Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bEAIESI191-TsbwfFSWXtM2L6_4.roa
File:                     bEAIESI191-TsbwfFSWXtM2L6_4.roa (raw, json)
Hash identifier:          Cw7q0GKPj8cB8WmDYbU3b0SHj6r20yruwdXYSg94yN4=
Subject key identifier:   6C:40:08:11:22:35:F7:5F:93:B1:BC:1F:15:25:97:B4:CD:8B:EB:FE
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       01906360AE42954C63211D1FA747C3C4C663
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bEAIESI191-TsbwfFSWXtM2L6_4.roa
Signing time:             Sat 29 Jun 2024 09:43:18 +0000
ROA not before:           Sat 29 Jun 2024 09:43:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22649
IP address blocks:        185.141.204.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:63:60:ae:42:95:4c:63:21:1d:1f:a7:47:c3:c4:c6:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jun 29 09:43:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c4008112235f75f93b1bc1f152597b4cd8bebfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ef:dc:96:bc:49:c5:ab:7b:21:b1:ae:14:f0:
                    17:cd:c2:18:a9:31:3c:33:9a:91:6e:13:88:17:6c:
                    c1:f0:33:00:45:bd:13:60:6d:dd:d0:2d:a9:a7:2b:
                    4d:68:9e:74:2f:61:71:e4:5d:16:24:88:ad:6c:15:
                    68:d6:20:e2:19:14:b4:43:38:f3:3c:c6:55:b1:15:
                    b0:d2:45:2f:20:e5:ee:5c:de:b1:ee:62:b2:cd:f3:
                    f6:91:f1:07:3e:ea:b6:6f:31:c6:dc:ed:10:ea:03:
                    06:22:75:e9:18:f5:55:b6:fd:a1:f5:d7:8b:5b:fd:
                    97:ff:0a:61:c9:28:e9:21:e7:0d:89:24:48:0f:7e:
                    8e:91:5c:59:67:0f:57:4b:97:43:33:d2:64:02:1d:
                    ad:d5:39:2a:73:72:ca:68:70:61:13:a8:3a:ef:80:
                    ea:7b:00:22:a1:83:73:1f:a2:10:34:6b:48:96:74:
                    64:d1:f3:7b:2d:c5:e0:5f:65:c3:a7:52:8e:7d:51:
                    51:7e:7e:e9:80:ce:46:6b:59:02:6e:2a:88:a2:af:
                    86:4a:8a:01:4c:3f:3d:18:7e:05:90:ac:a7:df:3c:
                    86:5e:9c:51:92:81:6d:44:da:d4:57:35:42:69:1d:
                    50:74:eb:98:28:7f:0a:eb:a8:80:5a:ba:bb:a9:94:
                    08:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:40:08:11:22:35:F7:5F:93:B1:BC:1F:15:25:97:B4:CD:8B:EB:FE
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bEAIESI191-TsbwfFSWXtM2L6_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:02:db:62:83:37:07:d5:cb:ef:e7:25:88:78:c1:3e:5e:c4:
         ea:ff:1b:ef:91:08:d0:9c:af:ec:33:39:4c:ad:f8:f9:f8:02:
         47:a6:6c:c0:52:06:3a:90:67:f2:5c:d1:64:91:6e:a9:ce:34:
         46:47:a4:af:ca:d4:b8:f0:e5:b0:d7:e9:9d:3d:e9:41:95:2b:
         ee:96:5e:c9:7b:e4:57:09:7c:b5:f9:f4:c3:54:20:c7:fe:0a:
         d3:01:a7:75:f8:d0:aa:ed:83:ff:99:4b:57:cd:81:5f:33:7c:
         cc:58:48:22:11:a3:21:97:e4:b3:12:a3:15:12:7d:26:35:f9:
         1b:04:ba:cc:38:6c:fe:bb:55:68:36:e8:e4:af:06:58:13:f2:
         ca:f7:ea:f1:4b:ac:d5:9a:8f:cf:43:a8:4e:92:18:17:d4:dd:
         a9:4a:35:66:05:2a:f5:3f:23:fe:17:5d:66:1d:48:cd:a2:02:
         4c:53:76:3f:01:a5:f6:f0:f5:c9:8f:bb:94:a9:d4:a9:83:f8:
         f3:4d:3a:64:ff:dc:0b:cf:16:cb:c4:3c:9a:cd:01:bd:fa:89:
         42:e4:33:e2:57:c6:50:2f:77:d7:f2:ea:ff:e2:78:7d:b4:51:
         a5:e4:de:1a:6f:aa:4d:d2:ee:67:38:67:62:07:d3:55:cd:70:
         26:6e:d4:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBjYK5ClUxjIR0fp0fDxMZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwNjI5MDk0MzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzQwMDgxMTIyMzVmNzVmOTNiMWJjMWYxNTI1OTdiNGNkOGJlYmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsO/clrxJxat7IbGuFPAXzcIYqTE8
M5qRbhOIF2zB8DMARb0TYG3d0C2ppytNaJ50L2Fx5F0WJIitbBVo1iDiGRS0Qzjz
PMZVsRWw0kUvIOXuXN6x7mKyzfP2kfEHPuq2bzHG3O0Q6gMGInXpGPVVtv2h9deL
W/2X/wphySjpIecNiSRID36OkVxZZw9XS5dDM9JkAh2t1Tkqc3LKaHBhE6g674Dq
ewAioYNzH6IQNGtIlnRk0fN7LcXgX2XDp1KOfVFRfn7pgM5Ga1kCbiqIoq+GSooB
TD89GH4FkKyn3zyGXpxRkoFtRNrUVzVCaR1QdOuYKH8K66iAWrq7qZQIbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxACBEiNfdfk7G8HxUll7TNi+v+MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvYkVBSUVTSTE5MS1Uc2J3ZkZTV1h0TTJMNl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY3MMA0G
CSqGSIb3DQEBCwUAA4IBAQB+AttigzcH1cvv5yWIeME+XsTq/xvvkQjQnK/sMzlM
rfj5+AJHpmzAUgY6kGfyXNFkkW6pzjRGR6SvytS48OWw1+mdPelBlSvull7Je+RX
CXy1+fTDVCDH/grTAad1+NCq7YP/mUtXzYFfM3zMWEgiEaMhl+SzEqMVEn0mNfkb
BLrMOGz+u1VoNujkrwZYE/LK9+rxS6zVmo/PQ6hOkhgX1N2pSjVmBSr1PyP+F11m
HUjNogJMU3Y/AaX28PXJj7uUqdSpg/jzTTpk/9wLzxbLxDyazQG9+olC5DPiV8ZQ
L3fX8ur/4nh9tFGl5N4ab6pN0u5nOGdiB9NVzXAmbtQz
-----END CERTIFICATE-----