0e:36:86:76:92:f3:8e:62:fe:7f:b0:36:80:f8:8a:b3:54:
         22:6b:f6:47:23:51:d5:71:a6:7a:75:5b:cf:fe:1b:2e:cb:1d:
         d2:9f:5a:e6:d9:e3:e6:ad:40:d7:e9:40:1b:a4:59:57:3a:71:
         41:a7:e9:96:ee:0b:74:f5:e0:eb:ba:ce:67:ab:8c:57:88:e1:
         05:4f:af:29:6b:1e:5e:87:49:c4:53:82:39:bd:f1:25:f0:82:
         d7:01:b3:7b:23:7b:83:96:f2:dc:12:4d:ba:79:03:66:5c:ee:
         7e:18:f4:07:dd:c3:f1:0b:16:ef:78:e0:61:02:5f:0e:73:0e:
         66:66:85:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCmypxDgCdOgjEFGGUBMoFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNzEyMTE1MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmEzOWJhYjkwMjE3MGE0ZWZlMTRmNGM0ZWYwYzFjOWEyNzc3MWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HLD0gExBDW0f2xNW4sB1dFQlhsV
yTbxqfeYi1nyYgVZicHJuBlE8B0/zB2BNUD9UpowIq6ZuFi6CH7XZMu4dU68g2pb
zi9t8YwreTsXVtRWhE3KHYTaYMet0ZNrKcr0HX6bI3RA8kZ7W0/nfc3/KL4J4gQu
Yad6vjxSQhC69U3rPIRgGQLz/jLwghl9gCxkBYklQX8DNfcebeQbZ/MnpnuBTwFz
FR5qWUh6RJ+n8+1BItEATbeX8St2IEchQBSyAc5fUwuDtT6IhgzkoADOiKQtrRIB
DxTcI5mL/gkHbeLQO7t3CWTrdXv8IRmGkl/hbkIx4QptGKevzs5XFJyT5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHujm6uQIXCk7+FPTE7wwcmid3GuMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZTZPYnE1QWhjS1R2NFU5TVR2REJ5YUozY2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudZsMA0G
CSqGSIb3DQEBCwUAA4IBAQAjRp+kxJ7ZpuM4IRyN/LKNIVDzcNbm4gkRQ7oh3SFY
t0UMWr5whPNF1l+La7jyd2GQ8+YV8DJwOo1QbIoqPDh3Xyv5Y0bCfaIFgVwPf2GW
Dphxrp6dLTTS0dSxQ8xOvYvrOVfsomScQyMICagdR/8Y+ejrFgny5rEPdcWg2Cnm
DjaGdpLzjmL+f7A2gPiKs1Qia/ZHI1HVcaZ6dVvP/hsuyx3Sn1rm2ePmrUDX6UAb
pFlXOnFBp+mW7gt09eDrus5nq4xXiOEFT68pax5eh0nEU4I5vfEl8ILXAbN7I3uD
lvLcEk26eQNmXO5+GPQH3cPxCxbveOBhAl8Ocw5mZoWW
-----END CERTIFICATE-----