Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/73f23a-e977-41c3-922d-b27c3412426a/1/6TY0xJ8bnsuvRBNrMtcN5tOrrAs.roa
File:                     6TY0xJ8bnsuvRBNrMtcN5tOrrAs.roa (raw, json)
Hash identifier:          Y4TGH0xKskoRajowc7d2dJSbLELfpa71rR8725b5cdM=
Subject key identifier:   E9:36:34:C4:9F:1B:9E:CB:AF:44:13:6B:32:D7:0D:E6:D3:AB:AC:0B
Certificate issuer:       /CN=3e1ae15be86eb0c4d9a764cc7a8f65995bf8c90e
Certificate serial:       018CC86FCAA8501B71C61FD2955338C972B2
Authority key identifier: 3E:1A:E1:5B:E8:6E:B0:C4:D9:A7:64:CC:7A:8F:65:99:5B:F8:C9:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PhrhW-husMTZp2TMeo9lmVv4yQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/73f23a-e977-41c3-922d-b27c3412426a/1/6TY0xJ8bnsuvRBNrMtcN5tOrrAs.roa
Signing time:             Tue 02 Jan 2024 04:30:18 +0000
ROA not before:           Tue 02 Jan 2024 04:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49788
IP address blocks:        185.30.224.0/22 maxlen: 22
                          2a04:45c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/73f23a-e977-41c3-922d-b27c3412426a/1/PhrhW-husMTZp2TMeo9lmVv4yQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/73f23a-e977-41c3-922d-b27c3412426a/1/PhrhW-husMTZp2TMeo9lmVv4yQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PhrhW-husMTZp2TMeo9lmVv4yQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ca:a8:50:1b:71:c6:1f:d2:95:53:38:c9:72:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e1ae15be86eb0c4d9a764cc7a8f65995bf8c90e
        Validity
            Not Before: Jan  2 04:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e93634c49f1b9ecbaf44136b32d70de6d3abac0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:28:25:d5:94:80:5b:bc:fa:59:1f:8f:4d:e1:
                    ee:d9:ed:99:26:a4:c5:8f:04:34:9a:d9:7e:e6:3e:
                    b2:ec:77:cf:ec:88:a7:89:03:23:bd:3f:11:a7:94:
                    85:05:68:fe:a6:05:4c:61:da:d7:8a:b1:b0:5d:37:
                    95:95:3a:86:81:06:df:c7:58:52:f8:c6:9a:f3:63:
                    b6:89:4e:e9:af:1a:66:16:ee:82:81:5c:cb:bc:8a:
                    af:05:af:37:7e:7b:28:a2:2d:06:28:4b:d8:07:d4:
                    6c:2f:11:c9:47:20:f3:b5:0e:3c:f2:de:2e:50:ce:
                    b4:e7:90:d8:da:58:c7:4a:5e:c4:a9:dd:7e:7c:67:
                    e6:d7:a4:20:7d:1a:63:4d:ed:e1:85:ba:31:e3:4b:
                    18:8d:a9:d7:d3:88:e9:e8:20:e8:c7:56:17:f3:18:
                    a0:e0:14:1c:fd:21:b9:7b:3e:78:48:30:cf:17:a0:
                    ad:c0:bc:f0:dd:98:1f:a7:49:f1:54:58:94:64:ee:
                    94:5c:74:41:48:73:74:5c:77:11:d8:ef:db:2a:36:
                    ea:36:2b:9e:14:e4:03:a3:90:a7:4d:5a:3d:b9:b4:
                    09:5f:8a:8d:66:e1:2e:79:75:19:f0:1d:48:64:74:
                    4b:80:58:dc:3f:37:b3:41:3c:3b:02:b7:f3:cc:54:
                    1b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:36:34:C4:9F:1B:9E:CB:AF:44:13:6B:32:D7:0D:E6:D3:AB:AC:0B
            X509v3 Authority Key Identifier:
                keyid:3E:1A:E1:5B:E8:6E:B0:C4:D9:A7:64:CC:7A:8F:65:99:5B:F8:C9:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PhrhW-husMTZp2TMeo9lmVv4yQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/73f23a-e977-41c3-922d-b27c3412426a/1/6TY0xJ8bnsuvRBNrMtcN5tOrrAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/73f23a-e977-41c3-922d-b27c3412426a/1/PhrhW-husMTZp2TMeo9lmVv4yQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.224.0/22
                IPv6:
                  2a04:45c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:5b:c6:c1:59:86:a8:ed:dd:f5:1e:6c:d7:40:4a:df:76:e8:
         f5:1c:96:12:f1:f7:eb:cd:06:20:8b:cf:3b:ef:68:b8:af:21:
         2e:13:77:3d:7b:fd:46:53:36:a6:cf:0c:b6:7e:07:13:17:4f:
         df:c0:4e:b7:04:11:3b:3f:30:5b:e1:dc:4e:a4:95:99:ad:79:
         0d:5c:e3:5d:14:ab:44:f9:32:5a:d8:92:00:5b:8c:7e:11:03:
         5f:e6:c9:82:13:53:79:8f:58:b0:cf:b0:46:bb:08:dc:ae:c3:
         92:4b:22:f6:4c:61:be:cd:f7:50:41:7e:15:c5:e1:68:01:84:
         1f:a4:60:b3:fd:b6:3a:04:21:fc:89:6f:61:12:4f:27:9e:61:
         e9:54:72:6b:13:e8:27:2b:08:60:fc:05:ed:6a:02:fd:0a:65:
         13:fd:c1:66:5a:6e:92:ef:13:89:5d:2c:4c:9c:f2:b1:1d:2f:
         3d:30:54:79:7d:54:d1:d2:d7:a8:c9:59:1e:28:96:04:1c:83:
         f7:4d:5e:40:13:f6:8e:5c:51:e3:19:cd:00:10:36:6f:89:c7:
         ff:98:f4:e2:78:8e:b1:8a:79:de:ae:7c:81:88:c5:51:dc:88:
         7a:bc:b6:36:5a:68:1e:89:28:b8:eb:4c:a3:59:f6:79:9e:8b:
         1f:93:74:ff
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb8qoUBtxxh/SlVM4yXKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWFlMTViZTg2ZWIwYzRkOWE3NjRjYzdhOGY2NTk5NWJm
OGM5MGUwHhcNMjQwMTAyMDQzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTM2MzRjNDlmMWI5ZWNiYWY0NDEzNmIzMmQ3MGRlNmQzYWJhYzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSgl1ZSAW7z6WR+PTeHu2e2ZJqTF
jwQ0mtl+5j6y7HfP7IiniQMjvT8Rp5SFBWj+pgVMYdrXirGwXTeVlTqGgQbfx1hS
+Maa82O2iU7prxpmFu6CgVzLvIqvBa83fnsooi0GKEvYB9RsLxHJRyDztQ488t4u
UM6055DY2ljHSl7Eqd1+fGfm16QgfRpjTe3hhbox40sYjanX04jp6CDox1YX8xig
4BQc/SG5ez54SDDPF6CtwLzw3Zgfp0nxVFiUZO6UXHRBSHN0XHcR2O/bKjbqNiue
FOQDo5CnTVo9ubQJX4qNZuEueXUZ8B1IZHRLgFjcPzezQTw7ArfzzFQbEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOk2NMSfG57Lr0QTazLXDebTq6wLMB8GA1UdIwQY
MBaAFD4a4VvobrDE2adkzHqPZZlb+MkOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGhyaFctaHVzTVRacDJUTWVvOWxtVnY0eVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83M2YyM2EtZTk3Ny00MWMzLTkyMmQt
YjI3YzM0MTI0MjZhLzEvNlRZMHhKOGJuc3V2UkJOck10Y041dE9yckFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83M2YyM2EtZTk3Ny00MWMzLTkyMmQtYjI3YzM0MTI0MjZh
LzEvUGhyaFctaHVzTVRacDJUTWVvOWxtVnY0eVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuR7gMA0E
AgACMAcDBQMqBEXAMA0GCSqGSIb3DQEBCwUAA4IBAQCgW8bBWYao7d31HmzXQErf
duj1HJYS8ffrzQYgi88772i4ryEuE3c9e/1GUzamzwy2fgcTF0/fwE63BBE7PzBb
4dxOpJWZrXkNXONdFKtE+TJa2JIAW4x+EQNf5smCE1N5j1iwz7BGuwjcrsOSSyL2
TGG+zfdQQX4VxeFoAYQfpGCz/bY6BCH8iW9hEk8nnmHpVHJrE+gnKwhg/AXtagL9
CmUT/cFmWm6S7xOJXSxMnPKxHS89MFR5fVTR0teoyVkeKJYEHIP3TV5AE/aOXFHj
Gc0AEDZvicf/mPTieI6xinnernyBiMVR3Ih6vLY2WmgeiSi460yjWfZ5nosfk3T/
-----END CERTIFICATE-----