Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/REp3ACgHQg8M4YnRg8GlxX5DVBw.roa
File:                     REp3ACgHQg8M4YnRg8GlxX5DVBw.roa (raw, json)
Hash identifier:          6a7QHbSCdiIiG+KiPwJJN4MvTu6BYTqDxddonrZp7h0=
Subject key identifier:   44:4A:77:00:28:07:42:0F:0C:E1:89:D1:83:C1:A5:C5:7E:43:54:1C
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B533C0E7E586ABDDC6779C44E0F3E
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/REp3ACgHQg8M4YnRg8GlxX5DVBw.roa
Signing time:             Tue 02 Jan 2024 12:34:46 +0000
ROA not before:           Tue 02 Jan 2024 12:34:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44541
IP address blocks:        185.142.142.0/24 maxlen: 32
                          2a06:7a06::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:53:3c:0e:7e:58:6a:bd:dc:67:79:c4:4e:0f:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=444a77002807420f0ce189d183c1a5c57e43541c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:42:48:25:9f:f1:59:e7:ef:c8:b5:7a:2c:dc:
                    43:bc:38:e3:14:76:16:fd:0c:83:19:51:04:4f:66:
                    07:ef:85:8f:7b:88:ef:0f:11:25:ee:1a:68:13:92:
                    31:15:14:71:0e:85:de:44:cb:b9:32:b4:fc:14:15:
                    5a:8b:89:89:06:f8:c2:e0:58:52:00:cc:f7:4b:bf:
                    51:08:bf:54:85:be:99:e5:df:85:3d:b4:ad:16:0c:
                    1b:96:4d:eb:96:96:94:d3:27:32:cb:8e:d0:16:35:
                    6f:6d:2e:32:8e:a7:9c:b0:b9:7e:8e:86:25:73:91:
                    a3:71:aa:fa:cf:a7:f2:4c:75:3c:0b:52:23:97:0f:
                    73:bc:4b:79:81:96:45:15:92:0f:24:55:9a:d9:6e:
                    15:48:63:08:db:19:df:18:93:b2:6e:a1:15:b0:e8:
                    6f:56:b9:fe:18:bb:f9:41:43:9c:c7:87:d9:70:37:
                    74:32:06:8d:8c:59:cb:a1:c8:3a:53:f7:bc:60:53:
                    44:4c:7a:31:06:2a:d4:bc:dd:08:55:5e:71:69:c2:
                    c3:33:19:86:d0:7b:16:6b:b8:d5:26:d7:e1:0f:29:
                    cd:5b:a1:53:41:c8:4a:be:21:9b:25:45:5f:30:c0:
                    2d:d1:95:d5:4c:7c:65:3c:2d:21:2b:3e:97:44:2a:
                    52:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:4A:77:00:28:07:42:0F:0C:E1:89:D1:83:C1:A5:C5:7E:43:54:1C
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/REp3ACgHQg8M4YnRg8GlxX5DVBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.142.0/24
                IPv6:
                  2a06:7a06::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:13:68:2c:bb:6d:ea:bf:3c:8c:c3:ae:53:98:2c:a9:c2:a0:
         71:01:49:f5:b6:7d:51:58:d3:b1:f8:da:21:40:e6:93:28:b1:
         34:af:58:17:d6:54:60:ec:43:2a:67:3a:31:85:1f:0f:80:04:
         91:2e:5c:a5:38:9d:15:e8:fd:08:86:f3:9e:3a:cd:b4:ea:bf:
         09:e2:27:90:8e:ae:94:1e:f7:a9:e9:ec:ff:44:1b:23:53:2a:
         f0:4b:04:6f:06:19:01:15:7b:20:3d:1f:70:cb:1e:07:15:12:
         68:49:ab:a7:32:df:90:8e:63:dd:e9:4e:95:7a:23:3c:bb:9f:
         1f:b5:cd:85:fe:36:57:e9:16:52:94:1f:3b:b2:77:d3:9d:23:
         c7:04:59:3a:34:36:05:ef:c7:77:97:b0:d3:69:83:2f:f4:60:
         ae:8f:11:93:7b:a1:ca:0d:9c:df:5b:16:d3:43:94:39:da:0e:
         06:35:73:08:33:58:c6:fa:ea:b4:7b:01:ee:ff:ad:bf:35:c7:
         4d:4c:26:b4:63:0d:6b:28:35:fa:95:d6:f4:e7:91:23:53:ef:
         aa:15:ba:31:75:2e:64:8d:32:a2:b8:c0:a8:2b:57:2a:be:ad:
         ea:dd:33:31:58:04:27:b6:eb:d0:5e:2e:36:75:96:6a:33:7b:
         e5:ff:e7:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKK1M8Dn5Yar3cZ3nETg8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDRhNzcwMDI4MDc0MjBmMGNlMTg5ZDE4M2MxYTVjNTdlNDM1NDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEJIJZ/xWefvyLV6LNxDvDjjFHYW
/QyDGVEET2YH74WPe4jvDxEl7hpoE5IxFRRxDoXeRMu5MrT8FBVai4mJBvjC4FhS
AMz3S79RCL9Uhb6Z5d+FPbStFgwblk3rlpaU0ycyy47QFjVvbS4yjqecsLl+joYl
c5Gjcar6z6fyTHU8C1Ijlw9zvEt5gZZFFZIPJFWa2W4VSGMI2xnfGJOybqEVsOhv
Vrn+GLv5QUOcx4fZcDd0MgaNjFnLocg6U/e8YFNETHoxBirUvN0IVV5xacLDMxmG
0HsWa7jVJtfhDynNW6FTQchKviGbJUVfMMAt0ZXVTHxlPC0hKz6XRCpSAwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFERKdwAoB0IPDOGJ0YPBpcV+Q1QcMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvUkVwM0FDZ0hRZzhNNFluUmc4R2x4WDVEVkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuY6OMA8E
AgACMAkDBwAqBnoGAAAwDQYJKoZIhvcNAQELBQADggEBAJMTaCy7beq/PIzDrlOY
LKnCoHEBSfW2fVFY07H42iFA5pMosTSvWBfWVGDsQypnOjGFHw+ABJEuXKU4nRXo
/QiG8546zbTqvwniJ5COrpQe96np7P9EGyNTKvBLBG8GGQEVeyA9H3DLHgcVEmhJ
q6cy35COY93pTpV6Izy7nx+1zYX+NlfpFlKUHzuyd9OdI8cEWTo0NgXvx3eXsNNp
gy/0YK6PEZN7ocoNnN9bFtNDlDnaDgY1cwgzWMb66rR7Ae7/rb81x01MJrRjDWso
NfqV1vTnkSNT76oVujF1LmSNMqK4wKgrVyq+rerdMzFYBCe269BeLjZ1lmoze+X/
59I=
-----END CERTIFICATE-----