Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/G6iEU8bpT4Rg2jfqOSKUusMqvLw.roa
File:                     G6iEU8bpT4Rg2jfqOSKUusMqvLw.roa (raw, json)
Hash identifier:          MDYwKDnnDhtL8/+bWmaa+NvnEGEe5FNU4xtipIE7n8o=
Subject key identifier:   1B:A8:84:53:C6:E9:4F:84:60:DA:37:EA:39:22:94:BA:C3:2A:BC:BC
Certificate issuer:       /CN=e29f4964009c74bb81aed9c67078013dc868ef17
Certificate serial:       018CC64B0223F43D18B5BDF9C06D9A40B7FC
Authority key identifier: E2:9F:49:64:00:9C:74:BB:81:AE:D9:C6:70:78:01:3D:C8:68:EF:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4p9JZACcdLuBrtnGcHgBPcho7xc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/G6iEU8bpT4Rg2jfqOSKUusMqvLw.roa
Signing time:             Mon 01 Jan 2024 18:30:53 +0000
ROA not before:           Mon 01 Jan 2024 18:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        193.222.192.0/19 maxlen: 19
                          193.222.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/4p9JZACcdLuBrtnGcHgBPcho7xc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/4p9JZACcdLuBrtnGcHgBPcho7xc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4p9JZACcdLuBrtnGcHgBPcho7xc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 19:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:02:23:f4:3d:18:b5:bd:f9:c0:6d:9a:40:b7:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e29f4964009c74bb81aed9c67078013dc868ef17
        Validity
            Not Before: Jan  1 18:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ba88453c6e94f8460da37ea392294bac32abcbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8d:55:dc:ab:36:ae:ca:7f:c4:5f:03:0c:1e:
                    02:a5:88:c9:79:0c:39:2e:56:e3:d7:28:71:24:0a:
                    a1:ef:d2:61:e1:50:ce:64:e6:02:2a:03:f5:d0:82:
                    fc:1e:9e:b3:05:26:83:9a:c3:a3:95:0a:b0:f7:af:
                    31:ed:01:7e:44:d9:dc:8e:bf:02:13:5b:bc:ab:05:
                    3c:6c:8d:03:1d:6e:86:2c:ba:26:36:01:93:47:34:
                    53:53:bd:d0:c1:a5:f8:ee:3c:2b:99:03:fc:9a:7a:
                    33:57:95:1b:9a:a3:4c:35:60:c9:ef:86:44:ba:87:
                    25:38:d6:3d:56:e3:fe:b2:e0:9f:be:71:cf:a4:22:
                    09:c7:fb:e3:5f:a8:e6:f1:6a:e9:fe:59:a8:ea:ff:
                    cd:d1:c2:e5:0e:06:d6:e2:c4:af:c7:3e:9a:52:df:
                    fe:c1:00:ff:e6:3c:9f:a1:11:e1:44:7e:a8:df:fc:
                    69:d3:4b:04:85:17:bc:bd:12:cb:d6:6c:32:78:e9:
                    c6:9b:51:bf:6b:45:d3:52:f6:61:fe:27:9d:9d:e3:
                    51:ce:45:b9:95:1f:e3:9d:52:65:46:5b:52:70:e5:
                    82:74:7f:08:46:62:0c:8a:87:f8:3c:fa:a3:e0:9d:
                    c9:ac:1a:e3:5f:e1:ef:77:1d:30:2a:82:d1:56:83:
                    7e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:A8:84:53:C6:E9:4F:84:60:DA:37:EA:39:22:94:BA:C3:2A:BC:BC
            X509v3 Authority Key Identifier:
                keyid:E2:9F:49:64:00:9C:74:BB:81:AE:D9:C6:70:78:01:3D:C8:68:EF:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4p9JZACcdLuBrtnGcHgBPcho7xc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/G6iEU8bpT4Rg2jfqOSKUusMqvLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/4p9JZACcdLuBrtnGcHgBPcho7xc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         41:4e:32:2d:a9:a4:e5:73:1d:69:7b:f0:ee:95:21:d9:46:65:
         5b:b1:87:15:d2:84:12:8b:5b:0c:87:51:f7:bd:7c:22:94:69:
         af:69:73:60:92:ef:5e:3b:48:4b:6b:e6:fc:ed:e4:e3:da:62:
         c9:db:76:11:dd:92:75:45:79:26:6e:e3:8b:9e:59:35:73:92:
         0e:66:31:8f:64:f8:49:7c:75:e4:93:a8:13:f8:16:d0:06:13:
         63:e2:e3:30:99:1d:44:7a:92:23:c8:45:88:6e:13:dd:4d:a2:
         30:4c:c5:0b:82:a2:19:07:c5:43:ad:18:85:b6:ae:da:11:49:
         41:44:74:97:7d:16:9b:05:3c:d5:f0:da:8e:37:13:ef:b0:7c:
         20:5d:7e:80:54:d9:61:34:53:3a:ba:d8:c9:47:63:42:ba:11:
         f6:37:d8:57:fe:43:9c:c0:e4:10:a4:00:74:13:e4:86:4c:a4:
         21:27:c5:b2:8e:7a:a3:e7:87:61:fd:09:39:fd:1f:03:c4:db:
         55:6b:1a:6a:12:8d:0e:26:97:8c:a5:a5:97:e8:0b:39:51:9c:
         8d:06:45:56:8a:a5:99:fa:d2:0e:69:16:e5:7b:01:93:44:76:
         d0:f8:7c:f6:b0:35:84:28:15:40:37:73:27:0a:a6:e8:42:fa:
         4a:98:be:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwIj9D0Ytb35wG2aQLf8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOWY0OTY0MDA5Yzc0YmI4MWFlZDljNjcwNzgwMTNkYzg2
OGVmMTcwHhcNMjQwMTAxMTgzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmE4ODQ1M2M2ZTk0Zjg0NjBkYTM3ZWEzOTIyOTRiYWMzMmFiY2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnY1V3Ks2rsp/xF8DDB4CpYjJeQw5
Llbj1yhxJAqh79Jh4VDOZOYCKgP10IL8Hp6zBSaDmsOjlQqw968x7QF+RNncjr8C
E1u8qwU8bI0DHW6GLLomNgGTRzRTU73QwaX47jwrmQP8mnozV5UbmqNMNWDJ74ZE
uoclONY9VuP+suCfvnHPpCIJx/vjX6jm8Wrp/lmo6v/N0cLlDgbW4sSvxz6aUt/+
wQD/5jyfoRHhRH6o3/xp00sEhRe8vRLL1mwyeOnGm1G/a0XTUvZh/iedneNRzkW5
lR/jnVJlRltScOWCdH8IRmIMiof4PPqj4J3JrBrjX+Hvdx0wKoLRVoN+vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuohFPG6U+EYNo36jkilLrDKry8MB8GA1UdIwQY
MBaAFOKfSWQAnHS7ga7ZxnB4AT3IaO8XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHA5SlpBQ2NkTHVCcnRuR2NIZ0JQY2hvN3hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82NTVhMWMtYmFmNS00NzVmLWEzMDgt
OTMyYWIzNDFhMzY3LzEvRzZpRVU4YnBUNFJnMmpmcU9TS1V1c01xdkx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82NTVhMWMtYmFmNS00NzVmLWEzMDgtOTMyYWIzNDFhMzY3
LzEvNHA5SlpBQ2NkTHVCcnRuR2NIZ0JQY2hvN3hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwd7AMA0G
CSqGSIb3DQEBCwUAA4IBAQBBTjItqaTlcx1pe/DulSHZRmVbsYcV0oQSi1sMh1H3
vXwilGmvaXNgku9eO0hLa+b87eTj2mLJ23YR3ZJ1RXkmbuOLnlk1c5IOZjGPZPhJ
fHXkk6gT+BbQBhNj4uMwmR1EepIjyEWIbhPdTaIwTMULgqIZB8VDrRiFtq7aEUlB
RHSXfRabBTzV8NqONxPvsHwgXX6AVNlhNFM6utjJR2NCuhH2N9hX/kOcwOQQpAB0
E+SGTKQhJ8Wyjnqj54dh/Qk5/R8DxNtVaxpqEo0OJpeMpaWX6As5UZyNBkVWiqWZ
+tIOaRblewGTRHbQ+Hz2sDWEKBVAN3MnCqboQvpKmL6e
-----END CERTIFICATE-----