Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/D0QdKXGsV9D73Yj6dW-zjk0RfX4.roa
File:                     D0QdKXGsV9D73Yj6dW-zjk0RfX4.roa (raw, json)
Hash identifier:          I/ENWDBsZ4rcgPCVNbAcN5ZPsTbfgDSScZ3mmagsTkg=
Subject key identifier:   0F:44:1D:29:71:AC:57:D0:FB:DD:88:FA:75:6F:B3:8E:4D:11:7D:7E
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018E97DCFA5AF75F2508AF80031633948265
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/D0QdKXGsV9D73Yj6dW-zjk0RfX4.roa
Signing time:             Mon 01 Apr 2024 04:13:45 +0000
ROA not before:           Mon 01 Apr 2024 04:13:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134176
IP address blocks:        79.174.20.0/24 maxlen: 32
                          85.209.254.0/24 maxlen: 32
                          185.190.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:97:dc:fa:5a:f7:5f:25:08:af:80:03:16:33:94:82:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Apr  1 04:13:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f441d2971ac57d0fbdd88fa756fb38e4d117d7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7b:42:13:5e:30:73:45:bd:12:a2:b2:ef:50:
                    e4:0e:4f:48:4b:cb:01:97:ad:45:7a:55:07:16:78:
                    55:ad:80:1e:3e:8d:59:ab:dd:70:39:0c:be:ae:f5:
                    c5:f6:39:90:4b:58:91:89:15:29:a9:36:a6:f2:4b:
                    f0:65:fb:3f:f0:06:19:05:69:6e:23:6c:dd:f3:0a:
                    33:00:d5:ec:c7:a1:6d:65:7d:6f:20:6b:01:34:4f:
                    b9:38:09:a8:94:62:f4:f6:31:67:1a:67:e7:3f:64:
                    18:69:f4:b3:7a:32:dd:2b:5c:12:4d:e8:e5:cf:8f:
                    23:a5:97:c3:a4:de:8c:1f:87:54:b1:52:27:95:2d:
                    5c:cd:d5:d8:61:54:0f:b2:8e:56:9e:7c:55:62:19:
                    1f:46:c1:e0:5e:3a:ed:80:b6:16:bf:6a:fe:6f:f3:
                    1f:4f:29:c5:5a:8d:a3:de:2e:5f:a1:cd:7b:61:b3:
                    cd:48:7d:59:c3:47:bb:d3:ff:0c:29:21:69:a3:55:
                    8e:40:22:78:52:bc:31:98:47:19:41:91:10:dd:05:
                    34:cb:36:56:10:28:c2:68:82:e4:f2:ee:48:ad:6a:
                    75:d0:96:c7:cb:cb:5c:ef:5e:ad:44:9d:cd:03:35:
                    48:27:ff:e8:13:f4:35:9c:e1:5d:03:25:a1:34:89:
                    ae:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:44:1D:29:71:AC:57:D0:FB:DD:88:FA:75:6F:B3:8E:4D:11:7D:7E
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/D0QdKXGsV9D73Yj6dW-zjk0RfX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.20.0/24
                  85.209.254.0/24
                  185.190.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:07:87:39:83:e0:97:ae:ec:09:2d:ba:6d:35:7e:80:e6:50:
         fa:73:47:d7:09:65:09:41:ba:f5:44:51:31:76:68:15:bd:46:
         40:c1:d3:6b:f1:fe:93:2e:12:f8:5f:fa:96:9a:bc:f5:1d:e5:
         41:f7:b8:7e:94:72:a8:54:f0:f0:06:a9:b0:ab:25:f2:53:f3:
         8e:52:6f:bd:d8:87:94:83:fa:37:7e:22:0e:97:ae:66:d0:8f:
         da:df:3b:76:7b:41:2d:d2:bd:d5:ef:a1:0b:8a:5f:4b:9f:49:
         eb:10:fb:53:09:6f:5f:1a:a6:d3:dd:2d:f1:e6:a3:19:43:01:
         71:65:66:da:78:aa:40:07:9d:0f:16:a4:b1:a0:42:1e:97:15:
         5c:cd:67:0f:99:d0:c3:f7:c5:d1:c9:d1:7a:14:85:37:19:e6:
         a2:b8:76:fa:40:35:ce:65:13:47:3f:14:2b:4a:74:df:49:67:
         b4:8b:60:52:99:1d:f1:73:6c:b7:fa:2a:bf:07:c5:14:6b:2d:
         8f:ea:7f:f3:19:2c:1f:26:a8:f7:82:6d:96:ec:c8:a9:8d:e4:
         f5:c7:9b:7a:e5:a2:11:44:d2:c0:94:6c:74:a5:40:12:5e:74:
         fb:c6:e2:b8:13:1f:9f:9d:02:b2:40:bf:95:7a:c0:20:a7:6a:
         74:93:f4:7f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY6X3Ppa918lCK+AAxYzlIJlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwNDAxMDQxMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjQ0MWQyOTcxYWM1N2QwZmJkZDg4ZmE3NTZmYjM4ZTRkMTE3ZDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXtCE14wc0W9EqKy71DkDk9IS8sB
l61FelUHFnhVrYAePo1Zq91wOQy+rvXF9jmQS1iRiRUpqTam8kvwZfs/8AYZBWlu
I2zd8wozANXsx6FtZX1vIGsBNE+5OAmolGL09jFnGmfnP2QYafSzejLdK1wSTejl
z48jpZfDpN6MH4dUsVInlS1czdXYYVQPso5WnnxVYhkfRsHgXjrtgLYWv2r+b/Mf
TynFWo2j3i5foc17YbPNSH1Zw0e70/8MKSFpo1WOQCJ4UrwxmEcZQZEQ3QU0yzZW
ECjCaILk8u5IrWp10JbHy8tc716tRJ3NAzVIJ//oE/Q1nOFdAyWhNImueQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA9EHSlxrFfQ+92I+nVvs45NEX1+MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvRDBRZEtYR3NWOUQ3M1lqNmRXLXpqazBSZlg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAT64UAwQA
VdH+AwQAub5RMA0GCSqGSIb3DQEBCwUAA4IBAQAPB4c5g+CXruwJLbptNX6A5lD6
c0fXCWUJQbr1RFExdmgVvUZAwdNr8f6TLhL4X/qWmrz1HeVB97h+lHKoVPDwBqmw
qyXyU/OOUm+92IeUg/o3fiIOl65m0I/a3zt2e0Et0r3V76ELil9Ln0nrEPtTCW9f
GqbT3S3x5qMZQwFxZWbaeKpAB50PFqSxoEIelxVczWcPmdDD98XRydF6FIU3Geai
uHb6QDXOZRNHPxQrSnTfSWe0i2BSmR3xc2y3+iq/B8UUay2P6n/zGSwfJqj3gm2W
7MipjeT1x5t65aIRRNLAlGx0pUASXnT7xuK4Ex+fnQKyQL+VesAgp2p0k/R/
-----END CERTIFICATE-----