Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/k6RY3z9fkrj5WSMeV87_YoUO7gE.roa
File:                     k6RY3z9fkrj5WSMeV87_YoUO7gE.roa (raw, json)
Hash identifier:          kE7K0qpbOjtiVR9HdTFYWoYYG2KRKi0gR3AdqCKQ2o4=
Subject key identifier:   93:A4:58:DF:3F:5F:92:B8:F9:59:23:1E:57:CE:FF:62:85:0E:EE:01
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E51397B73C7B928774C5664F68E916068
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/k6RY3z9fkrj5WSMeV87_YoUO7gE.roa
Signing time:             Mon 18 Mar 2024 11:01:45 +0000
ROA not before:           Mon 18 Mar 2024 11:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43350
IP address blocks:        193.8.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:39:7b:73:c7:b9:28:77:4c:56:64:f6:8e:91:60:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 18 11:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93a458df3f5f92b8f959231e57ceff62850eee01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:37:91:a5:42:2a:e5:a9:42:43:a5:29:f5:db:
                    50:63:c1:6c:bc:29:68:0f:57:bf:cd:7d:62:fe:49:
                    e4:c4:9a:a1:b6:ae:ef:e6:2b:2c:b2:27:52:b0:ad:
                    84:62:45:33:c1:cc:63:47:6f:50:b7:a0:72:a9:71:
                    c8:b2:58:6b:25:b2:d8:46:c1:f6:d4:d6:9f:3c:ad:
                    71:fc:9e:c4:3f:0a:1f:fd:dc:28:9f:ec:3f:4c:fc:
                    2c:5c:05:8f:cd:d0:e6:d6:0a:b7:26:44:83:11:bf:
                    67:e6:5d:ba:49:c0:49:3f:9c:39:63:2c:80:f8:88:
                    5a:8e:31:aa:f3:9b:35:5e:b4:d6:82:8b:48:cb:08:
                    82:12:5c:13:65:23:05:10:6b:69:aa:eb:e7:01:dc:
                    9d:b8:fb:28:87:c9:49:1a:c9:a2:ad:78:a1:85:02:
                    85:71:e0:9a:23:83:c9:ad:26:70:84:f0:ec:8d:ff:
                    73:cc:a8:39:76:25:ca:5d:ff:00:6b:45:73:3d:35:
                    15:7e:85:6c:9d:51:12:c6:0b:46:c6:09:c7:b8:ef:
                    36:38:09:2b:72:79:5e:93:d2:a3:4e:1f:7a:1b:6e:
                    51:d6:3d:fd:c6:d1:70:36:7b:11:07:5c:11:ec:f1:
                    18:c8:d4:62:9e:1a:aa:66:d5:e1:a7:d8:0c:4c:d8:
                    e7:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A4:58:DF:3F:5F:92:B8:F9:59:23:1E:57:CE:FF:62:85:0E:EE:01
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/k6RY3z9fkrj5WSMeV87_YoUO7gE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:23:7c:48:f0:f2:04:c9:31:e1:29:8a:53:78:5d:74:cc:af:
         61:80:7f:8c:3e:02:b6:a6:e2:47:3b:54:62:ff:bc:c2:15:2f:
         1c:74:bb:c7:6e:be:13:d5:3d:12:1f:8d:90:e7:05:09:f2:d4:
         74:21:8b:1c:10:ad:10:0d:4c:18:58:3b:78:ab:d4:5a:75:4f:
         ac:f2:27:62:96:5a:ad:53:4b:df:64:7e:26:6a:49:64:6c:b5:
         69:b2:9b:9e:1e:69:a5:cd:9d:77:ec:3d:70:f1:7a:16:14:56:
         8a:17:ea:c8:c9:b7:be:b3:4e:83:0a:54:ea:19:11:1f:bb:ad:
         80:26:bd:cb:47:d3:4d:63:30:23:b2:0a:23:65:ae:d8:ef:34:
         89:45:bf:68:c7:96:b4:45:29:40:eb:52:1f:00:ff:c7:f4:fc:
         c1:e2:9a:a9:af:1b:0e:1e:f8:9f:e6:9a:0f:4d:85:c7:99:3f:
         60:0f:1d:54:b0:70:4e:98:00:d5:41:f6:09:a0:35:26:d8:f8:
         5f:97:91:08:ad:64:bb:60:d2:93:22:ea:e6:5a:5f:83:98:9f:
         eb:8f:a4:f6:88:50:e6:a4:3d:1f:eb:4e:ce:f7:ca:38:89:f2:
         04:65:33:19:c9:96:70:da:4b:5b:15:77:59:b2:12:98:7d:8d:
         16:69:4b:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5ROXtzx7kod0xWZPaOkWBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzE4MTEwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2E0NThkZjNmNWY5MmI4Zjk1OTIzMWU1N2NlZmY2Mjg1MGVlZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTeRpUIq5alCQ6Up9dtQY8FsvClo
D1e/zX1i/knkxJqhtq7v5isssidSsK2EYkUzwcxjR29Qt6ByqXHIslhrJbLYRsH2
1NafPK1x/J7EPwof/dwon+w/TPwsXAWPzdDm1gq3JkSDEb9n5l26ScBJP5w5YyyA
+IhajjGq85s1XrTWgotIywiCElwTZSMFEGtpquvnAdyduPsoh8lJGsmirXihhQKF
ceCaI4PJrSZwhPDsjf9zzKg5diXKXf8Aa0VzPTUVfoVsnVESxgtGxgnHuO82OAkr
cnlek9KjTh96G25R1j39xtFwNnsRB1wR7PEYyNRinhqqZtXhp9gMTNjnQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOkWN8/X5K4+VkjHlfO/2KFDu4BMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvazZSWTN6OWZrcmo1V1NNZVY4N19Zb1VPN2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhzMA0G
CSqGSIb3DQEBCwUAA4IBAQBwI3xI8PIEyTHhKYpTeF10zK9hgH+MPgK2puJHO1Ri
/7zCFS8cdLvHbr4T1T0SH42Q5wUJ8tR0IYscEK0QDUwYWDt4q9RadU+s8idillqt
U0vfZH4maklkbLVpspueHmmlzZ137D1w8XoWFFaKF+rIybe+s06DClTqGREfu62A
Jr3LR9NNYzAjsgojZa7Y7zSJRb9ox5a0RSlA61IfAP/H9PzB4pqprxsOHvif5poP
TYXHmT9gDx1UsHBOmADVQfYJoDUm2Phfl5EIrWS7YNKTIurmWl+DmJ/rj6T2iFDm
pD0f607O98o4ifIEZTMZyZZw2ktbFXdZshKYfY0WaUuC
-----END CERTIFICATE-----