Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7d03ea-8702-4b4c-a117-6b1c82ce716d/1/iGvmj0LKrR3GKFYu3rlxdhs_WT8.roa
File:                     iGvmj0LKrR3GKFYu3rlxdhs_WT8.roa (raw, json)
Hash identifier:          r3XYWXbDkX+A9qPixByJiQ3ohgEvyg6CcUqSA1jUi+w=
Subject key identifier:   88:6B:E6:8F:42:CA:AD:1D:C6:28:56:2E:DE:B9:71:76:1B:3F:59:3F
Certificate issuer:       /CN=6e43d52cf5c721616638a1ab9c3d89fa9a97dc6d
Certificate serial:       018CC725718D7A2A8A22A1C1A63E36635933
Authority key identifier: 6E:43:D5:2C:F5:C7:21:61:66:38:A1:AB:9C:3D:89:FA:9A:97:DC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bkPVLPXHIWFmOKGrnD2J-pqX3G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7d03ea-8702-4b4c-a117-6b1c82ce716d/1/iGvmj0LKrR3GKFYu3rlxdhs_WT8.roa
Signing time:             Mon 01 Jan 2024 22:29:28 +0000
ROA not before:           Mon 01 Jan 2024 22:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51833
IP address blocks:        194.0.21.0/24 maxlen: 24
                          2001:678:98::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7d03ea-8702-4b4c-a117-6b1c82ce716d/1/bkPVLPXHIWFmOKGrnD2J-pqX3G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7d03ea-8702-4b4c-a117-6b1c82ce716d/1/bkPVLPXHIWFmOKGrnD2J-pqX3G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bkPVLPXHIWFmOKGrnD2J-pqX3G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:71:8d:7a:2a:8a:22:a1:c1:a6:3e:36:63:59:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e43d52cf5c721616638a1ab9c3d89fa9a97dc6d
        Validity
            Not Before: Jan  1 22:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=886be68f42caad1dc628562edeb971761b3f593f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a7:34:65:90:84:bf:78:85:ac:98:16:a7:17:
                    a2:57:95:64:10:9a:ed:9a:d9:fc:02:27:38:8f:7c:
                    bf:02:24:62:23:22:04:c9:f1:33:0d:5b:10:36:03:
                    54:07:a4:46:fb:34:a6:47:35:7a:8f:b3:ac:33:d5:
                    90:1f:c9:0e:3c:74:22:d2:cf:62:5f:a4:51:9e:f0:
                    70:9a:c2:1f:4d:e0:35:51:bc:87:6f:7b:eb:51:36:
                    1d:3d:2a:1f:b0:ef:59:d0:e8:52:3b:06:45:a9:a4:
                    e3:8b:52:6e:f2:68:0f:84:93:38:9e:ad:8c:77:32:
                    c4:7d:0f:56:4d:f2:c7:e2:b3:db:39:45:e0:f0:cc:
                    60:90:eb:8d:b2:01:bc:04:a7:ed:cc:e5:43:fb:c7:
                    ee:61:39:43:b9:ff:9e:90:0a:4b:58:77:ed:38:b4:
                    05:e6:08:6f:d7:03:87:c6:fd:ce:38:ed:30:8d:e8:
                    ef:f6:6f:cc:5a:03:c0:76:c4:6c:fa:65:2c:8c:f3:
                    71:c4:ef:83:d0:3d:51:d5:03:29:f1:0c:51:b4:e4:
                    10:5e:f4:8f:36:80:40:9b:5a:d2:ad:99:1a:3f:d6:
                    16:70:4d:6e:3b:7c:01:b9:bb:64:9f:b8:9d:24:1e:
                    e1:ca:51:d1:ab:45:94:8a:5e:e0:ce:c9:78:bb:87:
                    3a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:6B:E6:8F:42:CA:AD:1D:C6:28:56:2E:DE:B9:71:76:1B:3F:59:3F
            X509v3 Authority Key Identifier:
                keyid:6E:43:D5:2C:F5:C7:21:61:66:38:A1:AB:9C:3D:89:FA:9A:97:DC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bkPVLPXHIWFmOKGrnD2J-pqX3G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7d03ea-8702-4b4c-a117-6b1c82ce716d/1/iGvmj0LKrR3GKFYu3rlxdhs_WT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7d03ea-8702-4b4c-a117-6b1c82ce716d/1/bkPVLPXHIWFmOKGrnD2J-pqX3G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.21.0/24
                IPv6:
                  2001:678:98::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:c5:b0:e8:61:9b:38:8d:32:77:92:96:ce:34:a6:8e:c6:bf:
         2f:7d:e4:2d:19:5b:ee:4d:25:ea:91:16:97:9e:f5:c0:45:e4:
         f6:b7:68:0c:d6:50:66:a0:95:d1:76:ad:54:ac:98:ad:64:ef:
         4e:4d:25:0e:b6:af:45:7a:e1:15:62:87:d1:eb:d9:a5:a6:0c:
         a4:62:ad:3b:fe:26:54:6a:a8:6e:f6:d5:ca:03:d8:45:22:cb:
         11:af:2d:95:25:42:8a:df:89:ee:0c:24:06:b0:ea:9b:7c:e3:
         4e:d9:1c:a9:72:a5:3b:22:2d:91:03:2a:20:e4:9b:b1:d8:e9:
         a5:ae:1e:f8:3f:19:64:6e:b3:61:85:ab:80:39:47:f8:24:23:
         d4:f8:88:74:d0:13:55:1e:71:17:68:06:df:0f:d0:04:70:ac:
         cf:a5:9b:b5:cc:a3:7b:25:5a:67:59:c0:69:73:23:7d:54:32:
         ec:47:da:5e:64:66:0b:17:f7:e4:6e:aa:71:62:36:dd:3f:a1:
         ed:3f:e1:72:0a:55:02:4d:e4:7c:40:96:f8:57:57:fd:c0:30:
         85:27:68:43:98:3d:e4:05:d9:5c:4d:cc:4e:72:54:41:99:5f:
         00:26:2f:72:76:05:a7:32:a2:61:f5:d8:91:0d:2a:8a:82:d2:
         09:c8:6c:19
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJXGNeiqKIqHBpj42Y1kzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNDNkNTJjZjVjNzIxNjE2NjM4YTFhYjljM2Q4OWZhOWE5
N2RjNmQwHhcNMjQwMTAxMjIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODZiZTY4ZjQyY2FhZDFkYzYyODU2MmVkZWI5NzE3NjFiM2Y1OTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqc0ZZCEv3iFrJgWpxeiV5VkEJrt
mtn8Aic4j3y/AiRiIyIEyfEzDVsQNgNUB6RG+zSmRzV6j7OsM9WQH8kOPHQi0s9i
X6RRnvBwmsIfTeA1UbyHb3vrUTYdPSofsO9Z0OhSOwZFqaTji1Ju8mgPhJM4nq2M
dzLEfQ9WTfLH4rPbOUXg8MxgkOuNsgG8BKftzOVD+8fuYTlDuf+ekApLWHftOLQF
5ghv1wOHxv3OOO0wjejv9m/MWgPAdsRs+mUsjPNxxO+D0D1R1QMp8QxRtOQQXvSP
NoBAm1rSrZkaP9YWcE1uO3wBubtkn7idJB7hylHRq0WUil7gzsl4u4c6DwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIhr5o9Cyq0dxihWLt65cXYbP1k/MB8GA1UdIwQY
MBaAFG5D1Sz1xyFhZjihq5w9ifqal9xtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmtQVkxQWEhJV0ZtT0tHcm5EMkotcHFYM0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ZDAzZWEtODcwMi00YjRjLWExMTct
NmIxYzgyY2U3MTZkLzEvaUd2bWowTEtyUjNHS0ZZdTNybHhkaHNfV1Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ZDAzZWEtODcwMi00YjRjLWExMTctNmIxYzgyY2U3MTZk
LzEvYmtQVkxQWEhJV0ZtT0tHcm5EMkotcHFYM0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgAVMA8E
AgACMAkDBwAgAQZ4AJgwDQYJKoZIhvcNAQELBQADggEBAL3FsOhhmziNMneSls40
po7Gvy995C0ZW+5NJeqRFpee9cBF5Pa3aAzWUGagldF2rVSsmK1k705NJQ62r0V6
4RVih9Hr2aWmDKRirTv+JlRqqG721coD2EUiyxGvLZUlQorfie4MJAaw6pt8407Z
HKlypTsiLZEDKiDkm7HY6aWuHvg/GWRus2GFq4A5R/gkI9T4iHTQE1UecRdoBt8P
0ARwrM+lm7XMo3slWmdZwGlzI31UMuxH2l5kZgsX9+RuqnFiNt0/oe0/4XIKVQJN
5HxAlvhXV/3AMIUnaEOYPeQF2VxNzE5yVEGZXwAmL3J2BacyomH12JENKoqC0gnI
bBk=
-----END CERTIFICATE-----