Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/k6ixfFaUHAaXPzVsl3j6p_Yreag.roa
File:                     k6ixfFaUHAaXPzVsl3j6p_Yreag.roa (raw, json)
Hash identifier:          v6GH9dF4M2zMZw5hcbFsc7Loj+wKe8owtqsudtk3NQ8=
Subject key identifier:   93:A8:B1:7C:56:94:1C:06:97:3F:35:6C:97:78:FA:A7:F6:2B:79:A8
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B59E2DCCCF71C981A133544E5B6A6
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/k6ixfFaUHAaXPzVsl3j6p_Yreag.roa
Signing time:             Tue 02 Jan 2024 12:34:47 +0000
ROA not before:           Tue 02 Jan 2024 12:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60068
IP address blocks:        45.138.211.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:59:e2:dc:cc:f7:1c:98:1a:13:35:44:e5:b6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93a8b17c56941c06973f356c9778faa7f62b79a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:07:c7:44:30:6f:88:8f:eb:3a:4d:c0:06:dd:
                    23:84:5d:4a:7d:1d:39:06:84:46:60:e2:e9:49:59:
                    26:37:ea:6c:cf:ad:43:aa:08:fe:7e:06:20:e8:61:
                    78:c5:72:b6:12:0f:95:e1:cf:08:8b:fd:e7:8b:47:
                    11:2c:dc:61:93:6c:40:d0:8d:41:40:f0:c5:d4:e9:
                    95:d2:f7:5f:52:23:c3:b3:c4:71:81:1a:e9:6c:79:
                    07:c4:5a:b2:85:f2:1d:2a:65:53:eb:2b:c1:62:43:
                    30:a4:7a:9d:6e:3e:4c:93:df:9c:5d:46:4c:e8:c9:
                    8e:c5:f3:bf:0c:83:5f:da:22:5d:83:da:6d:3d:cb:
                    00:1c:65:11:76:57:c2:80:69:b6:41:4c:34:b1:f3:
                    06:67:58:3a:87:91:4c:cd:c4:47:7d:22:9a:0f:6c:
                    3f:b0:f5:4e:1b:3d:af:6b:51:30:04:26:e9:59:15:
                    64:4c:78:e7:3c:f7:70:be:b4:47:03:2c:4b:27:bf:
                    e7:f3:7a:39:b8:28:72:70:0d:4d:27:44:d6:37:49:
                    b9:66:ed:94:06:14:f9:27:a6:5f:f6:d6:e1:ba:ee:
                    52:c8:63:50:2c:26:1a:31:e0:37:80:c5:d4:7f:60:
                    bc:a8:91:4d:be:1b:72:43:1b:e9:12:61:22:a5:c7:
                    f1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A8:B1:7C:56:94:1C:06:97:3F:35:6C:97:78:FA:A7:F6:2B:79:A8
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/k6ixfFaUHAaXPzVsl3j6p_Yreag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:a1:c4:8a:21:8f:33:a3:be:df:f5:87:06:6c:6f:f7:53:4e:
         c1:8f:34:87:25:3d:3e:78:6e:8d:25:55:22:7e:ec:41:d3:86:
         0c:d2:14:dd:43:f5:83:cf:b6:4b:a8:bc:58:6f:bf:5f:ac:ae:
         fa:79:83:ca:c2:17:82:e5:dc:76:ef:79:94:a1:23:db:60:f2:
         14:17:5f:53:6a:98:0e:de:b4:f8:ac:fb:61:62:68:30:7b:32:
         e2:19:4a:85:92:d9:e3:d7:9a:af:4a:67:46:29:64:3d:d1:51:
         eb:e6:70:c7:af:e0:63:d8:74:b8:03:a8:67:08:6d:b6:fe:96:
         2b:c7:1f:33:01:4c:40:aa:b5:2f:b4:e1:2d:b1:54:5e:cd:e7:
         72:65:3e:31:82:4a:3e:76:93:08:c9:15:2d:7a:65:ad:24:0f:
         67:75:88:a2:0a:ea:f4:a8:95:90:1e:78:cb:c8:0e:9e:d3:dc:
         ea:cd:00:42:8e:96:15:07:e0:59:3e:30:e6:71:2c:09:12:fb:
         58:b3:17:77:d5:b7:0b:c0:30:fd:0a:31:57:81:3b:63:44:a2:
         ed:5a:33:c1:3d:93:8d:b0:07:b9:a3:4e:44:df:6e:92:7a:7d:
         e2:52:3b:64:ae:54:6b:bc:78:e3:77:8c:6f:b7:c7:5f:b6:73:
         9a:b5:ca:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1ni3Mz3HJgaEzVE5bamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2E4YjE3YzU2OTQxYzA2OTczZjM1NmM5Nzc4ZmFhN2Y2MmI3OWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwfHRDBviI/rOk3ABt0jhF1KfR05
BoRGYOLpSVkmN+psz61Dqgj+fgYg6GF4xXK2Eg+V4c8Ii/3ni0cRLNxhk2xA0I1B
QPDF1OmV0vdfUiPDs8RxgRrpbHkHxFqyhfIdKmVT6yvBYkMwpHqdbj5Mk9+cXUZM
6MmOxfO/DINf2iJdg9ptPcsAHGURdlfCgGm2QUw0sfMGZ1g6h5FMzcRHfSKaD2w/
sPVOGz2va1EwBCbpWRVkTHjnPPdwvrRHAyxLJ7/n83o5uChycA1NJ0TWN0m5Zu2U
BhT5J6Zf9tbhuu5SyGNQLCYaMeA3gMXUf2C8qJFNvhtyQxvpEmEipcfxaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOosXxWlBwGlz81bJd4+qf2K3moMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvazZpeGZGYVVIQWFYUHpWc2wzajZwX1lyZWFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYrTMA0G
CSqGSIb3DQEBCwUAA4IBAQBAocSKIY8zo77f9YcGbG/3U07BjzSHJT0+eG6NJVUi
fuxB04YM0hTdQ/WDz7ZLqLxYb79frK76eYPKwheC5dx273mUoSPbYPIUF19TapgO
3rT4rPthYmgwezLiGUqFktnj15qvSmdGKWQ90VHr5nDHr+Bj2HS4A6hnCG22/pYr
xx8zAUxAqrUvtOEtsVRezedyZT4xgko+dpMIyRUtemWtJA9ndYiiCur0qJWQHnjL
yA6e09zqzQBCjpYVB+BZPjDmcSwJEvtYsxd31bcLwDD9CjFXgTtjRKLtWjPBPZON
sAe5o05E326Sen3iUjtkrlRrvHjjd4xvt8dftnOatcrr
-----END CERTIFICATE-----