Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/scthKR6Sn_vNiMbF8kBFsSl56t8.roa
File:                     scthKR6Sn_vNiMbF8kBFsSl56t8.roa (raw, json)
Hash identifier:          YPLyOsY+5I439vHWv9fJiPY+6fQdhsUogz7JaOXQO3g=
Subject key identifier:   B1:CB:61:29:1E:92:9F:FB:CD:88:C6:C5:F2:40:45:B1:29:79:EA:DF
Certificate issuer:       /CN=6e83251661b0b774271c5cf526aab884b1fa7c7e
Certificate serial:       018CC6B81E0F71AA9D6FE76127F8B0EEC158
Authority key identifier: 6E:83:25:16:61:B0:B7:74:27:1C:5C:F5:26:AA:B8:84:B1:FA:7C:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/boMlFmGwt3QnHFz1Jqq4hLH6fH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/scthKR6Sn_vNiMbF8kBFsSl56t8.roa
Signing time:             Mon 01 Jan 2024 20:30:04 +0000
ROA not before:           Mon 01 Jan 2024 20:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12874
IP address blocks:        185.43.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/boMlFmGwt3QnHFz1Jqq4hLH6fH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/boMlFmGwt3QnHFz1Jqq4hLH6fH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/boMlFmGwt3QnHFz1Jqq4hLH6fH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:1e:0f:71:aa:9d:6f:e7:61:27:f8:b0:ee:c1:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e83251661b0b774271c5cf526aab884b1fa7c7e
        Validity
            Not Before: Jan  1 20:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1cb61291e929ffbcd88c6c5f24045b12979eadf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:74:8d:12:b8:8e:64:cc:91:b0:a0:03:12:de:
                    35:de:63:4a:a3:dd:62:a3:10:5c:24:42:2f:b6:27:
                    52:31:99:6f:58:f1:e2:b3:74:a5:f9:21:42:d2:71:
                    40:66:f9:e2:30:a5:15:da:50:35:b1:8d:1a:3f:84:
                    1e:b6:96:0b:2f:78:a8:37:58:19:a0:a2:b4:34:c3:
                    55:fa:9e:8a:c1:96:55:75:c7:85:c2:ce:65:23:1d:
                    63:8a:ec:ca:ed:0b:0f:79:d1:8c:16:7f:a2:69:bb:
                    22:3b:4e:c0:40:f9:3b:cd:c7:e4:9b:96:21:44:69:
                    d5:c5:90:f4:b9:a0:ab:b8:c2:ba:44:e0:c4:63:84:
                    34:22:40:7a:48:fa:aa:d0:ac:24:fa:1a:6b:2f:67:
                    db:ba:15:fd:81:f6:f6:ab:9e:9e:04:0e:da:3e:87:
                    82:4d:27:4f:dd:7f:7b:64:42:e5:ea:04:89:9e:8f:
                    35:fb:96:34:c3:8d:e6:1d:eb:e8:93:21:5c:69:d2:
                    75:ea:18:62:02:ae:86:fc:34:92:a9:12:74:4a:1d:
                    5d:11:68:28:fa:da:6b:a2:71:bb:ca:51:1b:e4:a1:
                    56:98:ad:5d:be:79:a8:b3:c7:4f:fb:d4:36:30:ac:
                    73:3c:20:2c:c2:28:7b:33:78:9b:c5:f9:58:60:ce:
                    fe:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:CB:61:29:1E:92:9F:FB:CD:88:C6:C5:F2:40:45:B1:29:79:EA:DF
            X509v3 Authority Key Identifier:
                keyid:6E:83:25:16:61:B0:B7:74:27:1C:5C:F5:26:AA:B8:84:B1:FA:7C:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/boMlFmGwt3QnHFz1Jqq4hLH6fH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/scthKR6Sn_vNiMbF8kBFsSl56t8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/boMlFmGwt3QnHFz1Jqq4hLH6fH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:8b:81:22:7e:0e:45:01:43:f2:69:00:df:d6:84:1d:9b:25:
         91:24:c9:2e:3f:cd:c7:fe:a1:33:bb:b0:b7:0a:9f:1f:2d:d4:
         d4:01:ea:65:40:1b:0d:2a:1d:1b:68:0a:1e:10:db:f0:27:5c:
         e6:4e:3b:74:7c:c0:74:b0:cb:c9:15:77:42:13:54:61:9a:bf:
         02:62:e7:9b:41:0a:a9:58:7c:1d:ee:94:20:db:99:72:fd:ba:
         61:a1:a4:62:93:a2:b5:22:ab:db:11:50:05:15:26:f4:98:31:
         9b:9b:2a:84:96:b5:b7:d3:6d:0f:f9:9f:e3:99:d8:d9:49:71:
         65:8b:eb:b9:8f:8a:8d:e5:42:52:f8:a9:2b:14:1c:30:7d:77:
         60:27:c3:ce:fe:88:cb:0d:6b:f6:9b:64:43:85:fe:97:d2:2f:
         23:67:c3:e8:cc:8a:47:2e:5a:55:0b:a0:7e:90:b8:3d:d3:5d:
         f1:bb:c4:17:d7:38:d5:f4:58:60:26:ac:09:a3:f0:84:a8:5d:
         ec:3d:cc:94:ff:c5:3d:07:a0:2c:09:33:9d:39:4a:23:6b:dd:
         2b:e2:e9:66:98:0e:b0:bc:c4:8f:37:3f:1c:27:32:f0:77:94:
         3e:af:ba:65:26:00:bb:db:69:07:8c:ac:e8:e6:2f:0c:59:1d:
         a0:85:ae:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuB4Pcaqdb+dhJ/iw7sFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODMyNTE2NjFiMGI3NzQyNzFjNWNmNTI2YWFiODg0YjFm
YTdjN2UwHhcNMjQwMTAxMjAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWNiNjEyOTFlOTI5ZmZiY2Q4OGM2YzVmMjQwNDViMTI5NzllYWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXSNEriOZMyRsKADEt413mNKo91i
oxBcJEIvtidSMZlvWPHis3Sl+SFC0nFAZvniMKUV2lA1sY0aP4QetpYLL3ioN1gZ
oKK0NMNV+p6KwZZVdceFws5lIx1jiuzK7QsPedGMFn+iabsiO07AQPk7zcfkm5Yh
RGnVxZD0uaCruMK6RODEY4Q0IkB6SPqq0Kwk+hprL2fbuhX9gfb2q56eBA7aPoeC
TSdP3X97ZELl6gSJno81+5Y0w43mHevokyFcadJ16hhiAq6G/DSSqRJ0Sh1dEWgo
+tpronG7ylEb5KFWmK1dvnmos8dP+9Q2MKxzPCAswih7M3ibxflYYM7+iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHLYSkekp/7zYjGxfJARbEpeerfMB8GA1UdIwQY
MBaAFG6DJRZhsLd0Jxxc9SaquISx+nx+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9NbEZtR3d0M1FuSEZ6MUpxcTRoTEg2Zkg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jNjI2ZDUtZDQwNS00MDZlLThjODEt
NWMwMTgxN2ZiODIyLzEvc2N0aEtSNlNuX3ZOaU1iRjhrQkZzU2w1NnQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jNjI2ZDUtZDQwNS00MDZlLThjODEtNWMwMTgxN2ZiODIy
LzEvYm9NbEZtR3d0M1FuSEZ6MUpxcTRoTEg2Zkg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSsTMA0G
CSqGSIb3DQEBCwUAA4IBAQBoi4Eifg5FAUPyaQDf1oQdmyWRJMkuP83H/qEzu7C3
Cp8fLdTUAeplQBsNKh0baAoeENvwJ1zmTjt0fMB0sMvJFXdCE1Rhmr8CYuebQQqp
WHwd7pQg25ly/bphoaRik6K1IqvbEVAFFSb0mDGbmyqElrW3020P+Z/jmdjZSXFl
i+u5j4qN5UJS+KkrFBwwfXdgJ8PO/ojLDWv2m2RDhf6X0i8jZ8PozIpHLlpVC6B+
kLg9013xu8QX1zjV9FhgJqwJo/CEqF3sPcyU/8U9B6AsCTOdOUoja90r4ulmmA6w
vMSPNz8cJzLwd5Q+r7plJgC722kHjKzo5i8MWR2gha7r
-----END CERTIFICATE-----