Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/aT9K4Gl7zEIzxQhQoXs_GEbUqes.roa
File:                     aT9K4Gl7zEIzxQhQoXs_GEbUqes.roa (raw, json)
Hash identifier:          3Giob9qSo5IMGp/BKtlNBpptRzbT4xuDFNP7JhePfO8=
Subject key identifier:   69:3F:4A:E0:69:7B:CC:42:33:C5:08:50:A1:7B:3F:18:46:D4:A9:EB
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B4D8919E549D5AB7C1365D4D37FCC
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/aT9K4Gl7zEIzxQhQoXs_GEbUqes.roa
Signing time:             Tue 02 Jan 2024 12:34:44 +0000
ROA not before:           Tue 02 Jan 2024 12:34:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22649
IP address blocks:        185.141.204.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:4d:89:19:e5:49:d5:ab:7c:13:65:d4:d3:7f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=693f4ae0697bcc4233c50850a17b3f1846d4a9eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:21:4c:7d:a9:61:0c:e7:94:89:fb:97:4f:f3:
                    74:43:57:d9:bb:14:ab:61:af:f8:c5:74:4d:95:f5:
                    f9:cb:48:00:1d:de:f2:99:75:54:f3:af:33:93:5b:
                    73:f9:1f:0d:60:be:23:c6:64:80:78:75:1f:79:bd:
                    83:8f:20:b4:92:e1:d4:79:e9:14:ef:6c:4c:ad:e7:
                    20:9f:b2:cd:3a:e1:b2:c5:99:c9:0d:dc:05:59:6c:
                    5b:5e:9a:7c:0d:1d:66:98:18:c8:f3:b1:eb:bd:6e:
                    c6:33:a0:4f:91:02:4e:58:5d:7f:77:67:55:32:2a:
                    8b:21:5d:61:bc:c6:ec:8f:1f:ff:47:a5:b6:e0:af:
                    9a:66:aa:5b:46:19:f2:7a:3e:47:b9:61:1b:10:47:
                    d9:d4:99:a8:6b:bf:40:30:6e:83:16:cf:99:dc:e1:
                    95:ca:37:1a:7b:cb:01:eb:56:5b:fa:17:61:6c:4c:
                    e1:dd:e0:f3:83:54:39:bc:bd:01:e1:d4:26:a7:79:
                    b6:fc:a0:92:e5:9b:eb:42:6d:7a:2b:c4:c8:51:cd:
                    cc:25:40:7b:ee:37:e8:54:97:de:11:2b:6e:7d:9c:
                    e1:08:c1:2f:bd:c6:05:f0:3f:f3:97:9f:61:43:52:
                    29:9d:7c:e9:9f:a6:03:dd:2a:09:09:8b:29:df:3f:
                    5b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:3F:4A:E0:69:7B:CC:42:33:C5:08:50:A1:7B:3F:18:46:D4:A9:EB
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/aT9K4Gl7zEIzxQhQoXs_GEbUqes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:2d:0f:e8:dc:d8:c2:13:f1:2a:91:50:10:1c:5c:aa:c1:55:
         e0:fb:0f:6b:52:e6:51:02:78:e5:13:0f:f2:b6:11:11:5c:bb:
         82:6f:20:d6:9f:23:60:94:b3:98:a9:42:bd:48:4e:89:8e:55:
         f0:0e:af:ea:69:1b:e7:5c:da:ca:fe:fe:4d:44:48:50:a5:34:
         a6:80:02:ce:7a:67:b7:0c:61:36:50:10:0b:f9:e6:6d:99:ce:
         76:6a:b5:38:68:70:46:a4:3e:f0:69:d2:14:e3:80:03:4c:6b:
         b6:59:f3:00:bf:75:93:fc:2c:aa:b8:67:29:75:d5:fc:d5:d0:
         5e:fa:3d:0a:c3:c2:77:a8:57:3e:b1:34:92:eb:cb:65:eb:22:
         f8:62:c5:b9:e3:62:e9:6b:50:56:25:6d:0e:e5:c9:25:ae:0c:
         81:96:ba:2b:f0:5c:31:66:c5:de:71:fa:86:63:ce:dc:a7:34:
         e7:b9:73:1d:ac:9d:a3:8e:1a:6c:9e:5b:a6:2c:1e:89:0b:9b:
         e4:b3:86:81:40:be:5f:7a:62:9e:10:99:c3:1f:09:5e:24:75:
         a5:c2:2d:b1:09:08:e5:7b:9c:90:7f:8d:f1:50:2b:97:39:ae:
         85:9d:a0:3f:aa:7d:a2:26:e2:62:f4:91:79:96:51:0c:2c:ca:
         08:99:e7:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK02JGeVJ1at8E2XU03/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTNmNGFlMDY5N2JjYzQyMzNjNTA4NTBhMTdiM2YxODQ2ZDRhOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSFMfalhDOeUifuXT/N0Q1fZuxSr
Ya/4xXRNlfX5y0gAHd7ymXVU868zk1tz+R8NYL4jxmSAeHUfeb2DjyC0kuHUeekU
72xMrecgn7LNOuGyxZnJDdwFWWxbXpp8DR1mmBjI87HrvW7GM6BPkQJOWF1/d2dV
MiqLIV1hvMbsjx//R6W24K+aZqpbRhnyej5HuWEbEEfZ1Jmoa79AMG6DFs+Z3OGV
yjcae8sB61Zb+hdhbEzh3eDzg1Q5vL0B4dQmp3m2/KCS5ZvrQm16K8TIUc3MJUB7
7jfoVJfeEStufZzhCMEvvcYF8D/zl59hQ1IpnXzpn6YD3SoJCYsp3z9bBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGk/SuBpe8xCM8UIUKF7PxhG1KnrMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvYVQ5SzRHbDd6RUl6eFFoUW9Yc19HRWJVcWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY3MMA0G
CSqGSIb3DQEBCwUAA4IBAQBHLQ/o3NjCE/EqkVAQHFyqwVXg+w9rUuZRAnjlEw/y
thERXLuCbyDWnyNglLOYqUK9SE6JjlXwDq/qaRvnXNrK/v5NREhQpTSmgALOeme3
DGE2UBAL+eZtmc52arU4aHBGpD7wadIU44ADTGu2WfMAv3WT/CyquGcpddX81dBe
+j0Kw8J3qFc+sTSS68tl6yL4YsW542Lpa1BWJW0O5cklrgyBlror8FwxZsXecfqG
Y87cpzTnuXMdrJ2jjhpsnlumLB6JC5vks4aBQL5femKeEJnDHwleJHWlwi2xCQjl
e5yQf43xUCuXOa6FnaA/qn2iJuJi9JF5llEMLMoImedi
-----END CERTIFICATE-----