Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/kOPe4YCe3NwSbraHMA0yqy5YH3M.roa
File:                     kOPe4YCe3NwSbraHMA0yqy5YH3M.roa (raw, json)
Hash identifier:          jVjP5CPxzvY6CLax2fbTHXFDw6ctK9b9dczpp8FG0zk=
Subject key identifier:   90:E3:DE:E1:80:9E:DC:DC:12:6E:B6:87:30:0D:32:AB:2E:58:1F:73
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5986EDF9CE909952B24E212BCDD8
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/kOPe4YCe3NwSbraHMA0yqy5YH3M.roa
Signing time:             Tue 02 Jan 2024 12:34:47 +0000
ROA not before:           Tue 02 Jan 2024 12:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59723
IP address blocks:        185.122.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:59:86:ed:f9:ce:90:99:52:b2:4e:21:2b:cd:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90e3dee1809edcdc126eb687300d32ab2e581f73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e1:a1:f2:ac:8f:f1:3b:68:d7:a9:31:4a:e2:
                    f0:bb:86:ba:0e:d2:00:4b:ee:3c:c4:80:5e:87:07:
                    30:6a:81:9c:e1:03:3b:8d:9c:d4:72:f7:ed:a2:f7:
                    9d:b6:88:1c:1d:5f:48:40:17:72:0e:e0:78:be:1d:
                    41:b9:fb:4d:89:7b:0d:67:8a:86:db:f7:b2:c2:00:
                    f6:2c:34:8a:6b:30:0f:41:42:1c:ef:ab:02:33:24:
                    c4:55:79:85:e9:36:1f:fd:29:04:d1:51:99:d8:48:
                    30:60:b0:3a:f9:02:2f:76:fd:a5:44:d9:c2:a1:6b:
                    fa:6f:0e:73:da:e4:53:3c:6c:0b:f5:84:e8:9c:97:
                    d4:e4:cc:54:21:9e:68:0e:ff:c9:14:28:56:b9:ac:
                    7f:e0:e0:4e:cd:ad:c2:65:b7:9d:55:21:1b:ad:c7:
                    45:8f:1f:87:c7:9d:e6:ad:33:9d:ca:d1:5f:9f:2a:
                    4b:6a:aa:2d:85:98:d7:fa:6f:4c:44:43:48:c9:88:
                    29:56:2d:c9:b8:ba:57:9a:e4:dd:9e:d2:bf:34:8c:
                    f0:a6:1d:92:a5:5c:3f:25:5c:58:33:77:12:68:2f:
                    ee:bb:69:fe:1f:68:b0:af:9e:91:bb:13:28:3b:6b:
                    40:79:cd:cd:85:9a:49:7a:19:de:e4:b0:f3:3a:98:
                    91:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:E3:DE:E1:80:9E:DC:DC:12:6E:B6:87:30:0D:32:AB:2E:58:1F:73
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/kOPe4YCe3NwSbraHMA0yqy5YH3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:bd:9d:54:23:32:96:af:4d:19:25:68:11:e6:a5:60:3d:bd:
         4a:6a:93:77:ee:18:98:5d:d8:fd:7c:e0:21:dc:e9:c2:7e:5d:
         f6:5d:ad:38:41:95:5f:1e:2f:2a:6e:6d:25:e2:76:0d:36:db:
         fd:e0:40:34:1c:48:08:fe:7b:f5:ea:e9:eb:b8:34:06:5e:8b:
         1c:c0:16:9a:3d:5a:d6:2f:81:be:9c:25:74:21:b4:35:1a:87:
         62:94:e8:96:b9:0b:ae:d0:fb:51:a4:36:22:27:54:51:b3:db:
         54:97:e6:ca:75:75:d1:26:09:77:ff:8e:2a:21:9a:98:9c:6a:
         f1:70:fe:d6:a0:66:19:99:d3:ef:8d:34:1c:a4:8b:c1:95:a5:
         e1:a5:1f:43:ee:57:97:f3:09:7e:b3:40:35:ce:db:7b:dc:d8:
         82:4c:9a:5f:bf:ae:60:be:ae:b8:21:40:03:69:ca:04:0c:de:
         b8:12:79:f6:63:02:4e:7e:70:0f:c6:07:3d:36:f8:e9:2d:43:
         c2:98:f4:58:96:24:16:81:30:e3:94:62:79:bc:d8:85:b3:40:
         04:dc:7a:b3:3f:71:90:f7:d9:a9:19:d4:5c:d6:eb:86:25:f2:
         2b:ec:33:bc:64:30:58:48:ae:1b:73:c2:f1:f6:6b:13:c6:ba:
         09:5a:9c:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1mG7fnOkJlSsk4hK83YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGUzZGVlMTgwOWVkY2RjMTI2ZWI2ODczMDBkMzJhYjJlNTgxZjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuGh8qyP8Tto16kxSuLwu4a6DtIA
S+48xIBehwcwaoGc4QM7jZzUcvftovedtogcHV9IQBdyDuB4vh1BuftNiXsNZ4qG
2/eywgD2LDSKazAPQUIc76sCMyTEVXmF6TYf/SkE0VGZ2EgwYLA6+QIvdv2lRNnC
oWv6bw5z2uRTPGwL9YTonJfU5MxUIZ5oDv/JFChWuax/4OBOza3CZbedVSEbrcdF
jx+Hx53mrTOdytFfnypLaqothZjX+m9MRENIyYgpVi3JuLpXmuTdntK/NIzwph2S
pVw/JVxYM3cSaC/uu2n+H2iwr56RuxMoO2tAec3NhZpJehne5LDzOpiRmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDj3uGAntzcEm62hzANMqsuWB9zMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEva09QZTRZQ2UzTndTYnJhSE1BMHlxeTVZSDNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXomMA0G
CSqGSIb3DQEBCwUAA4IBAQC0vZ1UIzKWr00ZJWgR5qVgPb1KapN37hiYXdj9fOAh
3OnCfl32Xa04QZVfHi8qbm0l4nYNNtv94EA0HEgI/nv16unruDQGXoscwBaaPVrW
L4G+nCV0IbQ1GodilOiWuQuu0PtRpDYiJ1RRs9tUl+bKdXXRJgl3/44qIZqYnGrx
cP7WoGYZmdPvjTQcpIvBlaXhpR9D7leX8wl+s0A1ztt73NiCTJpfv65gvq64IUAD
acoEDN64Enn2YwJOfnAPxgc9NvjpLUPCmPRYliQWgTDjlGJ5vNiFs0AE3HqzP3GQ
99mpGdRc1uuGJfIr7DO8ZDBYSK4bc8Lx9msTxroJWpzF
-----END CERTIFICATE-----