Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/6AM8y_dMjP48BJUqzQRGoOjTUqc.roa
File:                     6AM8y_dMjP48BJUqzQRGoOjTUqc.roa (raw, json)
Hash identifier:          oFRfiyi6Q70rs3mjQuvmw7EDRFzpqA/2oNZ183ASnnE=
Subject key identifier:   E8:03:3C:CB:F7:4C:8C:FE:3C:04:95:2A:CD:04:46:A0:E8:D3:52:A7
Certificate issuer:       /CN=f08fba5263519b7c3a2155c69878217776defba0
Certificate serial:       018CC500486B681FA30CDE41291D7A3DB3D0
Authority key identifier: F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/6AM8y_dMjP48BJUqzQRGoOjTUqc.roa
Signing time:             Mon 01 Jan 2024 12:29:39 +0000
ROA not before:           Mon 01 Jan 2024 12:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205578
IP address blocks:        185.12.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 12:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:48:6b:68:1f:a3:0c:de:41:29:1d:7a:3d:b3:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f08fba5263519b7c3a2155c69878217776defba0
        Validity
            Not Before: Jan  1 12:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8033ccbf74c8cfe3c04952acd0446a0e8d352a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:33:4c:ed:de:50:54:6f:07:ba:f9:7b:0e:87:
                    ed:c1:48:0f:61:55:00:72:81:53:52:d8:e9:f9:f8:
                    9e:5f:a3:d1:66:c3:d0:99:06:a1:5e:09:5d:c2:66:
                    fa:fb:70:8f:e8:21:7a:7b:93:31:12:e3:70:d6:b8:
                    0f:d6:4d:86:81:3b:ba:39:c3:15:65:73:e9:e7:d2:
                    37:11:6b:a4:ca:76:2f:78:92:da:00:32:12:be:dd:
                    28:cc:41:60:c4:e0:af:77:2d:22:c1:22:7e:38:c0:
                    10:43:a3:5d:02:d3:7e:e2:45:90:3b:8e:53:34:c5:
                    7c:d3:11:79:94:d3:72:fa:86:13:7b:d7:1c:39:20:
                    39:f0:ed:9a:04:9f:94:cf:b8:28:07:e1:a7:68:aa:
                    a7:03:4a:c5:80:6c:23:67:c7:bb:d3:d3:4d:b1:91:
                    5a:a6:7a:27:a6:1c:cf:87:60:72:c7:40:55:d1:5a:
                    7d:dc:2e:b1:00:0d:73:02:cf:a6:c7:7a:7f:03:4f:
                    75:6d:1c:cc:3a:7f:e6:3b:61:d4:34:b4:df:1c:db:
                    12:a1:02:22:8c:f9:29:29:bf:24:7b:54:3c:15:30:
                    8f:ae:d6:05:6b:7f:25:9c:df:10:1e:52:d4:59:67:
                    77:03:54:4d:55:4e:78:b0:a1:03:dd:cd:bf:ff:c0:
                    05:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:03:3C:CB:F7:4C:8C:FE:3C:04:95:2A:CD:04:46:A0:E8:D3:52:A7
            X509v3 Authority Key Identifier:
                keyid:F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/6AM8y_dMjP48BJUqzQRGoOjTUqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:14:ca:a1:d5:35:04:68:47:8f:8e:44:be:aa:e0:f8:ec:f4:
         fe:39:c7:7f:c4:37:4e:59:0d:a1:f2:51:d8:28:d2:16:a6:62:
         eb:a8:b8:b2:03:21:63:13:77:c4:e3:75:a7:77:ba:87:94:fb:
         b0:51:f7:74:3d:6c:b1:96:88:5e:e0:93:59:1f:f3:f1:27:2f:
         ad:b7:95:37:07:c0:ba:2b:3e:20:67:d3:32:a7:3a:66:83:a4:
         7d:d5:e9:63:6e:72:ec:d2:92:95:d4:17:a2:04:9a:d5:f2:64:
         9a:00:0b:f0:d6:bf:5e:6b:e7:03:2b:50:ef:f0:bf:e0:75:e2:
         2a:9a:e2:fa:f3:ae:30:3c:64:05:e2:3e:55:4e:3b:8e:85:fa:
         84:dc:83:b6:7d:11:d2:5c:b8:80:35:f1:e8:0b:1c:94:6c:f8:
         10:50:a4:10:7b:1a:70:dd:e3:82:ef:31:d1:42:6d:b1:42:bb:
         ef:7f:75:7b:f6:fe:80:8b:50:f6:37:9c:5a:cc:68:00:81:78:
         f1:b2:6c:bc:c6:77:2b:70:77:c0:e5:bc:d6:8f:36:e8:c4:da:
         87:07:4a:54:14:b1:12:84:90:8e:b0:8f:65:0a:ef:49:bb:22:
         82:03:79:2a:81:7c:31:18:ed:80:8e:20:47:fc:ec:52:ec:56:
         ca:81:9c:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEhraB+jDN5BKR16PbPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGZiYTUyNjM1MTliN2MzYTIxNTVjNjk4NzgyMTc3NzZk
ZWZiYTAwHhcNMjQwMTAxMTIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODAzM2NjYmY3NGM4Y2ZlM2MwNDk1MmFjZDA0NDZhMGU4ZDM1MmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTNM7d5QVG8Huvl7DoftwUgPYVUA
coFTUtjp+fieX6PRZsPQmQahXgldwmb6+3CP6CF6e5MxEuNw1rgP1k2GgTu6OcMV
ZXPp59I3EWukynYveJLaADISvt0ozEFgxOCvdy0iwSJ+OMAQQ6NdAtN+4kWQO45T
NMV80xF5lNNy+oYTe9ccOSA58O2aBJ+Uz7goB+GnaKqnA0rFgGwjZ8e709NNsZFa
pnonphzPh2Byx0BV0Vp93C6xAA1zAs+mx3p/A091bRzMOn/mO2HUNLTfHNsSoQIi
jPkpKb8ke1Q8FTCPrtYFa38lnN8QHlLUWWd3A1RNVU54sKED3c2//8AFkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOgDPMv3TIz+PASVKs0ERqDo01KnMB8GA1UdIwQY
MBaAFPCPulJjUZt8OiFVxph4IXd23vugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgt
MDY0MTNjZWVmY2UwLzEvNkFNOHlfZE1qUDQ4QkpVcXpRUkdvT2pUVXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgtMDY0MTNjZWVmY2Uw
LzEvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQzcMA0G
CSqGSIb3DQEBCwUAA4IBAQAQFMqh1TUEaEePjkS+quD47PT+Ocd/xDdOWQ2h8lHY
KNIWpmLrqLiyAyFjE3fE43Wnd7qHlPuwUfd0PWyxlohe4JNZH/PxJy+tt5U3B8C6
Kz4gZ9Mypzpmg6R91eljbnLs0pKV1BeiBJrV8mSaAAvw1r9ea+cDK1Dv8L/gdeIq
muL6864wPGQF4j5VTjuOhfqE3IO2fRHSXLiANfHoCxyUbPgQUKQQexpw3eOC7zHR
Qm2xQrvvf3V79v6Ai1D2N5xazGgAgXjxsmy8xncrcHfA5bzWjzboxNqHB0pUFLES
hJCOsI9lCu9JuyKCA3kqgXwxGO2AjiBH/OxS7FbKgZyZ
-----END CERTIFICATE-----